All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Junos® OS Evolved MACsec Cryptographic Library

Certificate#4820StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorJuniper Networks, Inc.
Medium review priority  ·  no TCB surface named  ·  last validated 21 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/1/2029
CaveatInterim validation. When operated with module Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 in approved mode, and module Junos® OS Evolved Kernel Cryptographic Module version 2.0 validated to FIPS 140-3 under Cert. #4776, operating in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates random strings whose strength is modified by available entropy
VendorJuniper Networks, Inc.

Approved Algorithms (13)

AlgorithmACVP Cert
AES-CMACA4156
AES-ECBA4156
AES-KWA4156
HMAC DRBGA3599
HMAC DRBGA3600
HMAC DRBGA3601
HMAC DRBGA3603
HMAC DRBGA3604
HMAC DRBGA3605
HMAC-SHA2-256A4246
HMAC-SHA2-256A4247
HMAC-SHA2-256A4248
HMAC-SHA2-256A4249

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Software/Firmware Security1
Operational Environment1
Physical SecurityN/A
Sensitive Security Parameter Management1
Self-Tests1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Junos® OS Evolved MACsec Cryptographic Library
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show status<br/>Self-test</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>SSH<br/>HTTPS<br/>library named: openssl</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Junos® OS Evolved MACsec Cryptographic Library
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show status<br/>Self-test</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>SSH<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Junos® OS Evolved MACsec Cryptographic Library VERSION 1.2 Version 1.1 Last update: 2024-08-29 Prepared by: Prepared for: atsec information security corporation Juniper Networks, Inc.

4516 Seton Center Parkway, Suite 250
1133 Innovation Way

Austin, TX 78759 Sunnyvale, CA 94089 www.atsec.com www.juniper.net © 2024 Juniper Networks, Inc. / atsec information security

Page 2

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 Table of Contents 1.1 1.2 1.3 2.1 2.2 2.2.1 2.3 2.4 2.5 2.5.1 2.5.2

2.5.3 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security

2.5.4 4.1 4.2 4.3 4.3.1 4.3.2 4.3.3 5.1 5.2 5.3 6.1 6.2 9.1 © 2024 Juniper Networks, Inc. / atsec information security

Page 3

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 9.2 9.3 9.4 9.5 9.6 9.7 10.1 10.2 10.3 10.4 11.1 11.2 © 2024 Juniper Networks, Inc. / atsec information security

Page 4

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 List of Tables List of Figures © 2024 Juniper Networks, Inc. / atsec information security

Page 5
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services and Authentication1
55Software/Firmware Security1
66Operational Environment1
77Physical SecurityN/A
88Non-invasive SecurityN/A
99Sensitive Security Parameter Management1
1010Self-Tests1
1111Life-cycle Assurance1
1212Mitigation of Other AttacksN/A
Overall Security LevelOverall Security Level1

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 1.1 Overview This document is the non-proprietary FIPS 140-3 Security Policy for version 1.2 of the Junos® OS Evolved MACsec Cryptographic Library. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for a Security Level 1 software module. This Security Policy has a one-to-one mapping to the [SP 800-140B] starting with section B.2.1 named “General” that maps to section 1 in this document and ending with section B.2.12 named “Mitigation of other attacks” that maps to section 12 in this document. including this notice. Other documentation is proprietary to their authors. 1.2 How this Security Policy was Prepared In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. 1.3 Security Levels The following sections describe the cryptographic module and how it conforms to the FIPS 140-3 specification in each of the required areas. [Number Below] N/A N/A N/A Table 1 - Security Levels © 2024 Juniper Networks, Inc. / atsec information security

Page 6

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 CRYPTOGRAPHIC MODULE SPECIFICATION 2.1 Module Embodiment The Junos® OS Evolved MACsec Cryptographic Library (hereafter referred to as “the module”) is a software module. The module is composed by a shared library in software, which provides cryptographic services for key wrapping and random number generation. The module is also bound to the following cryptographic modules:

