| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 9/5/2029 |
| Caveat | Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys) |
| Vendor | Arista Networks, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A3592 |
| AES-CCM | A3592 |
| AES-CFB1 | A3592 |
| AES-CFB128 | A3592 |
| AES-CFB8 | A3592 |
| AES-CMAC | A3592 |
| AES-CTR | A3592 |
| AES-ECB | A3592 |
| AES-GCM | A3592 |
| AES-XTS Testing Revision 2.0 | A3592 |
| Counter DRBG | A3592 |
| ECDSA KeyGen (FIPS186-4) | A3592 |
| ECDSA KeyVer (FIPS186-4) | A3592 |
| ECDSA SigGen (FIPS186-4) | A3592 |
| ECDSA SigVer (FIPS186-4) | A3592 |
| Hash DRBG | A3592 |
| HMAC DRBG | A3592 |
| HMAC-SHA-1 | A3592 |
| HMAC-SHA2-224 | A3592 |
| HMAC-SHA2-256 | A3592 |
| HMAC-SHA2-384 | A3592 |
| HMAC-SHA2-512 | A3592 |
| KAS-ECC-SSC Sp800-56Ar3 | A3592 |
| KAS-FFC-SSC Sp800-56Ar3 | A3592 |
| KDF IKEv1 | A3592 |
| KDF IKEv2 | A3592 |
| KDF SP800-108 | A3592 |
| KDF SSH | A3592 |
| KDF TLS | A3592 |
| KTS-IFC | A3592 |
| RSA KeyGen (FIPS186-4) | A3592 |
| RSA SigGen (FIPS186-4) | A3592 |
| RSA SigVer (FIPS186-4) | A3592 |
| SHA-1 | A3592 |
| SHA2-224 | A3592 |
| SHA2-256 | A3592 |
| SHA2-384 | A3592 |
| SHA2-512 | A3592 |
| TLS v1.2 KDF RFC7627 | A3592 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 4 |
| Cryptographic Module Interfaces | 1 |
| Self-Tests | 2 |
flowchart LR
%% Deterministic review-risk graph for Arista Crypto Module v3.0 [Software, Software IPsec]
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery<br/>upgrade</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>On-Demand self-test<br/>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Arista Crypto Module v3.0 [Software, Software IPsec]
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery<br/>upgrade</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>On-Demand self-test<br/>Show Status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Arista Networks Inc. Arista Crypto Module v3.0 [Software, Software IPsec] Version: 3.0 Non-Proprietary FIPS 140-3 Security Policy Document Version: v1.4 Date: July 6, 2024 Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table of Contents
10. Self‐tests Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec]
Document Version 1.4 Arista Networks Inc. Public Material
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 2 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | N/A |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | N/A |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec]
This document is the non-proprietary FIPS 140-3 Security Policy for version 3.0 of the Arista Networks Inc. Arista Crypto Module v3.0 [Software, Software IPsec]. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module.
Purpose and Use: The Arista Crypto Module v3.0 [Software, Software IPsec] (hereafter referred to as “the module”) is a Software Multichip standalone cryptographic module. The module provides cryptographic services to applications running in the user space of the underlying operating system through a C language Application Program Interface (API). Document Version 1.4 Arista Networks Inc. Public Material
| Type | Versions | ||
|---|---|---|---|
| Software | Name: Arista Crypto Module v3.0 [Software, Software IPsec] Version: 3.0 |
Module Embodiment: Multi-chip Standalone Module Characteristics: None Cryptographic Boundary: The block diagram in Figure 1 shows the cryptographic boundary of the module, its interfaces with the operational environment and the flow of information between the module and operator (depicted through the arrows) Figure 1
Table A
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # | |
|---|---|---|---|---|---|---|
| 1 | CloudEOS version 4.29 running on QEMU version 2.0.0 running on Linux 3.10.0-1160.el7.x86_64 | Supermicro SYS- 1029U-TR-CTO | Intel Xeon Gold 6240R | Yes | 1 | |
| 2 | CloudEOS version 4.29 running on QEMU version 2.0.0 running on Linux 3.10.0-1160.el7.x86_64 | Supermicro SYS- 1029U-TR-CTO | Intel Xeon Gold 6240R | No | 2 | |
| 1 | CloudEOS | Any general-purpose computer (GPC) | 1 | |||
| 2 | Any compatible OS | Any general-purpose computer (GPC) | 2 |
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # | |
|---|---|---|---|---|---|---|
| 1 | CloudEOS version 4.29 running on QEMU version 2.0.0 running on Linux 3.10.0-1160.el7.x86_64 | Supermicro SYS- 1029U-TR-CTO | Intel Xeon Gold 6240R | Yes | 1 | |
| 2 | CloudEOS version 4.29 running on QEMU version 2.0.0 running on Linux 3.10.0-1160.el7.x86_64 | Supermicro SYS- 1029U-TR-CTO | Intel Xeon Gold 6240R | No | 2 | |
| 1 | CloudEOS | Any general-purpose computer (GPC) | 1 | |||
| 2 | Any compatible OS | Any general-purpose computer (GPC) | 2 |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] The module does not contain any hardware or firmware.
The module operates in a modifiable operational environment. The module runs on a commercially available virtual machine, based on a general-purpose operating system. The module executes on the hardware specified in Section 2. The module does not support concurrent operators. Software, Firmware, Hybrid Testing Operating Environments: The module has been tested on the platforms indicated in the following table, with the corresponding module variants and configuration options with and without PAA. # Table 2
| Name | Description | Approved Functions | Approved Mode Yes |
|---|---|---|---|
| Non-Approved Mode | Selected by default in CloudEOS | The status indicator is a return value 0 from the FIPS_mode() function. | No |
| Name | CAVP Cert | Key Size |
|---|---|---|
| and Standard | Cert | Key Strength(s) |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Per the FIPS 140-3 Cryptographic Module Validation Program Management Manual, Section 7.9, Arista affirms that the module remains compliant with the FIPS 140-3 validation when operating on any general-purpose computer (GPC) provided that the GPC uses the specified operating system/mode specified on the validation certificate, or another compatible operating system (including Linux distros such as CentOS 6.x,7.x,8.x). The CMVP allows vendor porting and re-compilation of a validated cryptographic module from the operational environment specified on the validation certificate to an operational environment which was not included as part of the validation testing as long as the porting rules are followed. Note: The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.
There are no excluded components for the module.
Modes List and Description: Table B - Modes of Operation When the module starts up successfully, after passing all the pre-operational self-tests, the module is set to use Approved Mode by calling FIPS_mode_set with an argument of 1. Section
Mode change instructions and status indicators: To change to Approved mode, call FIPS_mode_set(1). To validate that the Approved Mode is active, call FIPS_mode() and verify the return value is equal to “1”.
