All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Ruckus FastIron ICX ™ 7450 Series Switch/Router

Certificate#4832StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorRuckus Wireless LLC
Critical review priority  ·  exposes firmware-update authentication  ·  last validated 21 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/10/2029
CaveatWhen installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode
VendorRuckus Wireless LLC
Hardware versionsICX7450-24P-E2, ICX7450-48P-E2, ICX7450-48F-E2 with [ICX7400-4X1GF, ICX7400-4X10GF, ICX7400-4X10GC, ICX7400-1X40GQ, ICX7400-SERVICE-MOD]

Approved Algorithms (33)

AlgorithmACVP Cert
AES-CBCA2345
AES-CFB128A2345
AES-CMACA2345
AES-CTRA2345
AES-ECBA2345
AES-ECBAES 4550
AES-ECBAES 5074
AES-GCMA2345
AES-GCMAES 4550
AES-GCMAES 5074
AES-KWA2345
AES-KWPA2345
Counter DRBGA2345
ECDSA KeyGen (FIPS186-4)A2345
ECDSA SigGen (FIPS186-4)A2345
ECDSA SigVer (FIPS186-4)A2345
HMAC-SHA-1A2345
HMAC-SHA2-256A2345
HMAC-SHA2-384A2345
KAS-ECC-SSC Sp800-56Ar3A2345
KAS-FFC-SSC Sp800-56Ar3A2345
KDF IKEv2A2345
KDF SNMPA2345
KDF SP800-108A2345
KDF SSHA2345
KDF TLSA2345
RSA KeyGen (FIPS186-4)A2345
RSA SigGen (FIPS186-4)A2345
RSA SigVer (FIPS186-4)A2345
Safe Primes Key GenerationA2345
SHA-1A2345
SHA2-256A2345
SHA2-384A2345

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Ruckus FastIron ICX ™ 7450 Series Switch/Router
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>IronWare OS 09.0.10</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Update Firmware</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Perform Self-test<br/>Show Status<br/>Perform Self- test</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C5,C6 clue;
  class I1,I2,I3,I5,I6 infer;
  class R1,R2,R3,R5,R6 risk;
  class E1,E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Ruckus FastIron ICX ™ 7450 Series Switch/Router
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>IronWare OS 09.0.10</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Update Firmware</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Perform Self-test<br/>Show Status<br/>Perform Self- test</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Ruckus FastIron ICX™ 7450 Series Switch/Router Firmware Version: IronWare OS 09.0.10 Document Version: 1.5 Last Update Date: 10-04-2024 Prepared by: Ruckus Wireless LLC Salarpuria Supreme, #137, Marathahalli Bangalore, Karnataka 560037 India www.commscope.com

Page 2
Table of Contents
#SectionPage
1General1
2Cryptographic Module Specification2
3Cryptographic Module Interfaces12
4Roles, Services, and Authentication12
5Software/Firmware Security19
6Operational Environment19
7Physical Security19
8Non-Invasive Security20
9Sensitive Security Parameter Management20
10Self-Test27
11Life-Cycle Assurance30
12Mitigation of Other Attacks31
I. Terms and Definitions31
10Self-tests1
Page 3
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication2
55Software/Firmware security1
66Operational environment1
77Physical security1
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacksN/A

This is a non-proprietary cryptographic module security policy for Ruckus FastIron ICX™ 7450 Series Switch/Router (hereinafter referred to as the module). The firmware version running on each module is IronWare OS 09.0.10. This security policy describes how the module meets the FIPS 140-3 Level 1 security requirements, and how to operate the module in an approved mode. This security policy may be freely distributed. FIPS 140-3 (Federal Information Processing Standards Publication 140-3

Page 4

2. Cryptographic Module Specification Cryptographic Boundary The module is a hardware, multi-chip standalone cryptographic module. The cryptographic boundary is defined as the module’s chassis unit encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case representing the module’s physical perimeter. This section illustrates the module hardware with the help of photographs. Figure 1 - Front/top side of ICX7450-48P with IPSec module inserted Figure 2 - Back side of ICX7450-48P with IPSec module inserted Figure 3 - Front/top side of ICX7450-24P with ICX7400-4X10GF, ICX7400-4X1GF, ICX7400-4X10GC and ICX7400-1X40GQ and ICX7400-SERVICE MOD

Page 5

Figure 4- Back side of ICX7450-24P with ICX7400-4X10GC, ICX7400-1X40GQ and ICX7400-4X10GF Figure 5 - Front/top side of ICX7450-48P with ICX74004X1GF, ICX7400-4X10GC and ICX7400-4X10GF

Page 6

Figure 6 - ICX7450-48P with ICX7400-4X1GF, ICX7400-4X10GF, ICX7400-4X10GC, ICX74001X40GQ, ICX7400-SERVICE-MOD Figure 7 - Front/top side of ICX7450-48F with ICX7400-4X1GF, ICX7400-4X10GC and ICX7400-4X10GF

Page 7
Module configuration
NameModelHardware VersionFirmware VersionFeatures
ICX7450-24PICX7450-24PICX7450-24P-E2 with [ICX7400-4X1GF, ICX7400- 4X10GF, ICX7400-4X10GC, ICX7400-1X40GQ, ICX7400-SERVICE-MOD]IronWare OS 09.0.10ICX7450-24P module has the following physical ports: • 1x RJ-45 Ethernet Mgmt port • 1x USB Type-C serial console port • 24x 10/100/1000 Mbps RJ-45 PoE+ ports In addition, each of the network modules has the following physical ports: • 4x 1GbE SFP ports on ICX7400-4X1GF • 4x 1GbE uplink/stacking SFP+ ports on ICX7400-4X10GF • 4x 1GbE 10GBASE-T copper Ethernet ports on ICX7400- 4X10GC • 1x 4 GbE uplink/stacking QSFP+ ports on ICX7400- 1X40GQ Please refer to Cryptographic Module Interfaces section for more information
ICX7450-48PICX7450-48PICX7450-48P-E2 with [ICX7400-4X1GF, ICX7400- 4X10GF, ICX7400-4X10GC, ICX7400-1X40GQ, ICX7400-SERVICE-MOD]IronWare OS 09.0.10ICX7450-48P module has the following physical ports: • 1x RJ-45 Ethernet Mgmt port • 1x USB Type-C serial console port • 48x 10/100/1000 Mbps RJ-45 PoE+ ports In addition, each of the network modules has the following physical ports: • 4x 1GbE SFP ports on ICX7400-4X1GF • 4x 1GbE uplink/stacking SFP+ ports on ICX7400-4X10GF • 4x 1GbE 10GBASE-T copper Ethernet ports on ICX7400- 4X10GC • 1x 4 GbE uplink/stacking QSFP+ ports on ICX7400- 1X40GQ Please refer to Cryptographic Module Interfaces section for more information
ICX7450-48FICX7450-48FICX7450-48F-E2 with [ICX7400-4X1GF, ICX7400- 4X10GF, ICX7400-4X10GC, ICX7400-1X40GQ, ICX7400-SERVICE-MOD]IronWare OS 09.0.10ICX7450-48F module has the following physical ports: • 1x RJ-45 Ethernet Mgmt port • 1x USB Type-C serial console port • 48x 1GbE SFP ports In addition, each of the network modules has the following physical ports: • 4x 1GbE SFP ports on ICX7400-4X1GF • 4x 1GbE uplink/stacking SFP+ ports on ICX7400-4X10GF • 4x 1GbE 10GBASE-T copper Ethernet ports on ICX7400- 4X10GC • 1x 4 GbE uplink/stacking QSFP+ ports on ICX7400- 1X40GQ Please refer to Cryptographic Module Interfaces section for more information

The module delivers the performance, flexibility, and scalability required for enterprise access deployment. Table 2 below lists the model and firmware version included in this validation.

