All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Aruba Crypto Module

Certificate#4940StandardFIPS 140-3Level1TypeFirmwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorHewlett Packard Enterprise
Low review priority  ·  exposes network crypto parser/protocol  ·  last validated 3 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeFirmware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date1/8/2027
CaveatInterim validation. When operated in Approved mode with module Aruba OpenSSL Module validated to FIPS 140-3 under Cert. #4929 operating in Approved mode.
VendorHewlett Packard Enterprise

Approved Algorithms (25)

AlgorithmACVP Cert
AES-CBCA2689
AES-CTRA2689
AES-GCMA2689
DSA KeyGen (FIPS186-4)A2689
DSA PQGGen (FIPS186-4)A2689
ECDSA KeyGen (FIPS186-4)A2689
ECDSA KeyVer (FIPS186-4)A2689
ECDSA SigGen (FIPS186-4)A2689
ECDSA SigVer (FIPS186-4)A2689
HMAC-SHA-1A2689
HMAC-SHA2-256A2689
HMAC-SHA2-384A2689
HMAC-SHA2-512A2689
KAS-ECC-SSC Sp800-56Ar3A2689
KAS-FFC-SSC Sp800-56Ar3A2689
KDF IKEv2A2689
RSA KeyGen (FIPS186-4)A2689
RSA SigGen (FIPS186-4)A2689
RSA Signature PrimitiveA2689
RSA SigVer (FIPS186-2)A2689
RSA SigVer (FIPS186-4)A2689
SHA-1A2689
SHA2-256A2689
SHA2-384A2689
SHA2-512A2689

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication1
Software/Firmware Security1
Operational Environment1
Physical Security1
Non-Invasive SecurityN/A
Sensitive Security Parameter Management1
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Aruba Crypto Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>1.0</i>"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>upgrade</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-Test triggered by Crypto Officer reboot</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C5,C6 clue;
  class I1,I2,I3,I5,I6 infer;
  class R1,R2,R3,R5,R6 risk;
  class E1,E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Aruba Crypto Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>1.0</i><br/>src: certificate.firmwareVersions"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>upgrade</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-Test triggered by Crypto Officer reboot</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C3 clueHigh;
  class C2,C5,C6 clueLow;

Security Policy, page by page

Page 1

Non-Proprietary Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Document Version 1.0 January 2025 1| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 2

Non-Proprietary © 2024 Hewlett Packard Enterprise Company. Hewlett Packard Enterprise Company trademarks include , HPE Networks®, HPE Wireless Networks®, HPE Networking, the registered HPE Networking the Mobile Edge Company logo, HPE Networking Mobility Management System®, Mobile Edge Architecture®, property of their respective owners. HPE Networking, is a Hewlett Packard Enterprise company. The resource assets in this firmware may include abbreviated and/or legacy terminology for HPE Networking products. See https://www.hpe.com/us/en/networking/ for current and complete HPE Networking product lines and names. Open Source Code Certain Hewlett Packard Enterprise Company products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: https://myenterpriselicense.hpe.com/cwp-ui/software Legal Notice The use of Hewlett Packard Enterprise Company switching platforms and software or firmware, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Hewlett Packard Enterprise Company, from vendors. https://www.hpe.com/us/en/networking/

1701 E Mossy Oaks Rd,

Spring, TX, USA 77389 Phone: 1-888-342-2156 2| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 3

Non-Proprietary Contents 1.1 1.2 1.3 1.4 2.1 2.1.1 2.2 2.3 2.4 2.5 2.5.1 2.5.2 2.6 2.7 2.8 2.9 4.1 4.2 4.3 4.3.1 4.3.2 9.1 11.1 11.1.1 Setting Up the Hewlett Packard Enterprise Controller, Gateway, Conductor, or Controller-managed 11.2 11.2.1 11.2.2 11.2.3 11.2.4 11.3 Figures 3| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 4
VersionDateDescription
1.0November 2024Initial FIPS 140-3 release for Hewlett Packard Enterprise Aruba Crypto Module firmware version 1.0 used by ArubaOS firmware versions running on Hewlett Packard Enterprise hardware and virtual appliances

Non-Proprietary Tables Preface notice. Products identified herein contain confidential commercial firmware. Valid license required. Document Revision History The following table lists the history of the revisions of this document by version number and date of revision. Table 1

Page 5
1 General

This section describes:

1.1 Purpose of this Document

This release supplement provides information regarding the Hewlett Packard Enterprise Aruba Crypto Module firmware version 1.0 FIPS 140-3 Level 1 validation from Hewlett Packard Enterprise (HPE). Throughout this document, references to HPE Networking are to the Hewlett Packard Enterprise division. The material in this supplement modifies the general Hewlett Packard Enterprise firmware documentation included with this product and should be kept with your Hewlett Packard Enterprise product documentation. This supplement primarily covers the non-proprietary Cryptographic Module Security Policy for the Hewlett Packard Enterprise Aruba Crypto Module firmware version 1.0. This security policy describes how the module meets the security requirements of FIPS 140-3 Level 1 and how to place and maintain the module in the secure Approved mode. This policy was prepared as part of the FIPS 1403 Level 1 validation of the product. FIPS 140-3 (Federal Information Processing Standards Publication 140-3, Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. FIPS 140-3 aligns with ISO/IEC 19790:2012(E) and includes modifications of the Annexes that are allowed to the Cryptographic Module Validation Program (CMVP), as a validation authority. The testing for these requirements will be in accordance with ISO/IEC 24759:2017(E), with the modifications, additions or deletions of vendor evidence and testing allowed as a validation authority under paragraph 5.2. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) website at: https://csrc.nist.gov/projects/cryptographic-module-validation-program In addition, in this document, the Hewlett Packard Enterprise Aruba Crypto Module is referred to as the module, the cryptographic module, and Aruba Crypto module.

