All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Infinera G42

Certificate#5063StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorNokia Corporation
Low review priority  ·  exposes firmware-update authentication  ·  last validated 7 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/21/2030
CaveatWhen installed, initialized and configured as specified in Section Secure Operation in Section 11 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy
VendorNokia Corporation

Approved Algorithms (29)

AlgorithmACVP Cert
AES-CBCA4956
AES-CCMA4956
AES-CMACA4958
AES-CTRA4956
AES-ECBA4958
AES-GCMA4956
Counter DRBGA4958
ECDSA KeyGen (FIPS186-4)A4958
ECDSA SigGen (FIPS186-4)A4958
ECDSA SigVer (FIPS186-4)A3366
HMAC-SHA-1A4956
HMAC-SHA2- 256A4956
HMAC-SHA2- 384A4956
HMAC-SHA2- 512A4956
KAS-ECC-SSC Sp800-56Ar3A4958
KAS-FFC-SSC Sp800-56Ar3A4958
KDF IKEv2 (CVL)A4958
KDF SNMP (CVL)A4958
KDF SSH (CVL)A4958
PBKDFA4958
RSA KeyGen (FIPS186-4)A4958
RSA SigGen (FIPS186-4)A4958
RSA SigVer (FIPS186-4)A4958
SHA-1A4956
SHA2-256A3366
SHA2-384A4956
SHA2-512A4948
TLS v1.2 KDF RFC7627 (CVL)A4958
TLS v1.3 KDF (CVL)A4958

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Physical Security7
Non-Invasive SecurityN/A
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Infinera G42
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Load Test<br/>Firmware Update</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Block Ciphers (SNMPv3)<br/>Block Ciphers (SSHv2)<br/>Block Ciphers (TLSv1.2/v1.3)</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>kernel<br/>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Infinera G42
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Load Test<br/>Firmware Update</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Block Ciphers (SNMPv3)<br/>Block Ciphers (SSHv2)<br/>Block Ciphers (TLSv1.2/v1.3)</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>kernel<br/>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 2
Table of Contents
#SectionPage
1General5
1.1Overview5
1.2Security Levels5
2Cryptographic Module Specification5
2.1Description5
2.2Tested and Vendor Affirmed Module Version and Identification7
2.3Excluded Components8
2.4Modes of Operation8
2.5Algorithms8
2.6Security Function Implementations15
2.7Algorithm Specific Information21
2.8RBG and Entropy21
2.9Key Generation21
2.10Key Establishment22
2.11Industry Protocols22
3Cryptographic Module Interfaces23
3.1Ports and Interfaces23
4Roles, Services, and Authentication23
4.1Authentication Methods23
4.2Roles26
4.3Approved Services27
4.4Non-Approved Services93
4.5External Software/Firmware Loaded93
4.6Bypass Actions and Status93
4.7Cryptographic Output Actions and Status93
4.8Additional Information94
5Software/Firmware Security94
5.1Integrity Techniques94
5.2Initiate on Demand94
6Operational Environment94
6.1Operational Environment Type and Requirements94
7Physical Security94
7.1Mechanisms and Actions Required94
7.2User Placed Tamper Seals95
7.3Filler Panels100
8Non-Invasive Security100
9Sensitive Security Parameters Management101
9.1Storage Areas101
9.2SSP Input-Output Methods101
9.3SSP Zeroization Methods102
9.4SSPs102
9.5Transitions129
10Self-Tests129
10.1Pre-Operational Self-Tests129
10.2Conditional Self-Tests131
10.3Periodic Self-Test Information138
10.4Operator Initiation of Self-Tests145
10.5Error States145
11Life-Cycle Assurance145
11.1Installation, Initialization, and Startup Procedures145
11.2Administrator Guidance147
11.3Non-Administrator Guidance147
12Mitigation of Other Attacks147
slot 7)100
Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware7
Table 3: Modes List and Description8
Table 4: Approved Algorithms13
Table 5: Vendor-Affirmed Algorithms14
Table 6: Security Function Implementations21
Table 7: Entropy Certificates21
Table 8: Entropy Sources21
Table 9: Ports and Interfaces23
Table 10: Authentication Methods25
Table 11: Roles27
Table 12: Approved Services93
Table 13: Mechanisms and Actions Required95
Table 14: Storage Areas101
Table 15: SSP Input-Output Methods101
Table 16: SSP Zeroization Methods102
Table 17: SSP Table 1112
Table 18: SSP Table 2129
Table 19: Pre-Operational Self-Tests131
Table 20: Conditional Self-Tests138
Table 21: Pre-Operational Periodic Information140
Table 22: Conditional Periodic Information145
Table 23: Error States145
Figure 1: Infinera G42 Module Front View6
Figure 2: Infinera G42 IOP Card6
Figure 3: Infinera G42 XMM4 Card6
Figure 4: Infinera G42 CHM6 Card7
Figure 5: Infinera G42 Module Back View7
Figure 6: TELs on top of chassis96
Figure 7: TELs on rear of chassis96
Figure 8: TELs on front of chassis - IOP card (slot 2)97
Figure 9: TELs on front of chassis - XMM4 card (slot 1)97
Figure 10: TELs on front of chassis - XMM4 card (slot 3)97
Figure 11: TELs on front of chassis - CHM6 card (slot 4)98
Figure 12: TELs on front of chassis - CHM6 card (slot 4) and Blank card (slot 6)98
Figure 13: TELs on front of chassis - CHM6 card (slot 5)99
Figure 14: TELs on front of chassis - CHM6 card (slot 5) and Blank card (slot 7)99
slot 7)100
Page 5
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic module specification2
33Cryptographic module interfaces2
44Roles, services, and authentication3
55Software/Firmware security2
66Operational environmentN/A
77Physical security2
88Non-invasive securityN/A
99Sensitive security parameter management2
1010Self-tests2
1111Life-cycle assurance2
1212Mitigation of other attacksN/A
Overall LevelOverall Level2
1.1 Overview

This is a non-proprietary cryptographic module security policy for the Infinera G42 with the firmware version R6.2.2 or R6.2.3 (hereinafter calls the Module). The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a

1.2 Security Levels
2.1 Description

Purpose and Use: The Infinera G42 is a next-generation compact modular transport network elements deployed as part of a point-to-point, point-to-multipoint network for terrestrial and/or subsea applications. The G42 chassis provides multi-service client access (e.g. Ethernet, Optical Transport Network (OTN), etc.) to the Dense Wavelength Division Multiplexing (DWDM) transport bandwidth. The module is operated in a limited operational environment. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: © 2021-2025 Nokia Corporation.

