All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Arista Crypto Module

Certificate#5001StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorArista Networks, Inc.
Low review priority  ·  no TCB surface named  ·  last validated 5 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date4/16/2030
CaveatWhen operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).
VendorArista Networks, Inc.

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Arista Crypto Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth<br/>status output</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Arista Crypto Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth<br/>status output</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Arista Networks, Inc. FIPS 140-3 Security Policy Arista Networks, Inc. Arista Crypto Module August 8th, 2024 Document prepared by: http://www.lightshipsec.com Arista Networks Inc. Public Material

Page 2

Arista Networks, Inc. FIPS 140-3 Security Policy Table of Contents Arista Networks Inc. Public Material

Page 3

Arista Networks, Inc. FIPS 140-3 Security Policy Arista Networks Inc. Public Material

Page 4

Arista Networks, Inc. FIPS 140-3 Security Policy List of Tables Table 3: Tested Module Identification

Page 5

Arista Networks, Inc. FIPS 140-3 Security Policy Arista Networks Inc. Public Material

Page 6

Arista Networks, Inc. FIPS 140-3 Security Policy

1 General
1.1 Overview

This non-proprietary FIPS 140-3 Security Policy for the Arista Cryptographic Module, v4.0 describes how the module meets the security requirements specified in FIPS 140-3 (Federal Information Processing Standard 140-3) for an overall security level 1 module and outlines the security rules and operating procedures required to maintain compliance.

1.2 Security Levels

Section Title Security Level

1 General 1

2 Cryptographic module specification 1

3 Cryptographic module interfaces 1

4 Roles, services, and authentication 1

5 Software/Firmware security 1

6 Operational environment 1

7 Physical security N/A

8 Non-invasive security N/A

9 Sensitive security parameter management 1

10 Self-tests 1

11 Life-cycle assurance 1

12 Mitigation of other attacks 1

Overall Level 1 Table 1: Security Levels

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The module is a dynamic software library providing an application programming interface (API) intended to be used via OpenSSL interfaces to serve cryptographic functionalities for applications running in the user space of the underlying operating system. Module Type: Software Module Embodiment: Multi-Chip Standalone Module Characteristics: Cryptographic Boundary: The module’s cryptographic boundary (represented by the red dotted line in Figure 1) consists of the entire Arista Cryptographic Module executable code. Tested Operational Environment’s Physical Perimeter (TOEPP): Arista Networks Inc. Public Material

Page 7

Arista Networks, Inc. FIPS 140-3 Security Policy The module was tested on the Arista AWE-5510 router, running Arista’s EOS operating system. Figure 1: Block Diagram

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 8

Arista Networks, Inc. FIPS 140-3 Security Policy Tested Module Identification

5510 D-2798NX (Ice Lake)

EOSv4 Arista AWE- Intel® Xeon® Processor No v4.0

5510 D-2798NX (Ice Lake)

Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: Operating System Hardware Platform EOSv4 Arista 7289 with Intel Xeon CPU D-1548 EOSv4 Arista 7300-SUP-D with Intel Xeon CPU @ 2.60GHz EOSv4 Arista 7368-SUP with Intel Xeon CPU D-1527 EOSv4 Arista 7368-SUP-D with Intel Xeon CPU D-1527 EOSv4 Arista 7388-SUP-D with Intel Xeon CPU D-1527 Linux 5.4 Arista C-460 with ARM Cortex-A73 Linux 5.4 Arista O-435 with ARM Cortex-A53 EOSv4 Arista AWE-5310 with Intel Atom P5721 EOSv4 Arista AWE-5310-2F-FLX with Intel Atom P5721 EOSv4 Arista AWE-5510 with Intel Xeon D-2798NX CPU EOSv4 Arista AWE-5510-2F-FLX with Intel Xeon D-2798NX EOSv4 Arista AWE-7220RP-5TH-2S with Intel Atom CPU C3558R EOSv4 Arista AWE-7230R-4TX-4S-FLX with Intel Atom P5721 EOSv4 Arista AWE-7250R-16S-FLX with Intel Xeon D-2798NX EOSv4 Arista CCS-710P-12 with AMD GX-412TC EOSv4 Arista CCS-710P-12-NA with AMD GX-412TC EOSv4 Arista CCS-710P-16P with AMD GX-412TC EOSv4 Arista CCS-710P-16P-NA with AMD GX-412TC EOSv4 Arista CCS-720DF-48Y with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DF-48Y-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DF-48Y-DC with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DF-48Y-M-S-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DP-24S with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DP-24S-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DP-24S-M-S-2 with AMD Ryzen Embedded R1600 Arista Networks Inc. Public Material

Page 9

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 Arista CCS-720DP-24ZS-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DP-48S with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DP-48S-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DP-48S-M-S-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DP-48ZS with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DT-24S with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DT-24S-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DT-24S-2R with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DT-24S-M-S-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DT-48S with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720DT-48S-2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720XP-24Y6 with AMD Crowned Eagle GX224PC or AMD G-Series GX-224 EOSv4 Arista CCS-720XP-24ZY4 with AMD Crowned Eagle GX224PC or AMD G-Series GX-224 EOSv4 Arista CCS-720XP-48TXH-2C-S with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720XP-48Y6 with AMD Crowned Eagle GX224PC or AMD G-Series GX-224 EOSv4 Arista CCS-720XP-48ZC2 with AMD Crowned Eagle GX224PC or AMD G-Series GX-224 EOSv4 Arista CCS-720XP-48ZXC2 with AMD Ryzen Embedded R1600 EOSv4 Arista CCS-720XP-96ZC2 with AMD R-Series RX-216 (Merlin Falcon) EOSv4 Arista CCS-720XP-96ZC2-M-S-4 with AMD Embedded RSeries RX-216TD EOSv4 Arista CCS-720XP-96ZC2-M-S with AMD Embedded RSeries RX-216TD EOSv4 Arista CCS-722XPM-48Y4 with AMD G-Series GX-224 (Crowned Eagle) EOSv4 Arista CCS-722XPM-48ZY8 with AMD G-Series GX-224 (Crowned Eagle) EOSv4 Arista CCS-750-SUP100 with Intel Xeon D-1527 (Broadwell) EOSv4 Arista CCS-750-SUP25 with Intel Xeon D-1527 (Broadwell) CloudVision Portal Any general-purpose computer (GPC) with Any CPU CloudVision Portal on VMware Supermicro SYS-6029TP-HTR with Intel Xeon Gold 5218R ESXi 6.7 on AlmaLinux 9 Arista Networks Inc. Public Material

Page 10

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform CloudVision Portal on QEMU Supermicro SYS-6029TP-HTR with Intel Xeon Silver 4316

2.12 on AlmaLinux 9

CloudEOSv4 Any general-purpose computer (GPC) with Any CPU CloudEOSv4 on QEMU 2.0 Supermicro SYS-1029U-TR-CTO with Intel Xeon Gold 6240R EOSv4 Arista DCS-7010T-48 with AMD eKabini GX-210HA or AMD Steppe Eagle GX-424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7010T-48-DC with AMD eKabini GX-210HA or AMD Steppe Eagle GX-424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7010TX-48 with AMD Crowned Eagle GE224PIXJ23JB EOSv4 Arista DCS-7010TX-48-DC with AMD Crowned Eagle GE224PIXJ23JB EOSv4 Arista DCS-7010TX-48C with AMD Ryzen Embedded R1600 EOSv4 Arista DCS-7010TX-48C-DC-RV3 with AMD Ryzen Embedded R1600 EOSv4 Arista DCS-7020SR-24C2 with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7020SR-32C2 with Intel Broadwell DE D1508 EOSv4 Arista DCS-7020SRG-24C2 with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7020TR-48 with AMD Steppe Eagle GX-424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7020TRA-48 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7050CX3-32C with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050CX3-32S with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7050CX3-32S-SSD with AMD GX-424CC SOC EOSv4 Arista DCS-7050CX3M-32S with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7050CX4-24D8 with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050CX4-40D with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050CX4-48D8 with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050CX4M-48D8 with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050DX4-32S with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7050DX4M-32S with AMD Snowy Owl SP4r2 3151 EOSv4 Arista DCS-7050PX4-32S with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