1.2 Additional Hewlett Packard Enterprise Product Information

More information is available from the following sources:

Page 6
1.3 Acronyms and Abbreviations

AES AP CAVP CBC CCCS CLI CMVP CO CPSec CSE CSP DF EAP ECO EMC EMI ESV FE GE GHz HMAC Hz IKE IPsec KAT KEK L2TP LAN LED NTP OCSP PCT PSP SFTP SHA SNMP SSP SPOE TEL TFTP TPM WLAN 6| Advanced Encryption Standard Access Point Cryptographic Algorithm Validation Program Cipher Block Chaining Canadian Centre for Cyber Security, a branch of CSE Command Line Interface Cryptographic Module Validation Program Crypto Officer Control Plane Security protected Communications Security Establishment Critical Security Parameter Derivation Function Extensible Authentication Protocol External Crypto Officer Electromagnetic Compatibility Electromagnetic Interference Entropy Source Validation Fast Ethernet Gigabit Ethernet Gigahertz Hashed Message Authentication Code Hertz Internet Key Exchange Internet Protocol security Known Answer Test Key Encryption Key Layer-2 Tunnelling Protocol Local Area Network Light Emitting Diode Network Time Protocol Online Certificate Status Protocol Pairwise Consistency Test Public Security Parameter Secure File Transfer Protocol Secure Hash Algorithm Simple Network Management Protocol Sensitive Security Parameter Serial & Power Over Ethernet Tamper-Evident Label Trivial File Transfer Protocol Trusted Platform Module Wireless Local Area Network Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 7
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication1
55Software/Firmware Security1
66Operational Environment1
77Physical Security1
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management1
1010Self-Tests1
1111Life-Cycle Assurance1
1212Mitigation of Other AttacksN/A
OverallOverallOverall Security Rating of the Module1
1.4 Security Levels

The Hewlett Packard Enterprise Aruba Crypto Module is intended to meet overall FIPS 140-3 Level 1 requirements as shown in the following table. Table 2

Page 8
2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Hewlett Packard Enterprise Aruba Crypto Module version 1.0 (also referred to as ‘the module’) is a firmware type cryptographic module and was validated under FIPS 140-3 Level 1 requirements and meets the claims made in this document. ArubaOS is the operating system for Hewlett Packard Enterprise Mobility Conductors, Mobility Controllers/Gateways, and controller-managed Hewlett Packard Enterprise Access Points (APs). The Hewlett Packard Enterprise Aruba Crypto Module (firmware) is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system running on the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances. The Hewlett Packard Enterprise Aruba Crypto Module uses the Hewlett Packard Enterprise Aruba OpenSSL Module as a bound module (also referred to as ‘the bound OpenSSL module’) to provide the underlying cryptographic algorithms necessary for the Random Number Generation (RNG) service. The Hewlett Packard Enterprise Aruba OpenSSL Module version 1.0 is a validated cryptographic module with CMVP certificate #4929. Both the Hewlett Packard Enterprise Aruba Crypto Module and Aruba OpenSSL Module were validated under and met FIPS 140-3 Level 1 requirements. Module Type: Firmware Module Embodiment: Multiple-chip Standalone

2.1.1 Cryptographic Module Boundary

The Hewlett Packard Enterprise Aruba Crypto Module (firmware) is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system. The cryptographic boundary for the Hewlett Packard Enterprise Aruba Crypto Module is defined as the module component within the Linux-based User Space. The physical perimeter is the production-grade enclosure of the hardware chassis of the Hewlett Packard Enterprise hardware device or Hewlett Packard Enterprise virtual appliance host. The module is one of the components within the ArubaOS firmware package in electronic form and is installed automatically when a trusted and verified ArubaOS is booted on an Hewlett Packard Enterprise device. The Hewlett Packard Enterprise Aruba Crypto Module component includes the module shared library and the associated integrity check file (used for integrity tests):

Page 9
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1ArubaOS 8.107220 Mobility ControllerBroadcom XLP432 (MIPS64)None1
2ArubaOS 8.109012 GatewayIntel Atom C3508 (Denverton)None2
3ArubaOS 8.10AP-515 Wireless Access PointBroadcom BCM (64-bit ARMv8)None3
4ArubaOS 8.10AP-535 Wireless Access PointQualcomm IPQ (64-bit ARM Cortex A53)None4
5ArubaOS 8.10AP-635 Wireless Access PointQualcomm IPQ (64-bit ARM Cortex A53)None5
6ArubaOS 8.10AP-655 Wireless Access PointQualcomm IPQ (64-bit ARM Cortex A53)None6
7ArubaOS 8.10MCR-HW-5K Mobility Conductor Hardware ApplianceIntel Xeon E5-2620v4 (Broadwell)with PAA7
8ArubaOS 8.10 on VMWare ESXi 7.0MC-VA-50 Mobility Controller Virtual Appliance on HPE ProLiant ML110 Gen10Intel Xeon Silver 4210 (Cascade Lake)with / without PAA8
1ArubaOS 8.10 and 8.1370xx Mobility Controllers1
2ArubaOS 8.10 and 8.1372xx Mobility Controllers2
3ArubaOS 8.10 and 8.1390xx Gateways3
4ArubaOS 8.10 and 8.1392xx Gateways4
5ArubaOS 8.10 and 8.13AP-51x and AP-57x Wireless Access Points5
6ArubaOS 8.10 and 8.13AP-50x and AP-56x Wireless Access Points6
7ArubaOS 8.10 and 8.13AP-53x, AP-55x, AP-58x, and AP-63x Wireless Access Points7
8ArubaOS 8.10 and 8.13MCR-HW-xxx Mobility Conductor Hardware Appliances8
9ArubaOS 8.10 and 8.13 on VMWare ESXi 7.0MC-VA-xxx Mobility Controller Virtual Appliances on HPE ProLiant ML110 Gen109
10ArubaOS 8.10 and 8.13 on VMWare ESXi 7.0MCR-VA-xxx Mobility Conductor Virtual Appliances on HPE ProLiant ML110 Gen1010
11ArubaOS 8.10 and 8.13 on VMWare ESXi 7.0Virtual Appliances on HPE EdgeLine 2011
12ArubaOS 8.10 and 8.13 on VMWare ESXi 7.0Virtual Appliances on PacStar PS451-1258 Series12
13ArubaOS 8.10 and 8.13 on VMWare ESXi 7.0Virtual Appliances on device running an equivalent Intel processor (Intel Atom, i5, i7, or Xeon)13
TypeVersions‘show ver’ Output
FirmwareAruba Crypto Module version 1.0Aruba Crypto Module 1.0
2.2 Version Information

Hewlett Packard Enterprise Aruba Crypto Module version 1.0 was validated against FIPS 140-3 Level 1 requirements. The CMVP makes no claim as to the correct operation of the module or the security strengths of the generated keys when operating a version that is not listed on the validation certificate. Table 3

2.3 Operating Environments

The module operates in a limited operational environment. The module runs on the ArubaOS operating system and related hardware or virtual platform and provides cryptographic services for the ArubaOS operating system. See the following tables of Tested Operational Environments and Vendor Affirmed Operational Environments for details. Table 4

Page 10

Non-Proprietary Table 5

2.4 Excluded Components

There are no excluded components for the module.

