| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 10/16/2029 |
| Caveat | When installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode |
| Vendor | Ruckus Wireless LLC |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A2345 |
| AES-CFB128 | A2345 |
| AES-CMAC | A2345 |
| AES-CTR | A2345 |
| AES-ECB | A2345 |
| AES-GCM | A2345 |
| Counter DRBG | A2345 |
| ECDSA KeyGen (FIPS186-4) | A2345 |
| ECDSA SigGen (FIPS186-4) | A2345 |
| ECDSA SigVer (FIPS186-4) | A2345 |
| HMAC-SHA-1 | A2345 |
| HMAC-SHA2-256 | A2345 |
| HMAC-SHA2-384 | A2345 |
| KAS-ECC-SSC Sp800-56Ar3 | A2345 |
| KAS-FFC-SSC Sp800-56Ar3 | A2345 |
| KDF SNMP | A2345 |
| KDF SSH | A2345 |
| KDF TLS | A2345 |
| RSA KeyGen (FIPS186-4) | A2345 |
| RSA SigGen (FIPS186-4) | A2345 |
| RSA SigVer (FIPS186-4) | A2345 |
| Safe Primes Key Generation | A2345 |
| SHA-1 | A2345 |
| SHA2-256 | A2345 |
| SHA2-384 | A2345 |
flowchart LR
%% Deterministic review-risk graph for Ruckus FastIron ICX™ 7150/7250 Series Switch/Router
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>Firmware Load</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Self-test</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Ruckus FastIron ICX™ 7150/7250 Series Switch/Router
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>Firmware Load</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Self-test</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Ruckus FastIron ICX™ 7150/7250 Series Switch/Router Firmware Version: IronWare OS 09.0.10 Document Version: 1.5 Last Update Date: 10-07-2024 Prepared by: Ruckus Wireless LLC Salarpuria Supreme, #137, Marathahalli Bangalore, Karnataka 560037 India www.commscope.com
Table 1 - Security Levels The module is designed to meet an overall security level 1. 2. Cryptographic Module Specification Cryptographic Boundary The module is a hardware, multi-chip standalone cryptographic module. The cryptographic boundary is defined as the module’s chassis unit encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case representing the module’s physical perimeter. This section illustrates the module hardware with the help of photographs. Ruckus ICX-7150 Series Figure 1 ICX7150-24
Figure 2 ICX7150-24F Figure 3 ICX7150-24P Figure 4 ICX7150-48 Figure 5 ICX7150-48P Figure 6 ICX7150-48PF Figure 7 ICX7150-48ZP
Figure 8 ICX7150-C10ZP Figure 9 ICX7150-C12P Figure 10 ICX7150-C08P Figure 11 ICX7150-C08PT Please note that each Ruckus ICX 7150 model also offers a single integrated power supply, one RJ-
45 Ethernet port for out-of-band network management, one USB Type-C port for console
management, one RJ-45 port for serial console management. Ruckus ICX-7250 Series Figure 12 ICX7250-24
Figure 13 ICX7250-24P Figure 14 ICX7250-48 Figure 15 ICX7250-48P Please note that each Ruckus ICX 7250 model also offers a single integrated power supply, one RJ-
45 Ethernet port for out-of-band network management, one USB Type-C port for console
management, one RJ-45 port for serial console management. Table 2 below lists the models and firmware version included in this validation. Please note that “RMT3” is referred to “with Three Years Remote Support”, and “-A” is referred to Trade Agreements Act (TAA) Compliant. Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions] ICX7150-24 ICX7150-24-4X1G IronWare OS
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions]
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions]
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions]
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions]
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions] See Cryptographic Module Interfaces section for more information (Note: 740 W PoE is available on ICX7150-48PF) ICX7150-48PF- IronWare OS
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions] ICX7150-48ZP- IronWare OS
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions]
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions]
Hardware Hardware Firmware Distinguishing Model [Part Numbers and Version Features Versions] See Cryptographic Module Interfaces section for more information ICX7250-48-2X10G IronWare OS
Mode/Method Description / Key Use / Function /Notes CAVP Algorithm and Size(s) / Key Cert Standard Strength(s)
Mode/Method Description / Key Use / Function /Notes CAVP Algorithm and Size(s) / Key Cert Standard Strength(s) #A2345 KAS-FFC-SSC KAS-FFC-SSC MODP-2048, MODP- KAS-FFC Shared Secret
encryption strength #A2345 SHS SHA-1 N/A Secure hashing
Mode/Method Description / Key Use / Function /Notes CAVP Algorithm and Size(s) / Key Cert Standard Strength(s) generation and verification #A2345 RSA RSA KeyGen Modulus: 2048 bits Key Generation
5288 for TLS. The module is compatible with TLSv1.2 and provides support for the acceptable
GCM cipher suites from SP 800-52 Rev1, Section 3.3.1. The operations of one of the two parties involved in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the module being validated. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.