The table below lists the approved security functions (or cryptographic algorithms) of the module, including specific key lengths employed for approved services, and implemented modes or methods of operation of the algorithms. Document Version 1.4 Arista Networks Inc. Public Material
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Description / Key Size(s) / Key Strength(s) |
|---|---|---|---|---|---|
| AES-CBC | A3592 | AES | 128, 192, 256 | Encrypt, Decrypt | |
| AES-CCM | A3592 | AES | 128, 192, 256 | Encrypt, Decrypt | |
| AES-CFB1 | A3592 | AES | 128, 192, 256 | Encrypt, Decrypt | |
| AES-CFB128 | A3592 | AES | 128, 192, 256 | Encrypt, Decrypt | |
| AES-CFB8 | A3592 | AES | 128, 192, 256 | Encrypt, Decrypt | |
| AES-CMAC | A3592 | AES | 128, 192, 256 | Message Authentication | 128, 192, 256 |
| AES-CTR | A3592 | AES | 128, 192, 256 | Encrypt, Decrypt | |
| AES-ECB | A3592 | AES | 128, 192, 256 | Encrypt, Decrypt | |
| AES-GCM | A3592 | AES | 128, 192, 256 | Authenticated Encrypt, Authenticated Decrypt, Message Authentication | |
| AES-XTS Testing Revision 2.0 | A3592 | AES | 128, 256 | Confidentiality on storage devices only [XTS-AES is compliant to IG C.I by checking for Key_1 ≠ Key_2.] | |
| Counter DRBG | A3592 | Counter DRBG | 128, 192, 256 | Deterministic Random Bit Generation [Module defaults to Counter DRBG with 256- bit security strength] | |
| ECDSA KeyGen (FIPS186-4) | A3592 | Secret Generation Mode: Testing Candidates | P-256, P-384, P-521 | KeyGen | |
| ECDSA KeyVer (FIPS186-4) | A3592 | ECDSA KeyVer | P-256, P-384, P-521 | KeyVer | |
| ECDSA SigGen (FIPS186-4) | A3592 | ECDSA SigGen | Curve: P-256, P-384, P-521; Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SigGen | |
| ECDSA SigVer (FIPS186-4) | A3592 | ECDSA SigVer | Curve: P-256, P-384, P-521; Hash Algorithm: SHA-1, SHA2- 224, SHA2-256, SHA2-384, SHA2-512 | SigVer | |
| HMAC DRBG | A3592 | HMAC DRBG | SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Deterministic Random Bit Generation | |
| HMAC-SHA-1 | A3592 | HMAC | Key: 256-2048 Increment 8; MAC: 80-160 Increment 8 | Message Authentication, password obfuscation | |
| HMAC-SHA2-224 | A3592 | HMAC | Key: 256-2048 Increment 8; MAC: 112-224 Increment 16 | Message Authentication | |
| HMAC-SHA2-256 | A3592 | HMAC | Key: 256-2048 Increment 8; MAC: 128-256 Increment 64 | Message Authentication, KDF primitive, integrity test | |
| HMAC-SHA2-384 | A3592 | HMAC | Key: 256-2048 Increment 8; MAC: 192-384 Increment 64 | Message Authentication, KDF primitive | |
| HMAC-SHA2-512 | A3592 | HMAC | Key: 256-2048 Increment 8; MAC: 256-512 Increment 64 | Message Authentication, KDF primitive | |
| Hash DRBG | A3592 | Hash DRBG | SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Deterministic Random Bit Generation | |
| KAS-ECC-SSC Sp800-56Ar3 | A3592 | KAS | ephemeralUnified: P-256, P-384, P-521 | Key Agreement [Relies on calling application to feed shared secret into KDF | |
| KAS-FFC-SSC Sp800-56Ar3 | A3592 | KAS | dhEphem: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, MODP- 2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Key Agreement [Relies on calling application to feed shared secret into KDF] | |
| CVL KDF IKEv1 | A3592 | KDF IKEv1 | Hash Algorithm: SHA-1, SHA2- 256, SHA2-384, SHA2-512 | Key Derivation for IKEv1 | |
| CVL KDF IKEv2 | A3592 | KDF IKEv2 | Hash Algorithm: SHA-1, SHA2- 256, SHA2-384, SHA2-512 | Key Derivation for IKEv2 | |
| KDF SP800-108 | A3592 | KDF SP800-108 | KDF Mode: Counter; MAC Mode: CMAC-AES128, CMAC-AES256 | Key Derivation | |
| CVL KDF SSH | A3592 | KDF SSH | Hash Algorithm: SHA-1, SHA2- 224, SHA2-256, SHA2-384, SHA2-512 | Key Derivation for SSHv2 | |
| CVL KDF TLS | A3592 | KDF TLS | TLS Version: v1.0/1.1 | Key Derivation for TLS | |
| KTS-IFC | A3592 | KTS | Modulo: 2048, 3072, 4096; KTS- OAEP-basic | Key Transport | |
| RSA KeyGen (FIPS186-4) | A3592 | RSA KeyGen | Key Generation Mode: B.3.3; Modulo: 2048, 3072, 4096 | KeyGen | |
| RSA SigGen (FIPS186-4) | A3592 | RSA SigGen | Modulo 2048, 3072, 4096; ANSI X9.31 (SHA2-256, SHA2-384, SHA2-512), PKCS 1.5 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512), PKCSPSS (SHA2- 224, SHA2-256, SHA2-384, SHA2-512) | SigGen | |
| RSA SigVer (FIPS186-4) | A3592 | RSA SigVer | Modulo 1024, 2048, 3072, 4096; ANSI X9.31 (SHA-1 SHA2-256, SHA2-384, SHA2-512), PKCS 1.5 (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512), PKCSPSS (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- 512) | SigVer | |
| SHA-1 | A3592 | SHS | Message Length: 0-65536 Increment 8 | Message Digest Generation | |
| SHA2-224 | A3592 | SHS | Message Length: 0-65536 Increment 8 | Message Digest Generation | |
| SHA2-256 | A3592 | SHS | Message Length: 0-65536 Increment 8 | Message Digest Generation | |
| SHA2-384 | A3592 | SHS | Message Length: 0-65536 Increment 8 | Message Digest Generation | |
| SHA2-512 | A3592 | SHS | Message Length: 0-65536 Increment 8 | Message Digest Generation | |
| CVL TLS v1.2 KDF RFC7627 | A3592 | TLS v1.2 KDF RFC7627 | Hash Algorithm: SHA2-256, SHA2-384, SHA2-512 | Key Derivation for TLS | |
| CKG [IG D.H] | Cryptographic key generation per SP 800-133rev2 and IG D.I * Generation of asymmetric keys for signature generation per [133] section 5.1. * Generation of asymmetric keys for key establishment per [133] section 5.2. * Symmetric key derivation for industry standard protocols from a key agreement shared secret per [133] section 6.2.1. * Symmetric key derivation from existing key per [133] section 6.2.2. |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Document Version 1.4 Arista Networks Inc. Public Material
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| SHA2-256 | A3592 | SHS | Message Length: 0-65536 Increment 8 | Message Digest Generation |
| SHA2-384 | A3592 | SHS | Message Length: 0-65536 Increment 8 | Message Digest Generation |
| SHA2-512 | A3592 | SHS | Message Length: 0-65536 Increment 8 | Message Digest Generation |
| CVL TLS v1.2 KDF RFC7627 | A3592 | TLS v1.2 KDF RFC7627 | Hash Algorithm: SHA2-256, SHA2-384, SHA2-512 | Key Derivation for TLS |
| CKG [IG D.H] | Cryptographic key generation per SP 800-133rev2 and IG D.I * Generation of asymmetric keys for signature generation per [133] section 5.1. * Generation of asymmetric keys for key establishment per [133] section 5.2. * Symmetric key derivation for industry standard protocols from a key agreement shared secret per [133] section 6.2.1. * Symmetric key derivation from existing key per [133] section 6.2.2. |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table 5 - Approved Algorithms Note: IG D.R states for modules submitted after May 16, 2023 it is non-approved to use of SHA2-224 or SHA2-384 within Hash DRBG or HMAC DRBG. Vendor Affirmed Approved Algorithms The table below lists the vendor affirmed algorithms that are allowed in the approved mode of operation. Table 6
| Name | Description | Approved Functions | Type | Properties | |
|---|---|---|---|---|---|
| KAS- ECC | SP 800-56Arev3. KAS_ECC_SSC per IG D.F Scenario 2, path (2). No key confirmation, key derivation per IG 2.4.B. SP 800-135. KDFs (TLS 1.0/1.1, 1.2, SSHv2, IKE v1, IKE v2) | KAS-ECC-SSC | KAS | P-256, P-384, P-521 curves providing 128, 192, or 256 bits of encryption strength | KAS-ECC-SSC Sp800-56Ar3/A3592 KDF IKEv1/A3592 KDF IKEv2/A3592 KDF SSH/A3592 KDF TLS/A3592 TLS v1.2 KDF RFC7627/A3592 |
| KAS- FFC | SP 800-56Arev3. KAS_FFC_SSC per IG D.F Scenario 2, path (2). No key confirmation, key derivation per IG 2.4.B. SP 800-135. KDFs (TLS 1.0/1.1, 1.2, SSHv2, IKE v1, IKE v2) | KAS-FFC-SSC | KAS | 2048, 3072, 4096, 6144, and 8192-bit moduli providing 112, 128, 152, 176, or 200 bits of encryption strength | KAS-FFC-SSC Sp800-56Ar3/A3592 KDF IKEv1/A3592 KDF IKEv2/A3592 KDF SSH/A3592 KDF TLS/A3592 TLS v1.2 KDF RFC7627/A3592 |