Page 6

The module is a multiple-chip standalone hardware cryptographic module. The cryptographic boundary is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case and shown in the figures below and in the Physical Security section. These modules are described in more detail further below in this section. Figure 1: Infinera G42 Module Front View Figure 2: Infinera G42 IOP Card Figure 3: Infinera G42 XMM4 Card © 2021-2025 Nokia Corporation.

Page 7
Module configuration
NameModelHardware VersionFirmware VersionProcessor
G42G42Chassis G42, Controller Card XMM4, GX-IOP, Line Card [CHM6- C8, CHM6S-C14, CHM6S-C15 or CHM6-L8], and Filler Plate (GX-BLANK)R6.2.2 or R6.2.3Intel Atom C3558, EFR32MG21B010F1024IM32, Zynq UltraScale+, and NXP LS1012

Figure 5: Infinera G42 Module Back View

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 8

N/A for this module. Tested Module Identification

2.3 Excluded Components

N/A for this module. Modes List and Description: Table 3: Modes List and Description By default, the module is delivered with a non-compliant state but supports an Approved mode following the steps in section "Secure Operation" of this document by the Crypto Officer, the module can only operate in the Approved mode. The module does not claim implementation of The tables in section 2.5 below list all Approved security functions of the module, including specific key size(s) (in bits unless noted otherwise) employed for Approved services, and implemented modes of operation. There are some algorithm modes that were tested but not implemented by the module. Only the algorithms, modes, and key sizes that are implemented by the module are shown in these tables.

2.5 Algorithms

Approved Algorithms: © 2021-2025 Nokia Corporation.

Page 9
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA4956Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA4958Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA4959Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA4956Key Length - 128, 192, 256SP 800-38C
AES-CCMA4958Key Length - 128, 192, 256SP 800-38C
AES-CMACA4958Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CTRA4956Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA4958Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA4958Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBC482Direction - Decrypt, Encrypt Key Length - 256SP 800-38A
AES-GCMA4956Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GCMA4958Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-GCMA4959Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-GCMC501Direction - Decrypt, Encrypt IV Generation - External Key Length - 256SP 800-38D
Counter DRBGA4958Prediction Resistance - Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Counter DRBGA4959Prediction Resistance - Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A4958Curve - P-256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA KeyGen (FIPS186-4)A4959Curve - P-256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA SigGen (FIPS186-4)A4958Component - No Curve - P-256, P-384, P-521FIPS 186-4
ECDSA SigGen (FIPS186-4)A4959Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256FIPS 186-4
ECDSA SigVer (FIPS186-4)A3366Component - No Curve - P-192, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4948Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4949Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4952Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4953Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4955Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4956Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4958Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256FIPS 186-4
ECDSA SigVer (FIPS186-4)A4959Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256FIPS 186-4
ECDSA SigVer (FIPS186-4)A4960Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4961Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4962Component - No Curve - P-521 Hash Algorithm - SHA2-512FIPS 186-4
HMAC-SHA-1A4956Key Length - Key Length: 128-512 Increment 128FIPS 198-1
HMAC-SHA-1A4958Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A4956Key Length - Key Length: 128-512 Increment 128FIPS 198-1
HMAC-SHA2- 256A4957Key Length - Key Length: 64-2048 Increment 8FIPS 198-1
HMAC-SHA2- 256A4958Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A4959Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A4956Key Length - Key Length: 384-1024 Increment 320FIPS 198-1
HMAC-SHA2- 384A4958Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A4956Key Length - Key Length: 512-1024 Increment 256FIPS 198-1
HMAC-SHA2- 512A4958Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A4959Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4958Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A4959Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A4958Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192 Scheme - dhEphem - KAS Role - initiator, responderSP 800-56A Rev. 3
KDF IKEv2 (CVL)A4958Diffie-Hellman Shared Secret Length - Diffie- Hellman Shared Secret Length: 384-2048 Increment 1664 Derived Keying Material Length - Derived Keying Material Length: 1056, 2432 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF IKEv2 (CVL)A4959Diffie-Hellman Shared Secret Length - Diffie- Hellman Shared Secret Length: 384-2048 Increment 1664 Derived Keying Material Length - Derived Keying Material Length: 1056, 2432SP 800-135 Rev. 1
KDF SNMP (CVL)A4958Password Length - Password Length: 64, 96SP 800-135 Rev. 1
KDF SSH (CVL)A4958Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
PBKDFA4958Iteration Count - Iteration Count: 10-10000 Increment 1 Password Length - Password Length: 8-128 Increment 8SP 800-132
RSA KeyGen (FIPS186-4)A4958Key Generation Mode - B.3.6 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - StandardFIPS 186-4
RSA KeyGen (FIPS186-4)A4959Key Generation Mode - B.3.6 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - StandardFIPS 186-4
RSA SigGen (FIPS186-4)A4958Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096FIPS 186-4
RSA SigGen (FIPS186-4)A4959Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096FIPS 186-4
RSA SigVer (FIPS186-4)A4958Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096FIPS 186-4
RSA SigVer (FIPS186-4)A4959Signature Type - ANSI X9.31, PKCSPSS Modulo - 2048, 3072, 4096FIPS 186-4
Safe Primes Key GenerationA4958Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP- 8192SP 800-56A Rev. 3
SHA-1A4956Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
SHA-1A4958Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-256A3366Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-256A4956Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
SHA2-256A4957Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
SHA2-256A4958Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-256A4959Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-384A4956Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
SHA2-384A4958Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-512A4948Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
SHA2-512A4949Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
SHA2-512A4952Message Length - Message Length: 1536-4096 Increment 8FIPS 180-4
SHA2-512A4953Message Length - Message Length: 1536-4096 Increment 8FIPS 180-4
SHA2-512A4954Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-512A4955Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
SHA2-512A4956Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
SHA2-512A4958Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-512A4959Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-512A4960Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-512A4961Message Length - Message Length: 1536-65536 Increment 8FIPS 180-4
SHA2-512A4962Message Length - Message Length: 8-51200 Increment 8FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4958Hash Algorithm - SHA2-256, SHA2-384, SHA2- 512SP 800-135 Rev. 1
TLS v1.3 KDF (CVL)A4958HMAC Algorithm - SHA2-256, SHA2-384 KDF Running Modes - DHE, PSK, PSK-DHESP 800-135 Rev. 1
Page 11

HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 © 2021-2025 Nokia Corporation.