Page 7
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1Junos® OSuniper Networks® Packetntel® Xeon®Without AES-NI11Junos® OS Evolved 22.4JIntel® Xeon® D-2163ITWithout AES-NI
Evolved 22.4Evolved 22.4Transport Router ModelD-2163IT
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES#A41561ECB128, 256-bit keys with keyPrerequisite128, 256-bit keys with key strength of 128 or 256 bits
FIPS197],strength of 128 or 256 bitsalgorithm for AES-
SP800-38B]CMAC.
AES#A4156CMACMessageAES [FIPS197], [SP800-38B]128, 256-bit keys with key strength of 128 or 256 bits
FIPS197],authentication code
SP800-38B]MAC) generation,
ComponentVersionComponentsDescription
Type
SoftwareSoftware1.2/usr/lib64/libquicksec-macsec.so.1Libquick MACsec shared library
/usr/lib64/.libquicksec-macsec.so.1.hmac/usr/lib64/.libquicksec-macsec.so.1.hmacIntegrity check HMAC value for the
shared library

1.2 Table 2 - Cryptographic Module Components 2.3 Tested Operational Enviroments The module has been tested on the following platforms with the corresponding module variants and configuration options: # Table 3 - Tested Operational Environments 2.4 Modes of Operation The module supports only the approved mode of operation. When the module starts up successfully, after passing all the pre-operational self-tests and conditional cryptographic algorithm self-tests (CASTs), the module is operating in the approved mode of operation. The module does not implement a degraded mode of operation. 2.5 2.5.1 Security Functions Approved Algorithms Table 4 below lists all security functions of the module, including specific strengths employed for approved services.

1 Not all algorithms tested in the CAVP certificate are used by the module.

© 2024 Juniper Networks, Inc. / atsec information security

Page 8
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES#A4156KW
HMAC#A4246,SHA2-256256-bit key with keyIntegrity testHMAC [FIPS198-1], [SP800-38D]256-bit key with key strength of 256 bits
FIPS198-1],#A4247,trength of 256 bits
SP800-38D]#A4248,
DRBG#A3599HMAC with SHA2-256Key strength of 256 bitsRandom number generationDRBG [SP800-90Arev1]Key strength of 256 bits
[SP800-90Arev1]#A3600
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES#A4156KW
HMAC#A4246,SHA2-256256-bit key with keyIntegrity testHMAC [FIPS198-1], [SP800-38D]256-bit key with key strength of 256 bits
FIPS198-1],#A4247,trength of 256 bits
SP800-38D]#A4248,
DRBG#A3599HMAC with SHA2-256Key strength of 256 bitsRandom number generationDRBG [SP800-90Arev1]Key strength of 256 bits
[SP800-90Arev1]#A3600

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 Table 4 - Approved Algorithms provided by the module Table 5 below lists the approved algorithms provided by the bound OpenSSL module that are used by the module to perform integrity tests. Table 5 - Approved Algorithms provided by the bound OpenSSL module Table 5 below lists the approved algorithms provided by the bound Kernel module that are used by the module to obtain random numbers. Table 6 - Approved Algorithms provided by the bound Kernel module 2.5.2 Non-Approved Algorithms Allowed in the Approved Mode of Operation The module does not implement non-approved algorithms allowed in the approved mode of operation. 2.5.3 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed The module does not implement non-approved algorithms. 2.5.4 Non-Approved Algorithms Not Allowed in the Approved Mode of Operation The module does not implement non-approved algorithms. © 2024 Juniper Networks, Inc. / atsec information security

Page 9
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Data InputNoneData InputAPI input parameters for data.
Data OutputNoneData OutputAPI output parameters for data.
Control InputNoneControl InputAPI function calls, API input parameters for control input.
Status OutputNoneStatus OutputAPI return codes, error messages.

