| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 8/19/2026 |
| Caveat | Interim Validation, No assurance of the minimum strength of generated keys |
| Vendor | Ericsson Enterprise Wireless Solutions, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A2584 |
| AES-CTR | A2584 |
| AES-ECB | A2584 |
| Counter DRBG | A2584 |
| DSA KeyGen (FIPS186-4) | A2584 |
| DSA PQGGen (FIPS186-4) | A2584 |
| DSA PQGVer (FIPS186-4) | A2584 |
| DSA SigGen (FIPS186-4) | A2584 |
| DSA SigVer (FIPS186-4) | A2584 |
| ECDSA KeyGen (FIPS186-4) | A2584 |
| ECDSA KeyVer (FIPS186-4) | A2584 |
| ECDSA SigGen (FIPS186-4) | A2584 |
| ECDSA SigVer (FIPS186-4) | A2584 |
| HMAC-SHA-1 | A2584 |
| HMAC-SHA2-224 | A2584 |
| HMAC-SHA2-256 | A2584 |
| HMAC-SHA2-384 | A2584 |
| HMAC-SHA2-512 | A2584 |
| KAS-ECC-SSC Sp800-56Ar3 | A2584 |
| KAS-FFC-SSC Sp800-56Ar3 | A2584 |
| PBKDF | A2584 |
| RSA KeyGen (FIPS186-4) | A2584 |
| RSA SigGen (FIPS186-4) | A2584 |
| RSA SigVer (FIPS186-4) | A2584 |
| Safe Primes Key Generation | A2584 |
| SHA-1 | A2584 |
| SHA2-224 | A2584 |
| SHA2-256 | A2584 |
| SHA2-384 | A2584 |
| SHA2-512 | A2584 |
| TDES-CBC | A2584 |
| TDES-ECB | A2584 |
| TLS v1.2 KDF RFC7627 | A2584 |
flowchart LR
%% Deterministic review-risk graph for Cradlepoint Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C3,C5,C6 clue;
class I3,I5,I6 infer;
class R3,R5,R6 risk;
class E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Cradlepoint Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C3,C5,C6 clueLow;Ericsson Enterprise Wireless Solutions, Inc. Ericsson Cradlepoint Cryptographic Module Software Version: 1.0 FIPS Security Level: 1 Document Version: 0.6 Prepared for: Prepared by: Ericsson Enterprise Wireless Corsec Security, Inc. Solutions, Inc.
Boise, ID 83702-5389 Fairfax, VA 22033 United States United States of America Phone: +1 855 813 3385 Phone: +1 703 267 6050 www.cradlepoint.com www.corsec.com
Abstract This is a non-proprietary Cryptographic Module Security Policy for the Ericsson Cradlepoint Cryptographic Module (version: 1.0) from Ericsson Enterprise Wireless Solutions, Inc. (Ericsson). This Security Policy describes how the Ericsson Cradlepoint Cryptographic Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in its Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Ericsson Cradlepoint Cryptographic Module is referred to in this document as Cradlepoint Cryptographic Module or the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1 – Security Level per FIPS 140-3 Section | 5 |
| Table 2 – Tested Operational Environments | 6 |
| Table 3 – Vendor-Affirmed Operational Environments | 6 |
| Table 4 – Approved Algorithm Validation Certificates | 7 |
| Table 5 – Non-Approved Algorithms Allowed in the Approved Mode of Operation | 10 |
| Table 6 – Ports and Interfaces | 13 |
| Table 7 – Roles, Service Commands, Input and Output | 14 |
| Table 8 – Approved Services | 15 |
| Table 9 – Keys | 21 |
| Table 10 – Other SSPs | 22 |
| Table 11 – Acronyms and Abbreviations | 30 |
| Figure 1 – GPC Block Diagram | 11 |
| Figure 2 – Module Block Diagram (with Cryptographic Boundary) | 12 |
The module has an overall security level of 1.
Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
2. Cryptographic Module Specification The Ericsson Cradlepoint Cryptographic Module (version 1.0) is a software module with a multi-chip standalone embodiment. The module is designed to operate within a modifiable operational environment.