Page 8

Table 2

Page 9
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES • FIPS197SP800-38A#A2345AES-ECB128 and 256 bitsData Encryption/Decryption
AES • FIPS197SP800-38A#A2345AES-CBC128 and 256 bitsData Encryption/Decryption
AES • FIPS197SP800-38A#A2345AES-CFB128128 and 256 bitsData Encryption/Decryption
AES • FIPS197SP800-38A#A2345AES-CTR128 and 256 bitsData Encryption/Decryption
AES • FIPS197SP 800-38D#A2345AES-GCM128 and 256 bitsAuthenticated Encryption/Decryption
AES • FIPS197 • FIPS800-38B#A2345AES-CMAC128 bitsAssurance of the authenticity
AES • SP800-38F#A2345AES-KW128 bitsAuthenticated Encryption/Decryption
AES • SP800-38F#A2345AES-KWP128 bitsAuthenticated Encryption/Decryption
DRBG • SP800-90Arev1#A2345CTR_DRBG (AES-256 bits)N/ADeterministic Random Bit Generation
ECDSA • FIPS186-4#A2345ECDSA KeyGenCurves: P-256, P-384ECDSA Key Generation
ECDSA • FIPS186-4#A2345ECDSA SigGenCurves: P-256, P-384ECDSA Digital Signature Generation
ECDSA • FIPS186-4#A2345ECDSA SigVerCurves: P-256, P-384ECDSA Digital Signature Verification
KAS-ECC-SSC • SP800-56Arev3#A2345KAS-ECC-SSC Scheme: Ephemeral UnifiedKAS-ECC-SSC with Curves P-256, P-384, P-521KAS-ECC Shared Secret Computation
KAS • SP800-56Arev3#A2345KAS (ECC) Scheme: ephemeralUnified KAS Role: initiator, responderP KAS (KAS-SSC Cert. #A2345, CVL Cert. #A2345KAS-ECC with Curves P-256, P-384, P-521; Key establishment methodology provides between 128 and 256 bits of encryption strengthKey Agreement Scheme per SP800-56Arev3 with key derivation function (SP800-135rev1) Note: The module’s KAS (ECC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant
KAS-FFC-SSC • SP800-56Arev3#A2345KAS-FFC-SSC Scheme: dhEphemMODP-2048, MODP- 4096, MODP-8192KAS-FFC Shared Secret Computation
KAS • SP800-56Arev3#A2345KAS (FFC) Scheme: dhEphem KAS (KAS-SSC Cert. #A2345, CVL Cert. #A2345KAS-FFC with MODP- 2048, MODP-4096, MODP-8192 Key establishment methodology provides between 112 and 200 bits of encryption strengthKey Agreement Scheme per SP800-56Arev3 with key derivation function (SP800-135rev1) Note: The module’s KAS (ECC) implementation is FIPS140-3 IG D.F Scenario 2 (path 2) compliant
KBKDF • SP800-108rev1#A2345KDF Mode: CounterN/ASP800-108Rev1 Compliant Key Derivation Function (KDF)
KDF SSH (CVL) • SP800-135rev1#A2345SSHv2 KDFN/ASP800-135Rev1 Compliant Key Derivation Function (KDF) for SSHv2
KDF TLS (CVL) • SP800-135rev1#A2345TLSv1.1/1.2 KDFN/ASP800-135rev1 Compliant Key Derivation Function (KDF) for TLSv1.1/1.2
KDF SNMP (CVL) • SP800-135rev1#A2345SNMPv3 KDFN/ASP800-135rev1 Compliant Key Derivation Function (KDF) for SNMPv3
KDF IKEv2 (CVL) • SP800-135rev1#A2345IKEv2 KDFN/ASP800-135rev1 Compliant Key Derivation Function (KDF) for IKEv2
KTS (MACSec) • SP800-38F#A2345KTS (AES Cert. #A2345)Key establishment methodology provides 128 bits of encryption strengthKey Transport using AES-KW/KWP in MACSec
KTS (SSH) SP800-38F#A2345KTS (AES Cert. #A2345 and HMAC Cert. #A2345)Key establishment methodology provides 128 or 256 bits of encryption strengthKey Transport using AES and HMAC in SSH
KTS (TLS) • SP800-38F#A2345KTS (AES Cert. #A2345 and HMAC Cert. #A2345)Key establishment methodology provides 128 or 256 bits of encryption strengthKey Transport using AES and HMAC in TLS
KTS (TLS) • SP800-38F#A2345KTS (AES-GCM Cert. #A2345)Key establishment methodology provides 128 or 256 bits of encryption strengthKey Transport using AES-GCM in TLS
SHS • FIPS180-4#A2345SHA-1 Message Length: 0-51200 Increment 8N/ASecure hashing Note: SHA-1 is not used for digital signature generation
SHS • FIPS180-4#A2345SHA2-256 Message Length: 0-51200 Increment 8N/ASecure hashing
SHS • FIPS180-4#A2345SHA2-384 Message Length: 0-51200 Increment 8N/ASecure hashing
HMAC • FIPS198-1#A2345HMAC-SHA-1At least 160 bitsHash based message authenticate code generation and verification
HMAC • FIPS198-1#A2345HMAC-SHA2- 256At least 160 bitsHash based message authenticate code generation and verification
HMAC • FIPS198-1#A2345HMAC-SHA2- 384At least 160 bitsHash based message authenticate code generation and verification
RSA • FIPS186-4#A2345RSA KeyGen Mode: B.3.3Modulus: 2048 bitsKey Generation
RSA • FIPS186-4#A2345RSA SigGen (PKCS 1.5)Modulus: 2048 bitsSignature Generation
RSA • FIPS186-4#A2345RSA Sigver (PKCS 1.5)Modulus: 2048 bitsSignature Verification
Safe Primes Key Generation • SP800-56Arev3#A2345N/ASafe Prime Groups: MODP-2048, MODP- 4096, MODP-8192KAS-FFC Keypair domain parameters generation
CKG • SP800-133rev2Vendor AffirmedN/AN/AVendor Affirmed Cryptographic Key Generation (CKG) compliant with SP800- 133rev2 and IG D.H The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed). A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800- 90Arev1 CTR_DRBG
AES • FIPS197SP800-38AAES #4550AES-ECB128 bitsECB is a pre-requisite algorithm for GCM
AES • FIPS197SP800-38DAES #4550AES-GCM128 bitsAuthenticated Encryption/Decryption in MACSec
AES • FIPS197SP800-38AAES #5074AES-ECB128 bitsECB is a pre-requisite algorithm for GCM
AES • FIPS197SP800-38DAES #5074AES-GCM128 bitsAuthenticated Encryption/Decryption in IPSec/IKE