● No parts of the SSH, TLS and SNMP protocols, other than the KDFs, have been tested by the CAVP and CMVP. As the module can only be operated in the Approved mode of operation, and any algorithms not listed in the table 3 above will be rejected by the module while in the approved mode. The tables defined in SP800-140B for the following categories are missing from this document. ● Non-Approved Algorithms Allowed in Approved Mode of Operation ● Non-Approved Algorithms Allowed in Approved Mode of Operation with No Security Claimed ● Non-Approved Algorithms Not Allowed in Approved Mode of Operation
Console port, Mgmt Port, RJ-45/RJ-45 Status Output Status information PoE+ Ethernet Ports, uplink/stacking SPF/SFP+ ports, and LEDs N/A Control Output NA Power N/A Provides the power supply to the module Table 5 – Ports and Interfaces for ICX7250 Series
Role Service Input Output Crypto Officer Show Version Command to show version Module’s name and versioning information Crypto Officer Show Status Command to get the status of Module’s current status information the module Crypto Officer Port Configuration Commands to configure the Port configuration completion status Management port parameters of information switch/router Crypto Officer Run SSHv2 Function Initiate SSHv2 tunnel Status of SSHv2 tunnel establishment request establishment Crypto Officer Run SSL over Initiate SSL over TLSv1.1/1.2 Status of TLSv1.1/1.2 tunnel TLSv1.1/1.2 Function tunnel establishment request establishment Crypto Officer Run SNMPv3 Function Initiate SNMPv3 tunnel Status of SNMPv3 tunnel establishment request establishment Table 6 - Roles, Service Commands, Input and Output (Crypto Officer role) Role Service Input Output User Show Version Command to show version Module’s name and versioning information User Show Status Command to get the status of Module’s current status information the module User User Authentication User role authentication Status of the User role authentication request User Run SSHv2 Function Initiate SSHv2 tunnel Status of SSHv2 tunnel establishment request establishment Table 7 - Roles, Service Commands, Input and Output (User role) Role Service Input Output Port Config Admin Show Version Command to show version Module’s name and versioning information Port Config Admin Show Status Command to get the status of Module’s current status information the module Port Config Admin Port Config Admin Port Config Admin role Status of the Port Config Admin role Authentication authentication request authentication Port Config Admin Port Configuration Commands to configure the Port configuration completion status Management port parameters of information switch/router Port Config Admin Run SSHv2 Function Initiate SSHv2 tunnel Status of SSHv2 tunnel establishment request establishment Table 8 - Roles, Service Commands, Input and Output (Port Config Admin role) Authentication Role Authentication Strength Method Crypto Officer, Password-based The minimum length is eight (8) characters (94 possible characters). The User, Port authentication probability that a random attempt will succeed or a false acceptance will occur is Config Admin 1/(948) which is less than 1/1,000,000. The probability of successfully authenticating to the module within one minute is 10/(948), which is less than 1/100,000. The configuration supports at most ten failed attempts to authenticate in a one-minute period. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total Crypto Officer, RSA-based RSA key pair has modulus size of 2048 bits, thus providing 112 bits of strength, User, Port authentication which means an attacker would have a 1 in 2112 chance of randomly obtaining Config Admin the key, which is much stronger than the one in a million chances required by FIPS 140-3. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately
8.65x10^31 (2112 /60 = 8.65 x 1031) attempts per second, which is less than 1/100,000 Crypto Officer, ECDSA-based When configuring the smallest curve P-256, the probability that a random attempt User, Port authentication will succeed, or a false acceptance will occur is 1/2^128, which is less than Config Admin 1/1,000,000. 256 attempts are allowed in a one-minute period. Therefore, the probability of a random success in a one-minute period is 256/2^128, which is less than 1/100,000 Table 9