The module was tested and found to be compliant with FIPS 140-3 requirements on the environment listed in Table 2. Table 2
1 NetCloud OS 7 Cradlepoint E3000 ARM Cortex-A (ARMv8-A) With
2 NetCloud OS 7 Cradlepoint E3000 ARM Cortex-A (ARMv8-A) Without
Each test environment includes a Qualcomm 802.11ax SoC 4 with four ARM Cortex-A processing cores. These processing cores support the ARMv8 Cryptography Extensions. The Cryptography Extensions include A64, A32, and T32 instructions for accelerating AES and SHA implementations. The module is designed to utilize the extended instruction sets when available. The vendor affirms the module’s continued validation compliance when operating on the environments listed in Table 3. Table 3
The cryptographic module maintains validation compliance when operating on any general-purpose computer (GPC) provided that the GPC uses any single-user operating system/mode specified on the validation certificate,
Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
or another compatible single-user operating system. The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when ported to an operational environment not listed on the validation certificate. The sections below describe the module boundary, modes of operation, and algorithm implementations.
Validation certificates for each Approved security function are listed in Table 4 below. Table 4
5 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.
No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.
14 No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.
Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / Function Certificate5 Standard Key Strengths - P-224, P-256, P-384 Public key verification (SHA2-256, SHA2-384, SHA2-512) - P-224, P-256, P-384 Digital signature generation (SHA2-256, SHA2-384, SHA2-512) - P-224, P-256, P-384 (SHA- Digital signature verification 1, SHA2-224, SHA2-256, SHA2-384, SHA2-512) A2584 HMAC SHA-1, SHA2-224, SHA2- 112 (minimum) Message authentication FIPS PUB 198-1 256, SHA2-384, SHA2-512 A2584 KAS18 KAS-ECC-SSC with TLS 1.2 P-224, P-256, P-384 Key agreement19 NIST SP 800-56Arev3 KDF RFC7627 NIST SP 800-135rev1 SSP establishment methodology RFC 7627 provides between 112 and 256 bits of encryption strength. KAS-FFC-SSC with TLS 1.2 FB, FC, MODP-2048, Key agreement20 KDF RFC7627 MODP-3072, MODP-4096 SSP establishment methodology provides 112 bits of encryption strength. A2584 KAS-ECC-SSC21 EphemeralUnified P-224, P-256, P-384 Shared secret computation NIST SP 800-56Arev3 A2584 KAS-FFC-SSC22 dhEphem FB, FC, MODP-2048, Shared secret computation NIST SP 800-56Arev3 MODP-3072, MODP-4096 A2584 KTS23 AES with HMAC 128, 192, 256 Key wrap/unwrap FIPS PUB 197 (encryption//decryption with FIPS PUB 198-1 message authentication) 24 SSP establishment methodology provides 112 bits of encryption strength. A2584 KTS Triple-DES25 with HMAC 168 (KO1) Key unwrap (decryption with NIST SP 800-67rev2 message authentication) 26 FIPS PUB 198-1 SSP establishment methodology provides 168 bits of encryption strength. A2584 PBKDF227 Section 5.4, option 1a SHA-1, SHA2-224, SHA2- Password-based key derivation NIST SP 800-132 256, SHA2-384, SHA2-512
19 Key agreement method complies with FIPS 140-3 Implementation Guidance D.F, scenario 2(1).
20 Key agreement method complies with FIPS 140-3 Implementation Guidance D.F, scenario 2(1).
21 KAS-ECC-SSC
22 KAS-FFC-SSC
KTS
24 Per FIPS 140-3 Implementation Guidance D.G, AES in any Approved mode with HMAC is an Approved key transport technique.
26 Per FIPS 140-3 Implementation Guidance D.G, Triple DES in any Approved mode with HMAC is an Approved key transport technique.
Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / Function Certificate5 Standard Key Strengths A2584 RSA28 Key generation mode: 2048, 3072, 4096 Key pair generation FIPS PUB 186-4 B.3.3 ANSI X9.31 2048, 3072, 4096 (SHA2- Digital signature generation 256, SHA2-384, SHA2-512) 1024, 2048, 3072, 4096 Digital signature verification (SHA-1, SHA2-256, SHA2384, SHA2-512) PKCS#1 v1.5 2048, 3072, 4096 (SHA2- Digital signature generation 224, SHA2-256, SHA2-384, SHA2-512) 1024, 2048, 3072, 4096 Digital signature verification (SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2-512) PSS29 2048, 3072, 4096 (SHA2- Digital signature generation 224, SHA2-256, SHA2-384, SHA2-512) 1024, 2048, 3072, 4096 Digital signature verification (SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2-512) A2584 Safe Primes - MODP-2048, MODP-3072, Key generation NIST SP 800-56Arev3, MODP-4096 Appendix D A2584 SHS30 SHA-1, SHA2-224, SHA2- - Message digest FIPS PUB 180-4 256, SHA2-384, SHA2-512 A2584 Triple-DES CBC, ECB 168 (KO1) Encryption/decryption NIST SP 800-67rev2 NIST SP 800-38A The encrypt function is used only to support self-testing. During operation, it is not available in the Approved mode. The vendor affirms the following cryptographic security methods:
Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
Table 5
Triple-DES (Cert. A2584) SSP establishment methodology provides between Key unwrapping (using any approved
The module does not implement any non-Approved algorithms allowed in the Approved mode of operation for which no security is claimed. The module does not implement any non-Approved algorithms not allowed in the Approved mode of operation.
As a software cryptographic module, the module has no physical components. Therefore, the physical perimeter of the cryptographic module is defined by each host device on which the module is installed. Figure 1 below illustrates a block diagram of a typical general-purpose computer (GPC) and the module’s physical perimeter. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
Hardware Network DVD RAM Management Interface HDD Clock SCSI/SATA Generator Controller LEDs/LCD CPU Serial I/O Hub Audio Cache PCI/PCIe Slots USB BIOS Power Graphics PCI/PCIe Interface Controller Slots External Power Supply KEY: BIOS
Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
libssl libssl.hmac Calling Application KEY: libcrypto libcrypto.hmac Cryptographic Boundary Physical Perimeter Operating System Data Input Data Output Control Input Control Output Status Output CPU Memory Storage Ports System Calls Host Device Figure 2
The module only implements one mode of operation, the Approved mode, in which the Approved and allowed cryptographic functions are available. The module transitions to the Approved mode of operation automatically after the module completes its pre-operational self-tests. No configuration is necessary for the module to operate and remain in the Approved mode. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
4. Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods.
The module supports a Crypto Officer that authorized operators can assume. The CO role performs cryptographic initialization or management functions and general security services. The module also supports the following role(s):
Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
Role Service Input Output User Perform key wrap API call parameters, wrapping Status, encrypted key key, plaintext key User Perform key unwrap API call parameters, wrapping Status, decrypted key key, wrapped key User Compute shared secret API call parameters Status, shared secret User Derive TLS keys API call parameters, TLS pre- Status, TLS keys master secret User Derive key via PBKDF2 API call parameters, password Status, key
The module does not support authentication methods; operators implicitly assume an authorized role based on the service selected.
