Authors: Gregg Arquero & John Craig

With APAR OA65205, ICSF is providing support for IBM Enterprise PKCS #11 (EP11) Crypto Express7 and 8 coprocessors to be configured to operate in compliance modes based on the Federal Information Processing Standard (FIPS) 140-2 requirements for 2021 and 2024 as outlined in NIST SP 800-131A REV. 2. This support is available on ICSF FMIDs HCR77D1 - HCR77E0.

A coexistence APAR, OA65206, is available on ICSF FMIDs HCR77C0 - HCR77E0. This APAR prevents downlevel systems from attempting to process unsupported objects created by uplevel systems when exploiting the new IBM Enterprise PKCS #11 coprocessor compliance modes.

What is FIPS

The Federal Information Processing Standard (FIPS) is a collection of requirements designed by the National Institute for Standards & Technology, which are intended to guarantee a standard of safety and security for the processing of digital information. Products which have been evaluated to meet the requirements of FIPS receive an official certification from NIST. 

Different certifications may be given out depending upon the type of product being evaluated (hardware, software, firmware, etc.), the strength of the requirements being met (Level 3 certificates, for example, having stricter requirements than Level 2) and the version of FIPS in question (140-2 or 140-3).

FIPS 140-2 2021 vs 2024 restrictions

When the EP11 coprocessor is operating in FIPS 140-2 2021 compliance mode, the following restrictions are in effect:

• RSA:

• PKCS#1 v1.5 (pre-PSS) padding disabled for both signature generation and message
  encryption

• pre-PSS and PSS: SHA-1 is disabled for signature generation

• OAEP: SHA-1 message encryption is disabled

• EC: SHA-1 is disabled for KDF usage and signature generation

• TDES: key generation and message encryption is disabled

• DSA: SHA-1 is disabled for signature generation

• CMAC: generating MACs with TDES is disabled

• HMAC: generating MACs with SHA-1 is disabled

• Hash based key derivation: SHA-1 is disabled

• Quantum-safe key algorithms are disabled

• Use of blobs without sessions is disallowed

• BTC including blockchain, altcoins, and digital assets are disallowed

When the EP11 coprocessor is operating in FIPS 140-2 2024 compliance mode, the following restrictions are in effect (In addition to the restrictions of FIPS 2021):

• RSA: PKCS#1 v1.5 (pre-PSS/pre-OAEP): Verify and decrypt operations are disabled

• SHA-1: all usage is disabled

• TDES: all usage is disabled

Considerations when entering FIPS mode

One of the primary requirements for both FIPS 140-2 2021 and FIPS 140-2 2024 compliance modes are that secure (encrypted) objects utilized by EP11 coprocessor in these modes must be “session-bound”. Objects that are session-bound are bound to a user session and cannot be used outside of ICSF. Additionally, existing secure objects cannot be converted to become session-bound, nor can session-bound secure objects be convert to be non-session bound. Only Crypto Express 7 and 8 coprocessors support session bound objects.

When one or more EP11 coprocessors are changed into a FIPS 140-2 2021 or 2024 compliance mode, all existing secure objects may no longer be used, as none which currently exist will be session-bound. All new secure objects created from this point onwards will be session-bound. Because EP11 coprocessors older than Crypto Express 7 do not support session-bound objects, these coprocessors will not be used when one or more other EP11 coprocessors have been configured for FIPS 140-2 compliance.