| KTS-IFC | SP 800-56Brev2. KTS-IFC (key encapsulation and un-encapsulation) per IG D.G. | KTS-IFC KTS-OAEP- | KTS | 2048, 3072, and 4096-bit moduli providing 112, 128, or 152 bits of encryption strength | KTS-IFC KTS-OAEP- basic/A3592 |
| TLS- KTS | SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G, Additional Comment 8. | AES-GCM/A3592 | KTS | 128 and 256-bit keys providing 128 or 256 bits of encryption strength | AES-GCM/A3592 AES-CCM/A3592 AES-CBC/A3592 HMAC/A3592 |
| SSHv2- KTS | SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G, Additional Comment 8. | AES-GCM/A3592 | KTS | 128, 192, 256-bit keys providing 128, 192, or 256 bits of encryption strength | AES-GCM/A3592 AES-CBC/A3592 AES-CTR/A3492 HMAC/A3592 |
| IPsec- KTS | SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G, Additional Comment 8. | AES-GCM/A3592 | KTS | 128, 192, 256-bit keys providing 128, 192, or 256 bits of encryption strength | AES-GCM/A3592 AES-CCM/A3592 AES-CBC/A3592 HMAC/A3592 |
| MD5 | Allowed per IG 2.4.A | Message digest used in TLS 1.0/1.1 KDF only |
|---|
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table 8
| Name | Use Function | Algorithm/Function | Use/Function |
|---|---|---|---|
| DSA (disallowed) | Digital Signature and Asymmetric Key Generation; PQG Gen, Key Pair Gen, Sig Gen | ||
| RSA (disallowed) | Key Encryption, Decryption using PKCS#1 v1.5 | ||
| Hash DRBG w/ SHA2-224 or SHA2- 384 (disallowed) | Random Bit Generation | ||
| HMAC DRBG w/ SHA2-224 or SHA2- 384 (disallowed) | Random Bit Generation | ||
| AES/Triple‐DES KW (non‐compliant) | Key wrapping [algorithm disabled by module in approved mode] | ||
| Blowfish | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| Camellia 128/192/256 | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| CAST5 | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| DES | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| DES‐X | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| IDEA | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| RC2 | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| RC5 | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| SEED | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| Triple-DES | Encryption and Decryption [algorithm disabled by module in approved mode] | ||
| MD4 | Message Digest [algorithm disabled by module in approved mode] | ||
| MD5 | Message Digest [algorithm disabled by module in approved mode] | ||
| RIPEMD‐160 | Message Digest [algorithm disabled by module in approved mode] | ||
| Whirlpool | Message Digest [algorithm disabled by module in approved mode] | ||
| Triple‐DES MAC | Message Digest [algorithm disabled by module in approved mode] | ||
| HMAC‐MD5 | Keyed Hash [algorithm disabled by module in approved mode] | ||
| Protocol | Protocol | Reference | |
| SSHv2 | [IG D.F and SP 800‐135] |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table 11 - Non-Approved Algorithms Not Allowed In the approved Mode of Operation
AES-GCM IV Generation The module offers three AES GCM implementations. The GCM IV generation for these implementations complies respectively with IG C.H under Scenario 1 and Scenario 2. The GCM shall only be used in the context of the AES-GCM encryption executing under each scenario, and using the referenced APIs explained next. Scenario 1, TLS 1.2 For TLS 1.2, the module offers the GCM implementation via the functions aes_gcm_tls_cipher, which calls CRYPTO_gcm128_encrypt_ctr32, and uses the context of Scenario 1 of IG C.H. The module is compliant with SP800-52rev2 and the mechanism Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] for IV generation is compliant with RFC5288. The module supports acceptable AESGCM ciphersuites from Section 3.3.1 of SP800-52rev2. The module explicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values of 264-1 for a given session key. If this exhaustion condition is observed, the module returns an error indication to the calling application, which will then need to either abort the connection, or trigger a handshake to establish a new encryption key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES-GCM key encryption or decryption under this scenario shall be established. Scenario 1, SSHv2 For SSH, the module offers the GCM implementation via the functions CRYPTO_gcm128_encrypt_ctr32, and uses the context of Scenario 1 of IG C.H. The module is compliant with RFCs 4252, 4253, and 5647. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES-GCM key encryption or decryption under this scenario shall be established. Scenario 1, IPsec-v3 For IPsec, the module offers the GCM implementation via the functions CRYPTO_gcm128_encrypt_ctr32, and uses the context of Scenario 1 of IG C.H. The module is compliant with RFCs 4106 and 5282. The module uses RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES-GCM encryption keys are derived. The module’s implementation of AES-GCM is used together with an application that runs outside the module’s cryptographic boundary. This application negotiates the protocol session’s keys and the value in the first 32 bits of the nonce. The construction of the last
The module explicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values of 264-1 for a given session key. If this exhaustion condition is observed, the module returns an error indication to the calling application, which will then need to either abort the connection, or trigger a handshake to establish a new encryption key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES-GCM key encryption or decryption under this scenario shall be established. Scenario 2, Random IV In this implementation, the module offers the interfaces RAND_bytes for compliance with Scenario 2 of IG C.H and SP800-38D Section 8.2.2. The AES-GCM IV is generated randomly internal to the module using the module's approved DRBG. The DRBG seeds itself from the entropy source. The GCM IV is 96 bits in length. Per Section 9, this 96-bit IV contains 96 bits of entropy. Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] XTS-AES Key Generation The module checks for Key_1 ≠ Key_2 before using the keys in the XTS-AES algorithm in compliance with IG C.I.
The module provides an SP800-90Arev1-compliant Deterministic Random Bit Generator (DRBG) using CTR_DRBG mechanism with AES-256 for creation of key components of asymmetric keys, and random number generation. Operators may instantiate and use the other Approved DRBGs offered by the module. The module receives entropy passively and uses 384 bits of entropy to seed the DRBG.
For generating RSA, ECDSA and EC Diffie-Hellman keys, the module implements asymmetric key generation services compliant with FIPS186-4 and using a DRBG compliant with SP80090Arev1. The random value used in asymmetric key generation is obtained from the DRBG. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per section 5.1 of SP800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG and that can support the required security strength requested by the caller (without any V, as described in Additional Comments 2 of IG D.H). The module does not provide a dedicated service for generating symmetric keys. However, symmetric keys can be derived using SP800-135rev1 for TLS KDF, IKE v1/2 KDF, and SSHv2 KDF algorithms, as well as SP800-108 counter KBKDF. This generation method maps to section
The module provides EC Diffie-Hellman and FFC Diffie-Hellman shared secret computation compliant with SP800-56Arev3, in accordance with scenario 2 (1) of IG D.F. It also provides RSA OAEP key transport as KTS-IFC compliant with SP 800-56Br2 in accordance with IG D.G. and applications may transport keys as TLS, SSHv2, or IPsec protocol payload compliant to SP 800-38F in accordance with IG D.G. Additionally, the module also supports key derivation using TLS 1.0/1.1, TLS 1.2, IKE v1, IKE v2, SSHv2 KDF compliant to SP800-135rev1 and counter KBKDF compliant to SP800-108.