2.5 Modes of Operation

The Hewlett Packard Enterprise Aruba Crypto Module (firmware) is one of the Hewlett Packard Enterprise cryptographic modules that provide cryptographic services for the host ArubaOS operating system, and is installed automatically when a trusted and verified ArubaOS is booted on an Hewlett Packard Enterprise host

2.5.1 Approved Mode

When the module starts up successfully, after passing all the Cryptographic Algorithm Self-Tests (CASTs) and Pre-Operational Self-Tests (POSTs), and following the guidance in section 11.1, Start-up Procedures, the module is operating in the Approved mode of operation, provided that the guidelines on services, algorithms, and key management found in this Security Policy are followed. Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 11
2.5.2 Non-Approved Mode

When the module starts up but FIPS Settings are not enabled as per the guidance in section 11.1, Start-up Procedures, then the module is operating in non-Approved mode of operation. 11| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 12
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES [FIPS 197] [SP 800-38A] [SP 800-38D]A2689CBC, CTR, GCM1128, 192, 256Data Encryption/Decryption
CVL IKEv22 [SP 800-135 Rev1]A2689IKEv2IKEv2: DH 2048-bit; SHA2-256, SHA2-384Key Derivation
DSA3 [FIPS 186-4]A2689keyGen, pqgGenL=2048, N=256, SHA2-256Key Generation, Domain Parameter Generation
ECDSA [FIPS 186-4]A2689KeyGen, KeyVer, SigGen, SigVerKeyGen: P-256, P-384 KeyVer: P-256, P-384 SigGen: P-256, P-384 with SHA2-256, SHA2-384, SHA2-512 SigVer: P-256, P-384 with SHA-1, SHA2-256, SHA2-384, SHA2-512Key Generation and Verification, Digital Signature Generation and Verification
HMAC [FIPS 198-1]A2689HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-384(minimum 112 bits)Message Authentication
KAS-SSC [SP 800-56A Rev3]A2689FFC: dhEphem, ECC: Ephemeral UnifiedFFC: FC with SHA2-256, MODP-2048 with SHA2-256 ECC: P-256 with SHA2-256, P-384 with SHA2-384 KAS Roles - initiator, responderKey Agreement Scheme – Shared Secret Computation
RSA [FIPS 186-2]A2689SigVer: SHA-14, SHA2-256, SHA2-384, SHA2-512 PKCS1 v1.51024 (for legacy SigVer only), 2048Digital Signature Verification
2.6 Approved Algorithms

The firmware in the Hewlett Packard Enterprise Aruba Crypto Module contains the following cryptographic algorithm implementations that will be used for the corresponding security services supported by the module in the Approved mode. Table 6

Page 13
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
RSA [FIPS 186-4]A2689KeyGen, SigGen: SHA2-256, SHA2-384, SHA2-512 PKCS1 v1.5 SigVer: SHA-15, SHA2-256, SHA2-384, SHA2-512 PKCS1 v1.5Key Generation, Digital Signature Generation and VerificationKeyGen: 2048 SigGen: 2048 SigVer: 1024 (for legacy SigVer only), 2048
Safe Primes [SP 800-56A Rev3]A2689KeyGen, KeyVerSafe Primes Key Generation and Key VerificationSafe Prime Groups: MODP-2048
SHS [FIPS 180-4]A2689SHA-1, SHA2-256, SHA2-384, SHA2-512 Byte OnlyMessage Digest160, 256, 384, 512
KTS [SP 800-38F]AES A2689AES-GCM6Key Wrapping / Key Transport via IKE/IPSec128, 256
KTS [SP 800-38F] [FIPS 198-1]AES A2689 HMAC A2689AES-CBC7 HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-384Key Wrapping / Key Transport via IKE/IPSec128, 192, 256
DRBG8 [SP 800-90A Rev1]A2690AES CTR256Deterministic Random Bit Generation
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
RSA [FIPS 186-4]A2689KeyGen, SigGen: SHA2-256, SHA2-384, SHA2-512 PKCS1 v1.5 SigVer: SHA-15, SHA2-256, SHA2-384, SHA2-512 PKCS1 v1.5Key Generation, Digital Signature Generation and VerificationKeyGen: 2048 SigGen: 2048 SigVer: 1024 (for legacy SigVer only), 2048
Safe Primes [SP 800-56A Rev3]A2689KeyGen, KeyVerSafe Primes Key Generation and Key VerificationSafe Prime Groups: MODP-2048
SHS [FIPS 180-4]A2689SHA-1, SHA2-256, SHA2-384, SHA2-512 Byte OnlyMessage Digest160, 256, 384, 512
KTS [SP 800-38F]AES A2689AES-GCM6Key Wrapping / Key Transport via IKE/IPSec128, 256
KTS [SP 800-38F] [FIPS 198-1]AES A2689 HMAC A2689AES-CBC7 HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-384Key Wrapping / Key Transport via IKE/IPSec128, 192, 256
DRBG8 [SP 800-90A Rev1]A2690AES CTR256Deterministic Random Bit Generation