Modes of Operation By default, the module is delivered with a non-approved mode of operation but supports an approved mode of operation. Once the module is configured to operate in the approved mode of operation by following the steps in section "Secure Operation" of this document by the Crypto Officer, the module can only operate in the approved mode. The module does not claim implementation of a degraded mode of operation. The tables below list all approved or vendor-affirmed security functions of the module, including specific key size(s) (in bits unless noted otherwise) employed for Approved services, and implemented modes of operation. There are some algorithm modes that were tested but not implemented by the module. Only the algorithms, modes, and key sizes that are implemented by the module are shown in these tables. Approved Security Functions The module implements the following approved cryptographic algorithms that have been ACVP certified. N/A

Page 11

N/A N/A N/A

Page 12

N/A N/A N/A Table 3 - Approved Algorithms (Crypto Library I) Table 4 - Approved Algorithms (Crypto Library II) Table 5 - Approved Algorithms (Crypto Library III)

Page 13

5288 for TLS. The module is compatible with TLSv1.2 and provides support for the acceptable

GCM cipher suites from SP 800-52 Rev1, Section 3.3.1. The operations of one of the two parties involved in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the module being validated. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.

7296 for IPSec/IKE. The module uses RFC 7296 compliant IPSec/IKE to establish the shared

secret SKEYSEED from which the AES GCM encryption keys are derived. The operations of one of the two parties involved in the IKE key establishment scheme shall be performed entirely within the cryptographic boundary of the module being validated. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.