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 CRYPTOGRAPHIC MODULE PORTS AND INTERFACES Ports and interfaces implemented are shown in the following table. The Control Output interface is omitted because the module does not implement it. All data output via data output interface is inhibited when the module is performing self-tests or zeroization, or when the module is in the error state. Table 7 - Ports and Interfaces © 2024 Juniper Networks, Inc. / atsec information security

Page 10
Service
NameRolesInputOutput
Key unwrappingCryptoWrapped key, Key wrapping keyUnwrapped keyCrypto Officer (CO)
Key wrappingOfficerKey to be wrapped, KeyWrapped keyKey wrappingWrapped key
Message authentication codeMessage, AES keyMAC tagMessage, AES key
Message authentication codeSuccess/FailureMessage, AES key , MAC tag
Random Number GenerationNumber of bytesRandom number
Show module name and versionNoneModule name and version
Show statusNoneSSH_CRYPTO_OK ,Show statusNone
Self-testsNoneReturn code and log message

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 ROLES, SERVICES AND AUTHENTICATION 4.1 Roles The module supports the Crypto Officer role only. This sole role is implicitly assumed by the operator of the module when performing a service. The module does not support concurrent operators. 4.2 The module does not implement authentication. 4.3 Services The module only provides approved services, which are shown in Table 9. 4.3.1 Service Indicator The module provides an approved service indicator as specified in the “Indicator” column in Table 9. 4.3.2 Approved Services The table below shows the services available in the Approved mode. For each service, the table lists the associated cryptographic algorithm(s), the role to perform the service, the cryptographic keys or SSPs involved, and their access type(s). The following convention is used to specify access rights to a SSP:

Page 11
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorCryptographic Module Services
Key unwrappingUnwraps AES keyCOAES keyAES-KWKeyW, Essh_aes_key_unwrap(
unwrappingunwrapping) returns
Key wrappingWraps AES keyCOAES keyAES-KWW, Essh_aes_key_wrap()
MessageCompute a MAC tagCOAES keyAES CMACssh_mac*() functions return SSH_CRYPTO_OKMessageW, Essh_mac*() functions
authenticationauthenticationreturn
code (MAC)code (MAC)SSH_CRYPTO_OK
MessageVerify a MAC tagCOAES keyAES CMACssh_mac*() functions return SSH_CRYPTO_OKMessageW, E
Random number generationGenerate random bytesCOHMAC_DRB G from Kernel bound moduleW, Essh_random_get_byt es() returns SSH_CRYPTO_OKRandomEntropy input
DRBG internalW, E, GW, E, GDRBG internal
Other servicesOther services
Show statusCONoneN/ANoneN/AReturn the
Self-testCONoneAES-KW, AES-CMACNoneN/APerform the
Show moduleCONoneN/ANoneShow moduleN/AReturn module
name andname andname and version

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 s W, E W, E W, E W, E W, E E, G W, E, G N/A N/A N/A N/A Z N/A N/A 4.3.3 The module does not implement non-approved services. © 2024 Juniper Networks, Inc. / atsec information security

Page 12

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 SOFTWARE/FIRMWARE SECURITY 5.1 Integrity Techniques The integrity of the module is ensured with the HMAC-SHA2-256 value stored in the corresponding /usr/lib64/.libquicksec-macsec.so.1.hmac file that is computed at build time for the shared library. During Pre-Operational Self-Tests, the module invokes the fips_chk_hmac utility provided by the bound Kernel module (and whose cryptographic functionality is provided by the bound OpenSSL module) to calculate the HMAC value of the shared library, and then compares it with the prestored value. If the two HMAC values do not match, the test fails and the module enters the error state. The integrity of the fips_chk_hmac utility itself is performed before the integrity tests of the module, and ensured with the HMAC-SHA2-256 value stored in the corresponding .hmac file that is computed at build time of the utility. The fips_chk_hmac utility calculates the HMAC value, and then compares it with the pre-stored value. If the two HMAC values do not match, the test fails and the module enters the error state. 5.2 On-demand Integrity Tests Integrity tests are performed as part of the Pre-Operational Self-Tests, and can be invoked by reloading the module which will cause the module to run the power-up tests again. 5.3 Executable Code The module consists of the software component that implements the cryptographic algorithms, in the form of a shared library as stated in Table 2. © 2024 Juniper Networks, Inc. / atsec information security