Service Description Approved Keys and/or SSPs Roles Access rights Indicator Security to Keys Functions and/or SSPs ECDSA SSH Session Encryption KeyGen, Key, ECDSA SSH Session Integrity Key SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGen Configure SSL Configure AES-ECB, DRBG Entropy Input, Crypto R, W, G Global over TLSv1.1/1.2 AES-CBC, DRBG Seed, Officer indicator and TLSv1.1/1.2 Function AES-GCM, DRBG Internal State V TLS Function CKG, value, connection DRBG Key, success log CTR_DRBG, TLS ECDSA Private Key, message KDF TLS, TLS ECDSA Public Key, HMAC-SHA- TLS RSA Private Key, 1, TLS RSA Public Key, HMAC- TLS DH Private Key, SHA2-256, TLS DH Public key, HMAC- TLS DH Shared Secret, SHA2-384, TLS ECDH Private Key, KAS-ECC- TLS ECDH Public key, SSC, TLS ECDH Shared Secret, KAS (ECC), TLS Pre-Master Secret, KAS-FFC- TLS Master Secret, SSC, TLS Session Encryption Key, KAS (FFC), TLS Session Integrity Key KTS, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGen Configure Configure AES- SNMPv3 User Crypto R, W, G Global SNMPv3 SNMPv3 CFB128, Authentication Secret, Officer indicator and Function Function KDF SNMP, SNMPv3 Session Encryption SNMPv3 HMAC-SHA- Key, connection 1, SNMPv3 Session Integrity success log HMAC- Key message SHA2-256, HMACSHA2-384 Port Perform Port N/A Crypto Officer Password, Crypto R, E N/A Configuration Configuration Port Config Admin Password Officer, Management Port Config Admin Account Account N/A Crypto Officer Password, Crypto W N/A management Creation User Password, Officer
Service Description Approved Keys and/or SSPs Roles Access rights Indicator Security to Keys Functions and/or SSPs Port Config Admin Password Run SSHv2 Negotiation and AES-CBC, DRBG Entropy Input, Crypto R, E Global Function encrypted data AES-CTR, DRBG Seed, Officer, indicator and transport via CKG, DRBG Internal State V User, SSH SSH CTR_DRBG, value, Port Config connection DRBG Key, Admin success log KDF SSH, SSH ECDSA Private Key, message HMAC-SHASSH ECDSA Public Key, 1, SSH RSA Private Key, HMAC- SSH RSA Public Key, SHA2-256, SSH DH Private Key, KAS-ECC- SSH DH Public Key, SSC, SSH DH Shared Secret Key, KAS (ECC), SSH ECDH Private Key, KAS-FFC- SSH ECDH Public Key, SSC, SSH ECDH Shared Secret KAS (FFC), Key, KTS, SSH Session Encryption Key, ECDSA SSH Session Integrity Key KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen, RSA SigVer, Safe Primes KeyGen Run SSL over Negotiation and AES-ECB, DRBG Entropy Input, Crypto R, E Global TLSv1.1/1.2 encrypted data AES-CBC, DRBG Seed, Officer indicator and Function transport via SSL AES-GCM, DRBG Internal State V TLS (TLSv1.1/1.2) CKG, value, connection DRBG Key, success log CTR_DRBG, TLS ECDSA Private Key, message KDF TLS, TLS ECDSA Public Key, HMAC-SHA- TLS RSA Private Key, 1, TLS RSA Public Key, HMAC- TLS DH Private Key, SHA2-256, TLS DH Public key, HMAC- TLS DH Shared Secret, SHA2-384, TLS ECDH Private Key, KAS-ECC- TLS ECDH Public key, SSC, TLS ECDH Shared Secret, KAS (ECC), TLS Pre-Master Secret, KAS-FFC- TLS Master Secret, SSC, TLS Session Encryption Key, KAS (FFC), TLS Session Integrity Key KTS, ECDSA KeyGen, ECDSA SigGen, ECDSA SigVer, RSA KeyGen, RSA SigGen,
Service Description Approved Keys and/or SSPs Roles Access rights Indicator Security to Keys Functions and/or SSPs RSA SigVer, Safe Primes KeyGen Run SNMPv3 Negotiation and AES- SNMPv3 User, Crypto R, E Global Function encrypted data CFB128, Authentication Secret, Officer indicator and transport via KDF SNMP, SNMPv3 Session Encryption SNMPv3 SNMPv3 HMAC-SHA- Key, connection 1, SNMPv3 Session Integrity success log HMAC- Key message SHA2-256, HMACSHA2-384 Table 10 - Approved Services G = Generate: The module generates or derives the SSP R = Read: The SSP is read from the module (e.g. the SSP is output) W = Write: The SSP is updated, imported, or written to the module E = Execute: The module uses the SSP in performing a cryptographic operation Z = Zeroise: The module zeroises the SSP 5. Software/Firmware Security Integrity Techniques The module performs the Firmware Integrity tests by using CRC-32 during the Pre-Operational Self-Test. At Module’s initialization, the integrity of the runtime executable binary file is verified using the following two integrity check mechanisms to ensure that the module has not been tampered:
256 (RSA Cert. #A2345) for the new validated firmware to be uploaded into the module. A
Firmware Load Test Key was preloaded to the module’s binary at the binary the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate into the module before loading any firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails. Integrity Test On-Demand Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the module to initiate the firmware integrity test
on-demand. This automatically performs the integrity test of all firmware components included within the boundary of the module.
Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number Zeroization Export: No Command User 8 to 60 N/A N/A Import: MD/EE Flash Zeroized by Used for User Password Characters Encrypted (plaintext) SSP authentication by SSH (CSP/PSP) session key Zeroization Command Export: No RADIUS 8 to 64 N/A N/A Import: MD/EE Flash Zeroized by Used for Secret Characters Encrypted (plaintext) SSP RADIUS by SSH (CSP/PSP) Server session key Zeroization authentication Command Export: No SSH P-256, P- CKG, Internally generated Import: No N/A Flash Zeroized by Used for SSH ECDSA 384 DRBG, conformant to (plaintext) SSP authentication Private Key ECDSA KeyGen, SP800-133r2 Export: No (CSP/PSP) ECDSA SigGen (CKG) using FIPS Zeroization 186-4 ECDSA key Command Cert. #A2345 generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG SSH P-256, P- ECDSA SigVer Internally derived Import: No N/A Flash Zeroized by Used for SSH ECDSA 384 per the FIPS 186-4 (plaintext) SSP authentication Public Key Cert #A2345 ECDSA key Export: to (CSP/PSP) generation method SSH peer Zeroization application Command SSH RSA 2048 bits CKG, Internally generated Import: No N/A Flash Zeroized by Used for SSH Private Key DRBG, conformant to (plaintext) SSP authentication RSA KeyGen, SP800-133r2 Export: No (CSP/PSP) RSA SigGen (CKG) using FIPS Zeroization 186-4 RSA key Command Cert. #A2345 generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG SSH RSA 2048 bits RSA SigVer Internally derived Import: No N/A Flash Zeroized by Used for SSH Public Key per the FIPS 186-4 (plaintext) SSP authentication Cert #A2345 RSA key generation Export: to (CSP/PSP) method SSH peer Zeroization application Command SSH DH MODP- CKG, Internally Import: No N/A DRAM Zeroized by Used to derive Private Key 2048, DRBG, generated. (plaintext) SSP SSH DH MODP- KAS-FFC-SSC conformant to Export: No (CSP/PSP) Shared secret 4096, SP800-133r2 Zeroization MODP- Cert. #A2345 (CKG) using Command
Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1
Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number DRBG SSH DH MODP- KAS-FFC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Public Key 2048, internally per the (plaintext) SSP SSH DH MODP- Cert. #A2345 Diffie-Hellman key Export: to (CSP/PSP) Shared secret 4096, agreement SSH peer Zeroization MODP- (SP800-56Arev3) application Command 8192 SSH DH MODP- KAS-FFC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Shared 2048, using (plaintext) SSP SSH Session Secret MODP- Cert. #A2345 SP800-56A rev3 Export: No (CSP/PSP) Encryption 4096, EC Diffie-Hellman Zeroization Key, SSH MODP- shared secret Command Session
8192 computation Integrity Key
SSH ECDH P-256, CKG, Internally Import: No N/A DRAM Zeroized by Used to derive Private Key P-384, DRBG, generated. (plaintext) SSP SSH ECDH P-521 KAS-ECC-SSC conformant to Export: No (CSP/PSP) Shared secret SP800-133r2 Zeroization Cert. #A2345 (CKG) using Command SP800-56Arev3 EC Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG SSH ECDH P-256, KAS-ECC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Public Key P-384, internally per the Export: to (plaintext) SSP SSH ECDH P-521 Cert. #A2345 EC Diffie-Hellman SSH peer (CSP/PSP) Shared secret key agreement application Zeroization (SP800-56Arev3) Command SSH ECDH P-256, KAS-ECC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Shared P-384, using (plaintext) SSP SSH Session Secret P-521 Cert. #A2345 SP800-56A rev3 Export: No (CSP/PSP) Encryption EC Diffie-Hellman Zeroization Key shared secret Command SSH Session computation Integrity Key SSH Session 128, 256 AES-CTR, Internally derived Import: No N/A DRAM Zeroized by Used for SSH Encryption bits KDF SSH, via key derivation (plaintext) SSP session Key KTS function defined in Export: No (CSP/PSP) confidentiality SP800-135rev1 Zeroization protection Cert. #A2345 KDF (SSHv2) Command SSH Session At least HMAC-SHA-1, Internally derived Import: No N/A DRAM Zeroized by Used for SSH Integrity 160 bits HMAC-SHA2- via key derivation (plaintext) SSP session Key 256, function defined in Export: No (CSP/PSP) integrity KDF SSH SP800-135rev1 Zeroization protection KDF (SSHv2) Command Cert. #A2345 SNMPv3 8 to 20 N/A Please see Import: MD/EE Flash Zeroized by SNMPv3 User User characters Establishment Encrypted by (plaintext) SSP Authentication Authenticati SSH session (CSP/PSP) on Secret key Zeroization Command Export: No SNMPv3 128 bits AES-CFB128, Internally derived Import: No N/A DRAM Zeroized by Used for Session KDF SNMP via key derivation (plaintext) SSP SNMPV3 Encryption function defined in Export: No (CSP/PSP) session Key Cert. #A2345 SP800-135rev1 Zeroization confidentiality KDF (SNMPv3) Command protection
Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number SNMPv3 At least 160 HMAC-SHA-1, Internally derived Import: No N/A DRAM Zeroized by Used for Session bits KDF SNMP via key derivation (plaintext) SSP SNMPv3 Integrity function defined in Export: No (CSP/PSP) session Key Cert. #A2345 SP800-135rev1 Zeroization integrity KDF (SNMPv3) Command protection TLS ECDSA P-256, P- CKG, Internally generated Import: No N/A Flash Zeroized by Used for TLS Private Key 384 DRBG, conformant to (plaintext) SSP authentication ECDSA KeyGen, SP800-133r2 Export: No (CSP/PSP) ECDSA SigGen (CKG) using Zeroization FIPS 186-4 ECDSA Command Cert. #A2345 key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG TLS ECDSA P-256, P- ECDSA SigVer Internally derived Import: No N/A Flash Zeroized by Used for TLS Public Key 384 per the FIPS 186-4 (plaintext) SSP authentication Cert. #A2345 ECDSA key Export: to (CSP/PSP) generation method TLS peer Zeroization application Command TLS RSA 2048 bits CKG, Internally generated Import: No N/A Flash Zeroized by Used for TLS Private Key DRBG, conformant to (plaintext) SSP authentication RSA KeyGen, SP800-133r2 Export: No (CSP/PSP) RSA SigGen (CKG) using Zeroization FIPS 186-4 RSA Command Cert. #A2345 key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG TLS RSA 2048 bits RSA SigVer Internally derived Import: No N/A Flash Zeroized by Used for TLS Public Key per the FIPS 186-4 (plaintext) SSP authentication Cert. #A2345 RSA key generation Export: to (CSP/PSP) method TLS peer Zeroization application Command TLS DH MODP- CKG, Internally Import: No N/A DRAM Zeroized by Used to derive Private Key 2048 DRBG, generated. (plaintext) SSP TLS DH KAS-FFC-SSC conformant to Export: No (CSP/PSP) Shared secret SP800-133r2 Zeroization Cert. #A2345 (CKG) using Command SP800-56Arev3 Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG TLS DH MODP- KAS-FFC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Public Key 2048 internally per the (plaintext) SSP TLS DH Cert. #A2345 (CSP/PSP) Shared secret
Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number Diffie-Hellman key Export: to Zeroization agreement TLS peer Command (SP800-56Arev3) application TLS DH MODP- KAS-FFC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Shared 2048 using (plaintext) SSP TLS Session Secret Cert. #A2345 SP800-56A rev3 Export: No (CSP/PSP) Encryption Diffie-Hellman Zeroization Key, TLS shared Command Session Integrity Key secret computation TLS ECDH P-256, P- CKG, Internally Import: No N/A DRAM Zeroized by Used to derive Private Key 384 DRBG, generated. (plaintext) SSP TLS ECDH KAS-ECC-SSC conformant to Export: No (CSP/PSP) Shared Secret SP800-133r2 Zeroization Cert. #A2345 (CKG) using Command SP800-56Arev3 EC Diffie-Hellman key generation method, and the random value used in key generation is generated using SP800-90Arev1 DRBG TLS ECDH P-256, P- KAS-ECC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Public key 384 internally per the (plaintext) SSP TLS ECDH Cert. #A2345 EC Diffie-Hellman Export: to (CSP/PSP) Shared secret key agreement TLS peer Zeroization (SP800-56Arev3) application Command TLS ECDH P-256, P- KAS-ECC-SSC Internally derived Import: No N/A DRAM Zeroized by Used to derive Shared 384 using (plaintext) SSP TLS Session Secret Cert. #A2345 SP800-56A rev3 Export: No (CSP/PSP) Encryption EC Diffie-Hellman Zeroization Key, TLS shared Command Session Integrity Key secret computation TLS Pre- 256 bits N/A Internally derived Import: No N/A DRAM Zeroized by Used to derive Master via key derivation (plaintext) SSP TLS Session Secret function defined in Export: No (CSP/PSP) Encryption SP800-135rev1 Zeroization Key, TLS KDF (TLSv1.1/1.2) Command Session Integrity Key TLS Master 48 bytes N/A Internally derived Import: No N/A DRAM Zeroized by TLS pre Secret via key derivation (plaintext) SSP master secret, function defined in Export: No (CSP/PSP) TLS SP800-135rev1 Zeroization Encryption KDF (TLSv1.1/1.2) Command Key TLS Session Integrity Key TLS Session 128 or 256 AES-ECB, Internally derived Import: No N/A DRAM Zeroized by Used for TLS Encryption bits AES-CBC, via key derivation (plaintext) SSP session Key AES-GCM, function defined in Export: No (CSP/PSP) confidentiality KDF TLS, SP800-135 rev1 Zeroization protection KTS KDF TLSv1.1/1.2 Command KDF Cert. #A2345 TLS Session At least 160 KDF TLS Internally derived Import: No N/A DRAM Zeroized by Used for TLS Integrity bits HMAC-SHA2- via key derivation (plaintext) SSP session Key 256, function defined in Export: No (CSP/PSP) integrity HMAC-SHA2- SP800-135 rev1 Zeroization protection
384 KDF TLSv1.1/1.2 Command
Key/SSP Strength Security Generation Import/ Establis Storage Zeroization Use & related Name/Type Function and Export hment Keys Cert Number Firmware 2048 bits RSA SigVer, Pre-loaded at the N/A N/A Flash N/A User for Load Test SHA2-256 factory (in the (Plaintext) Firmware load Key module’s test Cert. #A2345 executable binary) Table 11 - SSPs Notes:
Conditional Self-Tests
Error Handling If any of the above-mentioned self-tests fail, the module reports the cause of the error and enters an error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and reperforming the selftests, including the pre-operational software integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs. The table below shows the different causes that lead to the Error State and the status indicators reported. Cause of Error Error State Indicator Pre-operational Firmware Integrity FIPS: Crypto module POST Failed Test Fails Conditional CAST Fails FIPS Fatal Cryptographic Module Failure. Reason: <Reason String> Conditional PCT Fails Pairwise consistency check failed Firmware Load Test Fails FIPS: Firmware Integrity Test: Package Checksum Verification: FAIL Table 13 – Error State Indicators Periodic Self-Tests The module permits operators to initiate the pre-operational or conditional self-tests on demand for periodic testing of the module by rebooting the system (i.e., power-cycling). The full suite of selftests is then executed. The same procedure may be employed by the operator to perform periodic self-tests. In addition, the Crypto Officer shall perform the periodic test on demand no more than 10 days to ensure all components are functioning correctly.
I. Terms and Definitions Term Meaning FIPS Federal Information Processing Standard Approved Device actively running in FIPS 140-3 compliant manner mode CC Common Criteria HMAC Keyed-Hash Message Authentication Code (RFC2104) JITC Joint Interoperability Test Command POST Power-on Self-Test PKI Public Key Infrastructure PSK Pre-shared Key RSA Rivest, Shamir and Aldeman Public/Private Key RNG Random Number Generator SSL Secure SocKey Layer, used in HTTPS protocol for payload encryption TLS Transport Layer Security, successor to SSL, used in HTTPS protocol for payload encryption KAT Known Answer Test DSS Digital Signature Standard DSA Digital Signature Algorithm, proposed by NIST in 1991 for FIPS 186-x DES Data Encryption Standard (single DES should not be used see TDEA) NDPP Network Devices Protection Profile DRBG Deterministic Random Bits Generator CAVS Cryptographic Algorithm Validation System ACVP Automated Cryptographic Validation Program NDcPP Network Device collaborative protection profile JITC Joint Interoperability Test Command