The module does not implement any industry protocols. However it provides the building blocks to support the following protocols. Note: no parts of the TLS v1.0/1.1, v1.2, SSHv2, or IPsec-v3 protocols, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. Document Version 1.4 Arista Networks Inc. Public Material
| Name | Mode Method | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Protocol | Cipher | Protocol | Protocol | Key Exchange | Key Exchange | Server/ Host Auth | Server/ Host | Cipher | Integrity | Integrity |
| DTLS [IG D.G] | DTLS [IG D.G] | See TLS entry in this table. | ||||||||
| SSHv2 [IG D.F and SP 800‐135] | AES-GCM-128 AES-GCM-256 AES-CBC-128 AES-CBC-192 AES-CBC-256 AES-CTR-128 AES-CTR-192 AES-CTR-256 | SSHv2 [IG D.F and SP 800‐135] | ECDH‐SHA2‐NIST P521, ECDH‐SHA2‐NIST P384, ECDH‐SHA2‐NIST P256, DIFFIE‐HELLMAN GROUP14‐SHA1, DIFFIE‐HELLMAN GROUP14‐SHA256, DIFFIE‐HELLMAN GROUP16‐SHA512 | ECDSA P‐521, ECDSA P‐384, ECDSA P‐256, RSA | HMAC SHA-1 HMAC SHA2‐256 HMAC SHA2‐512 AES-GCM-128 AES-GCM-256 | |||||
| TLS [IG D.G and SP 800‐135] | TLS [IG D.G and SP 800‐135] | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS v1.0, v1.1, v1.2 | ||||||||
| ECDHE | AES‐GCM-128 | ECDHE | RSA | AES‐GCM-128 | ||||||
| AES-GCM-256 | AES-GCM-256 | ECDHE | RSA | |||||||
| ECDHE | AES‐GCM‐128 | ECDHE | ECDSA | AES‐GCM‐128 | ||||||
| ECDHE | AES‐GCM‐256 | ECDHE | ECDSA | AES‐GCM‐256 | ||||||
| ECDHE | AES-CCM-256 | ECDHE | ECDSA | AES-CCM-256 |
| TLS v1.0/v1.1/v1.2 | [IG D.F, IG D.G and SP 800‐135] |
|---|---|
| IPsec-v3 | [RFC 4106, 5282, 7296] |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table C- Security Relevant Protocols Used in Approved Mode Document Version 1.4 Arista Networks Inc. Public Material
| Name | Mode Method | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Key Exchange | Cipher | Protocol | Protocol | Key Exchange | Server/ Host Auth | Server/ Host | Cipher | Integrity | Integrity |
| ECDHE | AES-CCM-256 | ECDSA | AES-CCM-256 | ||||||
| ECDHE | AES-CCM-128 | ECDSA | AES-CCM-128 | ||||||
| ECDHE | AES-CCM-128 | ECDSA | AES-CCM-128 | ||||||
| ECDHE | AES-CBC-256 | ECDSA | HMAC SHA2-384 | ||||||
| ECDHE | AES-CBC-128 | ECDSA | HMAC SHA2-256 | ||||||
| ECDHE | AES-CBC-256 | ECDSA | HMAC SHA-1 | ||||||
| ECDHE | AES-CBC-128 | ECDSA | HMAC SHA-1 | ||||||
| ECDHE | AES-CBC-128 | RSA | HMAC SHA2-256 | ||||||
| ECDHE | AES-CBC-256 | RSA | HMAC SHA2-256 | ||||||
| ECDHE | AES-CBC-256 | RSA | HMAC SHA-1 | ||||||
| ECDHE | AES-CBC-128 | RSA | HMAC SHA-1 | ||||||
| Key Exchange | Cipher | Protocol | Protocol | Key Exchange | Server/ Host Auth | Server/ Host | Cipher | Integrity | Integrity |
| DHE | AES-CCM-256 | RSA | AES-CCM-256 | ||||||
| DHE | AES-CCM-256 | RSA | AES-CCM-256 | ||||||
| DHE | AES-CCM-128 | RSA | AES-CCM-128 | ||||||
| DHE | AES-CCM-128 | RSA | AES-CCM-128 | ||||||
| DHE | AES-CBC-256 | RSA | HMAC SHA2-256 | ||||||
| DHE | AES-CBC-128 | RSA | HMAC SHA2-256 | ||||||
| DHE | AES-CBC-256 | RSA | HMAC SHA-1 | ||||||
| DHE | AES-CBC-128 | RSA | HMAC SHA-1 | ||||||
| diffie-hellman MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 ec diffie-hellman secp256r1, secp384r1, secp521r1 | AES-GCM-128 AES-GCM-192 AES-GCM-256 AES-CBC-128 AES-CBC-192 AES-CBC-256 AES-CTR-128 AES-CTR-192 AES-CTR-256 AES-CCM-128 AES-CCM-192 AES-CCM-256 | IPsec-v3 | AES-GCM-128 AES-GCM-192 AES-GCM-256 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 AES-CCM-128 AES-CCM-192 AES-CCM-256 |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table D - Security Relevant Protocols Used in Approved Mode Document Version 1.4 Arista Networks Inc. Public Material
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API input parameters for data |
| N/A | N/A | Data Output | API output parameters for data |
| N/A | N/A | Control Input | API function calls |
| N/A | N/A | Status Output | API return codes, error messages, logging messages |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec]
The module initializes upon power-on. After the pre-operational self-tests (POST) are successfully concluded, the module automatically transitions to the operational state. In this state, the module awaits service requests from the operator. The operator must then manually set the module to approved mode, via the interface described in Section “2.5 Modes of Operation”.