Page 13

Table 4: Approved Algorithms Notes:

Page 14
Service
NameProperties
CKGKey Type:AsymmetricN/AThe cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed) and FIPS 140-3 IG D.H. A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800-90Arev1 CTR_DRBG (A4958) or CTR_DRBG (A4959)
Page 15
Service
NameDescriptionApproved FunctionsType
KAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2)KAS ECC KeyGen in SSH, TLS and Control Plane IKEv2 servicesCounter DRBG CKGCKG KAS-KeyGen
KAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)KAS FFC KeyGen in SSH, TLS and Control Plane IKEv2 servicesCounter DRBG Safe Primes Key Generation CKGCKG KAS-KeyGen
KAS-ECC- KeyGen (Data Plane IKEv2)KAS ECC KeyGen in Data Plane Encryption serviceCounter DRBG CKGCKG KAS-KeyGen
KAS-ECC (SSHv2)KAS-ECC for SSHv2 serviceKAS-ECC-SSC Sp800-56Ar3 KDF SSHKAS-FullBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
KAS-FFC (SSHv2)KAS-FFC for SSHv2 serviceKAS-FFC-SSC Sp800-56Ar3 Domain Parameter Generation Method : MODP- 2048, MODP- 4096, and MODP-8192 KDF SSHKAS-FullBit-strength Caveat:Provides between 112 and 200 bits of encryption strength
KAS-ECC (TLSv1.2/v1.3)KAS-ECC for TLSv1.2/v1.3 serviceKAS-ECC-SSC Sp800-56Ar3 TLS v1.2 KDF RFC7627 TLS v1.3 KDFKAS-FullBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
KAS-FFC (TLSv1.2/v1.3)KAS-FFC for TLSv1.2/v1.3 serviceKAS-FFC-SSC Sp800-56Ar3 Domain Parameter Generation Method: ffdhe2048 TLS v1.2 KDF RFC7627 TLS v1.3 KDFKAS-FullBit-strength Caveat:Provides 112 bits of encryption strength
KAS-ECC (Control Plane IKEv2)KAS-ECC for Control Plane IKEv2 serviceKAS-ECC-SSC Sp800-56Ar3 KDF IKEv2KAS-FullBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
KAS-FFC (Control Plane IKEv2)KAS-FFC for Control Plane IKEv2 serviceKAS-FFC-SSC Sp800-56Ar3 Domain Parameter Generation Method: MODP- 2048, MODP- 3072, MODP- 4096, MODP- 6144 and MODP-8192 KDF IKEv2KAS-FullBit-strength Caveat:Provides between 112 and 200 bits of encryption strength
KAS-ECC (Data Plane IKEv2)KAS-ECC for Data Plane IKEv2 serviceKAS-ECC-SSC Sp800-56Ar3 Curve: P-521 KDF IKEv2KAS-FullBit-strength Caveat:Provides 256 bits of encryption strength
ECDSA KeyGen (SSH, TLS and Control Plane IKEv2)RSA Keypair generation for SSH, TLS and Control Plane IKEv2 servicesECDSA KeyGen (FIPS186-4) Counter DRBG CKGAsymKeyPair- KeyGen CKG
ECDSA SigGen (SSH, TLS and Control Plane IKEv2)ECDSA SigGen for SSH, TLS and Control Plane IKEv2 servicesECDSA SigGen (FIPS186-4)DigSig-SigGen

Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations

© 2021-2025 Nokia Corporation. Method : MODP2048, MODP4096, and

Page 16

AsymKeyPairKeyGen © 2021-2025 Nokia Corporation. Method: MODP2048, MODP3072, MODP4096, MODP6144 and

Page 17
Service
NameDescriptionApproved FunctionsType
ECDSA SigVer (SSH, TLS and Control Plane IKEv2)ECDSA SigVer for SSH, TLS and Control Plane IKEv2 servicesECDSA SigVer (FIPS186-4)DigSig-SigVer
RSA KeyGen (SSH, TLS and Control Plane IKEv2)RSA Keypair generation for SSH, TLS and Control Plane IKEv2 servicesRSA KeyGen (FIPS186-4) Counter DRBG CKGAsymKeyPair- KeyGen CKG
RSA SigGen (SSH, TLS and Control Plane IKEv2)RSA SigGen for SSH, TLS and Control Plane IKEv2 servicesRSA SigGen (FIPS186-4)DigSig-SigGen
RSA SigVer (SSH, TLS and Control Plane IKEv2)RSA SigVer for SSH, TLS and Control Plane IKEv2 servicesRSA SigVer (FIPS186-4)DigSig-SigVer
ECDSA KeyGen (Data Plane IKEv2)ECDSA Keypair generation for Data Plane IKEv2 servicesCounter DRBG ECDSA KeyGen (FIPS186-4) CKGAsymKeyPair- KeyGen CKG
ECDSA SigGen (Data Plane IKEv2)ECDSA SigGen for Data Plane IKEv2 serviceECDSA SigGen (FIPS186-4)DigSig-SigGen
ECDSA SigVer (Data Plane IKEv2)ECDSA SigVer for Data Plane IKEv2 serviceECDSA SigVer (FIPS186-4)DigSig-SigVer
RSA KeyGen (Data Plane IKEv2)RSA Keypair generation for Data Plane IKEv2 servicesRSA KeyGen (FIPS186-4) Counter DRBG CKGAsymKeyPair- KeyGen CKG
RSA SigGen (Data Plane IKEv2)RSA SigGen for Data Plane IKEv2 serviceRSA SigGen (FIPS186-4)DigSig-SigGen
RSA SigVer (Data Plane IKEv2)RSA SigVer for Data Plane IKEv2 serviceRSA SigVer (FIPS186-4)DigSig-SigVer
TLS Keying Materials DevelopmentKeying materials, used to derive TLS session keysTLS v1.2 KDF RFC7627 TLS v1.3 KDFKAS-135KDF
IPsec/IKEv2 Keying Materials DevelopmentKeying materials, used to derive IPSec/IKE session keysKDF IKEv2KAS-135KDF
SNMPv3 Keying Materials DevelopmentKeying materials, used to derive SNMP session keysKDF SNMPKAS-135KDF
Block Ciphers (SNMPv3)Block Ciphers used for SNMPv3 serviceAES-ECB HMAC-SHA-1 KDF SNMP SHA-1BC-UnAuth MAC
Block Ciphers (SSHv2)Block Cipher for SSHv2 serivceAES-CBC AES-CTR HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 512 SHA-1 SHA2-256 SHA2-512 AES-GCMBC-Auth BC-UnAuth MAC
Block Ciphers (TLSv1.2/v1.3)Block Cipher used for TLSv1.2/v1.3 serviceAES-CBC AES-GCM HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 SHA2-256 SHA2-384 SHA2-512BC-Auth BC-UnAuth MAC
Block Ciphers (Control Plane IKEv2)Block Ciphers for Control Plane IKEv2 serviceAES-CBC AES-CCM AES-GCM AES-CBC AES-CCM AES-GCM AES-CTR AES-CTR HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2-BC-Auth BC-UnAuth MAC