Page 13

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 OPERATIONAL ENVIRONMENT 6.1 Applicability The module operates in a modifiable operational environment per FIPS 140-3 level 1 specifications. The module runs on a commercially available general-purpose operating system executing on the hardware specified in Table 3. 6.2 Policy and Requirements The module shall be installed as stated in Section 11 . If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. The module does not have the capability of loading software or firmware from an external source. Instrumentation tools like the ptrace system call, gdb and strace utilities, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-tested operational environment. © 2024 Juniper Networks, Inc. / atsec information security

Page 14

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 PHYSICAL SECURITY The module is comprised of software only, and therefore this section is not applicable. © 2024 Juniper Networks, Inc. / atsec information security

Page 15

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 NON-INVASIVE SECURITY The module does not implement any non-invasive security mechanism, and therefore this section is not applicable. © 2024 Juniper Networks, Inc. / atsec information security

Page 16
Sensitive security parameter
NameStrengthEstablishmentUse
Name/TypFunction andmentKeys
eCert.

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 SENSITIVE SECURITY PARAMETER MANAGEMENT Table 10 summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. e AES key Import: CM from TOEPP Path. macsec_util_z Use: Key eroize_key() wrapping; Key unwrapping; Message authentication code (MAC) Message authentication code (MAC) verification; 128, 256 AES-KW, N/A bits AES-CMAC #4156 N/A RAM Passed into the module via API parameters in plaintext (P) form. Related SSPs: none Table 10

Page 17

Junos® OS Evolved MACsec Cryptographic Library Version 1.2

Page 18
Approved algorithm
NameKey Size
AES• KAT AES KW mode with 128 and 256 bit keys, encryption and decryptionAES
(separately tested).(separately tested).
CMAC• KAT AES CMAC with 128-bit key, MAC generation.CMAC

Junos® OS Evolved MACsec Cryptographic Library Version 1.2

10 SELF-TESTS

The module performs the pre-operational self-tests automatically when the module is loaded into memory. These self-tests ensure that the module is not corrupted and that the cryptographic algorithm used in the integrity test works as expected. Conditional cryptographic algorithm self-tests are performed by the module when the library is initialized by the calling application, verifying that all cryptographic algorithms work as expected before their first use. While the module is executing the pre-operational and the conditional cryptographic algorithms selftests, services are not available, and input and output are inhibited. The module is not available for use by the calling application until the self-tests are completed successfully. If any of the self-tests fails, an error message is returned and the module transitions to error state. See Section 10.4 for descriptions of possible self-test errors and recovery procedures.

10.1 Pre-operational Tests

The module performs a pre-operational software integrity test automatically when the module is powered on before the module transitions into the operational state. The details on the integrity test are specified in Section 5.1.

10.2 Conditional Tests

Table 11 lists the cryptographic algorithm self-tests (CASTs). The CASTs include the KATs for the integrity mechanism that is run prior to performing the integrity test. The details of the integrity test are provided in Section 5.1. Each KAT includes comparison of the calculated output with the expected known answer, hard coded as part of the test vectors used in the test. Data output through the data output interface is inhibited during the self-tests. If the values do not match, the KAT fails and the module transitions to the error state. Table 11

10.2.1 Pairwise Consistency Tests

The module does not perform any pairwise consistency test.