Arista Networks Inc. Public Material

Page 11

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 Arista DCS-7050QX-32 with AMD Athlon NEO X2 N40L EOSv4 Arista DCS-7050QX-32S with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7050QX2-32S with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7050SDX4-48D8 with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050SPX4-48D8 with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050SX-128 with Intel "Gladden" Sandy Bridge EOSv4 Arista DCS-7050SX-64 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7050SX-72 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7050SX-72Q with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7050SX-96 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7050SX2-128 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7050SX2-72Q with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7050SX3-48C8 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7050SX3-48C8C with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050SX3-48YC12 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7050SX3-48YC8 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7050SX3-48YC8C with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7050SX3-96YC8 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7050TX-128 with Intel "Gladden" Sandy Bridge EOSv4 Arista DCS-7050TX-48 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7050TX-64 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7050TX-72 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7050TX-72Q with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7050TX-96 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7050TX2-128 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) Arista Networks Inc. Public Material

Page 12

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 Arista DCS-7050TX3-48C8 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7060CX-32C with AMD GX-424PC SOC EOSv4 Arista DCS-7060CX-32S with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7060CX2-32S with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7060CX5-56D8 with AMD Ryzen Embedded V1500B EOSv4 Arista DCS-7060DX4-32 with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7060DX5-32 with AMD EPYC 3151 (4c or 8c) EOSv4 Arista DCS-7060DX5-64 with AMD Snowy Owl SP4r2 3151 or 3251 (4c or 8c) EOSv4 Arista DCS-7060DX5-64E with AMD EPYC Embedded 3151 EOSv4 Arista DCS-7060DX5-64S with AMD EPYC Embedded 3151 EOSv4 Arista DCS-7060PX4-32 with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7060PX5-64 with AMD Snowy Owl SP4r2 3151 or 3251 (4c or 8c) EOSv4 Arista DCS-7060PX5-64E with AMD EPYC Embedded 3151 EOSv4 Arista DCS-7060PX5-64S with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7060SX2-48YC6 for AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7060X6-64PE with AMD EPYC 3151 (4c or 8c) EOSv4 Arista DCS-7130-16G3S with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-48EHS with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-48G3S with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-48LAS with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-48LBAS with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-48LBS with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-96LAS with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-96LBAS with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-96LBS with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130-96LS with Intel Atom® Processor C2558 (Rangeley) Arista Networks Inc. Public Material

Page 13

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 Arista DCS-7130-96S with Intel Atom® Processor C2558 (Rangeley) EOSv4 Arista DCS-7130LBR-48S6QD with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7132LB-48Y4C with AMD EPYC 3251 EOSv4 Arista DCS-7132LB-48Y4C-DC with AMD Snowy Owl SP4r2 3151 or 3251 (4c or 8c) EOSv4 Arista DCS-7132LN-48Y4C with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7135LB-48Y4C with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7148SX with AMD Athlon NEO X2 N40L EOSv4 Arista DCS-7150S-24-CL with AMD Athlon NEO X2 N40L EOSv4 Arista DCS-7150SC-24-CLD with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7150SC-64-CLD with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7160-32CQ with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7160-48TC6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7160-48YC6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7170-32C with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7170-32CD with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7170-64C with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7170B-64C with AMD Snowy Owl SP4r2 3151 or 3251 (4c or 8c) EOSv4 Arista DCS-7260CX-64 with Intel "Gladden" Sandy Bridge EOSv4 Arista DCS-7260CX3-64 with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7260CX3-64E with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7260CX3-64LQ with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7260QX-64 with Intel "Gladden" Sandy Bridge or AMD GX-424CC SOC EOSv4 Arista DCS-7280CR-48 with Intel "Gladden" Sandy Bridge EOSv4 Arista DCS-7280CR2-60 with Intel "Gladden" Sandy Bridge EOSv4 Arista DCS-7280CR2A-30 with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7280CR2A-60 with Intel "Gladden" Sandy Bridge EOSv4 Arista DCS-7280CR2K-30 with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7280CR2K-60 with Intel "Gladden" Sandy Bridge EOSv4 Arista DCS-7280CR2M-30 with Intel Broadwell-DE D1508 EOSv4 Arista DCS-7280CR3-32D4 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD Arista Networks Inc. Public Material

Page 14

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 Arista DCS-7280CR3-32P4 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280CR3-36S with AMD Merlin Falcon R-series RX-421ND or AMD Merlin Falcon R-series RX-216TD EOSv4 Arista DCS-7280CR3-96 with AMD Merlin Falcon R-series RX-421ND or AMD Merlin Falcon R-series RX-216TD EOSv4 Arista DCS-7280CR3A-24D12 with AMD Snowy Owl SP4r2 3251 EOSv4 Arista DCS-7280CR3A-32S with AMD EPYC 3251 EOSv4 Arista DCS-7280CR3A-48D6 with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280CR3A-72 with AMD Snowy Owl SP4r2 3251 EOSv4 Arista DCS-7280CR3AK-24D12 with AMD Snowy Owl SP4r2 3251 EOSv4 Arista DCS-7280CR3AK-48D6 with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280CR3AK-72 with AMD Snowy Owl SP4r2 3251 EOSv4 Arista DCS-7280CR3AM-24D12 with AMD Snowy Owl SP4r2 3251 EOSv4 Arista DCS-7280CR3AM-32S with AMD EPYC 3251 EOSv4 Arista DCS-7280CR3AM-48D6 with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280CR3AM-72 with AMD Snowy Owl SP4r2 3251 EOSv4 Arista DCS-7280CR3E-36S with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280CR3K-32D4 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280CR3K-32D4A with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280CR3K-32P4 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280CR3K-32P4A with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280CR3K-36A with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280CR3K-36S with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280CR3K-96 with AMD Merlin Falcon R-series RX-421ND or AMD Merlin Falcon R-series RX-216TD Arista Networks Inc. Public Material

Page 15

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 Arista DCS-7280CR3MK-32D4 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280CR3MK-32D4A-S with AMD EPYC 3251 EOSv4 Arista DCS-7280CR3MK-32D4S with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280CR3MK-32P4 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280CR3MK-32P4S with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280DR3-24 with AMD Merlin Falcon R-series RX-421ND or AMD Merlin Falcon R-series RX-216TD EOSv4 Arista DCS-7280DR3A-36 with AMD EPYC Embedded 3251 EOSv4 Arista DCS-7280DR3A-54 with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280DR3AK-36 with AMD EPYC Embedded 3251 EOSv4 Arista DCS-7280DR3AK-36S with AMD EPYC 3251 EOSv4 Arista DCS-7280DR3AK-54 with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280DR3AM-36 with AMD EPYC Embedded 3251 EOSv4 Arista DCS-7280DR3AM-54 with AMD Snowy Owl SP4r2

3151 or 3251 (4c or 8c)

EOSv4 Arista DCS-7280DR3K-24 with AMD Merlin Falcon R-series RX-421ND or AMD Merlin Falcon R-series RX-216TD EOSv4 Arista DCS-7280PR3-24 with AMD Merlin Falcon R-series RX-421ND or AMD Merlin Falcon R-series RX-216TD EOSv4 Arista DCS-7280PR3K-24 with AMD Merlin Falcon R-series RX-421ND or AMD Merlin Falcon R-series RX-216TD EOSv4 Arista DCS-7280QR-C36 with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7280QR-C72 with Intel "Gladden" Sandy Bridge EOSv4 Arista DCS-7280QRA-C36S with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7280SE-64 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7280SE-68 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7280SE-72 with AMD eKabini GE420CIAJ44HM EOSv4 Arista DCS-7280SR-48C6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) Arista Networks Inc. Public Material

Page 16

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 Arista DCS-7280SR2-48YC6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7280SR2A-48YC6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7280SR2K-48C6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7280SR3-40YC6 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280SR3-48YC8 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280SR3A-48YC8 with AMD EPYC 3251 EOSv4 Arista DCS-7280SR3AM-48YC8 with AMD EPYC 3251 EOSv4 Arista DCS-7280SR3E-40YC6 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280SR3E-40YC6-M with AMD Merlin Falcon R-series RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280SR3E-48YC8 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280SR3K-48YC8 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280SR3K-48YC8A with AMD Snowy Owl SP4r2 3151 or 3251 (4c or 8c) EOSv4 Arista DCS-7280SR3M-48YC8 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280SR3MK-48YC8A-S with AMD EPYC 3251 EOSv4 Arista DCS-7280SRA-48C6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7280SRAM-48C6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7280SRM-40CX2 with AMD Steppe Eagle GE424CIXJ44JB EOSv4 Arista DCS-7280TR-48C6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7280TR3-40C6 with AMD Merlin Falcon Rseries RX-421ND or AMD Merlin Falcon R-series RX216TD EOSv4 Arista DCS-7280TRA-48C6 with AMD Steppe Eagle GX424CC (GE424CIXJ44JB) EOSv4 Arista DCS-7289-SUP with Intel Xeon CPU D-1548 EOSv4 Arista DCS-7289-SUP-S with Intel Xeon CPU D-1548 EOSv4 Arista DCS-7300-SUP with Intel Xeon CPU @ 2.60GHz Arista Networks Inc. Public Material