Page 14
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Console port, Mgmt port, SFP/SFP+ ports, QSFP+ ports, Ethernet portsConsole port, Mgmt port, SFP/SFP+ ports, QSFP+ ports, Ethernet portsData InputSSH, TLS, SNMPv3, IPSec/IKEv2 or MACSec traffic
Console port, Mgmt port, SFP/SFP+ ports, QSFP+ ports, Ethernet portsConsole port, Mgmt port, SFP/SFP+ ports, QSFP+ ports, Ethernet portsData OutputSSH, TLS, SNMPv3, IPSec/IKEv2 or MACsec traffic
Console port, Mgmt port, SFP/SFP+ ports, QSFP+ ports, Ethernet portsConsole port, Mgmt port, SFP/SFP+ ports, QSFP+ ports, Ethernet portsControl InputControl Input
Console port, Mgmt port, SFP/SFP+ ports, QSFP+ ports, Ethernet ports, and LEDsConsole port, Mgmt port, SFP/SFP+ ports, QSFP+ ports, Ethernet ports, and LEDsStatus OutputStatus information
N/AN/AControl OutputNA
PowerPowerN/AProvides the power supply to the module
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutput
Perform Self-testCrypto OfficerCommand to trigger self-testThe self-tests completion status information
Perform ZeroizationCrypto OfficerCommand to zeroize the moduleThe zeroization completion status information
Update FirmwareCrypto OfficerCommand to upload a new validated firmwareThe firmware update completion status information
CO AuthenticationCrypto OfficerCO role authentication requestStatus of the CO role authentication
Configuration ManagementCrypto OfficerCommands to configure the moduleStatus of the completion of network related configuration
Configure RADIUS ServerCrypto OfficerCommands to configure RADIUS ServerStatus of the completion of RADIUS Server configuration
Configure SSHv2 FunctionCrypto OfficerCommands to configure SSHv2 functionStatus of the completion of SSHv2 configuration
Configure SSL over TLSv1.1/1.2 FunctionCrypto OfficerCommands to configure SSL over TLSv1.1/2 functionStatus of the completion of SSL over TLSv1.1/1.2 configuration
Configure SNMPv3 FunctionCrypto OfficerCommands to configure SNMPv3 functionStatus of the completion of SNMPv3 configuration
Configure IPsec/IKE FunctionCrypto OfficerCommands to configure IPSec/IKE functionStatus of the completion of IPSec/IKE configuration
Configure MACSec FunctionCrypto OfficerCommands to configure MACSec functionStatus of the completion of MACSec configuration
Account managementCrypto OfficerCommand to create user accountThe status of the new user accounts
Show VersionCrypto OfficerCommand to show versionModule’s name and versioning information
Show StatusCrypto OfficerCommand to get the status of the moduleModule’s current status information
Port Configuration ManagementCrypto OfficerCommands to configure the port parameters of switch/routerPort configuration completion status information
Run SSHv2 FunctionCrypto OfficerInitiate SSHv2 tunnel establishment requestStatus of SSHv2 tunnel establishment
Run SSL over TLSv1.1/v1.2 FunctionCrypto OfficerInitiate SSL over TLSv1.1/v1.2 tunnel establishment requestStatus of TLSv1.1/v1.2 tunnel establishment
Run SNMPv3 FunctionCrypto OfficerInitiate SNMPv3 tunnel establishment requestStatus of SNMPv3 tunnel establishment
Run IPSec/IKE FunctionCrypto OfficerInitiate IPsec/IKE tunnel establishment requestStatus of IPSec/IKE tunnel establishment
Run MACSec FunctionCrypto OfficerInitiate MACSec tunnel establishment requestStatus of MACSec tunnel establishment
Show VersionUserCommand to show versionModule’s name and versioning information
Show StatusUserCommand to get the status of the moduleModule’s current status information
User AuthenticationUserUser role authentication requestStatus of the User role authentication
Run SSHv2 FunctionUserInitiate SSHv2 tunnel establishment requestStatus of SSHv2 tunnel establishment
Show VersionPort Config AdminCommand to show versionModule’s name and versioning information
Show StatusPort Config AdminCommand to get the status of the moduleModule’s current status information
Port Config Admin AuthenticationPort Config AdminPort Config Admin role authentication requestStatus of the Port Config Admin role authentication
Port Configuration ManagementPort Config AdminCommands to configure the port parameters of switch/routerPort configuration completion status information
Run SSHv2 FunctionPort Config AdminInitiate SSHv2 tunnel establishment requestStatus of SSHv2 tunnel establishment
Perform Self- testThe module runs pre-operational self-tests and conditional algorithm Self- tests (CASTs)Crypto OfficerN/AN/AN/ASelf-test completion message
Perform ZeroizationZeroize service destroys all SSPs in the moduleCrypto OfficerALLN/AZZeroize completion message
Update FirmwareThe module’s firmware is updated to a new versionCrypto OfficerFirmware Load Test KeyRSA SigVerEGlobal indicator and Firmware update completion message
Show StatusProvide module’s name and current status informationCrypto Officer; User; Port Config AdminN/AN/ARN/A
  1. Cryptographic Module Interfaces interfaces provided by the module are mapped to the following FIPS 140-3 defined logical logical interfaces and their mapping are described in the following table. Please note that the N/A N/A Table 6 – Ports and Interfaces
  2. Roles, Services, and Authentication The module supports role-based authentication. In approved mode, the cryptographic module supports the following roles:
  3. Crypto Officer Role: The Crypto Officer role has complete access to the system. The Crypto Officer is the only role that can perform firmware loading, security functions configuration (SSHv2, TLSv1.1/v1.2, SNMPv3, IPSec/IKEv2 and MACSec) and account management. A crypto officer can create additional accounts thereby creating additional crypto officers.
  4. Port Config Admin Role: The Port Config Admin role has read and write access for configuring specific ports but not for global (system‐wide) parameters.
  5. User Role: The User role on the device has read-only privileges and no configuration mode access. The module does not support the maintenance role. For all other services, an operator must authenticate to the module as described in Table below. The module provides services for remote communication (SSHv2 and SNMPv3) for management and configuration of cryptographic functions. The following subsections describe services available to operators based on role.
Page 16
Approved algorithm
NameKey Size
Password-based authenticationThe minimum length is eight (8) characters (94 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(948) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(948), which is less than 1/100,000. The configuration supports at most ten failed attempts to authenticate in a one-minute period. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in totalCrypto Officer, User, Port Config Admin
RSA-based authenticationRSA key pair has modulus size of 2048 bits, thus providing 112 bits of strength, which means an attacker would have a 1 in 2112 chance of randomly obtaining the key, which is much stronger than the one in a million chances required by FIPS 140-3. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 8.65x10^31 (2112 /60 = 8.65 x 1031) attempts per second, which is less than 1/100,000Crypto Officer, User, Port Config Admin
ECDSA-based authenticationWhen configuring the smallest curve P-256, the probability that a random attempt will succeed, or a false acceptance will occur is 1/2^128, which is less than 1/1,000,000. 256 attempts are allowed in a one-minute period. Therefore, the probability of a random success in a one-minute period is 256/2^128, which is less than 1/100,000Crypto Officer, User, Port Config Admin