Upon initializing the module by installing the module and setting the password, the operator must then manually set the module to approved mode, via the interface described in Section “2.5 Modes of Operation”:
As a Software module, the module interfaces are defined as Software or Firmware Module Interfaces (SFMI), and there are no physical ports. The interfaces are mapped to the API provided by the module, through which the operator can interact. The interfaces are listed in the table below. All data output via data output interface is inhibited under the following circumstances:
The module supports Role-based authentication using passwords as the SP 800-140E memorized secret. The module has a strength of authentication objective of at least 1/95^8, and to achieve that over a one minute period the module enforces a minimum password length of 16 Document Version 1.4 Arista Networks Inc. Public Material
| Name | Roles | Input | Output |
|---|---|---|---|
| Authenticated Decryption | CO | Ciphertext, authentication tag, key, IV | Plaintext |
| Authenticated Encryption | CO | Plaintext, key, IV | Ciphertext, authentication tag |
| Decryption | CO | Ciphertext, key | Plaintext |
| Encryption | CO | Plaintext, key | Ciphertext |
| Key Derivation (TLS) | CO | PRF algorithm, TLS master secret | Derived Keys |
| Key Derivation (SSH) | CO | PRF algorithm, SSH shared secret | Derived Keys |
| Key Derivation (IKE) | CO | PRF algorithm, IKE shared secret | Derived Keys |
| Key Derivation (SP 800-108r1) | CO | Shared secret, key size | Derived Keys |
| Key Encapsulation | CO | RSA keypair, keying material to encapsulate | Encapsulated key |
| Key Un-encapsulation | CO | RSA keypair, keying material to un- encapsulate | Un-encapsulated key |
| Key Verification | CO | Key to verify | Return codes and log messages |
| Initialize | CO | Crypto Officer Password | None |
| Message Authentication Generation | CO | Message, Algorithm, key | Message Authentication code |
| Message Digest | CO | Message | Digest of the message |
| On-Demand Integrity Test | CO | None | Result of test (pass/fail) |
| On-Demand self-test | CO | None | Result of self-test (pass/fail) |
| Random number generation | CO | Size | Random bytes |
| Shared secret computation | CO | EC Curve or DH parameters, V's public key | Shared secret |
| Show Status | CO | None | Return code of 1 indicates approved mode enabled, 0 is disabled |
| Show Version | CO | None | String indicating the module version and name |
| Signature Generation | CO | Message, hash algorithm, private key | Signature |
| Signature Verification | CO | Message, Signature, hash algorithm, public key | Verification result |
| Zeroise | CO | Context containing SSPs | None |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] characters. The password can be set by the calling application through the “FIPS_set_password” API. The module has procedural controls and enforces that an operator must set a password prior to use of the module. The module is installed according to section 11.1 and the module authentication mechanism is included within the module software and so automatically included during that installation process. Since the module enforces a minimum 16 character password length and there are 95 possible ASCII characters (upper and lower case, digits, special characters), it has an authentication strength of 95^16. Thus the false acceptance rate is 1/95^16. Assuming a very high-performing CPU that runs at 4 GHz with 24 cores which means it can perform 4 billion * 24 instructions per second, the probability of a successful random access within a minute is still extremely unlikely at 1/95^16 * 4 billion * 24 cores * 60 seconds/min. It would take about 150 billion years to have a 1% chance of cracking the password in this scenario: 1/95^16 * 4 billion * 24 cores * 60 sec / min * 60 min / hr * 24 hr / day * 365 days / year *
The module supports the Crypto Officer role only, whose authentication is performed by the module using passwords. This sole role is implicitly assumed by the operator of the module when performing a service after authentication. Table 13 provides a mapping of services to the roles that can utilize them, in this case the sole role of the module, and the service inputs and outputs. Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table 13
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| Authenticated Decryption | Authenticated Decryption | CO | AES key | AES-GCM, AES-CCM | W, E | Return code 1, log message indicating approval |
| Authenticated Encryption | Authenticated Encryption | CO | AES key | AES-GCM, AES-CCM | W, E | Return code 1, log message indicating approval |
| Decryption | Decryption | CO | AES key | AES CBC, CTR, ECB, CFB1, CFB128, CFB8, XTS | W, E | Return code 1, log message indicating approval |
| Encryption | Encryption | CO | AES key | AES CBC, CTR, ECB, CFB1, CFB128, CFB8, XTS | W, E | Return code 1, log message indicating approval |
| Key Derivation (TLS) | Deriving TLS keys | CO | TLS pre_master_secret; TLS master secret; TLS derived keys | KDF TLS 1.0/1/1/1.2 | TLS pre_master_secret - W, E; TLS master secret - G, E; TLS derived keys G, R | Return code 1, log message indicating approval |
| Key Derivation (SSH) | Deriving SSH keys | CO | SSH shared secret; SSH derived keys | KDF SSH v2 | SSH shared secret - W, E; SSH derived key - G, R | Return code 1, log message indicating approval |
| Key Derivation (IKE) | Deriving IKE keys | CO | IKE shared secret; IKE derived key | KDF IKE v1, v2 | IKE shared secret - W, E; IKE derived key - G, R | Return code 1, log message indicating approval |
| Key Derivation (SP 800- 108r1) | Deriving keys | CO | Shared secret; 800- 108 derived key | KDF SP800-108 | Shared secret - W, E; 800-108 derived key - G, R | Return code 1, log message indicating approval |
| Key Encapsulation | Key Encapsulation | CO | RSA key pair, keying material | KTS-IFC | RSA key pair - W, E; keying material | Return code 1, log message indicating |
| per SP 800- 56Br2 | per SP 800- 56Br2 | - W, R | approval | |||
| Key Un- encapsulation | Key Un- encapsulation per SP 800- 56Br2 | CO | RSA key pair, keying material | KTS-IFC | RSA key pair - W, E; keying material - W, R | Return code 1, log message indicating approval |
| Key Verification | Verifying the public key | CO | ECDSA public key | ECDSA | W, E | Return code 1, log message indicating approval |
| Initialize | Initialize FIPS password using FIPS_set_pass word | CO | Crypto Officer Password, Hashed Password | HMAC SHA-1 | Crypto Officer Password - W, E; Hashed Password - E | Return code 1 |
| Message Authentication Generation | MAC computation | CO | AES key; HMAC key | AES CMAC, HMAC | W, E | Return code 1, log message indicating approval |
| Message Digest | Generating message digest | CO | N/A | SHS | N/A | Return code 1, log message indicating approval |
| On-Demand Integrity Test | Initiate integrity test on-demand through FIPS_check_inc ore_fingerprint | CO | N/A (keys for self- tests are not SSPs) | HMAC SHA2- 256 | N/A | Return code 1 |
| On-Demand self-test | Initiate pre- operational and conditional CAST self-tests through FIPS_selftest | CO | N/A (keys for self- tests are not SSPs) | AES, CMAC, DRBG, ECDSA, HMAC, KAS- ECC-SSC, KAS-FFC-SSC, KDF, KTS, IKE KDF, RSA, SHS, TLS KDF, SSH KDF | N/A | Return code 1 |
| Random number generation | Generating random numbers | CO | DRBG Entropy Input; DRBG Seed, V, C, Key | DRBG | DRBG Entropy Input - W, E; DRBG Seed, V, C, Key - G, E | Return code 1, log message indicating approval |
| Shared secret computation | Calculating Shared secret | CO | DH key pair; ECDH key pair; DRBG | KAS-ECC-SSC, KAS-FFC-SSC, | DH key pair - G, E, Z; ECDH key | Return code 1, log message indicating |
| DRBG | Seed, V Key; Shared secret | DRBG | pair G, E, Z; DRBG Seed, V, C, Key - W, E; Shared secret - G, R | approval | ||
| Show Status | Show status of the module state using FIPS_mode | CO | N/A | N/A | N/A | N/A |
| Show Version | Show the version of the module using FIPS_module_v ersion_text | CO | N/A | N/A | N/A | N/A |
| Signature Generation | Generating signature | CO | ECDSA key pair; RSA key pair | ECDSA, RSA, SHS | W, E | Return code 1, log message indicating approval |
| Signature Verification | Verifying signature | CO | ECDSA key pair; RSA key pair | ECDSA, RSA, SHS | W, E | Return code 1, log message indicating approval |
| Zeroise | Zeroise SSP in volatile memory | CO | Context containing SSPs | N/A | SSPs – Z | N/A |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] length); chance of guessing in one minute 1 in 9.03*10^18 Table 14
The module provides services to operators who assume the available role. All services are described in detail in the developer documentation. For the role, CO indicates “Crypto Officer”. The following table lists the approved services that utilize approved and allowed security W, E W, E W, E W, E 1.0/1/1/1.2 (SP 800108r1) Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] - W, R Key Unencapsulation Key Unencapsulation - W, R W, E -E W, E N/A N/A HMAC SHA2256 N/A N/A Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] R N/A N/A N/A N/A N/A N/A N/A N/A W, E W, E N/A N/A Table 15
| Name | Description | Roles | Approved Functions | Indicator |
|---|---|---|---|---|
| Decryption | Decryption | CO | Blowfish, Camillia, CAST5, DES, DES-X, IDEA, RC2, RC5, SEED, Triple-DES listed in Table 11 | Return code 0, absence of approved log message |
| Encryption | Encryption | CO | Blowfish, Camillia, CAST5, DES, DES-X, IDEA, RC2, RC5, SEED, Triple-DES listed in Table 11 | Return code 0, absence of approved log message |
| Key Wrapping | Encrypting/Decry pting key | CO | AES/Triple-DES KW, RSA PKCS #1 v1.5 listed in Table 11 | Return code 0, absence of approved log message |
| Message Digest | Hash computation | CO | MD4, MD5 outside TLS 1.0 usage, RIPEMD- 160, Whirlpool, Triple-DES MAC, HMAC- MD5 listed in Table 11 | Return code 0, absence of approved log message |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec]
The following table lists the non-approved services that utilize non-approved security functions. Table E - Non-approved services
The integrity of the module is validated by comparing the module with a HMAC-SHA2-256 value generated after the build of fipscanister.o, which is the FIPS Object Module. This generated value is embedded into fipscanister.o before fipscanister.o is statically linked to libcrypto.so. During runtime the FIPS_mode_set() function calculates the digest over fipscanister.o, excluding the embedded hash value, and checks to see if the embedded value matches the calculated Document Version 1.4 Arista Networks Inc. Public Material
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | System Memory |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec]
The module provides on-demand integrity test. The integrity test is performed by the OnDemand Integrity Test service, which calls the FIPS_check_incore_fingerprint function. The integrity test is also performed as part of the Pre-Operational Self-Tests. One can also initiate the On Demand Integrity Test service by calling “openssl --fips” on the command line, which is a calling application that runs the module’s self-test API function. A successful test will show “FIPS mode is enabled”.