Page 17

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 Arista DCS-7300-SUP2-D with Intel Xeon CPU D-1528 EOSv4 Arista DCS-7388-SUP with Intel Sandy Bridge Gladden AV8062701048500 or Intel Xeon CPU D-1527 EOSv4 Arista DCS-7500-SUP2 with Intel Xeon CPU D-1528 EOSv4 Arista DCS-7500-SUP2-D with Intel Xeon CPU D-1531 EOSv4 Arista DCS-7516-SUP2 with Intel Xeon CPU D-1548 EOSv4 Arista DCS-7800-SUP with Intel Xeon CPU D-1528 EOSv4 Arista DCS-7800-SUP1A with Intel Broadwell DE D-1528 EOSv4 Arista DCS-7800-SUP1S with Intel Broadwell DE D-1528 EOSv4 Arista DCS-7800A-SUP1A with Intel Xeon CPU D-1528 EOSv4 Arista DCS-7816-SUP with Intel Broadwell DE D-1548 EOSv4 Arista DCS-7816-SUP1S with Intel Broadwell DE D-1548 EOSv4 Arista ZTX-7250F-16S with Intel Xeon D-2798NX EOSv4 Arista ZTX-7250S-16S with Intel Xeon D-2798NX EOSv4 Arista DCS-7060X6-64DE EOSv4 Arista 7280CR3AK-32S EOSv4 Arista 7280SR3AK-48YC8 Linux 4.4 Arista C-200 Linux 4.4 Arista C-230 Linux 4.4 Arista C-230E Linux 4.4 Arista C-260 Linux 4.4 Arista C-330 Linux 4.4 Arista C-360 Linux 5.4 Arista C-460E Linux 4.4 Arista O-235 Linux 4.4 Arista O-235E Linux 4.4 Arista W318 Linux 4.4 Arista W318-RW CloudVision-CUE on Any general-purpose computer (GPC) with any CPU CloudVision Portal on any hypervisor EOSv4 DCS-7020R4-48Y-8QC with AMD Ryzen Embedded V1500B EOSv4 DCS-7020R4M-48Y-8QC with AMD Ryzen Embedded V1500B EOSv4 DCS-7020R4-48Y-4QC with AMD Ryzen Embedded V1500B EOSv4 DCS-7020R4M-48Y-4QC with AMD Ryzen Embedded V1500B EOSv4 DCS-7020R4-48TX-4QC with AMD Ryzen Embedded V1500B EOSv4 DCS-7020R4M-48TX-4QC with AMD Ryzen Embedded V1500B EOSv4 CCS-710HXP-28TXH-4S EOSv4 CCS-710HXP-20TNH-4S EOSv4 DCS-7050CX4M-48D8 with AMD Ryzen Embedded V1500B EOSv4 CCS-720DP-24S with AMD Ryzen Embedded R1600 Arista Networks Inc. Public Material

Page 18

Arista Networks, Inc. FIPS 140-3 Security Policy Operating System Hardware Platform EOSv4 CCS-720DP-48S with AMD Ryzen Embedded R1600 EOSv4 CCS-720DT-24S with AMD Ryzen Embedded R1600 EOSv4 CCS-720DT-48S with AMD Ryzen Embedded R1600 EOSv4 7500R3K-48Y4D-LC EOSv4 7500R3K-36CQ-LC EOSv4 7500R3-48Y4D-LC EOSv4 7500R3-36CQ-LC EOSv4 7500R3-24P-LC EOSv4 7500R3-24D-LC EOSv4 7300X3-32C-LC EOSv4 7300X3-48TC4-LC EOSv4 7300X3-48YC4-LC Linux 5.4 Arista O-435E Linux 5.4 Arista C-400 Linux 5.4 Arista C-430 Linux 5.4 Arista C-460D Linux 5.4 Arista O-405 Linux 5.4 Arista O-405E EOSv4 DCS-7060XE7-64PRS-RV3 with Intel Xeon D-1735TR CloudVision Appliance Any general-purpose computer (GPC) with any CPU CloudVision as-a-Service Any general-purpose computer (GPC) with any CPU (CVaaS) EOSv4 DCS-7060X6-32PE with AMD Ryzen Embedded v3000 EOSv4 CCS-710XP-12TH-2S with ARM Cortex-A55 EOSv4 CCS-720XPM-48TH-6SY with AMD Ryzen Embedded R1600 EOSv4 DCS-7050SX3-24YC4C-S with AMD Ryzen Embedded V1500B EOSv4 DCS-7280CR3AK-32S with AMD EPYC 3251 EOSv4 DCS-7060DX4-32C-RV3 with Intel Pentium D1508 EOSv4 DCS-7060DX4-32SB-RV3 with Intel Xeon D1527 Velocloud SD-WAN 7.0 Edge 710-W with Intel Atom C1100 Velocloud SD-WAN 7.0 Edge 710-5G with Intel Atom C1110 Velocloud SD-WAN 7.0 Edge 720 with Intel Atom C1110 Velocloud SD-WAN 7.0 Edge 740 with Intel Atom C1130 Velocloud SD-WAN 7.0 Edge 4100 with Xeon D-2798NT Velocloud SD-WAN 7.0 Edge 5100 with Xeon Gold 6548N Velocloud SD-WAN OS 7.0 on Intel Xeon D and SP CPUs ESXi 8.0 and KVM Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.

2.3 Excluded Components

Arista Networks Inc. Public Material

Page 19

Arista Networks, Inc. FIPS 140-3 Security Policy There are no components excluded from the module’s cryptographic boundary or the FIPS security requirements.

2.4 Modes of Operation

Modes List and Description: Mode Name Description Type Status Indicator Approved State in which the module is performing Approved 1 (return Mode approved cryptographic services code) Non-Approved State in which the module is performing non- Non- 0 (return Mode approved cryptographic services (TDES) Approved code) Table 5: Modes List and Description The module is able to alternate between the approved and non-approved mode of operation based on service invocation. In the non-approved mode of operation, the module can offer Triple-DES encryption and decryption. When the Triple-DES encrypt and decrypt services are called, the module transitions to the non-approved state and a static return code of ‘0’, representing the invocation of a non-approved service is returned from the module.

2.5 Algorithms

Approved Algorithms: The table below lists the approved cryptographic algorithms of the module and implemented modes of operation of the algorithms. Algorithm CAVP Properties Reference Cert AES-CBC A5259 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CCM A5259 Key Length - 128, 192, 256 SP 800-38C AES-CFB1 A5259 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CFB128 A5259 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CFB8 A5259 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CMAC A5259 Capabilities - SP 800-38B Direction - Generation, Verification Key Length - 128 Arista Networks Inc. Public Material

Page 20

Arista Networks, Inc. FIPS 140-3 Security Policy Algorithm CAVP Properties Reference Cert AES-CTR A5259 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-ECB A5259 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-GCM A5259 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 AES-KW A5259 Direction - Decrypt, Encrypt SP 800-38F Key Length - 128, 192, 256 AES-KWP A5259 Direction - Decrypt, Encrypt SP 800-38F Key Length - 128, 192, 256 AES-XTS A5259 Direction - Decrypt, Encrypt SP 800-38E Testing Key Length - 128, 256 Revision 2.0 Counter DRBG A5259 Prediction Resistance - No, Yes SP 800-90A Capabilities - Rev. 1 Mode - AES-128 Derivation Function Enabled - No ECDSA A5259 Curve - P-256, P-384, P-521 FIPS 186-5 KeyGen Secret Generation Mode - testing candidates (FIPS186-5) ECDSA A5259 Curve - P-256, P-384, P-521 FIPS 186-5 KeyVer (FIPS186-5) ECDSA A5259 Capabilities - FIPS 186-5 SigGen Curve - P-256, P-384, P-521 (FIPS186-5) Hash Algorithm - SHA2-224, SHA2-256, SHA2384, SHA2-512, SHA3-224, SHA3-256, SHA3384, SHA3-512 Component - No ECDSA SigVer A5259 Component - No FIPS 186-4 (FIPS186-4) Capabilities Curve - P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 ECDSA SigVer A5259 Capabilities - FIPS 186-5 (FIPS186-5) Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2384, SHA2-512, SHA3-224, SHA3-256, SHA3384, SHA3-512 Hash DRBG A5259 Prediction Resistance - No, Yes SP 800-90A Capabilities - Rev. 1 Mode - SHA-1 HMAC DRBG A5259 Prediction Resistance - No, Yes SP 800-90A Capabilities - Rev. 1 Mode - SHA-1 HMAC-SHA-1 A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 Arista Networks Inc. Public Material