Descriptions of the Approved services available to the authorized roles are provided in Table 8 below. The module is an integrated component of Ericsson’s NetCloud OS and offers crypto functions to applications installed on the Cradlepoint devices. While the module includes implementations of non-Approved security functions that can be called by other Ericsson modules, all such invocations will return failure codes to the caller. This effectively limits the service offerings to Approved services only. As allowed for this scenario per section C.H of FIPS 140-3 Implementation Guidance, the module provides indicators for the use of Approved services through a combination of an explicit indication (via a global FIPS mode indicator) and an implicit indication (via the API return value of the service). The keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:
Service Description Approved Security Keys and/or SSPs Roles Access Rights to Keys and/or Indicator Function(s) SSPs Show versioning Return module None None CO N/A N/A information versioning information Perform Encrypt plaintext AES (Cert. A2584) AES key User AES key
5. Software/Firmware Security All software components within the cryptographic boundary are verified using an Approved integrity technique implemented within the cryptographic module itself. The module implements an HMAC SHA2-256 for the integrity test of each library file; failure of the integrity check for either library file will cause the module to enter a critical error state. The module’s integrity check is performed automatically at module instantiation (i.e., when the module is loaded into memory for execution) without action from the module operator. The CO can initiate the pre-operational tests and conditional CASTs on demand by re-instantiating the module or issuing the FIPS_selftest() API command. The Ericsson Cradlepoint Cryptographic Module is not delivered to end-users as a standalone offering. Rather, it is a pre-built integrated component of Ericsson’s solutions. Ericsson does not provide end-users with any mechanisms to directly access the module, its source code, its APIs, or any information sent to/from the module. Thus, end-users have no ability to independently load the module onto target platforms. No configuration steps are required to be performed by end-users, and no end-user action is required to initialize the module for operation. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
6. Operational Environment The Ericsson Cradlepoint Cryptographic Module comprises a software cryptographic library that executes in a modifiable operational environment. The cryptographic module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environment provides the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators. Please refer to section 2.1 of this document for a list/description of the applicable operational environments. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
7. Physical Security The cryptographic module is software module and does not include physical security mechanisms. Therefore, per ISO/IEC 19790:2021 section 7.7.1, requirements for physical security are not applicable. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
8. Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques referenced in ISO/IEC 19790:2021 Annex F. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
9. Sensitive Security Parameter Management
The module supports the keys and other SSPs listed Table 9 and Table 10 below. Table 9
Key/SSP Strength Security Function Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type and Cert. Number Keys RSA private key Between 80 RSA Generated Imported in - Not persistently Unload module; Digital (CSP) and 150 bits (Cert. A2584) internally via plaintext via API stored by the Remove power signature approved DRBG parameter module generation Exported in plaintext via API parameter RSA public key Between 80 RSA Generated Imported in - Not persistently Unload module; Digital (PSP) and 150 bits (Cert. A2584) internally via plaintext via API stored by the Remove power signature approved DRBG parameter module verification Exported in plaintext via API parameter DH private 112 bits KAS-FFC-SSC Generated Imported in - Not persistently Unload module; DH shared component (Cert. A2584) internally via plaintext via API stored by the Remove power secret (CSP) approved DRBG parameter module computation Exported in plaintext via API parameter DH public 112 bits KAS-FFC-SSC Generated Imported in - Not persistently Unload module; DH shared component (Cert. A2584) internally via plaintext via API stored by the Remove power secret (PSP) approved DRBG parameter module computation Exported in plaintext via API parameter ECDH private Between 112 KAS-ECC-SSC Generated Imported in - Not persistently Unload module; ECDH shared component and 256 bits (Cert. A2584) internally via plaintext via API stored by the Remove power secret (CSP) approved DRBG parameter module computation Exported in plaintext via API parameter ECDH public Between 112 KAS-ECC-SSC Generated Imported in - Not persistently Unload module; ECDH shared component and 256 bits (Cert. A2584) internally via plaintext via API stored by the Remove power secret (PSP) approved DRBG parameter module computation Exported in plaintext via API parameter Table 10
Key/SSP Strength Security Function and Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type Cert. Number Keys TLS master - KDF (TLS) - Never imported Derived internally Not persistently Unload module; Derivation of secret (Cert. A2584) using the TLS pre- stored by the Remove power the AES/AES(CSP) Never exported master secret via module GCM key and TLS KDF HMAC key used for securing TLS connections DRBG entropy - DRBG - Imported in - Not persistently Unload module; Entropy input (Cert. A2584) plaintext via API stored by the Remove power material for (CSP) parameter 33; module DRBG Never exported DRBG seed - DRBG Generated Never imported - Not persistently Unload module; Seeding (CSP) (Cert. A2584) internally using stored by the Remove power material for nonce along Never exported module DRBG with DRBG entropy input DRBG ‘V’ value - DRBG Generated Never imported - Not persistently Unload module; State value for (CSP) (Cert. A2584) internally stored by the Remove power DRBG Never exported module DRBG ‘Key’ - DRBG Generated Never imported - Not persistently Unload module; State value for value (Cert. A2584) internally stored by the Remove power DRBG (CSP) Never exported module
The module implements the following Approved DRBG:
There is no mechanism within the module’s cryptographic boundary for the persistent storage of SSPs. The module stores DRBG state values for the lifetime of the DRBG instance. The module uses SSPs passed in on the stack by the calling application and does not store these SSPs beyond the lifetime of the API call. 33The module relies on entropy input received from the calling application, which is outside of the cryptographic boundary. Thus, there is no assurance of the minimum strength of generated keys. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
As a software cryptographic module, there is no mechanism within the module boundary for the persistent storage of keys and CSPs. Maintenance, including protection and zeroization, of any keys and CSPs that exist outside the module’s cryptographic boundary are the responsibility of the end-user. For the zeroization of keys in volatile memory, module operators can unload the module from memory or reboot/power-cycle the host device.