Non-Proprietary The Hewlett Packard Enterprise Aruba Crypto Module does not implement a random number generator. Instead, it uses the Random Number Generation (RNG) service provided by the bound Hewlett Packard Enterprise Aruba OpenSSL Module cryptographic module, which implements a Deterministic Random Bit Generator (DRBG) compliant to [SP800-90A]. Data input and output between the Hewlett Packard Enterprise Aruba Crypto Module and the bound OpenSSL module are via API parameters. Table 7 –Approved Algorithms Provided by the Bound OpenSSL Module AES-GCM is an authenticated encryption algorithm that is approved for use in key transport per FIPS 140-3 IG D.G. This key establishment methodology provides 128 or 256 bits of encryption strength. AES-CBC combined with HMAC is approved for use in key transport per FIPS 140-3 IG D.G. This key establishment methodology provides between 128 and 256 bits of encryption Refer to section 9.1, Non-Deterministic Random Number Generation Specification for details of the validated entropy source used by the RNG service provided by the bound OpenSSL module. 13| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 14
Approved algorithm
NameUse Function
DESUsed for older versions of WEP in non-Approved mode
HMAC-MD5Used for older versions of WEP in non-Approved mode
MD5Used for older versions of WEP in non-Approved mode
RC4Used for older versions of WEP in non-Approved mode
Null EncryptionUsed for older versions of WEP in non-Approved mode
RSANon-compliant less than 112 bits, or when used with SHA-1 for signature generation, or when other than 2048-bit modulus sizes are used
Diffie-Hellmankey agreement; non-compliant less than 112 bits of encryption strength
EC Diffie-Hellmankey agreement; non-compliant less than 112 bits of encryption strength
ECDSAnon-compliant when using 186-2 signature generation
Triple-DES-CBCAs used in IKE/IPSec
2.7 Non-Approved Cryptographic Algorithms Allowed in the Approved Mode of

Operation The cryptographic module implements no non-Approved algorithms allowed for use in the Approved

2.8 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No

Security Claimed The cryptographic module implements no non-Approved algorithms allowed in the Approved mode of operation with no security claimed.

2.9 Non-Approved Algorithms Not Allowed in the Approved Mode of Operation

The cryptographic module implements the following non-Approved algorithms that are not permitted for use in the Approved mode of operations. The module does not use any non-Approved algorithms implemented in the bound OpenSSL module. Table 8

Page 15
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
N/AN/AData InputAPI input parameters for data (includes input data received from the bound OpenSSL module)
N/AN/AData OutputAPI output parameters for data (includes output data sent to the bound OpenSSL module)
N/AN/AControl InputAPI function calls
N/AN/AStatus OutputAPI return codes, status information, error messages
N/AN/APowerNone
RoleAuthentication MethodsAuthentication Strength
Crypto OfficerN/A – Authentication not required for Level 1N/A
UserN/A – Authentication not required for Level 1N/A
3 Cryptographic Module Interfaces

As a firmware module, the module interfaces are defined as Software or Firmware Module Interfaces (SFMI), and there are no physical ports. The logical interfaces are defined as the API of the cryptographic module. The interfaces are listed in the table below. All data output via data output interface is inhibited when the module is performing pre-operational tests or zeroization or when the module enters error state. Table 9

4 Roles, Services, and Authentication

The following section lists the roles supported by the module, authentication mechanisms used by the module, and services (both security and non-security, Approved and non-Approved) available from the The Hewlett Packard Enterprise Aruba Crypto Module does not provide any identification or authentication methods of its own. The CO and the User roles are implicitly identified by the service requested.

4.2 Roles

The module supports two distinct operator roles: the Crypto Officer role and the User role. These roles are implicitly assumed by the operator of the module when performing a service. The module does not support multiple concurrent operators, a maintenance role, nor bypass capability. Table 10

Page 16
Service
NameRolesInputOutput
Data encryption, decryptionUserPlaintext or ciphertext, keyCiphertext or plaintext
Key derivation functionUserShared secrets, inputs (IKEv2)Derived keys
Digital signatureUserRSA or ECDSA public and private keysRSA or ECDSA digital signature generated or verified
Message authenticationUserMessage, HMAC keyMessage authentication code
Key agreementUserDH (FFC), ECDH key agreement primitivesDerived keys
Safe Primes key generation and verificationUserDH (FFC) domain parametersDH (FFC) private key
Key pair generationUserKey size or curve sizeRSA, DSA (FFC), or ECDSA key pairs
Key wrapping / Key transportUserAES keyWrapped keys
Message digestUserMessageDigest of the message
Status functionCrypto OfficerCommands and configuration dataStatus of commands and configurations
Show VersionUserCommandName and version of the module
Reboot ModuleCrypto OfficerCommandProgress information
Self-Test triggered by Crypto Officer rebootCrypto OfficerModule rebootProgress information
Approved mode enable/disableCrypto OfficerCommandProgress information

Non-Proprietary The table below lists descriptions of the services available to the roles, with input and output. Table 11

Page 17
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Data encryption, decryptionEncrypt or decrypt dataUser[15] IKE Session Encryption Key [16] IPSec Session Encryption KeyAES-CBC AES-GCM (A2689)W/E W/EAPI return code for success
Key derivation functionKey derivation through SP800-135rev1-KDF (IKEv2-KDF), SP800- 108rev1-KDF (KBKDF)User[4] DH Shared Secret [7] ECDH Shared Secret [12] IKE Pre-Shared Key [13] SKEYSEED [14] IKE Session Authentication Key [15] IKE Session Encryption Key [16] IPSec Session Encryption Key [17] IPSec Session Authentication KeyKBKDF IKEv2-KDF (A2689)W/E W/E W/E G/R G/R G/R G/R G/RAPI return code for success
Digital signatureGenerate or verify RSA or ECDSA digital signaturesUser[8] RSA Private Key [9] RSA Public Key [10] ECDSA Private Key [11] ECDSA Public KeyRSA SigGen RSA SigVer ECDSA SigGen ECDSA SigVer (A2689)R/W/E R/W/E R/W/E R/W/EAPI return code for success
4.3 Services

The module provides various services depending on role. These are described in the sections below. The meaning of the letters used to describe the ‘Access Rights to Keys and/or SSPs’ are:

4.3.1 Approved Services

See the tables below for descriptions of the services, Approved security functions, keys and/or SSPs available to the module’s roles. The Hewlett Packard Enterprise Aruba Crypto Module is one of the components within the ArubaOS firmware package that runs on the host device. ArubaOS includes CLI commands, some of which interact with the module via APIs. Successful completion of a security service (via API return code for success) when the module is in Approved mode (see section 11.1, Start-up Procedures) denotes use of approved security Note: The module does not implement a random number generator. Instead, it uses the Random Number Generation (RNG) service provided by the bound Hewlett Packard Enterprise Aruba OpenSSL Module cryptographic module, which implements a Deterministic Random Bit Generator (DRBG) compliant to [SP800-90A]. Data input and output between the Hewlett Packard Enterprise Aruba Crypto Module and the bound OpenSSL module are via API parameters. W/E W/E W/E W/E W/E G/R G/R G/R G/R G/R R/W/E R/W/E R/W/E R/W/E Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 18
Approved algorithm
NameUse Function
HMAC-SHA-1 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 (A2689)Message authenticationGenerate or verify data integrity with HMAC key[14] IKE Session Authentication Key [17] IPSec Session Authentication KeyUserW/E W/EAPI return code for success
KAS-ECC-SSC KAS-FFC-SSC (A2689)Key agreementPerform key agreement primitives on behalf of the calling process (does not establish keys into the module)[2] DH Private Key [3] DH Public Key [4] DH Shared Secret [5] ECDH Private Key [6] ECDH Public Key [7] ECDH Shared SecretUserW/E W/E G/R W/E W/E G/RAPI return code for success
Safe Primes KeyGen Safe Primes KeyVer (A2689)Safe Primes key generation and verificationDiffie-Hellman key generation and verification using safe primes[2] DH Private Key [3] DH Public KeyUserG/R G/RAPI return code for success
DSA/FFC keyGen DSA/FFC pqgGen Safe Primes KeyGen Safe Primes KeyVer ECDSA/ECC KeyGen ECDSA/ECC KeyVer RSA KeyGen RSA KeyVer (A2689)Key pair generationGenerate RSA, FFC, or ECDSA key pairs[1] Random Data Input [2] DH Private Key [3] DH Public Key [5] ECDH Private Key [6] ECDH Public Key [8] RSA Private Key [9] RSA Public Key [10] ECDSA Private Key [11] ECDSA Public KeyUserW/E G/R G/R G/R G/R G/R G/R G/R G/RAPI return code for success
AES-GCM AES-CBC with HMAC (A2689)Key wrapping / Key transportAES key wrapping[15] IKE Session Encryption Key [16] IPSec Session Encryption KeyUserW/E W/EAPI return code for success
SHA-1 SHA2-256 SHA2-384 SHA2-512 (A2689)Message digestGenerate a SHA-1 or SHA2 message digestNoneUserNoneAPI return code for success
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Approved mode enable/disableThe Crypto Officer enables the Approved mode by following the procedures under section 11.1, Start-up Procedures, to ensure the Aruba host device is configured for Secure Operations.Crypto OfficerNoneNoneNoneAPI return code for success
Status FunctionCrypto Officer may use ArubaOS CLI “show” commands on host to view logs and status. Please see ArubaOS CLI guide for details.Crypto OfficerNoneNoneNoneAPI return code for success

Non-Proprietary W/E W/E W/E G/R W/E W/E G/R G/R G/R W/E G/R G/R G/R G/R G/R G/R G/R G/R W/E W/E W/E 18| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 19
Service
NameDescriptionRolesApproved Functions
IPSec/IKE using Triple-DESIPSec/IKE key management using Triple-DES. This is a non-Approved service not available in the Approved mode.UserTriple-DES
Use of non-Approved algorithms and/or sizes.If the module has not been provisioned to operate in the Approved mode, then non-Approved algorithms and/or sizes are available for use – see above Table 8, Non-Approved Algorithms Not Allowed in the Approved Mode of Operation. This is a non-Approved service not available in the Approved mode.UserNon-Approved algorithms and/or sizes
Service
NameDescriptionRolesApproved Functions
IPSec/IKE using Triple-DESIPSec/IKE key management using Triple-DES. This is a non-Approved service not available in the Approved mode.UserTriple-DES
Use of non-Approved algorithms and/or sizes.If the module has not been provisioned to operate in the Approved mode, then non-Approved algorithms and/or sizes are available for use – see above Table 8, Non-Approved Algorithms Not Allowed in the Approved Mode of Operation. This is a non-Approved service not available in the Approved mode.UserNon-Approved algorithms and/or sizes

Non-Proprietary Z 19| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 20
5 Software / Firmware Security

The Hewlett Packard Enterprise Aruba Crypto Module (firmware version 1.0) is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system. The module is one of the components within the ArubaOS firmware package in electronic form and is installed automatically when a trusted and verified ArubaOS firmware package signed by Hewlett Packard Enterprise is booted on an Hewlett Packard Enterprise host device. The module performs a firmware integrity test when powered on (refer to Self-Tests for details). All cryptographic algorithm self-tests are run at power-up, prior to the first operational use of the cryptographic algorithm. The firmware integrity test verifies the integrity of the module by comparing a calculated HMAC-SHA-1 value against the stored HMAC value. The operator can initiate the firmware integrity test on demand by rebooting the host. Rebooting also zeroizes all SSPs stored in SDRAM memory. All data output via the data output interface is inhibited until the firmware integrity test has completed successfully. If the firmware integrity test fails, the module enters the error state (while in this state, the module provides no functionality). The temporary values generated during the firmware integrity test are zeroized upon completion of the integrity test. After the ArubaOS firmware boot, the operator can determine the version of the loaded module through reviewing the log and by using the show version ArubaOS CLI command on the host (use the link in the section Full Documentation to refer to ArubaOS 8.10 Command-Line Interface Reference Guide and ArubaOS

8.10 User Guide).
6 Operational Environment

The operational environment is limited. The control plane Operating System (OS) is Linux, a multi-threaded operating system that supports memory protection between processes. Access to the underlying Linux implementation is not provided directly. Only Hewlett Packard Enterprise provided interfaces are used. The Hewlett Packard Enterprise Aruba Crypto Module is one of the components within the ArubaOS firmware package which runs on the host device. ArubaOS includes Command Line Interface (CLI) commands, some of which interact with the module via APIs. The ArubaOS CLI and the module APIs are restricted command sets. These operating control mechanisms protect against unauthorized execution, unauthorized modification, and unauthorized reading of SSPs, control and status data. The module was tested on the platforms listed above in section 2.3, Table 4, Tested Operational Environments.

7 Physical Security

The Hewlett Packard Enterprise Aruba Crypto Module is a firmware type module and obtains its physical security from the host platform. As per FIPS 140-3 for multiple-chip standalone cryptographic modules at Security Level 1, the host platform consists of production-grade components within a production-grade enclosure. All of the platforms listed above in section 2.3 meet these requirements.