AsymKeyPairKeyGen AsymKeyPairKeyGen AsymKeyPairKeyGen © 2021-2025 Nokia Corporation.

Page 18

© 2021-2025 Nokia Corporation. HMAC-SHA2256 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2256

Page 19
Service
NameDescriptionApproved FunctionsTypeProperties
Block Cipher (Data Plane IKEv2)Block Cipher for Data Plane IKEv2 serviceAES-GCM AES-GCM AES-CBC HMAC-SHA2- 256 HMAC-SHA2- 512 SHA2-256 SHA2-512 AES-ECBBC-Auth
SSH KTS (AES and HMAC)KTS via SSHv2 service by using AES and HMACAES-CBC AES-CTR HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 512 SHA-1 SHA2-256 SHA2-512KTS-WrapBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
SSH KTS (GCM)KTS via SSHv2 service by using AES-GCMAES-GCMKTS-WrapBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
TLS KTS (AES and HMAC)KTS via TLSv1.2/v1.3 service by using AES and HMACAES-CBC HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 512 SHA2-256 SHA2-384 SHA2-512KTS-WrapBit-strength Caveat:Provides between 128 and 256 bits of encryption strength
TLS KTS (GCM)KTS via TLSv1.2/v1.3AES-GCMKTS-WrapBit-strength Caveat:Provides
service by using GCMservice by using GCMbetween 128 and 256 bits of encryption strength
OSPFv2 AuthenticationOSPFv2 authenticationHMAC-SHA2- 256 SHA2-256MAC
LUKS Database ProtectionDatabase integrity protection using HMAC-SHA2- 512SHA2-512 HMAC-SHA2- 512 PBKDFMAC
Firmware Load TestECDSA SigVer for firmware load testECDSA SigVer (FIPS186-4) Curve: P-521DigSig-SigVer
NTP AuthenticationNTP authenticationSHA-1 SHA2-256 AES-CMACMAC
DRBG FunctionUsed for DRBG generationCounter DRBG Counter DRBGDRBG
Firmware Integrity TestUsed for firmware integrity testECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) SHA2-512 ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) SHA2-256 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512DigSig-SigVer

© 2021-2025 Nokia Corporation. HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512

Page 20

HMAC-SHA2512 © 2021-2025 Nokia Corporation. HMAC-SHA2256 HMAC-SHA2512

Page 21
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
EFR32MG21B010F1024IM32Physical128 bitsB with SE Firmware Version 1.2.13Full EntropyA3366 (AES- CBC-MAC)
CertVendor Name
Number
E156Silicon Laboratories

Table 6: Security Function Implementations

2.7 Algorithm Specific Information

No specific algorithm information.

2.8 RBG and Entropy

Table 7: Entropy Certificates Table 8: Entropy Sources The module implements two approved CTR_DRBGs based on SP800-90Arev1, with Algo Certs. #A4958 and #A4959. Each DRBG is used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). The DRBG is seeded by the entropy source described in the table above. The CTR_DRBG (AES-128/192/256) enables Derivation Function capability. The DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy) and provides at least 256 bits security strength for the following cryptographic keys generation. The entropy source implementation generates an output that is considered to have full entropy. More information can be found in the public use document for ESV cert #E156.

2.9 Key Generation

The module generates RSA, ECDSA, EC Diffie-Hellman, and Diffie-Hellman asymmetric key pairs compliant with FIPS 186-4, using a NIST SP 800-90A CTR DRBG for random number © 2021-2025 Nokia Corporation.

Page 22

generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).

2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation:

7919 (TLS) and RFC 3526 (IKE).

- SSH (RFC 4419): MODP-2048 (ID =

  1. MODP-4096 (ID =
  2. MODP-8192 (ID = 18) - TLS (RFC 7919): ffdhe2048 (ID = 256) - IKE (RFC 3526): MODP-2048 (ID =
  3. MODP-3072 (ID =
  4. MODP-4096 (ID =
  5. MODP-6144 (ID =
  6. MODP-8192 (ID = 18) • KAS-ECC Shared Secret Computation: o The module provides SP800-56Arev3 compliant key establishment according to FIPS 140-3 IG D.F scenario 2 path (2) with KAS-ECC shared secret computation. The shared secret computation provides between 128 and 256 bits of encryption strength.
2.11 Industry Protocols

The module supports SSHv2, TLS v1.2, TLSv1.3, SNMPv3 and IPsec/IKEv2 industrial protocols. No parts of SSH, TLS, SNMP and IKEv2 protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information. © 2021-2025 Nokia Corporation.