The cryptographic module’s entropy scheme follows the scenario given in FIPS 140-3 Implementation Guidance 9.3.A, section 2(b). The module invokes a GET command to obtain entropy for random number generation (the module requests 256 bits of entropy from the calling application per request), and then passively receives entropy from the calling application while having no knowledge of the entropy source and exercising no control over the amount or the quality of the obtained entropy. The calling application and its entropy sources are located within the physical perimeter of the module’s operational environment but outside its cryptographic boundary. Thus, there is no assurance of the minimum strength of the generated SSPs. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions.
The module performs the following pre-operational self-test(s):
The module performs the following conditional self-tests:
Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
To ensure all CASTs are performed prior to the first operational use of the associated algorithm, all CASTs are performed during the module’s initial power-up sequence. The SHA and HMAC KATs are performed prior to the pre-operational software integrity test; all other CASTs are executed after the successful completion of the software integrity test.
The module reaches the critical error state when any self-test fails. Upon test failure, the module immediately terminates the calling application’s API call with a returned error code and sets an internal flag, signaling the error condition. For any subsequent request made by the calling application for cryptographic services, the module will return a failure indicator, thereby disabling all access to its cryptographic functions, sensitive security parameters (SSPs), and data output services while the error condition persists. To recover, the module must be re-instantiated by the calling application. If the pre-operational self-tests complete successfully, then the module can resume normal operations. If the module continues to experience self-test failures after reinitializing, then the module will not be able to resume normal operations, and the CO should contact Ericsson Enterprise Wireless Solutions, Inc. for assistance. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:
The module is distributed as a package containing the binaries and HMAC digest files that the Crypto Officer is to install onto a target platform specified in section 6 or one where portability is maintained.
This module is designed to support vendor applications, and these applications are the sole consumers of the cryptographic services provided by the module. No end-user action is required to initialize the module for operation; the calling application performs any actions required to initialize the module. The pre-operational integrity test and cryptographic algorithm self-tests are performed automatically via a DEP when the module is loaded for execution, without any specific action from the calling application or the end-user. End-users have no means to short-circuit or bypass these actions. Failure of any of the initialization actions will result in a failure of the module to load for execution.
No startup steps are required to be performed by end-users.
There are no specific management activities required of the CO role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Ericsson Customer Support should be contacted. The following list provides additional guidance for the CO:
The following list provides additional policies for non-administrators:
12. Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
Appendix A. Acronyms and Abbreviations Table 11 provides definitions for the acronyms and abbreviations used in this document. Table 11
Term Definition GMAC Galois Message Authentication Code GPC General-Purpose Computer HMAC (keyed-) Hash Message Authentication Code KAS Key Agreement Scheme KAT Known Answer Test KTS Key Transport Scheme KW Key Wrap KWP Key Wrap with Padding MD Message Digest NIST National Institute of Standards and Technology OCB Offset Codebook OFB Output Feedback OS Operating System PBKDF Password-Based Key Derivation Function PCT Pairwise Consistency Test PKCS Public Key Cryptography Standard PSS Probabilistic Signature Scheme PUB Publication RC Rivest Cipher RNG Random Number Generator RSA Rivest Shamir Adleman SHAKE Secure Hash Algorithm KECCAK SHA Secure Hash Algorithm SHS Secure Hash Standard SP Special Publication SSC Shared Secret Computation TDES Triple Data Encryption Standard TLS Transport Layer Security XEX XOR Encrypt XOR XTS XEX-Based Tweaked-Codebook Mode with Ciphertext Stealing Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
Prepared by: Corsec Security, Inc.
Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com Web: www.corsec.com