Page 21

Arista Networks, Inc. FIPS 140-3 Security Policy Algorithm CAVP Properties Reference Cert HMAC-SHA2- A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 HMAC-SHA2- A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 HMAC-SHA2- A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 HMAC-SHA2- A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 HMAC-SHA3- A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 HMAC-SHA3- A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 HMAC-SHA3- A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 HMAC-SHA3- A5259 Key Length - Key Length: 112-2048 Increment 8 FIPS 198-1 KAS-ECC-SSC A5259 Domain Parameter Generation Methods - P-256, SP 800-56A Sp800-56Ar3 P-384, P-521 Rev. 3 Scheme ephemeralUnified KAS Role - initiator, responder KAS-FFC-SSC A5259 Domain Parameter Generation Methods - SP 800-56A Sp800-56Ar3 ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, Rev. 3 MODP-2048, MODP-3072, MODP-4096, MODP6144, MODP-8192 Scheme dhEphem KAS Role - initiator, responder KDF IKEv1 A5259 Capabilities - SP 800-135 (CVL) Authentication Method - Pre-shared Key Rev. 1 Preshared Key Length - Preshared Key Length: 8-

8192 Increment 8

Diffie-Hellman Shared Secret Length - DiffieHellman Shared Secret Length: 1024-8192 Increment 1024 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 KDF IKEv2 A5259 Capabilities - SP 800-135 (CVL) Diffie-Hellman Shared Secret Length - Diffie- Rev. 1 Hellman Shared Secret Length: 1024-8192 Increment 1024 Derived Keying Material Length - Derived Keying Material Length: 256-2048 Increment 128 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 KDF SP800- A5259 Capabilities - SP 800-108

108 KDF Mode - Counter Rev. 1

Supported Lengths - Supported Lengths: 128 Arista Networks Inc. Public Material

Page 22

Arista Networks, Inc. FIPS 140-3 Security Policy Algorithm CAVP Properties Reference Cert KDF SSH A5259 Cipher - AES-128, AES-192, AES-256 SP 800-135 (CVL) Hash Algorithm - SHA-1, SHA2-224, SHA2-256, Rev. 1 SHA2-384, SHA2-512 KTS-IFC A5259 Modulo - 2048, 3072, 4096 SP 800-56B Key Generation Methods - rsakpg2-basic Rev. 2 Scheme KTS-OAEP-basic KAS Role - initiator, responder Key Transport Method Key Length - 512 RSA KeyGen A5259 Capabilities - FIPS 186-5 (FIPS186-5) Key Generation Mode - probable Properties Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard RSA SigGen A5259 Capabilities - FIPS 186-5 (FIPS186-5) Properties Modulo - 2048 Signature Type - pkcs1v1.5 RSA SigVer A5259 Capabilities - FIPS 186-4 (FIPS186-4) Signature Type - ANSI X9.31 Properties Modulo - 1024 RSA SigVer A5259 Capabilities - FIPS 186-5 (FIPS186-5) Properties Modulo - 2048 Signature Type - pkcs1v1.5 SHA-1 A5259 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 Large Message Sizes - 1, 4 SHA2-224 A5259 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 Large Message Sizes - 1, 4 SHA2-256 A5259 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 Large Message Sizes - 1, 4 SHA2-384 A5259 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 Large Message Sizes - 1, 4 SHA2-512 A5259 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 Large Message Sizes - 1, 4 SHA3-224 A5259 Message Length - Message Length: 0-65536 FIPS 202 Increment 8 Large Message Sizes - 1, 4 Arista Networks Inc. Public Material

Page 23

Arista Networks, Inc. FIPS 140-3 Security Policy Algorithm CAVP Properties Reference Cert SHA3-256 A5259 Message Length - Message Length: 0-65536 FIPS 202 Increment 8 Large Message Sizes - 1, 4 SHA3-384 A5259 Message Length - Message Length: 0-65536 FIPS 202 Increment 8 Large Message Sizes - 1, 4 SHA3-512 A5259 Message Length - Message Length: 0-65536 FIPS 202 Increment 8 Large Message Sizes - 1, 4 TLS v1.2 KDF A5259 Hash Algorithm - SHA2-256, SHA2-384, SHA2- SP 800-135 RFC7627 512 Rev. 1 (CVL) Table 6: Approved Algorithms Vendor-Affirmed Algorithms: The vendor affirms the approved implementation of the following security methods: Name Properties Implementation Reference CKG Key Arista Crypto NIST SP 800-133rev2, Section (Asymmetric) Type:Asymmetric Module 4 (1), 5.1, 5.2 Table 7: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement any non-approved algorithms allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. The module does not implement any non-approved algorithms, allowed in the approved mode of operation, with no security claimed. Non-Approved, Not Allowed Algorithms: Name Use and Function Triple-DES Encryption/decryption Table 8: Non-Approved, Not Allowed Algorithms

2.6 Security Function Implementations

Arista Networks Inc. Public Material

Page 24

Arista Networks, Inc. FIPS 140-3 Security Policy Name Type Description Properties Algorithms Data Encryption BC-Auth Symmetric key size:128, AES-CBC: BC-UnAuth Encryption 192, 256 bits (A5259) AES-CCM: (A5259) AES-CFB1: (A5259) AES-CFB128: (A5259) AES-CFB8: (A5259) AES-CTR: (A5259) AES-ECB: (A5259) AES-GCM: (A5259) AES-XTS Testing Revision 2.0: (A5259) Data Decryption BC-Auth Symmetric key size:128, AES-CBC: BC-UnAuth Encryption 192, 256 (A5259) AES-CCM: (A5259) AES-CFB1: (A5259) AES-CFB128: (A5259) AES-CFB8: (A5259) AES-CTR: (A5259) AES-ECB: (A5259) AES-GCM: (A5259) AES-XTS Testing Revision 2.0: (A5259) Key Derivation KAS-135KDF Key Derivation KDF IKEv1: Function KBKDF Function (A5259) KDF IKEv2: (A5259) KDF SSH: (A5259) TLS v1.2 KDF RFC7627: (A5259) KDF SP800108: (A5259) Arista Networks Inc. Public Material

Page 25

Arista Networks, Inc. FIPS 140-3 Security Policy Name Type Description Properties Algorithms Deterministic DRBG Deterministic Counter DRBG: Random Bit Random Bit (A5259) Generation Generation Hash DRBG: (A5259) HMAC DRBG: (A5259) Digital Signature DigSig-SigGen RSA, ECDSA ECDSA SigGen DigSig-SigVer SigGen / SigVer (FIPS186-5): (A5259) ECDSA SigVer (FIPS186-4): (A5259) ECDSA SigVer (FIPS186-5): (A5259) RSA SigGen (FIPS186-5): (A5259) RSA SigVer (FIPS186-4): (A5259) RSA SigVer (FIPS186-5): (A5259) Message MAC Generate or AES-CMAC: Authentication verify data (A5259) integrity HMAC-SHA-1: (A5259) HMAC-SHA2224: (A5259) HMAC-SHA2256: (A5259) HMAC-SHA2384: (A5259) HMAC-SHA2512: (A5259) HMAC-SHA3224: (A5259) HMAC-SHA3256: (A5259) HMAC-SHA3384: (A5259) HMAC-SHA3512: (A5259) Key Agreement KAS-SSC Perform key Security KAS-ECC-SSC ECC agreement Strength:Key Sp800-56Ar3: primitives on establishment (A5259) behalf of the methodology calling process provides Arista Networks Inc. Public Material

Page 26

Arista Networks, Inc. FIPS 140-3 Security Policy Name Type Description Properties Algorithms (does not between 112 establish keys and 256 bits of into the module) encryption strength. Publication:NIST SP 800-56Arev3 IG:D.F Scenario 2, Path (1) Key Agreement KAS-SSC Perform key Security KAS-FFC-SSC FFC agreement Strength:Key Sp800-56Ar3: primitives on establishment (A5259) behalf of the methodology calling process provides (does not between 112 establish keys and 200 bits of into the module) encryption strength. Publication:NIST SP 800-56Arev3 IG:D.F Scenario 2, Path (1) Message digest SHA Hashing SHA-1: (A5259) SHA2-224: (A5259) SHA2-256: (A5259) SHA2-384: (A5259) SHA2-512: (A5259) SHA3-224: (A5259) SHA3-256: (A5259) SHA3-384: (A5259) SHA3-512: (A5259) Key Generation AsymKeyPair- Key Generation Publication:NIST ECDSA KeyGen KeyGen (asymmetric) SP 800-133rev2 (FIPS186-5): - Section 4 (A5259) Publication:NIST ECDSA KeyVer SP 800-133rev2 (FIPS186-5): - Section 5 (A5259) Publication:NIST KAS-ECC-SSC SP 800-133rev2 Sp800-56Ar3: - Section 6.2.2 (A5259) Arista Networks Inc. Public Material