Page 23
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Ethernet Ports and Optical Ports on CHM6 Card; DCN, CRAFT, CONSOLE, AUX 1 & AUX 2 Ports on XMM4 CardEthernet Ports and Optical Ports on CHM6 Card; DCN, CRAFT, CONSOLE, AUX 1 & AUX 2 Ports on XMM4 CardData InputPlaintext/Ciphertext Data input to the module for all approved services defined in Table 16
Ethernet Ports and Optical Ports on CHM6 Card; DCN, CRAFT, CONSOLE, AUX 1 & AUX 2 Ports on XMM4 CardEthernet Ports and Optical Ports on CHM6 Card; DCN, CRAFT, CONSOLE, AUX 1 & AUX 2 Ports on XMM4 CardData OutputPlaintext/Ciphertext Data output from the module for all approved services defined in Table 16
DCN, CRAFT, CONSOLE, AUX 1 & AUX 2 Ports on XMM4 Card; Lamp Test on IOP CardDCN, CRAFT, CONSOLE, AUX 1 & AUX 2 Ports on XMM4 Card; Lamp Test on IOP CardControl InputControl information input into the module for all the services defined in Tables 16
DCN, CRAFT, CONSOLE, AUX 1 & AUX 2 Ports on XMM4 Card, and LEDsDCN, CRAFT, CONSOLE, AUX 1 & AUX 2 Ports on XMM4 Card, and LEDsStatus OutputStatus Information output from the module
Power InterfacePower InterfacePowerPower supply
Sensitive security parameter
NameDescriptionStrengthSecurity MechanismStrength per Minute
Password- based AuthenticationThe minimum length is eight (8) characters (94 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000.The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8). Please referPassword BasedThe probability of successfully authenticating to the module within one minute is 10/(94^8). Please refer to Description section in this table for more details
As the module supports at most ten failed attempts to authenticate in a one- minute period, the probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total.As the module supports at most ten failed attempts to authenticate in a one- minute period, the probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total.to Description section in this table for more details
RSA-based AuthenticationThe modules support RSA public-key based authentication mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one-minute period, the probability of successfully authenticating to theThe probability that a random attempt will succeed is 1/(2^112). Please refer to Description section in this table for more detailsRSA SigVer (FIPS186-4) (A4958)the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112). Please refer to Description section in this table for more details
ECDSA- based AuthenticationThe modules support ECDSA public-key based authentication mechanism using a minimum of curve P- 256, which provides 128 bits of security strength. The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one-minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000.The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. Please refer to Description section in this table for more detailsECDSA SigVer (FIPS186-4) (A4958)the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128). Please refer to Description section in this table for more details
3 Cryptographic Module Interfaces

The module’s physical perimeter encompasses the case of the tested platform mentioned in The module’s data output interface will be disabled when performing pre-operational self-tests, loading new firmware, zeroizing keys, or when in an error state.

4.1 Authentication Methods
Page 25

ECDSAbased Table 10: Authentication Methods multiple Crypto Officer roles and User roles. Each role is authenticated by the module upon initial access to the module, as detailed below. Crypto Officer Roles:

Page 26
Service
NameRole AccessType
Security Admin (SA)Crypto OfficerIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Network Admin (NA)Crypto OfficerIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Encryption Admin (EA)Crypto OfficerIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Network Engineer (NE)UserIdentityPassword-based Authentication RSA-based Authentication

manage the creation, enabling / disabling of new Users and Passwords, User session monitoring, and configuration.

4.2 Roles
Page 27
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutputAuthentication Methods ECDSA-based Authentication
Monitoring Access (MA)UserIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Provisioning (PR)UserIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Turn-up and Test (TT)UserIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Show VersionShow module's ID and versioning informationSecurity Admin (SA) Network Admin (NA) Encryption Admin (EA) Network Engineer (NE) Monitoring Access (MA) Provisionin g (PR) Turn-up and Test (TT)NoneN/ACommand used to show module's versionModule's ID and versioning informatio n
Show StatusShow module's operational statusSecurity Admin (SA) Network Admin (NA) Encryption Admin (EA) NetworkNoneN/ACommand used to show Module's StatusModule's operation al status
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutputAuthentication Methods ECDSA-based Authentication
Monitoring Access (MA)UserIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Provisioning (PR)UserIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Turn-up and Test (TT)UserIdentityPassword-based Authentication RSA-based Authentication ECDSA-based Authentication
Show VersionShow module's ID and versioning informationSecurity Admin (SA) Network Admin (NA) Encryption Admin (EA) Network Engineer (NE) Monitoring Access (MA) Provisionin g (PR) Turn-up and Test (TT)NoneN/ACommand used to show module's versionModule's ID and versioning informatio n
Show StatusShow module's operational statusSecurity Admin (SA) Network Admin (NA) Encryption Admin (EA) NetworkNoneN/ACommand used to show Module's StatusModule's operation al status
4.3 Approved Services
Page 28
Service
NameDescriptionApproved FunctionsAccessIndicatorInputOutput
User Account Manageme ntUser account manageme ntNoneSecurity Admin (SA) - Operator Password: G,R,W,Z - SSH RSA Public Key: G,R,W,Z - SSH ECDSA Public Key: G,R,W,ZN/ACommand to manage the User accountStatus of User account
Certificates Manageme ntCertificates Manageme ntNoneSecurity Admin (SA) - SSH ECDSA Private Key: G,R,W,E,Z - SSH ECDSA Public Key: G,R,W,E,Z - SSH RSA Private Key: G,R,W,E,Z - SSH RSA Public Key: G,R,W,E,Z - TLS ECDSA Private Key: G,R,W,E,Z - TLS ECDSA Public Key: G,R,W,E,ZN/ACommand s used to manage the certificatesStatus of the completio n of network configurati on status
Page 29
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
Page 30
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Setup Network (non- security relevant)Commands to configure the non- security relevant networkNetwork Admin (NA) Provisionin g (PR) Turn-up and Test (TT)NoneN/ACommand s to configure the networkStatus of the completio n of network configurati on status
Enable/disa ble approved modeEnable/disa ble approved modeSecurity Admin (SA)NoneN/ACommand used to enable or disable approved modeModule's approved mode status
Configure Network Access Control ListConfigure network access control listSecurity Admin (SA)NoneN/ACommand s used to configure network access control listNetwork access control list configurati on status
Configure Performanc e Monitoring ServiceConfigure Performanc e Monitoring ServiceNetwork Admin (NA) Turn-up and Test (TT)NoneN/ACommand s used to configure performan ce monitoring serviceperforman ce monitoring service configurati on status
Configure EquipmentProvision equipmentNetwork Admin (NA) Network Engineer (NE)NoneN/ACommand s used to configue equipmentEquipmen t configurati on status
Configure Facilities (physical or logical Interfaces)Configure Facilities (physical or logical interfaces)Network Admin (NA) Provisionin g (PR) Turn-up and Test (TT)NoneN/ACommand s to configure the module's physical or logical interfacesModule's physical or logical interfaces configruait on status
Perform Self-TestPerform self-testsSecurity Admin (SA) Network Admin (NA) Encryption Admin (EA) NetworkFirmware Integrity TestN/ACommand to trigger self-testsSelf-tests completio n status

n (nonsecurity the nonsecurity N/A N/A N/A e e N/A N/A t N/A N/A © 2021-2025 Nokia Corporation. G,R,W,E,Z