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutput
Port Config Admin AuthenticationPort Config AdminPort Config Admin role authentication requestStatus of the Port Config Admin role authentication
Port Configuration ManagementPort Config AdminCommands to configure the port parameters of switch/routerPort configuration completion status information
Run SSHv2 FunctionPort Config AdminInitiate SSHv2 tunnel establishment requestStatus of SSHv2 tunnel establishment
Perform Self- testThe module runs pre-operational self-tests and conditional algorithm Self- tests (CASTs)Crypto OfficerN/AN/AN/ASelf-test completion message
Perform ZeroizationZeroize service destroys all SSPs in the moduleCrypto OfficerALLN/AZZeroize completion message
Update FirmwareThe module’s firmware is updated to a new versionCrypto OfficerFirmware Load Test KeyRSA SigVerEGlobal indicator and Firmware update completion message
Show StatusProvide module’s name and current status informationCrypto Officer; User; Port Config AdminN/AN/ARN/A
Show VersionProvide modules version informationCrypto Officer; User; Port Config AdminN/AN/ARN/A
CO Authenticatio nCO role authenticationCrypto OfficerCrypto Officer PasswordN/AG, R, W, EN/A
User Authenticatio nUser role authenticationUserUser PasswordN/AG, R, W, EN/A
Port Config Admin Authenticatio nPort Config Admin role authenticationPort Config AdminPort Config Admin PasswordN/AG, R, W, EN/A
Configure SSHv2 FunctionConfigure SSHv2 FunctionCrypto OfficerDRBG Entropy Input, DRBG Seed, DRBG Internal State V value, DRBG Key, SSH ECDSA Private Key, SSH ECDSA Public Key, SSH RSA Private Key, SSH RSA Public Key, SSH DH Private Key, SSH DH Public Key, SSH DH Shared Secret Key, SSH ECDH Private Key, SSH ECDH Public Key, SSH ECDH Shared Secret Key, SSH Session Encryption Key, SSH Session Integrity KeyAES-CBC, AES-CTR, CKG, CTR_DRBG, KDF SSH, HMAC-SHA- 1, HMAC-SHA2- 256, KAS-ECC- SSC, KAS (ECC), KAS-FFC- SSC, KAS (FFC), KTS, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGenR, W, GGlobal indicator and SSH connection success log message
Configure SSL over TLSv1.1/v1.2 FunctionConfigure TLSv1.1/v1.2 FunctionCrypto OfficerDRBG Entropy Input, DRBG Seed, DRBG Internal State V value, DRBG Key, TLS ECDSA Private Key, TLS ECDSA Public Key, TLS RSA Private Key, TLS RSA Public Key, TLS DH Private Key, TLS DH Public key, TLS DH Shared Secret, TLS ECDH Private Key, TLS ECDH Public key,AES-ECB, AES-CBC, AES-GCM, CKG, CTR_DRBG, KDF TLS, HMAC-SHA- 1, HMAC-SHA2- 256, HMAC-SHA2- 384, KAS-ECC- SSC,R, W, GGlobal indicator and TLS connection success log message
KAS (ECC), KAS-FFC- SSC, KAS (FFC), KTS, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGenTLS ECDH Shared Secret, TLS Pre-Master Secret, TLS Master Secret, TLS Session Encryption Key, TLS Session Integrity KeyKAS (ECC), KAS-FFC- SSC, KAS (FFC), KTS, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGen
SNMPv3 Function ConfigurationConfigure SNMPv3 FunctionCrypto OfficerSNMPv3 User Authentication Secret, SNMPv3 Session Encryption Key, SNMPv3 Session Integrity KeyAES-CFB128, KDF SNMP, HMAC-SHA- 1, HMAC-SHA2- 256, HMAC-SHA2- 384R, W, GGlobal indicator and SNMPv3 connection success log message
Configure IPsec/IKEv2 FunctionConfigure IPSec/IKEv2 FunctionCrypto OfficerDRBG Entropy Input, DRBG Seed, DRBG Internal State V value, DRBG Key, IPSec/IKE Pre-shared Secret, IPSec/IKE ECDH Private Key, IPSec/IKE ECDH Public Key, IPSec/IKE ECDH Shared Secret, IPSec/IKE DH Private Key, IPSEC/IKE DH Public key, IPSec/IKE DH Shared Secret, IPSec/IKE RSA Private Key, IPSec/IKE RSA Public Key, IPSec/IKE ECDSA Private Key, IPSEC/IKE ECDSA Public Key, IPSec/IKE Session Encryption Key, IPSec/IKE Session Integrity KeyAES-CBC, AES-GCM, CKG, CTR_DRBG, KDF IKEv2, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, HMAC-SHA2- 256, HMAC-SHA2- 384, KAS-ECC- SSC, KAS (ECC), KAS-FFC- SSC, KAS (FFC), RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGenG, R, WGlobal indicator and IPSec/IKE connection success log message
Configure MACSec FunctionConfigure MACSec FunctionCrypto OfficerMACSec CAK; MACSec ICK; MACSec KEK; MACSec SAKAES-CMAC; AES-GCM; AES-KW; AES-KWP; KBKDF;G, R, WGlobal indicator and MACSec connection success log message
Port Configuration ManagementPerform Port ConfigurationCrypto Officer; Port Config AdminCrypto Officer Password; Port Config Admin PasswordN/AR, EN/A
Account managementAccount CreationCrypto OfficerCrypto Officer Password; User Password; Port Config Admin PasswordN/AWN/A
Run SSHv2 FunctionNegotiation and encrypted data transport via SSHCrypto OfficerDRBG Entropy Input, DRBG Seed, DRBG Internal State V value, DRBG Key, SSH ECDSA Private Key, SSH ECDSA Public Key, SSH RSA Private Key, SSH RSA Public Key, SSH DH Private Key, SSH DH Public Key, SSH DH Shared Secret Key, SSH ECDH Private Key, SSH ECDH Public Key, SSH ECDH Shared Secret Key, SSH Session Encryption Key, SSH Session Integrity KeyAES-CBC, AES-CTR, CKG, CTR_DRBG, KDF SSH, HMAC-SHA- 1, HMAC-SHA2- 256, KAS-ECC- SSC, KAS (ECC), KAS-FFC- SSC, KAS (FFC), KTS, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGenR, W, GGlobal indicator and SSH connection success log message
Run SSL over TLSv1.1/v1.2 FunctionNegotiation and encrypted data transport via SSL (TLSv1.1/v1.2)Crypto OfficerDRBG Entropy Input, DRBG Seed, DRBG Internal State V value, DRBG Key, TLS ECDSA Private Key, TLS ECDSA Public Key, TLS RSA Private Key, TLS RSA Public Key, TLS DH Private Key, TLS DH Public key, TLS DH Shared Secret, TLS ECDH Private Key, TLS ECDH Public key, TLS ECDH Shared Secret, TLS Pre-Master Secret, TLS Master Secret, TLS Session Encryption Key, TLS Session Integrity KeyAES-ECB, AES-CBC, AES-GCM, CKG, CTR_DRBG, KDF TLS, HMAC-SHA- 1, HMAC-SHA2- 256, HMAC-SHA2- 384, KAS-ECC- SSC, KAS (ECC), KAS-FFC- SSC, KAS (FFC), KTS, ECDSA KeyGen,R, W, GGlobal indicator and TLS connection success log message
Run SNMPv3 FunctionNegotiation and encrypted data transport via SNMPv3Crypto OfficerSNMPv3 User Authentication Secret, SNMPv3 Session Encryption Key, SNMPv3 Session Integrity KeyAES-CFB128, KDF SNMP, HMAC-SHA- 1, HMAC-SHA2- 256, HMAC-SHA2- 384R, W, GGlobal indicator and SNMPv3 connection success log message
Run IPSec/IKEv2 FunctionNegotiation and encrypted data transport via IPSecCrypto OfficerDRBG Entropy Input, DRBG Seed, DRBG Internal State V value, DRBG Key, IPSec/IKE Pre-shared Secret, IPSec/IKE ECDH Private Key, IPSec/IKE ECDH Public Key, IPSec/IKE ECDH Shared Secret, IPSec/IKE DH Private Key, IPSEC/IKE DH Public key, IPSec/IKE DH Shared Secret, IPSec/IKE RSA Private Key, IPSec/IKE RSA Public Key, IPSec/IKE ECDSA Private Key, IPSEC/IKE ECDSA Public Key, IPSec/IKE Session Encryption Key, IPSec/IKE Session Integrity KeyAES-CBC, AES-GCM, CKG, CTR_DRBG, KDF IKEv2, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, HMAC-SHA2- 256, HMAC-SHA2- 384, KAS-ECC- SSC, KAS (ECC), KAS-FFC- SSC, KAS (FFC), RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGenR, EGlobal indicator and IPSec/IKE connection success log message
Run MACSec FunctionNegotiation and encrypted data transport via MACSecCrypto OfficerMACSec CAK, MACSec ICK, MACSec KEK, MACSec SAKAES-CMAC, AES-GCM, AES-KW, AES-KWP, KTS, KBKDFR, EGlobal indicator and MACSec connection success log message
Page 17