8 Non-Invasive Security

Since the module has not been purposely designed, built and publicly documented to include non-invasive mitigation techniques, the Non-Invasive Security requirements are not applicable. 20| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 21
Sensitive security parameter
NameStrengthGenerationEstablishmentStorageZeroizationUseImport Export#
1512 bits64 bytes are retrieved by bound OpenSSL module DRBG on each call by any service that requires a random number.N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.Random data inputs for key generation.Import: From bound OpenSSL module via API parameters. Export: N/A1Random Data Input – CSP [EVM]SP800-90A Rev1 CTR_DRBG AES-256 Cert. #A2690
2112 bitsGenerated internally in compliance with Diffie- Hellman key agreement scheme by calling bound OpenSSL module Approved DRBG (Cert. #A2690)N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.Used during the IPSec handshake to establish the Diffie-Hellman Shared Secret.Import: From calling application Export: To calling application2Diffie-Hellman Private Key – CSPDiffie-Hellman Group 14 Cert. #A2689
3112 bitsGenerated internally in compliance with Diffie- Hellman key agreement scheme by calling bound OpenSSL module Approved DRBG (Cert. #A2690)N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.Used during the IPSec handshake to establish the Diffie-Hellman Shared Secret.Import: From calling application Export: To calling application3Diffie-Hellman Public Key – PSPDiffie-Hellman Group 14 Cert. #A2689
4112 bitsN/AEstablished during Diffie-Hellman Exchange.Stored in SDRAM memory (plaintext).Zeroized by rebooting the module.Used for deriving IPSec/IKE cryptographic keys.Import: N/A Export: To calling application4Diffie-Hellman Shared Secret – CSPDiffie-Hellman Group 14 Cert. #A2689
5Curves: P-256 or P-384Generated internally by calling bound OpenSSL module Approved DRBG (Cert. #A2690) during EC Diffie-Hellman Exchange.N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.Used for establishing EC Diffie-Hellman Shared Secret.Import: From calling application Export: To calling application5EC Diffie- Hellman Private Key – CSPEC Diffie- Hellman Cert. #A2689
6Curves: P-256 or P-384Generated internally by calling bound OpenSSL module Approved DRBG (Cert. #A2690) during EC Diffie-Hellman Exchange.N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.Used for establishing EC Diffie-Hellman Shared Secret.Import: From calling application Export: To calling application6EC Diffie- Hellman Public Key – PSPEC Diffie- Hellman Cert. #A2689
7128 or 192 bitsN/AEstablished during EC Diffie-Hellman Exchange.Stored in SDRAM memory (plaintext).Zeroized by rebooting the module.Used for deriving IPSec/IKE cryptographic keys.Import: N/A Export: To calling application7EC Diffie- Hellman Shared Secret – CSPEC Diffie- Hellman Cert. #A2689
8128 bitsGenerated by calling bound OpenSSL module Approved DRBG (Cert. #A2690), in compliance with FIPS 186-4 RSA key pair generation method.N/AStored in host Flash memory (plaintext).Zeroized by using ArubaOS command ‘wipe out flash’ on host.Used for IKEv2 peers authentication.Import: From calling application Export: To calling application8RSA Private Key – CSPRSA Private Key Cert. #A2689
9128 bitsGenerated by calling bound OpenSSL module Approved DRBG (Cert. #A2690), in compliance with FIPS 186-4 RSA key pair generation method.N/AStored in host Flash memory (plaintext).Zeroized by using ArubaOS command ‘wipe out flash’ on host.Used for IKEv2 peers authentication.Import: From calling application Export: To calling application9RSA Public Key – PSPRSA Public Key Cert. #A2689
10Curves: P-256 or P-384Generated by calling bound OpenSSL module Approved DRBG (Cert. #A2690), in compliance with FIPS 186-4 ECDSA key pair generation method.N/AStored in host Flash memory (plaintext).Zeroized by using ArubaOS command ‘wipe out flash’ on host.Used for IKEv2 peers authentication.Import: From calling application Export: To calling application10ECDSA Private Key – CSPECDSA SigGen Cert. #A2689
11Curves: P-256 or P-384Generated by calling bound OpenSSL module Approved DRBG (Cert. #A2690), in compliance with FIPS 186-4 ECDSA key pair generation method.N/AStored in host Flash memory (plaintext).Zeroized by using ArubaOS command ‘wipe out flash’ on host.Used for IKEv2 peers authentication.Import: From calling application Export: To calling application11ECDSA Public Key – PSPECDSA SigGen Cert. #A2689
128 - 64 ASCII or 64 HEX charactersN/AN/AStored in host Flash memory (plaintext).Zeroized by using ArubaOS command ‘wipe out flash’ on host or by overwriting with a new secret.Used for IKEv2 peers authentication.Import: From calling application Export: N/A12IKE Pre- Shared Key – CSPN/A
13160 / 256 / 384 bitsDerived via key derivation function defined in SP800-135 Rev1 KDF (IKEv2).N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.A shared secret known only to IKEv2 peers. Used for deriving other keys in IKEv2 protocol.Import: N/A Export: N/A13SKEYSEED – CSPIKEv2 KDF Cert. #A2689
14160 / 256 / 384 bitsDerived via key derivation function defined in SP800-135 Rev1 KDF (IKEv2).N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.The IKE session (IKE Phase I) authentication key. Used for IKEv2 payload integrity verification.Import: N/A Export: To calling application14IKE Session Authentication Key – CSPHMAC-SHA-1/ HMAC-SHA2- 256/384 Cert. #A2689
15128 / 192 / 256 bitsDerived via key derivation function defined in SP800-135 Rev1 KDF (IKEv2).N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.The IKE session (IKE Phase I) encrypt key. Used for IKE payload protection.Import: N/A Export: To calling application15IKE Session Encryption Key – CSPAES (CBC) Cert. #A2689
16128 / 192 / 256 bits 128 / 256 bitsDerived via key derivation function defined in SP800-135 Rev1 KDF (IKEv2).N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.The IPSec (IKE phase II) encryption key. Used for IPSec traffics protection. IPSec session encryption keys can also be used for the Double Encrypt feature.Import: N/A Export: To calling application16IPSec Session Encryption Key – CSPAES (CBC) and AES (GCM) Cert. #A2689
17160 bitsDerived via key derivation function defined in SP800-135 Rev1 KDF (IKEv2).N/AStored in SDRAM memory (plaintext).Zeroized by rebooting the module.The IPSec (IKE Phase II) authentication key. Used for IPSec traffics integrity verification.Import: N/A Export: To calling application17IPSec Session Authentication Key – CSPHMAC-SHA-1 Cert. #A2689
9 Sensitive Security Parameter (SSP) Management