10.3 Periodic/On-demand Self-tests

On-demand self-tests can be invoked by powering-off and reloading the module which cause the module to run the pre-operational and conditional cryptographic algorithms self-tests. © 2024 Juniper Networks, Inc. / atsec information security

Page 19
Error StateCause of ErrorStatus Indicator
Error stateError stateFailure of CASTFailure of CASTError message written in syslog.
SSH_CRYPTO_LIBRARY_ERROR
Failure of integrity testsError message ”libquicksec_macsec Integrity check
FAILED” is written in syslog.
SSH_CRYPTO_LIBRARY_ERROR

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 When the module fails any pre-operational or conditional self-test, the module will enter the Error state. Any further cryptographic operation is inhibited. The calling application can obtain the state with the return value of the API function used to initialize the module (after finishing self-tests), or by requesting the get status service (using a dedicated API function). The Crypto Officer can recover from the Error state by restarting the hardware platform on which the module is running. Table 12 - Error States © 2024 Juniper Networks, Inc. / atsec information security

Page 20

Junos® OS Evolved MACsec Cryptographic Library Version 1.2

11 LIFE-CYCLE ASSURANCE
11.1 Delivery and Operation
11.1.1 Module Installation

The binaries of the module are contained in the base Junos Evolved installation image. The Crypto Officer shall follow this Security Policy to configure the operational environment and install the module to be operated as a FIPS 140-3 validated module.

11.1.2 End of Life Procedures

As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory.

11.2 Crypto Officer Guidance

In order to run in the Approved mode, the module must be operated using the approved services, with their corresponding approved and allowed cryptographic algorithms provided in this Security Policy (see Section 4.3). In addition, key sizes must comply with [SP800-131A].

11.2.1 Verification of the Module Installation

The module is already pre-installed on the image file (junos-evo-install-ptx-fixed-x86-64-22.4R2.11S1-EVO.iso). The crypto officer is responsible to verify the correct installation of the module by executing the following command: cli show security macsec crypto version Verify that the command returns the following name and version of the module: Crypto library version : Junos OS Evolved MACsec Cryptographic Library, version 1.2 © 2024 Juniper Networks, Inc. / atsec information security

Page 21

Junos® OS Evolved MACsec Cryptographic Library Version 1.2

12 MITIGATION OF OTHER ATTACKS

The module does not implement any mitigation mechanism. © 2024 Juniper Networks, Inc. / atsec information security

Page 22

Junos® OS Evolved MACsec Cryptographic Library Version 1.2

13 APPENDIX A - GLOSSARY AND ABBREVIATIONS

AES Advanced Encryption Standard AES-NI Advanced Encryption Standard New Instructions API Application Program Interface CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter DRBG Deterministic Random Bit Generator ECB Electronic Code Book EE Electronic Entry FIPS Federal Information Processing Standards Publication GCM Galois Counter Mode HMAC Hash Message Authentication Code IG Implementation Guidance KAT Known Answer Test KW Key Wrap MAC Message Authentication Code MD Manual Distribution NIST National Institute of Science and Technology PAA Processor Algorithm Acceleration PR Prediction Resistance PCT Pair-wise Consistency Test SHA Secure Hash Algorithm TOEPP Tested Operational Environment’s Physical Perimeter © 2024 Juniper Networks, Inc. / atsec information security

Page 23

Junos® OS Evolved MACsec Cryptographic Library Version 1.2

14 APPENDIX B – REFERENCES

FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program October 2022 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS%20140-3%20IG.pdf FIPS197 Advanced Encryption Standard November 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf KERNEL-SP August 2023 https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validationprogram/documents/security-policies/140sp4776.pdf OPENSSL-SP Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 - FIPS 140-3 August 2023 https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validationprogram/documents/security-policies/140sp4775.pdf SP800-38A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP800-38B NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP800-38F NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf © 2024 Juniper Networks, Inc. / atsec information security

Page 24

Junos® OS Evolved MACsec Cryptographic Library Version 1.2 SP800-57 NIST Special Publication 800-57 Part 1 Revision 4 - Recommendation for Key Management Part 1: General January 2016 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf SP800-90A NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP800-131A NIST Special Publication 800-131A

Referenced URLs