Page 31
Service
NameDescriptionApproved FunctionsAccessIndicatorInputOutput
Firmware UpdatePerform firmware updateFirmware Load TestNetwork Admin (NA) - Firmware Load Test Key: R,EFirmware update service completio n statusCommand to trigger firmware updateFirmware update status
Perform ZeroizationZeroize all SSPs in the moduleNoneSecurity Admin (SA) - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - Operator Password: Z - LUKS DB Password: Z - LUKS DB Salt : Z - LUKS DB Integrity Key : Z - SSH DH Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DHN/ACommand to zeroize the moduleSSPs zeroizatio n status
Page 32
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
Page 36
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure SSHv2 serviceConfigure SSHv2 serviceSecurity Admin (SA) - SSH DH Private Key: W,Z - SSH DH Public Key: W,Z - SSH Peer DH Public Key: W,Z - SSH DH Shared Secret: W,Z - SSH ECDH Private Key: W,Z - SSH ECDH Public Key: W,Z - SSH PeerKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-ECC (SSHv2) KAS-FFC (SSHv2) ECDSA KeyGen (SSH, TLS and Control Plane IKEv2) ECDSA SigGenGlobal approved mode indicator and SSHv2 service configurati on statusCommman ds used to configure SSHv2 serviceSSHv2 service configurati on status

n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Nokia Corporation. Z W,Z W,Z W,Z

Page 37
Service
NameDescriptionRole AccessCsps AccessedIndicatorInputOutput
Configure TLS (v1.2/v1.3) ServiceConfigure TLS (v1.2/v1.3) serviceKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-FFC- KeyGen (SSH, TLS and ControlSecurity Admin (SA) - TLS DH Private Key: W,Z - TLS DH Public Key: W,Z - TLS Peer DH PublicGlobal approved mode indicator and OSPF service configurati on statusCommman ds used to configure TLS (v1.2/v1.3) serviceTLS (v1.2/v1.3 ) service configurati on status

n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Nokia Corporation. W,Z W,Z W,Z W,Z W,Z

Page 38
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
Plane IKEv2) KAS-ECC (TLSv1.2/v 1.3) KAS-FFC (TLSv1.2/v 1.3) ECDSA KeyGen (SSH, TLS and Control Plane IKEv2) ECDSA SigGen (SSH, TLS and Control Plane IKEv2) ECDSA SigVer (SSH, TLS and Control Plane IKEv2) RSA KeyGen (SSH, TLS and Control Plane IKEv2) RSA SigGen (SSH, TLS and Control Plane IKEv2) RSA SigVer (SSH, TLS and Control Plane IKEv2) Block Ciphers (TLSv1.2/v 1.3) TLS KTS (AES andPlane IKEv2) KAS-ECC (TLSv1.2/v 1.3) KAS-FFC (TLSv1.2/v 1.3) ECDSA KeyGen (SSH, TLS and Control Plane IKEv2) ECDSA SigGen (SSH, TLS and Control Plane IKEv2) ECDSA SigVer (SSH, TLS and Control Plane IKEv2) RSA KeyGen (SSH, TLS and Control Plane IKEv2) RSA SigGen (SSH, TLS and Control Plane IKEv2) RSA SigVer (SSH, TLS and Control Plane IKEv2) Block Ciphers (TLSv1.2/v 1.3) TLS KTS (AES andKey: W,Z - TLS DH Shared Secret: W,Z - TLS ECDH Private Key: W,Z - TLS ECDH Public Key: W,Z - TLS Peer ECDH Public Key: W,Z - TLS ECDH Shared Secret: W,Z - TLS ECDSA Private Key: W,Z - TLS ECDSA Public Key: W,Z - TLS RSA Private Key: W,Z - TLS RSA Public Key: W,Z - TLS Master Secret: W,Z - TLS Encryption Key: W,Z - TLS Integrity Key: W,Z - DRBG Entropy Input: W,Z
Page 39
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure SNMP serviceConfigure SNMP serviceSecurity Admin (SA) - SNMPv3 Authenticat ion Secret: W,Z - SNMPv3 Encryption Key: W,Z - SNMPv3 Integrity Key: W,ZBlock Ciphers (SNMPv3) SNMPv3 Keying Materials Developme ntGlobal approved mode indicator and SNMP service configurati on statusCommman ds used to configure SNMP serviceSNMP service configurati on status
Configure Control Plane IPSec/IKEv 2 ServiceConfigure Control Plane IPSec/IKEv 2 ServiceSecurity Admin (SA) - IPSec/IKE DH Private Key: W,Z - IPSec/IKE DH Public Key: W,Z - IPSec/IKE Peer DH Public Key: W,Z - IPSec/IKE DH Shared Secret: W,Z - IPSec/IKE ECDH Private Key: W,Z - IPSec/IKE ECDH Public Key: W,Z - IPSec/IKE Peer ECDH Public Key:KAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-ECC (Control Plane IKEv2) KAS-FFC (Control Plane IKEv2) ECDSA KeyGen (SSH, TLS and Control Plane IKEv2) ECDSA SigGenGlobal approved mode indicator and Control Plane IPSec/IKE v2 service configurati on statusCommman ds used to configure Control Plane IPSec/IKE v2 serviceControl Plane IPSec/IKE v2 service configurati on status