N/A N/A n n n N/A N/A R G, R, W, E N/A G, R, W, E N/A N/A N/A HMAC-SHA1, HMAC-SHA2256, KAS-ECCSSC, KAS-FFCSSC, HMAC-SHA1, HMAC-SHA2256, HMAC-SHA2384, KAS-ECCSSC, R, W, G R, W, G N/A

Page 18

KAS-FFCSSC, HMAC-SHA1, HMAC-SHA2256, HMAC-SHA2384 HMAC-SHA2256, HMAC-SHA2384, KAS-ECCSSC, KAS-FFCSSC, R, W, G G, R, W G, R, W

Page 19

N/A HMAC-SHA1, HMAC-SHA2256, KAS-ECCSSC, KAS-FFCSSC, HMAC-SHA1, HMAC-SHA2256, HMAC-SHA2384, KAS-ECCSSC, KAS-FFCSSC, N/A R, E W R, W, G N/A R, W, G N/A

Page 20

HMAC-SHA1, HMAC-SHA2256, HMAC-SHA2384 HMAC-SHA2256, HMAC-SHA2384, KAS-ECCSSC, KAS-FFCSSC, R, W, G R, E R, E Table 11 - Approved Services G = Generate: The module generates or derives the SSP R = Read: The SSP is read from the module (e.g. the SSP is output)

Page 21

W = Write: The SSP is updated, imported, or written to the module E = Execute: The module uses the SSP in performing a cryptographic operation Z = Zeroise: The module zeroises the SSP Unauthenticated Services The services for someone without an authorized role are to view the status output from the module’s LEDs and to cycle power the module.