Page 27

Arista Networks, Inc. FIPS 140-3 Security Policy Name Type Description Properties Algorithms KAS-FFC-SSC Sp800-56Ar3: (A5259) RSA KeyGen (FIPS186-5): (A5259) CKG (Asymmetric) : () Key Type: Asymmetric CKG: () Key Type: KBKDF Derived Key Key Transport KTS-Encap Key Transport Security KTS-IFC: (encapsulation) Strength:Key (A5259) using RSA- establishment OAEP methodology provides between 112 and 150 bits of encryption strength. Key Wrapping KTS-Wrap Key Wrapping Security AES-KW: using AES-KW Strength:Key (A5259) or AES-KWP establishment AES-KWP: methodology (A5259) provides between 128 and 256 bits of encryption strength. Table 9: Security Function Implementations

2.7 Algorithm Specific Information

The following algorithm specific information applies to algorithms used by the module in the approved mode of operation. SHA-1: Per NIST SP 800-131A rev3, usage of the SHA-1 service as part of digital signature generation is disallowed in the approved mode of operation. AES-GCM: Arista Networks Inc. Public Material

Page 28

Arista Networks, Inc. FIPS 140-3 Security Policy Per FIPS 140-3 IG C.H, the module implements deterministic IV construction as described in NIST SP 800-38D, section 8.2.1. The IV is constructed internally, and deterministically, with a length of 96 bits. The module provides the AES-GCM service to the calling application in a manner compatible with the TLS v1.2 protocol per RFC5246 and using cipher suites listed in section 3.3.1 or NIST SP 800-52rev2. The module explicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values of 2^64-1 for a given session key. If this exhaustion condition is observed, the module returns an error indication to the calling application, which will then need to either abort the connection, or trigger a handshake to establish a new encryption key. In the event Module power is lost and restored the calling application must ensure that any AES GCM keys used for encryption or decryption are re-distributed. AES-XTS: Per NIST SP 800-38E, the module implements the AES-XTS algorithm. Per IG A.9, AES-XTS is to be used for storage applications only. The module performs the required key uniqueness check (Key_1 =/= Key_2) before processing data with the AES-XTS keys. The user shall enforce the length of the data unit used by any AES-XTS implementation does not exceed 2^20 blocks.

2.8 RBG and Entropy

N/A for this module. N/A for this module. The module’s entropy source is located within the TOEPP, but outside the cryptographic boundary of the module. The module passively receives entropy based on request by the calling applications and exercises no control over the amount of quality of the obtained entropy. As such, there is No assurance of the minimum strength of generated SSPs (e.g., keys). By default, the module requests 256 bits of entropy per request.

2.9 Key Generation

When generating asymmetric keys, the module uses the direct output of its approved DRBG to generate random numbers and seeding material, per the guidance in NIST SP 800-133rev2, Section 5.

2.10 Key Establishment

The module implements the following approved key agreement methods: Arista Networks Inc. Public Material

Page 29

Arista Networks, Inc. FIPS 140-3 Security Policy - KAS-ECC-SSC - NIST SP 800-56A Rev. 3 (FIPS 140-3 IG D.F, Scenario 2, Path (1) - KAS-FFC-SSC - NIST SP 800-56A Rev. 3 (FIPS 140-3 IG D.F, Scenario 2, Path (1) While the module implements the protocol-specific KDFs in support of key agreement operations, the module only offers cryptographic services at the API-level to calling applications and does not implement full key agreement within the module boundary. The module implements the following key transport method: - KTS-IFC

2.11 Industry Protocols

The module implements approved cryptography to support the following industry-specific protocols: - IKEv1, IKEv2, SSH, TLS v1.2, MACsec However, the module only offers cryptographic services to calling applications and does not contain full implementations of industry protocols. No parts of the TLS protocol, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP.

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Physical Logical Data That Passes Port Interface(s) N/A Data Input The module accepts data input through the input arguments of the API functions. N/A Data Output The module produces data output through the parameters of the API functions. N/A Control Input The module accepts control input through the input arguments of the API functions used to control the module. N/A Status The module produces status output through the return values from Output function calls and error messages. Table 10: Ports and Interfaces As a software cryptographic toolkit, all of the module’s interfaces are defined at the Software/Firmware Module Interface (SFMI). The FIPS-defined logical interfaces are mapped to specific calls via a well-defined API, with which the operator interacts. Arista Networks Inc. Public Material

Page 30

Arista Networks, Inc. FIPS 140-3 Security Policy The data output interface is inhibited when the module is performing self-tests, performing zeroisation, or while in an error state.

4 Roles, Services, and Authentication
4.1 Authentication Methods

N/A for this module. The module does not implement an authentication mechanism. The operator role of Crypto Officer is assumed implicitly.

4.2 Roles

Name Type Operator Type Authentication Methods Crypto Officer Role Crypto Officer None Table 11: Roles The module only supports 1 role: Crypto Officer (CO). This role is assumed implicitly by the operator when performing an approved service.

4.3 Approved Services

The module performs the following approves services: Name Descripti Indicator Inputs Outputs Security SSP on Functions Access Data Encrypt or 1 (return Parameters Status, Data Crypto Encryption, decrypt code) , plaintext ciphertext or Encryption Officer Decryption data or plaintext Data - AES ciphertext, Decryption Key: key W,E - AES GCM Key: W,E Key Perform 1 (return Parameters Status, Key Crypto Derivation key code) , derived key Derivation Officer Function derivation key/passwo Function - KDF using a rd Secret: key G,R derivation - TLS function PreMaster Secret: G,R - TLS Arista Networks Inc. Public Material

Page 31

Arista Networks, Inc. FIPS 140-3 Security Policy Name Descripti Indicator Inputs Outputs Security SSP on Functions Access Master Secret: G,R KBKDF Key: G,R KBKDF Derived Key: W,E - KDF Derived Key: W,E Deterministi Generate 1 (return N/A Status, Deterministi Crypto c Random random code) random c Random Officer Bit numbers number Bit Generation with Generation Entropy SP800- Input: 90A Rev 1 W,E,Z - DRBG 'V' Value: W,E - DRBG 'C' Value: W,E - DRBG Seed: G,E,Z - DRBG Key: W,E Digital Generate 1 (return Parameters Status, Digital Crypto Signature or verify code) , RSA / digital Signature Officer RSA or ECDSA signature - RSA ECDSA keys, Public digital message Key: signatures W,E - RSA Private Key: W,E ECDSA Arista Networks Inc. Public Material

Page 32

Arista Networks, Inc. FIPS 140-3 Security Policy Name Descripti Indicator Inputs Outputs Security SSP on Functions Access Public Key: W,E ECDSA Private Key: W,E Message Generate 1 (return Parameters Status, Message Crypto Authenticati or verify code) , message, message Authenticati Officer on data key authenticati on - AES integrity on code GCM Key: W,E - AES CMAC Key: W,E - HMAC Key: W,E Key Perform 1 (return Parameters Status, Key Crypto Agreement key code) , DH/ECDH shared Agreement Officer agreement keys secret ECC - DH primitives Key Public on behalf Agreement Key: of the FFC W,E calling - DH process Private (does not Key: establish W,E keys into - DH the Shared module) Secret: G - ECDH Public Key: W,E - ECDH Private Key: W,E - ECDH Shared Secret: G Arista Networks Inc. Public Material

Page 33

Arista Networks, Inc. FIPS 140-3 Security Policy Name Descripti Indicator Inputs Outputs Security SSP on Functions Access Key Generate 1 (return Parameters Status, Key Crypto Generation and verify code) keypair Generation Officer an - RSA asymmetri Public c keypair Key: and DH G,R parameter - RSA s Private Key: G,R ECDSA Public Key: G,R ECDSA Private Key: G,R - DH Public Key: G,R - DH Private Key: G,R - ECDH Public Key: G,R - ECDH Private Key: G,R Key Transport 1 (return Parameters Status, Key Crypto Transport CSPs code) , plaintext plaintext or Transport Officer or ciphertext - Key ciphertext key Transpo key, rt Key: transport W,E key(s) Key Wrap 1 (return Parameters Status, Key Crypto Wrapping CSPs for code) , plaintext plaintext or Wrapping Officer Transport or ciphertext - AES ciphertext key Key: key, W,E Arista Networks Inc. Public Material