Type of Operating Environment: Modifiable
The module should be installed as stated in section 11.
Table F
The module does not support manual SSP entry or intermediate key generation output. The module does not support entry and output of SSPs beyond the physical perimeter of the operational environment. Except for services designed to wrap or unwrap an SSP the SSPs are provided to the module via API input parameters in the plaintext form and output via API output parameters in the plaintext form to and from the calling application running on the same operational environment. SSPs provided for unwrapping are input encrypted using KTS-IFC’s RSA-OAEP_basic, and SSPs the module wrapped are output encrypted using KTS-IFC’s RSAOAEP_basic. The output of plaintext CSPs requires two independent internal actions. Specifically, the first action is creation of the cipher context to request the service and to hold the CSPs to be output from the module. The second action is to process the ‘Key Generation’ service request using the Document Version 1.4 Arista Networks Inc. Public Material
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | Key/SSP/Name/ Type | Zeroisation |
|---|---|---|---|---|---|---|---|---|
| Derived for output to calling application. Used with Shared Secret | 128, 192, 256 | A3592 | SP 800-108 KDF | N/A | Ephemeral in RAM | N/A / Plaintext | 800-108 derived key | OPENSSL_cleanse |
| Authenticated Encryption, Authenticated Decryption, Encryption, Decryption, Message Authentication Generation. Used with Shared Secret | 128, 192, 256 | A3592 | External or KDF | KAS-ECC or KAS-FFC | Ephemeral in RAM | Plaintext / Plaintext | AES Key | OPENSSL_cleanse |
| Crypto Officer authentication. Used with Hashed Password | N/A | N/A | N/A | N/A | Ephemeral in RAM | Plaintext / N/A | Crypto Officer Password | Automatic at end of service call |
| Crypto Officer authentication. Used with Crypto Officer Password | N/A | A3592 | HMAC SHA-1 of Crypto Officer Password | N/A | Ephemeral in RAM | N/A | Hashed Password | Restart module |
| Key agreement. Used with: DRBG Seed, V, C, and Key, Shared Secret | 112 – 200 | A3592 | Internal per SP 800- 56Arev3 | N/A | Ephemeral in RAM | N/A / Public key in plaintext | DH key pair | DH_free |
| Random number generation. Used with DRBG Seed, V, C, and Key | 384 | A3592 | External | N/A | Ephemeral in RAM | Plaintext / N/A | DRBG Entropy Input | FIPS_DRBG_free |
| Random number generation. Used with DRBG Entropy Input and generated keys | 256 | A3592 | From DRBG entropy input; within SP 800- 90A Hash_DRBG, HMAC_DRBG, and CTR_DRBG DRBGs | N/A | Ephemeral in RAM | N/A / N/A | DRBG Seed | FIPS_DRBG_free |
| Random number generation. Used with DRBG Entropy Input and generated keys | 256 | A3592 | From DRBG entropy input; within SP 800- 90A Hash_DRBG, HMAC_DRBG, and CTR_DRBG DRBGs | N/A | Ephemeral in RAM | N/A / N/A | DRBG V | FIPS_DRBG_free |
| Random number generation. Used with DRBG Entropy Input and generated keys | 256 | A3592 | From DRBG entropy input; within SP 800- 90A Hash_DRBG | N/A | Ephemeral in RAM | N/A / N/A | DRBG C | FIPS_DRBG_free |
| Random number generation. Used with DRBG Entropy Input and generated keys | 256 | A3592 | From DRBG entropy input; within SP 800- 90A HMAC_DRB, and CTR_DRBG DRBGs | N/A | Ephemeral in RAM | N/A / N/A | DRBG Key | FIPS_DRBG_free |
| Key agreement. Used with: DRBG Seed, V, C, and Key, Shared Secret | 128-256 | A3592 | Internal per SP 800- 56Arev3 | N/A | Ephemeral in RAM | N/A / Public key in plaintext | ECDH key pair | EC_GROUP_free, EC_POINT_free, EC_KEY_free |
| Signature generation and verification. Used with DRBG Seed, V, C, and Key | 128, 192, 256 | A3592 | External or per FIPS 186-4 | N/A | Ephemeral in RAM | Plaintext / Plaintext | ECDSA key pair | EC_GROUP_free, EC_POINT_free, EC_KEY_free |
| Message Authentication. Used with Shared secret | 112 or greater | A3592 | External or KDF | KAS-ECC or KAS-FFC | Ephemeral in RAM | Plaintext / Plaintext | HMAC key | HMAC_CTX_cleanup |
| KE key agreement. Used with IKE derived key, DH key pair, ECDH key pair | 112 -256 | A3592 | N/A | KAS-ECC-SSC or KAS-FFC- SSC | Ephemeral in RAM | Plaintext / Plaintext | IKE shared secret | OpenSSL_cleanse |
| IKE key agreement Used with IKE shared secret | 112 or greater | A3592 | KDF IKE | N/A | Ephemeral in RAM | N/A / Plaintext | IKE Derived key/AES & | OpenSSL_cleanse |
| KTS-IFC keying material to be encapsulated or un-encapsulated by RSA-OAEP_basic. Used with RSA key pair | 112 or greater | A3592 | External | KTS-IFC | Ephemeral in RAM | Plaintext or Encrypted / Encrypted or Plaintext | Keying material | OpenSSL_cleanse |
| Signature generation and verification or KTS-IFC. Used with DRBG Seed, V, C, and Key; and keying material to encapsulate/un-encapsulate | 112, 128, 152 | A3592 | External or per FIPS 186-4 | N/A | Ephemeral in RAM | Plaintext / Plaintext | RSA key pair | RSA_free |
| For key agreement. Used with DH key pair, ECDH key pair | 112 or greater | A3592 | N/A | KAS-ECC-SSC or KAS-FFC- SSC | Ephemeral in RAM | Plaintext / Plaintext | Shared secret | OpenSSL_cleanse |
| SSH key agreement. Used with SSH Derived key, DH key pair, ECDH key pair | 112 or greater | A3592 | N/A | KAS-ECC-SSC or KAS-FFC- SSC | Ephemeral in RAM | Plaintext / Plaintext | SSH shared secret | OpenSSL_cleanse |
| SSH key agreement Used with SSH shared secret | 112 or greater | A3592 | KDF SSH | N/A | Ephemeral in RAM | N/A / Plaintext | SSH Derived key/AES & HMAC | OpenSSL_cleanse |
| TLS key agreement Used with TLD master secret, TLS pre- master secret | 112 or greater | A3592 | KDF TLS 1.0/1.1, 1.2 RFC7627 | N/A | Ephemeral in RAM | N/A / Plaintext | TLS Derived key/AES & HMAC | OpenSSL_cleanse |
| TLS key agreement Used with TLS pre-master secret, TLS Derived key | 112-256 | A3592 | From TLS pre-master secret | KAS-ECC-SSC or KAS-FFC- SSC | Ephemeral in RAM | Plaintext / Plaintext | TLS master secret | OpenSSL_cleanse |
| TLS key agreement Used with TLS master secret, TLS Derived key | 112 - 256 | A3592 | N/A | KAS-ECC-SSC or KAS-FFC- SSC | Ephemeral in RAM | Plaintext / Plaintext | TLS pre-master secret | OpenSSL_cleanse |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] context created. Only after successful completion of this request, the generated CSP is output via the API output parameter. The zeroisation is performed by the module overwriting zeroes or predefined values to the memory location occupied by the SSP and further deallocating that area. The calling application, interacting with the module, is responsible for calling the appropriate destruction functions using the zeroisation APIs listed in the above table to zeroise the calling application’s copies of the SSP. The completion of a zeroisation routine will indicate that a zeroisation procedure succeeded.