  1. Software/Firmware Security Integrity Techniques The module performs the Firmware Integrity tests by using CRC-32 during the Pre-Operational Self-Test. At Module’s initialization, the integrity of the runtime executable binary file is verified using the following two integrity check mechanisms to ensure that the module has not been tampered: • • Bootloader Integrity Test (CRC-32) Firmware Integrity Test (CRC-32) If at the load time the CRC-32 value does not match the stored, known CRC-32 value, the module would enter to an Error state with all crypto functionality inhibited. In addition, the module also supports the firmware load test by using RSA 2048 bits with SHA2256 (RSA Cert. #A2345) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the binary the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate into the module before loading any firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails. Integrity Test On-Demand Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the module to initiate the firmware integrity test on-demand. This automatically performs the integrity test of all firmware components included within the boundary of the module.
  2. Operational Environment The module is a hardware module. The module’s operational environment is non-modifiable. The module’s firmware version running on each model is IronWare OS 09.0.10. Any other firmware loaded into these modules is out of the scope of this validation and requires a separate FIPS 140-3 validation.
  3. Physical Security The module is a multi-chip standalone hardware cryptographic module. The module meets the FIPS 140-3 Level 1 security requirements as production grade equipment.
Page 22
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportKey/SSP Name/Type
Used to seed the DRBG384 bitsN/AGenerated from noise sourceN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoDRBG Entropy Input
Used DRBG generation256 bitsDRBG Cert. #A2345Internally Derived from entropy input string as defined by SP800-90Arev1N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoDRBG Seed
Used DRBG generation256 bitsDRBG Cert. #A2345Internally Derived from entropy input string as defined by SP800-90Arev1N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoDRBG Internal State V value
Used DRBG generation256 bitsDRBG Cert. #A2345Internally Derived from entropy input string as defined by SP800-90Arev1N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoDRBG Key
Used for Port Config Admin authentication8 to 60 CharactersN/AN/AMD/EEFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: Encrypted by SSH session key Export: NoPort Config Admin Password
Used for Crypto Officer authentication8 to 60 CharactersN/AN/AMD/EEFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: Encrypted by SSH session key Export: NoCrypto Officer Password
Used for User authentication8 to 60 CharactersN/AN/AMD/EEFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: Encrypted by SSH session key Export: NoUser Password
Used for RADIUS Server authentication8 to 64 CharactersN/AN/AMD/EEFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: Encrypted by SSH session key Export: NoRADIUS Secret
Used for SSH authenticationP-256, P- 384CKG, DRBG, ECDSA KeyGen, ECDSA SigGen Cert. #A2345Internally generated conformant to SP800-133r2 (CKG) using FIPS 186-4 ECDSA key generation method, and the random value used in key generation is generated usingN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSSH ECDSA Private Key
Used for SSH authenticationP-256, P- 384ECDSA SigVer Cert #A2345Internally derived per the FIPS 186-4 ECDSA key generation methodN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to the SSH peer applicationSSH ECDSA Public Key
Used for SSH authentication2048 bitsCKG, DRBG, RSA KeyGen, RSA SigGen Cert. #A2345Internally generated conformant to SP800-133r2 (CKG) using FIPS 186-4 RSA key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSSH RSA Private Key
Used for SSH authentication2048 bitsRSA SigVer Cert #A2345Internally derived per the FIPS 186-4 RSA key generation methodN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to SSH peer applicationSSH RSA Public Key
Used to derive SSH DH Shared secretMODP- 2048, 4096, 8192 bitsCKG, DRBG, KAS-FFC-SSC Cert. #A2345Internally generated. conformant to SP800-133r2 (CKG) using SP800-56Arev3 Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSSH DH Private Key
Used to derive SSH DH Shared secretMODP- 2048, 4096, 8192 bitsKAS-FFC-SSC Cert. #A2345Internally derived internally per the Diffie-Hellman key agreement (SP800-56Arev3)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to SSH peer applicationSSH DH Public Key
Used to derive SSH Session Encryption Key, SSH Session Integrity KeyMODP- 2048, 4096, 8192 bitsKAS-FFC-SSC Cert. #A2345Internally derived using SP800-56A rev3 EC Diffie-Hellman shared secret computationN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSSH DH Shared Secret
Used to derive SSH ECDH Shared secretP-256, P-384, P-521CKG, DRBG, KAS-ECC-SSC Cert. #A2345Internally generated. conformant to SP800-133r2 (CKG) using SP800-56Arev3 EC Diffie-Hellman key generation method, and the random value used in key generationN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSSH ECDH Private Key
Used to derive SSH ECDH Shared secretP-256, P-384, P-521KAS-ECC-SSC Cert. #A2345Internally derived internally per the EC Diffie-Hellman key agreement (SP800-56Arev3)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to SSH peer applicationSSH ECDH Public Key
Used to derive SSH Session Encryption Key SSH Session Integrity KeyP-256, P-384, P-521KAS-ECC-SSC Cert. #A2345Internally derived using SP800-56A rev3 EC Diffie-Hellman shared secret computationN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSSH ECDH Shared Secret
Used for SSH session confidentiality protection128, 256 bitsAES-CTR, KDF SSH, KTS Cert. #A2345Internally derived via key derivation function defined in SP800-135rev1 KDF (SSHv2)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSSH Session Encryption Key
Used for SSH session integrity protectionAt least 160 bitsHMAC-SHA-1, HMAC-SHA2- 256, KDF SSH Cert. #A2345Internally derived via key derivation function defined in SP800-135rev1 KDF (SSHv2)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSSH Session Integrity Key
Used to authenticate IPsec/IKE peer8 to 60 CharactersN/AN/AMD/EEFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: Encrypted by SSH session key Export: NoIPSec/IKE Pre-Shared Secret
Used to derive IPSec/IKE ECDH Shared secretP-256, P- 384CKG, DRBG, KAS-ECC-SSC Cert. #A2345Internally generated. conformant to SP800-133r2 (CKG) using SP800-56Arev3 EC Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoIPSec/IKE ECDH Private Key
Used to derive IPSec/IKE ECDH Shared secretP-256, P- 384KAS-ECC-SSC Cert. #A2345Internally derived internally per the EC Diffie-Hellman key agreement (SP800-56Arev3)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to the IPSec/IKE peer applicationIPSec/IKE ECDH Public Key
Used to derive IPSec/IKE Session Encryption Key, IPSec/IKE session Integrity KeyP-256, P- 384KAS-ECC-SSC Cert. #A2345Internally derived using SP800-56A rev3 EC Diffie-Hellman shared secret computationN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoIPSec/IKE ECDH Shared Secret
Used to derive IPSec/IKE DH Shared secretMODP- 2048CKG, DRBG, KAS-FFC-SSC Cert. #A2345Internally generated. conformant to SP800-133r2 (CKG) using SP800-56Arev3 Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoIPSec/IKE DH Private Key
Used to derive IPSec/IKE DH Shared secretMODP- 2048CKG, DRBG, KAS-FFC-SSC Cert. #A2345Internally derived internally per the Diffie-Hellman key agreement (SP800-56Arev3)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to IPSec/IKE peer applicationIPSec/IKE DH Public key
Used to derive IPSec/IKE Session Encryption Key, IPSec/IKE Session Integrity KeyMODP- 2048KAS-FFC-SSC Cert. #A2345Internally derived using SP800-56Arev3 Diffie-Hellman shared secret computationN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoIPSec/IKE DH Shared Secret
Used for IPSec/IKE authentication2048 bitsCKG, DRBG, RSA KeyGen, RSA SigGen Cert. #A2345Internally generated conformant to SP800-133r2 (CKG) using FIPS 186-4 RSA/RSA key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoIPSec/IKE RSA Private Key
Used for IPSec/IKE authentication2048 bitsCKG, DRBG, RSA KeyGen RSA SigVer Cert. #A2345Internally derived per the FIPS 186-4 RSA key generation methodN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to IPSec/IKE peer applicationIPSec/IKE RSA Public Key
Used for IPSec/IKE authenticationP-256, P- 384CKG, DRBG, ECDSA KeyGen, ECDSA SigGen Cert. #A2345Internally generated conformant to SP800-133r2 (CKG) using FIPS 186-4 ECDSA key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoIPSec/IKE ECDSA Private Key
Used for IPSec/IKE authenticationP-256, P-384CKG, DRBG, ECDSA KeyGen,Internally derived per the FIPS 186-4N/AFlash (plaintext)Zeroized by SSP (CSP/PSP)Import: NoIPSec/IKE ECDSA Public Key
ECDSA SigVer Cert. #A2345ECDSA SigVer Cert. #A2345ECDSA key generation methodZeroization CommandExport: to IPSec/IKE peer application
Used for IPSec/IKE session confidentiality protection128, 256 bitsAES-CBC Cert. #A2345, AES-GCM Cert. #5074Internally derived via key derivation function defined in SP800-135rev1 KDF (IKEv2)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoIPSec/IKE Session Encryption Key
Used for IPSec/IKE session integrity protectionAt least 160 bitsHMAC-SHA2- 256, HMAC-SHA2- 384 Cert. #A2345Internally derived via key derivation function defined in SP800-135rev1 KDF (IKEv2)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoIPSec/IKE Session Integrity Key
SNMPv3 User Authentication8 to 20 charactersN/APlease see EstablishmentMD/EEFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: Encrypted by SSH session key Export: NoSNMPv3 User Authenticati on Secret
Used for SNMPV3 session confidentiality protection128 bitsAES-CFB128, KDF SNMP Cert. #A2345Internally derived via key derivation function defined in SP800-135rev1 KDF (SNMPv3)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSNMPv3 Session Encryption Key
Used for SNMPv3 session integrity protectionAt least 160 bitsHMAC-SHA-1, KDF SNMP Cert. #A2345Internally derived via key derivation function defined in SP800-135rev1 KDF (SNMPv3)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoSNMPv3 Session Integrity Key
Used for TLS authenticationP-256, P- 384CKG, DRBG, ECDSA KeyGen, ECDSA SigGen Cert. #A2345Internally generated conformant to SP800-133r2 (CKG) using FIPS 186-4 ECDSA key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS ECDSA Private Key
Used for TLS authenticationP-256, P- 384ECDSA SigVer Cert. #A2345Internally derived per the FIPS 186-4 ECDSA key generation methodN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to TLS peer applicationTLS ECDSA Public Key
Used for TLS authentication2048 bitsCKG, DRBG, RSA KeyGen, RSA SigGen, Cert. #A2345Internally generated conformant to SP800-133r2 (CKG) using FIPS 186-4 RSA key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS RSA Private Key
Used for TLS authentication2048 bitsRSA SigVer Cert. #A2345Internally derived per the FIPS 186-4 RSA key generation methodN/AFlash (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to TLS peer applicationTLS RSA Public Key
Used to derive TLS DH Shared secretMODP- 2048CKG, DRBG, KAS-FFC-SSC Cert. #A2345Internally generated. conformant to SP800-133r2 (CKG) using SP800-56Arev3 Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS DH Private Key
Used to derive TLS DH Shared secretMODP- 2048KAS-FFC-SSC Cert. #A2345Internally derived internally per the Diffie-Hellman key agreement (SP800-56Arev3)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to TLS peer applicationTLS DH Public Key
Used to derive TLS Session EncryptionMODP- 2048KAS-FFC-SSC Cert. #A2345Internally derived using SP800-56A rev3N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP)Import: No Export: NoTLS DH Shared Secret
Key, TLS Session Integrity KeyDiffie-Hellman shared secret computationZeroization Command
Used to derive TLS ECDH Shared SecretP-256, P- 384CKG, DRBG, KAS-ECC-SSC Cert. #A2345Internally generated. conformant to SP800-133r2 (CKG) using SP800-56Arev3 EC Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBGN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS ECDH Private Key
Used to derive TLS ECDH Shared secretP-256, P- 384KAS-ECC-SSC Cert. #A2345Internally derived internally per the EC Diffie-Hellman key agreement (SP800-56Arev3)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: to TLS peer applicationTLS ECDH Public key
Used to derive TLS Session Encryption Key, TLS Session Integrity KeyP-256, P- 384KAS-ECC-SSC Cert. #A2345Internally derived using SP800-56A rev3 EC Diffie-Hellman shared secret computationN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS ECDH Shared Secret
Used to derive TLS Session Encryption Key, TLS Session Integrity Key256 bitsN/AInternally derived via key derivation function defined in SP800-135rev1 KDF (TLSv1.1/1.2)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS Pre- Master Secret
TLS pre master secret, TLS Encryption Key TLS Session Integrity Key48 bytesN/AInternally derived via key derivation function defined in SP800-135rev1 KDF (TLSv1.1/1.2)N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS Master Secret
Used for TLS session confidentiality protection128 or 256 bitsAES-ECB, AES-CBC, AES-GCM, KDF TLS, KTS Cert. #A2345Internally derived via key derivation function defined in SP800-135 rev1 KDF TLSv1.1/1.2 KDFN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS Session Encryption Key
Used for TLS session integrity protectionAt least 160 bitsKDF TLS HMAC-SHA2- 256, HMAC-SHA2- 384 Cert. #A2345Internally derived via key derivation function defined in SP800-135 rev1 KDF TLSv1.1/1.2N/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoTLS Session Integrity Key
Used to derive MACSec ICK and MACSec KEK128 bitsN/AN/AMD/EEFlash (plaintext)Explicit zeroization by zeroization commandImport: Encrypted by SSH session key Export: NoMACSec CAK
used for MACSec Peer authentication128 bitsAES-CMAC, KBKDF Cert. #A2345Internally derived using SP800-108 KDFN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoMACSec ICK
Used to transport MACSec SAK to MACSec Peer128 bitsAES-KW, AES-KWP, KBKDF, KTS Cert. #A2345Internally derived using SP800-108 KDFN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: NoMACSec KEK
Used for MACSec session protection128 bitsAES-CMAC KBKDF, Cert. #A2345 AES-GCM AES Cert: #4550Internally derived using SP800-108 KDFN/ADRAM (plaintext)Zeroized by SSP (CSP/PSP) Zeroization CommandImport: No Export: Encrypted by MACSec KEKMACSec SAK
User for Firmware load test2048 bitsRSA SigVer, SHA2-256 Cert. #A2345Pre-loaded at the factory (in the module’s executable binary)N/AFlash (Plaintext)N/AN/AFirmware Load Test Key
  1. Non-Invasive Security No approved non-invasive attack mitigation test metrics are defined at this time.
  2. Sensitive Security Parameter Management N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A P-256, P384
Page 26