Page 34

Arista Networks, Inc. FIPS 140-3 Security Policy Name Descripti Indicator Inputs Outputs Security SSP on Functions Access transport key(s) Message Generate 1 (return Parameters Status, Message Crypto digest a code) , Message Digest of digest Officer message the digest message Zeroize Zeroize all Successful N/A N/A None Crypto SSPs completion Officer procedural (Procedur - AES ly by al) Key: Z power - AES cycling or GCM unloading IV: Z the - AES module GCM Key: Z - AES CMAC Key: Z - HMAC Key: Z Entropy Input: Z - DRBG 'C' Value: Z - DRBG 'V' Value: Z - DRBG Seed: Z - DRBG Key: Z - RSA Public Key: Z - RSA Private Key: Z ECDSA Public Key: Z ECDSA Private Key: Z Arista Networks Inc. Public Material

Page 35

Arista Networks, Inc. FIPS 140-3 Security Policy Name Descripti Indicator Inputs Outputs Security SSP on Functions Access - DH Public Key: Z - DH Private Key: Z - DH Shared Secret: Z - ECDH Public Key: Z - ECDH Private Key: Z - ECDH Shared Secret: Z - Key Transpo rt Key: Z - KDF Secret: Z - KDF Derived Key: Z - TLS PreMaster Secret: Z - TLS Master Secret: Z KBKDF Key: Z KBKDF Derived Key: Z Perform Perform 1 (return N/A Status None Crypto Self-tests the code) Officer module Arista Networks Inc. Public Material

Page 36

Arista Networks, Inc. FIPS 140-3 Security Policy Name Descripti Indicator Inputs Outputs Security SSP on Functions Access self-tests on demand Show Command 1 (return Parameters Status None Crypto Status the code) Officer module to output it's current status Show Command 1 (return Parameters Status None Crypto module's the code) Officer versioning module to information output the module version Table 12: Approved Services

4.4 Non-Approved Services

Name Description Algorithms Role Data Encryption, Encrypt or decrypt data using Triple-DES Triple-DES Crypto Decryption (TDES) (Return code of '0' for non-approved Officer service) Table 13: Non-Approved Services

4.5 External Software/Firmware Loaded

The module does not support loading of external software.

5 Software/Firmware Security
5.1 Integrity Techniques

The module verifies the integrity of all software components within the cryptographic boundary using an HMAC-SHA2-256-based integrity technique. The module computes the HMAC digest of the entire software package that represents the module and compares the result against a stored pre-computed digest. The module’s pre-operational integrity check is performed automatically at module power-up.

5.2 Initiate on Demand

The module integrity check can be performed on demand by the module operator by rebooting the host platform or by calling on-demand self-test service of the module. Arista Networks Inc. Public Material

Page 37

Arista Networks, Inc. FIPS 140-3 Security Policy

5.3 Open-Source Parameters

The module is based on the open-source OpenSSL FIPS Provider, version 3.1.5. The module was built using the following open-source compiler: - GCC

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Modifiable How Requirements are Satisfied: The cryptographic module has control over its own SSPs. The EOSv4 operating system used by the module’s operational environment uses proper memory and process management to prevent unauthorized access to CSPs and uncontrolled modifications of SSPs while the module is in process space. The OS also ensures via process management that processes spawned by the module are owned by the module itself, and not by external processes/operators. The module does not persistently store SSPs.

7 Physical Security

The cryptographic module is a multi-chip standalone software module and does not include any physical components. Therefore, no physical security mechanisms or protections are implemented, and the section 7 requirements do not apply to the module.

8 Non-Invasive Security

The module does not claim any mitigations against non-invasive attacks. Additionally, there are no non-invasive attack mitigations outlined in Annex F of ISO/IEC 19790:2012. Therefore, the section 8 requirements do not apply to the module.

9 Sensitive Security Parameters Management
9.1 Storage Areas

Storage Description Persistence Area Type Name RAM System Memory Dynamic External Calling Application Dynamic Table 14: Storage Areas Arista Networks Inc. Public Material

Page 38

Arista Networks, Inc. FIPS 140-3 Security Policy The table above lists the SSP storage areas implemented by the module. The module does not implement persistent storage of SSPs, and only stores keys temporarily in RAM, within the process space of the module.

9.2 SSP Input-Output Methods

Name From To Format Distribution Entry SFI or Type Type Type Algorithm SSP Input External RAM Plaintext Automated Electronic SSP Output RAM External Plaintext Automated Electronic SSP Output RAM External Encrypted Automated Electronic Key (Encrypted) Transport SSP Input External RAM Encrypted Automated Electronic Key (Encrypted) Transport Table 15: SSP Input-Output Methods The table above lists the SSP Input-Output methods implemented by the module. The module only inputs or outputs SSPs using automated, electronic means to and from within the module TEOPP.

9.3 SSP Zeroization Methods

Zeroization Description Rationale Operator Initiation Method Reboot Host Reboot Memory is zeroized Operator Initiated upon reboot (Procedural) Module Module Unload Module unloaded from Operator Initiated Unload memory (Procedural) API Call Zeroize function runs Runs cleanup routine, Automatic (Part of automatically as part of then frees all memory other operator services that temporarily locations where SSPs initiated services) store SSPs are stored. Table 16: SSP Zeroization Methods The module does not persistently store keys; therefore, all keys are held in the module’s process space in volatile memory and are effectively zeroized upon reboot of the host platform. The zeroize API function can be invoked by the calling application and zeroizes all SSPs in the module storage space.

9.4 SSPs

The module supports the keys and other SSPs listed in the table below: Arista Networks Inc. Public Material

Page 39

Arista Networks, Inc. FIPS 140-3 Security Policy Name Description Size - Type - Generate Establishe Used By Strengt Category d By d By h AES Key AES Key 128,192, Symmetric Data (CBC, CFB, 256 - Key - CSP Encryption CTR, ECB) 128,192, Data

256 Decryption

AES AES-GCM 96 bits - Key Data GCM IV Initialization - Componen Encryption Vector t - CSP Data Decryption AES AES-GCM 128,192, Symmetric Data GCM Key 256 - Key - CSP Encryption Key 128,192, Data

256 Decryption

AES CMAC Key 128, Symmetric Data CMAC 192, 256 Key - CSP Encryption Key - 128, Data 192, 256 Decryption HMAC Key used for ≥ 112 HMAC Key Message Key HMAC bits - ≥ - CSP Authenticatio Operations 112 bits n Entropy Externally 128 - Entropy - Deterministic Input generated 256 bits CSP Random Bit entropy used - 128 - Generation to seed the 256 bits DRBG DRBG Hash-DRBG 440 bits DRBG Deterministic 'C' Value State Value -- Internal Random Bit State - Generation CSP DRBG DRBG 128-256 DRBG Deterministic 'V' Value Internal State bits - - Internal Random Bit Value State - Generation CSP DRBG DRBG 128 - DRBG Deterministic Seed Internal State 256 bits Internal Random Bit Value - 128 - State - Generation

256 bits CSP

DRBG DRBG 128 - DRBG Deterministic Key Internal State 256 bits Internal Random Bit Value - 128 - State - Generation

256 bits CSP

RSA Public Key ≥ 1024 RSA Digital Digital Public used for RSA bits - 96 Keypair - Signature Signature Key operations to 256 PSP bits RSA Private Key ≥ 2048 RSA Digital Digital Private used for RSA bits - Keypair - Signature Signature Key operations CSP Arista Networks Inc. Public Material

Page 40

Arista Networks, Inc. FIPS 140-3 Security Policy Name Description Size - Type - Generate Establishe Used By Strengt Category d By d By h

112 to
256 bits

ECDSA Public Key 256 to EC Digital Digital Public used for EC 521 bits Keypair - Signature Signature Key operations - 128 to PSP

256 bits

ECDSA Private Key 256 to EC Digital Digital Private used for EC 521 bits Keypair - Signature Signature Key operations - 128 to CSP

256 bits

DH DH Public 2048

112 to
200 bits

DH DH Private 2048

112 to
200 bits

DH DH Shared 2048

112 to
256 bits

ECDH ECDH Public 224 - ECDH Key Key Public Key 521 bits Keypair - Agreemen Agreement Key - 112 to PSP t ECC ECC