n © 2021-2025 Nokia Corporation. KAS-ECCKeyGen KAS-FFCKeyGen W,Z W,Z W,Z W,Z

Page 40
Service
NameDescriptionRole AccessCsps AccessedIndicatorInputOutput
Configure Data Plane Encryption ServiceConfigure Data Plane Encryption ServiceKAS-ECC- KeyGen (Data Plane IKEv2)Encryption Admin (EA) - Data PlaneGlobal approved mode indicatorCommman ds used to configure Data PlaneData Plane Encryptio n service

n KAS-ECCKeyGen © 2021-2025 Nokia Corporation. W,Z W,Z W,Z W,Z D: W,Z

Page 41
Service
NameCsps AccessedIndicatorInputOutputDescriptioSecurity
nAccessnFunctions
and Data Plane Encryptio n service configurati on statusand Data Plane Encryptio n service configurati on statusEncryption serviceconfigurati on statusKAS-ECC (Data Plane IKEv2) ECDSA KeyGen (Data Plane IKEv2) ECDSA SigGen (Data Plane IKEv2) ECDSA SigVer (Data Plane IKEv2) RSA KeyGen (Data Plane IKEv2) RSA SigGen (Data Plane IKEv2) RSA SigVer (Data Plane IKEv2) Block Cipher (Data Plane IKEv2) DRBG FunctionEncryption ECDH Private Key: W,Z - Data Plane Encryption ECDH Public Key: W,Z - Data Plane Encryption Peer ECDH Public Key: W,Z - Data Plane Encryption ECDH Shared Secret: W,Z - Data Plane Encryption ECDSA Private Key: W,Z - Data Plane Encryption ECDSA Public Key: W,Z - Data Plane Encryption RSA Private Key: W,Z - Data Plane Encryption RSA Public Key: W,Z - Data Plane
Page 42
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure OSPF ServiceConfigure OSPF ServiceSecurity Admin (SA) - OSPFv2 Authenticat ion Key : W,Z Network Admin (NA) - OSPFv2 Authenticat ion Key : W,ZOSPFv2 Authenticati onGlobal approved mode indicator and OSPF service configurati on status logCommand s used to configure OSPF serviceOSPF configurati on status
Configure LUKS Database Protection ServiceConfigure LUKS Database protection serviceSecurity Admin (SA) - LUKS DB Password: G,W,ZLUKS Database ProtectionGlobal approved mode indicator and LUKS Database service configurati on statusCommand s to configure LUKS database serviceStatus of completio n of LUKS database service configurati on
Run SSHv2 serviceRun SSHv2 serviceSecurity Admin (SA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,W,E,Z - SSH Peer DH Public Key: G,W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,W,E,Z - SSH Peer ECDH Public Key: G,W,E,Z - SSH ECDH Shared Secret:KAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-ECC (SSHv2) KAS-FFC (SSHv2) ECDSA KeyGen (SSH, TLS and Control Plane IKEv2) ECDSA SigGen (SSH, TLS and Control Plane IKEv2) ECDSA SigVer (SSH, TLS and Control Plane IKEv2) RSA KeyGen (SSH, TLS and Control Plane IKEv2) RSA SigGen (SSH, TLS and Control Plane IKEv2) RSA SigVer (SSH, TLS and ControlGlobal approved mode indicator and SSHv2 service running statusInitiate SSHv2 service establishm ent requestSSHv2 service running status
Page 43

n © 2021-2025 Nokia Corporation. KAS-ECCKeyGen KAS-FFCKeyGen G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z

Page 44
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
Plane IKEv2) Block Ciphers (SSHv2) SSH KTS (AES and HMAC) SSH KTS (GCM) DRBG FunctionPlane IKEv2) Block Ciphers (SSHv2) SSH KTS (AES and HMAC) SSH KTS (GCM) DRBG FunctionG,W,E,Z - SSH ECDSA Private Key: G,W,E,Z - SSH ECDSA Public Key: G,W,E,Z - SSH RSA Private Key: G,W,E,Z - SSH RSA Public Key: G,W,E,Z - SSH Encryption Key: G,W,E,Z - SSH Integrity Key: G,W,E,Z Network Admin (NA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,W,E,Z
Page 45
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
Page 53
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run TLS (v1.2/v1.3) ServiceRun TLS (v1.2/v1.3) ServiceSecurity Admin (SA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - TLS DHKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-ECC (TLSv1.2/v 1.3) KAS-FFC (TLSv1.2/v 1.3)Global approved mode indicator and TLS (v1.2/v1.3 ) service running statusInitiate TLS (v1.2/v1.3) service establishm ent requestTLS (v1.2/v1.3 ) service running status

n KAS-ECCKeyGen KAS-FFCKeyGen 1.3) 1.3) © 2021-2025 Nokia Corporation. G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z

Page 54
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
ECDSA KeyGen (SSH, TLS and Control Plane IKEv2) ECDSA SigGen (SSH, TLS and Control Plane IKEv2) ECDSA SigVer (SSH, TLS and Control Plane IKEv2) RSA KeyGen (SSH, TLS and Control Plane IKEv2) RSA SigGen (SSH, TLS and Control Plane IKEv2) RSA SigVer (SSH, TLS and Control Plane IKEv2) Block Ciphers (TLSv1.2/v 1.3) TLS KTS (AES and HMAC) TLS KTS (GCM) DRBG Function TLS Keying MaterialsECDSA KeyGen (SSH, TLS and Control Plane IKEv2) ECDSA SigGen (SSH, TLS and Control Plane IKEv2) ECDSA SigVer (SSH, TLS and Control Plane IKEv2) RSA KeyGen (SSH, TLS and Control Plane IKEv2) RSA SigGen (SSH, TLS and Control Plane IKEv2) RSA SigVer (SSH, TLS and Control Plane IKEv2) Block Ciphers (TLSv1.2/v 1.3) TLS KTS (AES and HMAC) TLS KTS (GCM) DRBG Function TLS Keying MaterialsPrivate Key: G,W,E,Z - TLS DH Public Key: G,W,E,Z - TLS Peer DH Public Key: G,W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH Public Key: G,W,E,Z - TLS Peer ECDH Public Key: G,W,E,Z - TLS ECDH Shared Secret: G,W,E,Z - TLS ECDSA Private Key: G,W,E,Z - TLS ECDSA Public Key: G,W,E,Z - TLS RSA Private Key: G,W,E,Z - TLS RSA Public Key: G,W,E,Z - TLS
nAccessnFunctions
Developme ntDevelopme ntMaster Secret: G,W,E,Z - TLS Encryption Key: G,W,E,Z - TLS Integrity Key: G,W,E,Z Network Admin (NA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - TLS DH Private Key: G,W,E,Z - TLS DH Public Key: G,W,E,Z - TLS Peer DH Public Key: G,W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS
Page 56
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
Page 64
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run Control Plane IPsec/IKEv 2 ServiceRun Control Plane IPsec/IKEv 2 ServiceSecurity Admin (SA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed:KAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2) KAS-FFC- KeyGenGlobal approved mode indicator and Run IPsec/IKE v2 service completioCommand to run Run Control Plane IPsec/IKEv 2 serviceControl Plane IPsec/IKE v2 service running status

n KAS-ECCKeyGen KAS-FFCKeyGen © 2021-2025 Nokia Corporation. G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z