The following are the Sensitive Security Parameters (SSPs) used in the module. As specified in the Zeroization column of the following table, the majority service. The Hewlett Packard Enterprise Aruba Crypto Module is one of the components within the ArubaOS firmware package that runs on the host device, thus the module is rebooted when the host device is rebooted. ArubaOS includes CLI commands. As specified in the Zeroization column of the following table, there are a minority of SSPs/Keys used in the module that are stored in the host flash. The host flash can be zeroized implicitly by using the ArubaOS CLI command ‘wipe out flash’ on the host device. # N/A N/A 21| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 22

Non-Proprietary # EC DiffieHellman EC DiffieHellman EC DiffieHellman 22| EC DiffieHellman EC DiffieHellman N/A N/A N/A N/A EC DiffieHellman N/A Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 23

Non-Proprietary # N/A N/A N/A N/A 23| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 24

Non-Proprietary # N/A 24| N/A N/A N/A N/A N/A Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 25

Non-Proprietary # N/A N/A Notes:

Page 26
Approved algorithm
NameKey Size
DetailsMinimum Number of Bits of EntropyEntropy Sources
The module employs a SP800-90Arev1-compliant Deterministic Random Bit Generator (DRBG) using an AES-256 CTR_DRBG mechanism with Derivation Function (DF) for random number generation (Cert. #A2690). The employed DRBG uses a SP800-90B-compliant non-physical entropy source that uses CPU jitter provided by the operational environment as a noise source (Jitterentropy (JENT) with SHA-3 as the vetted conditioning component) which is within the module host’s physical boundary but outside of the module’s cryptographic boundary. The entropy source performs the SP800-90B Section 4.4 Approved Continuous Health Tests (RCT and APT).Oversampling of 512 bits is performed to ensure that 256 bits of entropy is available to the DRBG.Aruba CPU Jitter Entropy Source (see NIST Entropy Source Validation (ESV) program certificate E7)

Non-Proprietary The module does not implement a random number generator. Instead, it uses the Random Number Generation (RNG) service provided by the bound Hewlett Packard Enterprise Aruba OpenSSL Module cryptographic module, which implements a Deterministic Random Bit Generator are specified in the table below. 26| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 27
Self test
NameAlgorithm Or TestTest TypeDetailsTest Properties
Firmware Integrity TestFirmware Integrity TestKATThe Firmware Integrity Test verifies the integrity of the module by comparing a calculated HMAC-SHA-1 value against the stored HMAC value. The KAT for the HMAC- SHA-1 is executed before the Firmware Integrity Test.HMAC-SHA-1 with 117-bit key
AES CBCAES CBCKATEncrypt, DecryptAES-CBC-256Each run when module powered on, which is prior to the first operational use of the cryptographic algorithms
AES GCMAES GCMKATEncrypt, DecryptAES-GCM-256
ECDSAECDSAKATSign, VerifyP-256
HMACHMACKATHMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
KAS-SSC-ECCKAS-SSC-ECCKATEphemeral Unified SP 800-56A Rev3 basedPrimitive ‘Z’ computation with P-256 curve
Self test
NameAlgorithm Or TestTest TypeDetailsTest Properties
Firmware Integrity TestFirmware Integrity TestKATThe Firmware Integrity Test verifies the integrity of the module by comparing a calculated HMAC-SHA-1 value against the stored HMAC value. The KAT for the HMAC- SHA-1 is executed before the Firmware Integrity Test.HMAC-SHA-1 with 117-bit key
AES CBCAES CBCKATEncrypt, DecryptAES-CBC-256Each run when module powered on, which is prior to the first operational use of the cryptographic algorithms
AES GCMAES GCMKATEncrypt, DecryptAES-GCM-256
ECDSAECDSAKATSign, VerifyP-256
HMACHMACKATHMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
KAS-SSC-ECCKAS-SSC-ECCKATEphemeral Unified SP 800-56A Rev3 basedPrimitive ‘Z’ computation with P-256 curve
KAS-SSC-FFCKAS-SSC-FFCKATdhEphem SP 800-56A Rev3 basedShared secret computation, p=2048, q=256Each run when module powered on, which is prior to the first operational use of the cryptographic algorithms
KDF135KDF135KATSP 800-135 Rev1 based: IKEv2Key derivation
RSARSAKATSign, Verify2048, PKCS#1-v1.5
SHSSHSKATSHA-1, SHA-256, SHA-384, SHA-512
ECC key pairsECC key pairsPCTSign, VerifyP-256, P-384Each run on key pair generation
FFC key pairsFFC key pairsPCTSP800-56A Rev3 assurances as per SP 800-56A Rev3 Section 5.6.2.1.4 for PCTDH key pair generation
RSA key pairsRSA key pairsPCTSign, Verify2048, PKCS#1-v1.5
10 Self-Tests

The Hewlett Packard Enterprise Aruba Crypto Module performs when powered on the Cryptographic Algorithm Self-Tests (CASTs) and PreOperational Self-Tests (POSTs. While the module is executing the cryptographic algorithm and pre-operational self-tests, services are not available, and input and output are inhibited. In addition, the module also performs Conditional self-tests. All cryptographic algorithm self-tests are run when the conditional self-tests are passed successfully, the module transitions to the operational state. When a cryptographic algorithm self-test or pre-operational self-test fails, or when a conditional self-test fails, the module enters the Critical Error state (while in this state, the module provides no functionality and inhibits data output), logs the error, and reboots automatically. The Hewlett Packard Enterprise Aruba Crypto Module performs the following Pre-Operational Self-Tests (POSTs): Table 17