HMAC-SHA2256, HMAC-SHA2384 N/A N/A N/A N/A N/A

Page 28

P-256, P384 P-256, P384 P-256, P384 TLS PreMaster N/A N/A HMAC-SHA2256, HMAC-SHA2384 N/A N/A N/A N/A N/A N/A N/A N/A N/A

Page 29
Approved algorithm
NameKey Size
DetailsEntropy sourcesMinimum number of
The system tick clock/register as the single entropy source to provide the sufficient entropy to seed the SP800-90Arev1 DRBG (DRBG Cert. #A2345). The entropy source was directly used to seed the DRBG without the entropy conditioning process. Please refer to entropy report for details256 bitsENT (NP). Periodic sampling of the high- precision CPU clock within the ARM CPU is the only single entropy source used to seed the SP800-90Arev1 DRBG (DRBG Cert. #A2345)
Error State IndicatorCause of Error
Pre-operational Firmware Integrity Test FailsPre-operational Firmware Integrity Test FailsFIPS: Crypto module POST Failed
Conditional CAST FailsConditional CAST FailsFIPS Fatal Cryptographic Module Failure. Reason: <Reason String>
Conditional PCT FailsConditional PCT FailsPairwise consistency check failed
Firmware Load Test FailsFirmware Load Test FailsFIPS: Firmware Integrity Test: Package Checksum Verification: FAIL

N/A N/A N/A N/A N/A N/A Table 12 - SSPs Notes:

  1. The module uses procedural zeroization to explicitly zeroize all SSPs listed in Table 12.
  2. The zeroization operations shall be performed under the control of the CO role by using the CLI command “fips zeroize all”
  3. To initiate zeroization, see Section End of Life / Sanitization in this document for more
  4. The zeroized SSPs cannot be retrieved or reused. Once the command is initiated, the SSPs are overwritten with 0s. Table 13 – Non-Deterministic Random Number Generation Specification
  5. Self-Test The modules perform the following self-tests, including the pre-operational self-tests and conditional self-tests. The module runs all self-tests without operator intervention. In the event that a self-test fails, the module will enter an error state, output an error message and follow up with a
Page 30

module reboot. The module permits operators to initiate the pre-operational or conditional self-tests on demand for periodic testing of the module by rebooting the system (i.e., power-cycling). Pre-Operational Self-Tests:

Page 31

In addition, the module also performs the Conditional Cryptographic Algorithm Self-tests to the following two AES-GCM algorithms: o o o

Page 32

In addition, the Crypto Officer shall perform the periodic test on demand no more than 10 days to ensure all components are functioning correctly.

  1. Life-cycle Assurance The module is designed to handle the various stages of a module’s life-cycle. The sections below highlight the details for each stage. Secure Operation The module meets all the Level 1 requirements for FIPS 140-3. Follow the secure operations provided below to place the module in approved mode. Operating this module without maintaining the following settings will remove the module from the approved mode of operation. The module runs firmware version IronWare OS 09.0.10. This is the only allowable firmware image for this current approved mode of operation. The Crypto Officer shall load the FIPS 140-3 validated firmware only to maintain validation. The module is initiated into the approved mode of operation via the following procedures through the Command Line interface (CLI):
  2. The Crypto Officer must login by using the default login password.
  3. The Crypto Officer shall replace the default login password with a new one upon the firsttime authentication.
  4. The Crypto Officer shall create the account for Port Config Admin role and User role respectively.
  5. Enter into the configuration mode by using ‘conf t’ command.
  6. Enable approved mode by using ‘fips enable’ command.
  7. Configure SSH, TLS, SNMPv3, MACSec, IPSec/IKE and Radius services by using only approved algorithms listed in Tables 3, 4 and 5 above.
  8. Configure the module as the MACSec Peer Authenticator in the MACSec service.
  9. If using RADIUS server for roles authentication, please configure a secure TLS tunnel to secure traffic between the module and the RADIUS server. The RADIUS shared secret must be at least 8 characters long.
  10. Disable the TFTP server.
  11. Ensure that installed digital certificates are signed using approved algorithms.
  12. Save the configuration.
  13. Reload the module.
  14. Verify the approved mode by using command ‘fips show’ (This command outputs the module’s status. After the approved mode was enabled, the output would be “approved mode: Administrative status ON”). Once the module has completed initialization into the approved mode of operation, the module automatically enforces a password change for the Crypto Officer. The default login password won’t be accepted by the module. Any non-approved algorithms or security functions are rejected automatically by the module and an error message is output.
Page 33
Acronyms
NameTermDefinition
FIPSFIPSFederal Information Processing Standard
CCCCCommon Criteria
HMACHMACKeyed-Hash Message Authentication Code (RFC2104)
POSTPOSTPower-on Self-Test
PKIPKIPublic Key Infrastructure
PSKPSKPre-shared keys
RSARSARivest, Shamir and Aldeman Public/Private Key
RNGRNGRandom Number Generator
SSLSSLSecure Socket Layer, used in HTTPS protocol for payload encryption.
TLSTLSTransport Layer Security, successor to SSL, used in HTTPS protocol for payload encryption.
KATKATKnown Answer Test
DSSDSSDigital Signature Standard
DSADSADigital Signature Algorithm, proposed by NIST in 1991 for FIPS 186-x
DESDESData Encryption Standard (single DES should not be used see TDEA)
NDPPNDPPNetwork Devices Protection Profile
DRBGDRBGDeterministic Random Bits Generator

End of Life / Sanitization Crypto Officers should follow the procedure below for the secure destruction of their module: Note: This process will cause the module to no longer function after it has wiped all 1. 2. 3. a.

  1. Access the module via SSH with Crypto Officer. Authenticate using proper credentials. Execute command: “fips zeroize all”. Confirm command. Module will begin zeroization process and wipe all security parameters and configurations.
  2. Mitigation of Other Attacks This module is not designed to mitigate against any other attacks outside of the FIPS 140-3 scope. I. Terms and Definitions
Page 34
ACVPAutomated Cryptographic Validation Program
NDcPPNetwork Device collaborative protection profile

Referenced URLs