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A / N/A N/A N/A / N/A N/A N/A / N/A N/A N/A / N/A N/A N/A N/A N/A N/A Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] N/A N/A N/A N/A N/A N/A Table 20
The module performs pre-operational tests automatically when the module is powered on. The pre-operational self-tests ensure that the module is not corrupted and that the cryptographic algorithms work as expected. The module transitions to the operational state only after the preoperational self-tests (and the cryptographic algorithm self-tests, which in this module are executed automatically after the pre-operational self-tests) are passed successfully. The types of pre-operational self-tests are described in the next sub-section. Pre-Operational Software Integrity Test The HMAC-SHA2-256 Conditional CAST is performed before checking the module integrity. Then the integrity of the software component of the module is verified according to Section 5, using HMAC-SHA2-256. If the comparison verification fails, the module transitions to the error state (Section 10.4). Pre-Operational Bypass and Critical Functions Tests The module does not implement pre-operational bypass or critical functions tests. We note that the entropy source is not within the cryptographic boundary of the module, instead passively receiving entropy from the external entropy source. Thus, its critical functions tests are not included in the module. Document Version 1.4 Arista Networks Inc. Public Material
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | |||
|---|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 | HMAC- SHA2-256 | Compare Hash Results | SW Integrity | Single encompassing message authentication code | 128-bit hardcoded key | Stdout, log message | |||
| AES | AES | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | AES-ECB | 128 | Power-up | |
| AES | AES | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | AES-GCM | 256 | Power-up | |
| AES | AES | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | AES-CCM | 192 | Power-up | |
| AES | AES | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | AES-XTS | 128, 256 | Power-up | |
| CMAC | CMAC | KAT | CAST | Generate/ Verify | Stdout, log message | CMAC-AES | 128, 192, 256 | Power-up | |
| DRBG | DRBG | KAT | CAST | SP 800-90A section 11.3 health tests | Stdout, log message | Counter DRBG | Chained instantiate, reseed, generate | Power-up | |
| DRBG | DRBG | KAT | CAST | SP 800-90A section 11.3 health tests | Stdout, log message | Hash DRBG | Chained instantiate, reseed, generate | Power-up | |
| DRBG | DRBG | KAT | CAST | SP 800-90A section 11.3 health tests | Stdout, log message | HMAC DRBG | Chained instantiate, reseed, generate | Power-up | |
| ECDSA | ECDSA | KAT | CAST | Sign/ Verify | Stdout, log | P-224, P- 384 | Power-up |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | |||
|---|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 | HMAC- SHA2-256 | Compare Hash Results | SW Integrity | Single encompassing message authentication code | 128-bit hardcoded key | Stdout, log message | |||
| AES | AES | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | AES-ECB | 128 | Power-up | |
| AES | AES | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | AES-GCM | 256 | Power-up | |
| AES | AES | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | AES-CCM | 192 | Power-up | |
| AES | AES | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | AES-XTS | 128, 256 | Power-up | |
| CMAC | CMAC | KAT | CAST | Generate/ Verify | Stdout, log message | CMAC-AES | 128, 192, 256 | Power-up | |
| DRBG | DRBG | KAT | CAST | SP 800-90A section 11.3 health tests | Stdout, log message | Counter DRBG | Chained instantiate, reseed, generate | Power-up | |
| DRBG | DRBG | KAT | CAST | SP 800-90A section 11.3 health tests | Stdout, log message | Hash DRBG | Chained instantiate, reseed, generate | Power-up | |
| DRBG | DRBG | KAT | CAST | SP 800-90A section 11.3 health tests | Stdout, log message | HMAC DRBG | Chained instantiate, reseed, generate | Power-up | |
| ECDSA | ECDSA | KAT | CAST | Sign/ Verify | Stdout, log | P-224, P- 384 | Power-up | ||
| HMAC | HMAC | KAT | CAST | Generate | Stdout, log message | HMAC SHA2-224 | Power-up | ||
| HMAC | HMAC | KAT | CAST | Generate | Stdout, log message | HMAC SHA2-256 | Power-up | ||
| HMAC | HMAC | KAT | CAST | Generate | Stdout, log message | HMAC SHA2-512 | Power-up | ||
| IKE KDF | IKE KDF | KAT | CAST | Derive | Stdout, log message | Power-up | |||
| KAS-ECC- SSC | KAS-ECC- SSC | KAT | CAST | Shared secret “z” computation | Stdout, log message | P-224, P256 | Power-up | ||
| KAS-FFC- SSC | KAS-FFC- SSC | KAT | CAST | Shared secret “z” computation | Stdout, log message | 2048 | Power-up | ||
| KBKDF | KBKDF | KAT | CAST | Derive | Stdout, log message | Counter mode | Power-up | ||
| RSA | RSA | KAT | CAST | Sign/ Verify | Stdout, log message | 2048; PKCS 1.5 & PSS; SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Power-up | ||
| RSA | RSA | KAT | CAST | Encrypt/ Decrypt | Stdout, log message | KTS-IFC | 2048 | Power-up | |
| SHS | SHS | KAT | CAST | Generate | Stdout, log message | SHA-1 | Power-up | ||
| SHS | SHS | KAT | CAST | Generate | Stdout, log message | SHA2-224 | Power-up | ||
| SHS | SHS | KAT | CAST | Generate | Stdout, log message | SHA2-256 | Power-up |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] HMACSHA2-256 Table G
P-224, P384 Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] KAS-ECCSSC KAS-FFCSSC Document Version 1.4 Arista Networks Inc. Public Material
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|
| SHS | SHS | KAT | CAST | Generate | SHA2-384 | Stdout, log message | Power-up |
| SHS | SHS | KAT | CAST | Generate | SHA2-512 | Stdout, log message | Power-up |
| SSH KDF | SSH KDF | KAT | CAST | Derive | Stdout, log message | Power-up | |
| TLS KDF | TLS KDF | KAT | CAST | Derive | Stdout, log message | Power-up | |
| ECDSA | ECDSA | PCT | CPCT | Sign/ Verify | N/A | Generate Key Pair | |
| KAS-ECC- SSC | KAS-ECC- SSC | PCT | CPCT | SP 800- 56Arev3 assurance checks | N/A | Generate Key Pair | |
| KAS-FFC- SSC | KAS-FFC- SSC | PCT | CPCT | SP 800- 56Arev3 assurance checks | N/A | Generate Key Pair | |
| RSA | RSA | PCT | CPCT | Sign/ Verify | N/A | Generate Key Pair |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] N/A KAS-ECCSSC N/A SP 80056Arev3 KAS-FFCSSC N/A SP 80056Arev3 N/A Table H
| Name | Role Access | Indicator | |
|---|---|---|---|
| Conditional Error | Conditional test failure | Error message is placed into the error queue and an error is returned from the API. | The module generates a new key and tests the key via a PCT. If the test fails, an error is returned. |
| PreOp Error | Pre-operational test failure | Error message is output on stderr. | The module is aborted – restart module |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] The module implements RSA and ECDSA key generation service and performs the respective pairwise consistency test using sign and verify functions when the keys are generated (Table H). In addition, SP 800-56a Rev3 conditional tests are run when ephemeral keypairs are created for key agreement.