256 bits

ECDH ECDH 224 - ECDH Key Key Private Private Key 521 bits Shared Agreemen Agreement Key - 112 to Secret - t ECC ECC

256 bits CSP

ECDH ECDH 112 to ECDH Key Key Shared Shared 256 bits Shared Agreement Agreement Secret Secret - 112 to Secret - ECC ECC

256 bits PSP

Key Key 128 to Key Key Transpor Transport 256 bits Transport - Transport t Key Key - 128 to CSP

256 bits

KDF Secret used ≥ 112 KDF Key Key Secret for KDF bits - ≥ Secret - Derivation Derivation operations 112 bits CSP Function Function Key Agreemen t ECC Arista Networks Inc. Public Material

Page 41

Arista Networks, Inc. FIPS 140-3 Security Policy Name Description Size - Type - Generate Establishe Used By Strengt Category d By d By h Key Agreemen t FFC KDF Key resulting ≥ 112 KDF Key - Key Key Derived from the bits - ≥ CSP Derivation Derivation Key module’s SP 112 bits Function Function 800-135rev1 KDFs TLS Pre- Shared 112 to KDF Key Master Secret used 256 bits Secret - Derivation Secret for TLS - 112 to CSP Function session 256 bits establishmen t TLS Master 112 to KDF Key Master Secret used 256 bits Secret - Derivation Secret for TLS - 112 to CSP Function session 256 bits KBKDF Key used for 112 to KDF Key - Key Key key based 256 bits CSP Derivation key - 112 to Function derivation 256 bits KBKDF Key resulting ≥ 112 Symmetric Key Key Derived from the bits - ≥ Key - CSP Derivation Derivation Key module’s 112 bits Function Function KBKDF Table 17: SSP Table 1 Name Input - Storage Storage Zeroization Related SSPs Output Duration AES Key SSP Input RAM:Plaintext Until Reboot SSP Output External:Plaintext Reboot Host Module Unload API Call AES GCM SSP Input RAM:Plaintext Until Reboot IV SSP Output External:Plaintext Reboot Host Module Unload API Call AES GCM SSP Input RAM:Plaintext Until Reboot AES GCM Key SSP Output External:Plaintext Reboot Host IV:Derived From Module Unload API Call Arista Networks Inc. Public Material

Page 42

Arista Networks, Inc. FIPS 140-3 Security Policy Name Input - Storage Storage Zeroization Related SSPs Output Duration AES SSP Input RAM:Plaintext Until Reboot CMAC SSP Output External:Plaintext Reboot Host Key Module Unload API Call HMAC SSP Input RAM:Plaintext Until Reboot Key SSP Output External:Plaintext Reboot Host Module Unload API Call Entropy SSP Input RAM:Plaintext Until Reboot Input SSP Output External:Plaintext Reboot Host Module Unload API Call DRBG 'C' SSP Input RAM:Plaintext Until Reboot DRBG 'V' Value SSP Output External:Plaintext Reboot Host Value:Used With Module Unload API Call DRBG 'V' SSP Input RAM:Plaintext Until Reboot DRBG 'C' Value SSP Output External:Plaintext Reboot Host Value:Used With Module Unload API Call DRBG SSP Input RAM:Plaintext Until Reboot Seed SSP Output External:Plaintext Reboot Host Module Unload API Call DRBG Key SSP Input RAM:Plaintext Until Reboot SSP Output External:Plaintext Reboot Host Module Unload API Call RSA SSP Input RAM:Plaintext Until Reboot RSA Private Public Key SSP Output External:Plaintext Reboot Host Key:Paired With Module Unload API Call RSA SSP Input RAM:Plaintext Until Reboot RSA Public Private SSP Output External:Plaintext Reboot Host Key:Paired With Key Module Unload API Call ECDSA SSP Input RAM:Plaintext Until Reboot ECDSA Private Public Key SSP Output External:Plaintext Reboot Host Key:Paired With Module Arista Networks Inc. Public Material

Page 43

Arista Networks, Inc. FIPS 140-3 Security Policy Name Input - Storage Storage Zeroization Related SSPs Output Duration Unload API Call ECDSA SSP Input RAM:Plaintext Until Reboot ECDSA Public Private SSP Output External:Plaintext Reboot Host Key:Paired With Key Module Unload API Call DH Public SSP Input RAM:Plaintext Until Reboot DH Private Key SSP Output External:Plaintext Reboot Host Key:Paired With Module Unload API Call DH Private SSP Input RAM:Plaintext Until Reboot DH Public Key SSP Output External:Plaintext Reboot Host Key:Paired With Module Unload API Call DH SSP Input RAM:Plaintext Until Reboot DH Public Shared SSP Output External:Plaintext Reboot Host Key:Used With Secret Module DH Private Unload Key:Used With API Call ECDH SSP Input RAM:Plaintext Until Reboot ECDH Private Public Key SSP Output External:Plaintext Reboot Host Key:Paired With Module Unload API Call ECDH SSP Input RAM:Plaintext Until Reboot ECDH Public Private SSP Output External:Plaintext Reboot Host Key:Paired With Key Module Unload API Call ECDH SSP Input RAM:Plaintext Until Reboot ECDH Public Shared SSP Output External:Plaintext Reboot Host Key:Used With Secret Module ECDH Private Unload Key:Used With API Call Key SSP Input RAM:Plaintext Until Reboot Transport SSP Output RAM:Encrypted Reboot Host Key SSP Output External:Plaintext Module (Encrypted) External:Encrypted Unload SSP Input API Call (Encrypted) KDF SSP Input RAM:Plaintext Until Reboot Secret SSP Output External:Plaintext Reboot Host Module Unload API Call Arista Networks Inc. Public Material

Page 44

Arista Networks, Inc. FIPS 140-3 Security Policy Name Input - Storage Storage Zeroization Related SSPs Output Duration KDF SSP Input RAM:Plaintext Until Reboot KDF Derived SSP Output External:Plaintext Reboot Host Secret:Derived Key Module From Unload API Call TLS Pre- SSP Input RAM:Plaintext Until Reboot TLS Master Master SSP Output External:Plaintext Reboot Host Secret:Used Secret Module With Unload API Call TLS SSP Input RAM:Plaintext Until Reboot TLS Pre-Master Master SSP Output External:Plaintext Reboot Host Secret:Derived Secret Module From Unload API Call KBKDF SSP Input RAM:Plaintext Until Reboot KBKDF Derived Key SSP Output External:Plaintext Reboot Host Key:Used With Module Unload API Call KBKDF SSP Input RAM:Plaintext Until Reboot KBKDF Derived SSP Output External:Plaintext Reboot Host Key:Derived Key Module From Unload API Call Table 18: SSP Table 2

10 Self-Tests
10.1 Pre-Operational Self-Tests

The module performs the following pre-operational self-test: Algorithm or Test Test Properties Test Test Type Indicator Details Method HMAC-SHA2-256 HMAC-SHA2- KAT SW/FW status (A5259) 256 Integrity output Table 19: Pre-Operational Self-Tests The pre-operational integrity self-test is performed after the module is instantiated, but before the module transitions to the approved mode of operation. The HMAC-SHA2-256 CAST is performed conditionally, before the integrity test, and therefore before the first operational use of the algorithm. Arista Networks Inc. Public Material

Page 45

Arista Networks, Inc. FIPS 140-3 Security Policy

10.2 Conditional Self-Tests

The module performs the following conditional self-tests: Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type AES-GCM 128 bits KAT CAST Successful Encrypt Module (A5259) initialization Initialization of the module AES-ECB 128 bits KAT CAST Successful Decrypt Module (A5259) initialization Initialization of the module KDF KAT CAST Successful KDF KAT Module SP800-108 initialization Initialization (A5259) of the module KAS-FFC- p=2048, KAT CAST Successful Computation of Module SSC q=256 initialization shared secret 'Z' Initialization Sp800- of the (dhEphem) 56Ar3 module (A5259) KAS-ECC- P-256 KAT CAST Successful Computation of Module SSC initialization shared secret 'Z' Initialization Sp800- of the (Ephemeral 56Ar3 module Unified) (A5259) ECDSA P-256 PCT PCT Success or Sign and Verify Keypair KeyGen failure of PCT generation (FIPS186- service

  1. (A5259) RSA 2048-bit PCT PCT Success or Sign and Verify Keypair KeyGen failure of PCT generation (FIPS186- service
  2. (A5259) AES-XTS Check to Key PCT Success or XTS Key Check XTS Key Testing confirm Check failure of Check to confirm entry Revision Key1 ≠ service Key1 ≠ Key2 Key