Page 28

Non-Proprietary Table 19

Page 29

Non-Proprietary To see the results of the self-tests run by the module, use the ArubaOS CLI command on the host device: show log crypto all Upon successful completion of the power-up self-tests, the module displays results on the host device console: Completed FIPS Aruba Cryptographic KAT test successfully. In the event any self-test fails, the module will enter a Critical Error state (while in this state, the module provides no functionality and inhibits data output), logs the error, and reboots automatically. After a self-test failure, the module displays results on the host device console : KATs: FIPS Aruba Cryptographic KAT failure PCTs: FIPS Aruba Cryptographic asymmetric key KAT failure. FIPS POST: FAIL Rebooting… When the firmware integrity test fails at power-up, the module enters the Critical Error state, where the invalid host ArubaOS firmware file is deleted to clear the error. The host device will automatically reboot from the backup ArubaOS image on the secondary partition. The module displays on the host device console: FIPS Aruba Mocana Integrity test failure Aruba Crypto FIPS KAT test FAILED!! Restarting System. 29| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 30
11 Life-Cycle Assurance

The Hewlett Packard Enterprise Aruba Crypto Module is a firmware type module, and must run on an Hewlett Packard Enterprise hardware unit (e.g., Controller, Gateway, Conductor, or Access Point) or virtual appliance (e.g., VMWare ESXi or open source KVM hypervisor running on a hardware server unit (e.g., HPE ProLiant ML110 Gen10 or HPE EdgeLine 20)). ArubaOS is the operating system for Hewlett Packard Enterprise Mobility Conductors, Mobility Controllers/Gateways, and controller-managed Hewlett Packard Enterprise Access Points (APs). The Hewlett Packard Enterprise Aruba Crypto Module is one of the Hewlett Packard Enterprise cryptographic modules that provide cryptographic services for the host ArubaOS operating system running on the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances.

11.1 Start-up Procedures

The Hewlett Packard Enterprise Aruba Crypto Module is one of the components within the ArubaOS firmware package in electronic form and is installed automatically when a trusted and verified ArubaOS is booted on an Hewlett Packard Enterprise host device. ArubaOS firmware in electronic form is installed by Hewlett Packard Enterprise technical support personnel or downloaded from the HPE Networking Support Portal (NSP) by authenticated licensed customer personnel.

11.1.1 Setting Up the Hewlett Packard Enterprise Controller, Gateway, Conductor, or Controllermanaged Access Point (AP) and Running Hewlett Packard Enterprise Aruba Crypto Module

Automatically The Crypto Officer shall perform the following steps to set-up your Hewlett Packard Enterprise Controller, Gateway, Conductor, or controller-managed Access Point (AP) either as a host hardware unit or a virtual appliance:

  1. Since the Hewlett Packard Enterprise Aruba Crypto Module firmware is a component of ArubaOS and is installed automatically when a trusted and verified ArubaOS firmware image is booted successfully on the Hewlett Packard Enterprise host device, the Crypto Officer (CO) shall review the ArubaOS 8.10 Getting Started Guide, ArubaOS 8.10.0.x AP Software Quick Start Guide, and ArubaOS 8.10 Virtual Appliance Installation Guide. Select the Hewlett Packard Enterprise host device running ArubaOS deployment scenario that best fits your installation and follow the scenario’s deployment procedures.
  2. Connect your PC or workstation to a line port (or virtual port mapped to the module interface) on the Hewlett Packard Enterprise Controller, Gateway, Conductor, or controller-managed Access Point (AP).
  3. Enable power to the Hewlett Packard Enterprise Controller, Gateway, Conductor, or controller-managed Access Point (AP).
  4. Monitor the Hewlett Packard Enterprise host device boot progress messages on the console.
  5. Once ArubaOS is loaded successfully and operating normally on the Hewlett Packard Enterprise host device, check the console messages to make sure that all the power-up self-tests passed. a. Check that the following console message is displayed: Completed FIPS Aruba Cryptographic KAT test successfully. b. As specified in the Self-Tests section, if any of the checks fail, error messages will be displayed on the console. If the errors persist after the Hewlett Packard Enterprise device is rebooted, contact Hewlett Packard Enterprise.
  6. Enable the Approved mode with the ArubaOS CLI on the host. a. Login to the Hewlett Packard Enterprise Controller, Gateway, or Conductor following the guidance from step 1. above (a controller-managed Access Point (AP) is placed in the Approved mode using a Staging Controller in the Approved mode as per the Aruba AP Software Quick Start Guide). 30| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy
Page 31

Non-Proprietary b. Enable the Approved mode using the following ArubaOS CLI commands on the host: #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (config) #fips enable (config) #exit #write memory Saving Configuration... Configuration Saved. c. To verify the Approved mode has been enabled, issue the ArubaOS CLI command on the host: show fips to see: FIPS Settings: Mode Enabled

11.2 Full Documentation

Documentation for any Hewlett Packard Enterprise product can be found on the HPE Networking Support Portal (NSP). Filters can be used to limit the displayed results by Product(s), Product Series, Version(s), and File Category. For example,

11.2.1 Related Hewlett Packard Enterprise Documents

The following Hewlett Packard Enterprise documents can be referenced to ensure that ArubaOS and the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances that run ArubaOS are installed and operated correctly in the Approved mode:

11.2.2 Administrator Guidance

The Crypto Officer must ensure that the module is kept in the Approved mode of operation. To keep the module in the Approved mode, abide by section 11.1, Start-up Procedures, section 2.9, Non-Approved Algorithms Not Allowed in the Approved Mode of Operation, and section 4.3.2, Non-Approved Services.

11.2.3 Non-Administrator Guidance
11.2.4 Maintenance Requirements

Not Applicable (N/A) 31| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 32
11.3 End of Life

To determine if an Hewlett Packard Enterprise product is considered end of life, refer to the Hewlett Packard Enterprise end-of life information at https://networkingsupport.hpe.com/end-of-life. If an Hewlett Packard Enterprise product is deemed end-of-life, the CO should work with their Hewlett Packard Enterprise representative to determine the appropriate Hewlett Packard Enterprise product upgrade path to use a newer Approved version. For secure sanitization and zeroization of SSP values, follow the guidance in the Zeroization service entry above in Table 13, in section Approved Services to wipe out host flash and reboot the module. Since the module is a component of ArubaOS, if the module is deprecated, the module will be upgraded to a newer Approved validated version by loading and booting the newer validated version of ArubaOS with the help of an Hewlett Packard Enterprise-Certified Mobility Professional (ACMP).

12 Mitigation of Other Attacks

The module has not been purposely designed, built and publicly documented to mitigate one or more specific attacks. The Mitigation of Other Attacks requirements are not applicable, per FIPS 140-3 IG 12.A. 32| Hewlett Packard Enterprise Aruba Crypto Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Referenced URLs