On demand self-tests can be invoked by powering-off and reloading the module. This service performs the same pre-operational test that includes integrity test and cryptographic algorithm tests executed during power-up. The integrity test can also be performed on demand by calling the FIPS_check_incore_fingerprint function. During the execution of the on-demand self-tests, cryptographic services are not available, and no data output or input is possible.
Table I - Error States If the module fails any of the self-tests, the module enters the error state. In the error state, the module outputs the error through the status output interface and the abort function is called that raises the SIGABRT signal, causing the program termination such that the module is no longer operational. In the error state, as the module is no longer operational the data output interface is inhibited. In order to recover from the Error state, the module needs to be rebooted. 11. Life-cycle Assurance
The cryptographic module is the fipscanister.o file, though Arista does not distribute this file on its own. Instead it is embedded into the shared library libcrypto.so which is part of OpenSSL, which in turn is distributed as part of the CloudEOS product, in the CloudEOS image accessible through the Arista software downloads website. The CloudEOS product includes the CloudEOS operating system, virtual machine, applications, OpenSSL, libcrypto.so, and fipscanister.o. While there is no need for the fipscanister.o library to be built by the user at any point in time, the file can be verified as the correct one by comparing the SHA256 hash sum. The SHA256 hash should be 8b92b97d92571963b66649d0bb3ca62fba77100a316757e9487ad2091eddcc18. In the Arista build process for building OpenSSL, this fipscanister.o file is linked into OpenSSL’s libcrypto.so shared library file and OpenSSL is configured to use it. Document Version 1.4 Arista Networks Inc. Public Material
| Name | Term | Definition | Abbreviation | Full Specification Name |
|---|---|---|---|---|
| [NIST] | [NIST] | National Institute of Standards and Technology | ||
| [FIPS140‐3] | [FIPS140‐3] | Security Requirements for Cryptographic Modules, March 22, 2019 | ||
| [IG] | [IG] | Implementation Guidance for FIPS PUB 140‐3 and the Cryptographic Module Validation Program | ||
| [ISO19790] | [ISO19790] | Information technology – Security techniques – Security requirements for cryptographic modules, 2012(2014) | ||
| [38A] | [38A] | NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation, December 2001 | ||
| [38B] | [38B] | NIST Special Publication 800‐38B, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, May 2005 | ||
| [38C] | [38C] | NIST Special Publication 800‐38C, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, May 2004 | ||
| [38D] | [38D] | NIST Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007 | ||
| [38E] | [38E] | NIST Special Publication 800‐38E, Recommendation for Block Cipher Modes of Operation: The XTS‐AES Mode for Confidentiality on Storage Devices, January 2010 | ||
| [38F] | [38F] | NIST Special Publication 800‐38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, December 2012 | ||
| [56Ar3] | [56Ar3] | NIST Special Publication 800‐56A Revision 3, Recommendation for Pair‐Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, April 2018 | ||
| [56Ar2] | [56Ar2] | NIST Special Publication 800‐56A Revision 2, Recommendation for Pair‐Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, May 2013 | ||
| [56Br2] | [56Br2] | NIST Special Publication 800‐56B Revision 2, Recommendation for Pair‐Wise Key Establishment Schemes Using Integer Factorization Cryptography, March 2019 | ||
| [67] | [67] | NIST Special Publication 800‐67 Revision 2, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, November 2017 | ||
| [90A] | [90A] | NIST Special Publication 800‐90A Revision 1, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, June 2015. | ||
| [90B] | [90B] | NIST Special Publication 800‐90B, Recommendation for the Entropy Sources Used for Random Bit Generation, January 2018 | ||
| [90C] | [90C] | (Second Draft) NIST Special Publication 800‐90C, Recommendation for Random Bit Generator (RBG) Constructions, April 2016 | ||
| [108] | [108] | NIST Special Publication 800‐108, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), October 2009 | ||
| [131A] | [131A] | NIST Special Publication 800-131A Revision 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, March 2019 | ||
| [132] | [132] | NIST Special Publication 800‐132, Recommendation for Password‐Based Key Derivation, Part 1: Storage Applications, December 2010 | ||
| [133] | [133] | NIST Special Publication 800‐133 Revision 2, Recommendation for Cryptographic Key Generation, June 2020 | ||
| [135] | [135] | NIST Special Publication 800‐135 Revision 1, Recommendation for Existing Application‐Specific Key Derivation Functions, December 2011 | ||
| [180] | [180] | Federal Information Processing Standards Publication 180-4, Secure Hash Standard (SHS), August 2015 | ||
| [186] | [186] | Federal Information Processing Standards Publication 186‐4, Digital Signature Standard (DSS), July1 2013 | ||
| [186‐2] | [186‐2] | Federal Information Processing Standards Publication 186-2, Digital Signature Standard (DSS), January 2000 | ||
| [197] | [197] | Federal Information Processing Standards Publication 197, Advanced Encryption Standard (AES), November 26, 2001 | ||
| [198] | [198] | Federal Information Processing Standards Publication 198‐1, The Keyed‐Hash Message Authentication Code (HMAC), July 2008 | ||
| [202] | [202] | Federal Information Processing Standards Publication 202, SHA‐3 Standard: Permutation‐Based Hash and Extendable‐Output Functions, August 2015 | ||
| [RFC 4581] | [RFC 4581] | IETF, The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP‐FAST), May 2007 | ||
| Acronym | Acronym | Definition | Acronym | Definition |
| CO | CO | Cryptographic Officer role | ||
| CloudEOS | CloudEOS | Name of the Arista operating system | ||
| VA | VA | Vendor Affirmed cryptographic algorithms are Approved algorithms for which no CAVP tests are available yet. The vendor performs their own testing as the basis for their affirmation. |
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] When downloading the CloudEOS image, the SHA-256 hash of the image is also made available. When an authorized operator downloads the CloudEOS image, they can also download the hash file and compare the SHA-256 hash of the CloudEOS image to the one listed in the file to make sure that the downloaded image is correct. Then they can install the CloudEOS image onto the virtual machine. Upon completion of installation, the user can confirm that the correct module has been installed by running the “show version” service should display the module base name and version number, “Crypto Module: Arista Crypto Module v3.0“. Correct operation of the module can be verified by running the on-demand self-test service as specified in Section 5 by calling “openssl --fips” from bash.
To cease using the module, power off the module. The module does not possess persistent storage of SSPs. The SSP value only exists in volatile memory and that value vanishes when the module is powered off. So as a first step for the secure sanitization, the module needs to be powered off. Then for actual deprecation, the module will be upgraded to a newer version that is approved. This upgrade process will uninstall/remove the old/terminated and provide a new replacement.
The following standards are referred to in this Security Policy. Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table J - References Document Version 1.4 Arista Networks Inc. Public Material
Arista Networks Inc. ‐ Arista Crypto Module v3.0 [Software, Software IPsec] Table K - Acronyms and Definitions Document Version 1.4 Arista Networks Inc. Public Material