2.0 Key2 check Critical

(A5259) Function Success or failure of service Per IG C.I SHA-1 SHA-1 KAT CAST Successful Hash and Module (A5259) initialization compare digest Initialization of the module Arista Networks Inc. Public Material

Page 46

Arista Networks, Inc. FIPS 140-3 Security Policy Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type HMAC- SHA2-256 KAT CAST Successful Hash and Module SHA2-256 initialization compare digest Initialization (A5259) of the module SHA2-512 SHA2-512 KAT CAST Successful Hash and Module (A5259) initialization compare digest Initialization of the module SHA3-256 SHA3-256 KAT CAST Successful Hash and Module (A5259) initialization compare digest Initialization of the module SHA3-512 SHA3-512 KAT CAST Successful Hash and Module (A5259) initialization compare digest Initialization of the module TLS v1.2 SHA2-256 KAT CAST Successful KDF KAT Module KDF initialization Initialization RFC7627 of the (A5259) module HMAC- HMAC- KAT CAST Successful MAC KAT Module SHA2-256 SHA2-256 initialization Initialization (A5259) of the module KDF IKEv1 SHA2-256 KAT CAST Successful KDF KAT Module (A5259) initialization Initialization of the module KDF IKEv2 SHA2-256 KAT CAST Successful KDF KAT Module (A5259) initialization Initialization of the module KDF SSH AES-128, KAT CAST Successful KDF KAT Module (A5259) SHA2-256 initialization Initialization of the module KTS-IFC 2048-bit, KAT CAST Successful Key Module (A5259) SHA2-256, initialization encapsulation Initialization Key Length of the test per SP 800256-bits module 56Brev2 and IG 10.3.A Counter AES-128 KAT CAST Successful Instantiate, Module DRBG initialization Reseed, and Initialization (A5259) of the Generate module Combined KAT per IG 10.3.A Arista Networks Inc. Public Material

Page 47

Arista Networks, Inc. FIPS 140-3 Security Policy Algorithm Test Test Test Indicator Details Conditions or Test Properties Method Type Hash SHA2-256 KAT CAST Successful Instantiate, Module DRBG initialization Reseed, and Initialization (A5259) of the Generate module Combined KAT per IG 10.3.A HMAC HMAC- KAT CAST Successful Instantiate, Module DRBG SHA2-256 initialization Reseed, and Initialization (A5259) of the Generate module Combined KAT per IG 10.3.A ECDSA P-256 KAT CAST Successful Sign and Verify Module SigGen initialization KAT Initialization (FIPS186- of the

  1. (A5259) module RSA 2048-bit KAT CAST Successful Sign and Verify Module SigGen initialization KAT Initialization (FIPS186- of the
  2. (A5259) module Table 20: Conditional Self-Tests Conditional CASTs are performed at module initialization, after the module integrity test, and before the first operational use of the algorithms. Pairwise consistency tests are performed conditionally upon generation of an asymmetric keypair. DRBG CASTs combine the Instantiate, Reseed, and Generate tests in a single sweep per the guidance in IG 10.3.A, Resolution 7.
10.3 Periodic Self-Test Information

Algorithm or Test Method Test Type Period Periodic Test Method HMAC-SHA2- KAT SW/FW Integrity User initiated On demand self-

256 (A5259) module reboot test service

Table 21: Pre-Operational Periodic Information Algorithm or Test Method Test Type Period Periodic Test Method AES-GCM KAT CAST User initiated Perform Self(A5259) module reboot tests service AES-ECB KAT CAST User initiated Perform Self(A5259) module reboot tests service KDF SP800-108 KAT CAST User initiated Perform Self(A5259) module reboot tests service KAS-FFC-SSC KAT CAST User initiated Perform SelfSp800-56Ar3 module reboot tests service (A5259) Arista Networks Inc. Public Material

Page 48

Arista Networks, Inc. FIPS 140-3 Security Policy Algorithm or Test Method Test Type Period Periodic Test Method KAS-ECC-SSC KAT CAST User initiated Perform SelfSp800-56Ar3 module reboot tests service (A5259) ECDSA KeyGen PCT PCT When ECDSA As part of the (FIPS186-5) keypairs are Digital Signature (A5259) generated Service RSA KeyGen PCT PCT When RSA As part of the (FIPS186-5) keypairs are Digital Signature (A5259) generated Service AES-XTS Key Check PCT User initiated Perform SelfTesting Revision module reboot tests service

2.0 (A5259)

SHA-1 (A5259) KAT CAST User initiated Perform Selfmodule reboot tests service HMAC-SHA2- KAT CAST User initiated Perform Self-

256 (A5259) module reboot tests service

SHA2-512 KAT CAST User initiated Perform Self(A5259) module reboot tests service SHA3-256 KAT CAST User initiated Perform Self(A5259) module reboot tests service SHA3-512 KAT CAST User initiated Perform Self(A5259) module reboot tests service TLS v1.2 KDF KAT CAST User initiated Perform SelfRFC7627 module reboot tests service (A5259) HMAC-SHA2- KAT CAST User initiated Perform Self-

256 (A5259) module reboot tests service

KDF IKEv1 KAT CAST User initiated Perform Self(A5259) module reboot tests service KDF IKEv2 KAT CAST User initiated Perform Self(A5259) module reboot tests service KDF SSH KAT CAST User initiated Perform Self(A5259) module reboot tests service KTS-IFC KAT CAST User initiated Perform Self(A5259) module reboot tests service Counter DRBG KAT CAST User initiated Perform Self(A5259) module reboot tests service Hash DRBG KAT CAST User initiated Perform Self(A5259) module reboot tests service HMAC DRBG KAT CAST User initiated Perform Self(A5259) module reboot tests service ECDSA SigGen KAT CAST User initiated Perform Self(FIPS186-5) module reboot tests service (A5259) RSA SigGen KAT CAST User initiated Perform Self(FIPS186-5) module reboot tests service (A5259) Arista Networks Inc. Public Material

Page 49

Arista Networks, Inc. FIPS 140-3 Security Policy Table 22: Conditional Periodic Information The module can perform the periodic pre-operational, and conditional self-tests procedurally, on demand, by power cycling the host platform.

10.4 Error States

Name Description Conditions Recovery Method Indicator Error The module's error POST or CAST Reload / Reboot return code: state. failure Module "0x0" Table 23: Error States Failure of any module self-test will cause the module to set an internal flag and transition to the error state. In the error state, all cryptographic functions are inhibited. The data output interface is also inhibited when the module is in the error state. Any further requests to the module for cryptographic services will cause the module to return an error indicator. To recover from the error state, the host platform must be power cycled. Power cycling will cause the module to perform the pre-operational self-tests and transition to the approved mode of operation. Optional statement - If the module self-tests continue to fail after rebooting, the CO should contact Arista Networks, Inc. for assistance.

10.5 Operator Initiation of Self-Tests

The module operator can initiate the pre-operational and conditional self-tests by power cycling the host platform.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The cryptographic module is distributed as part of Arista products, in the images accessible through the Arista software downloads portal. Products bundle together the operating system, applications, OpenSSL, and fips.so. While there is no need for the module to be built by the user at any point in time, it can be verified as the correct one by checking an unique version identifier, embedded into the module during the build process. The version identifier can be checked by issuing the following command: objcopy --dump-section .rodata2=/dev/stdout $(openssl info -modulesdir)/fips.so && echo The output of the above command should be: e8271acdca4674621a29e55d83fdbfb8990fbeb56b1a6eaf34082e562e5261e1

11.2 Administrator Guidance

Arista Networks Inc. Public Material

Page 50

Arista Networks, Inc. FIPS 140-3 Security Policy The module comes pre-configured on the Arista device and will perform approved services without any operator intervention.

11.3 Non-Administrator Guidance

The module only implements the crypto-officer role, which is implicitly assumed. Therefore, there is no separate guidance required for non-administrator usage of the module.

12 Mitigation of Other Attacks

The module implements mitigations against 2 types of timing attacks against digital signature services. Digital signature timing attacks involve measuring either the total processing time of digital signature and RSA operations, or the differences in execution times of processes during cryptographic operations. The module implements mitigations against 2 types of timing attacks. Constant-time implementations: Constant-time implementations regulate the execution time deltas between cryptographic operations to prevent an attacker from reverse-engineering sensitive data or cryptographic keys during processing. Numeric blinding: Numeric blinding uses random values during RSA processing. Those values act as a blinding factor preventing the attacker from determining which operation has been called and what processed data was via measuring the total execution time of the cryptographic operation. Arista Networks Inc. Public Material