Page 65
Service
NameCsps AccessedIndicatorDescriptioSecurity
nAccessnFunctions
n status logn status log(SSH, TLS and Control Plane IKEv2) KAS-ECC (Control Plane IKEv2) KAS-FFC (Control Plane IKEv2) ECDSA KeyGen (SSH, TLS and Control Plane IKEv2) ECDSA SigGen (SSH, TLS and Control Plane IKEv2) ECDSA SigVer (SSH, TLS and Control Plane IKEv2) RSA KeyGen (SSH, TLS and Control Plane IKEv2) RSA SigGen (SSH, TLS and Control Plane IKEv2) RSA SigVer (SSH, TLS and Control Plane IKEv2) Block CiphersG,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - IPSec/IKE DH Private Key: G,W,E,Z - IPSec/IKE DH Public Key: G,W,E,Z - IPSec/IKE Peer DH Public Key: G,W,E,Z - IPSec/IKE DH Shared Secret: G,W,E,Z - IPSec/IKE ECDH Private Key: G,W,E,Z - IPSec/IKE ECDH Public Key: G,W,E,Z - IPSec/IKE Peer ECDH Public Key: G,W,E,Z - IPSec/IKE ECDH Shared Secret: G,W,E,Z - IPSec/IKE ECDSA Private Key: G,W,E,Z
nAccessnFunctions
(Control Plane IKEv2) DRBG Function IPsec/IKEv 2 Keying Materials Developme nt(Control Plane IKEv2) DRBG Function IPsec/IKEv 2 Keying Materials Developme nt- IPSec/IKE ECDSA Public Key: G,W,E,Z - IPSec/IKE RSA Private Key: G,W,E,Z - IPSec/IKE RSA Public Key: G,W,E,Z - IPSec/IKE Pre-shared Secret: G,W,E,Z - IPSec/IKE SKEYSEE D: G,W,E,Z - IPSec/IKE Encryption Key: G,W,E,Z - IPSec/IKE Integrity Key: G,W,E,Z Network Admin (NA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - IPSec/IKE DH Private Key: G,W,E,Z
Page 67
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
Page 77
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run SNMP ServiceRun SNMP ServiceSecurity Admin (SA) - SNMPv3 Authenticat ion Secret: G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Network Admin (NA) - SNMPv3 Authenticat ion Secret: G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Encryption Admin (EA) - SNMPv3 Authenticat ion Secret: G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Network Engineer (NE) - SNMPv3 AuthenticatBlock Ciphers (SNMPv3) SNMPv3 Keying Materials Developme ntGlobal approved mode indicator and SNMP service running statusInitiate SNMP service establishm ent requestSNMP service running status
Page 78
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
Page 79
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run Data Plane Encrypiton ServiceRun Data Plane Encrypiton ServiceSecurity Admin (SA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - Data Plane Encryption ECDH Private Key: G,W,E,Z - Data Plane Encryption ECDH Public Key: G,W,E,Z - Data Plane Encryption Peer ECDH Public Key: G,W,E,Z - Data Plane Encryption ECDH Shared Secret: G,W,E,ZKAS-ECC- KeyGen (Data Plane IKEv2) KAS-ECC (Data Plane IKEv2) ECDSA KeyGen (Data Plane IKEv2) ECDSA SigGen (Data Plane IKEv2) ECDSA SigVer (Data Plane IKEv2) RSA KeyGen (Data Plane IKEv2) RSA SigGen (Data Plane IKEv2) RSA SigVer (Data Plane IKEv2) Block Cipher (Data Plane IKEv2) DRBG FunctionGlobal approved mode indicator and Data Plane Encryptio n service completio n status logCommand to run OSPF serviceData Plane Encryptio n service running status

n KAS-ECCKeyGen © 2021-2025 Nokia Corporation. G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z G,W,E,Z

Page 80
Service
NameCsps AccessedDescriptioSecurity
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
nAccessnFunctions
Page 92
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run OSPF ServiceRun OSPF ServiceSecurity Admin (SA) - OSPFv2 Authenticat ion Key : W,E Network Admin (NA) - OSPFv2 Authenticat ion Key : W,E Encryption Admin (EA) - OSPFv2 Authenticat ion Key : W,E Network Engineer (NE) - OSPFv2 Authenticat ion Key : W,E Monitoring Access (MA) - OSPFv2 Authenticat ion Key : W,E Provisionin g (PR) - OSPFv2 Authenticat ion Key : W,E Turn-up and Test (TT) - OSPFv2 Authenticat ion Key : W,EOSPFv2 Authenticati onGlobal approved mode indicator and OSPF service completio n status logCommand to run OSPF FunctionOSPF running status
Configure NTP Authenticati onConfigure NTP Authenticati on Scheme and KeySecurity Admin (SA) - NTP Authenticat ion Key : G,W,ZNTP Authenticati onGlobal approved mode indicator and NTP service configurati on statusCommand s to configure NTP serviceStatus of the completio n of NTP configurati on
Run LUKS Database Protection ServiceRun LUKS database protection serviceSecurity Admin (SA) - LUKS DB Password: W,E,Z - LUKS DB Salt : W,E,ZLUKS Database ProtectionGlobal approved mode indicator and LUKS service completio n status logCommand to run LUKS protection serviceLUKS running status
Page 93
4.4 Non-Approved Services
4.5 External Software/Firmware Loaded

The module supports the firmware load test by using ECDSA with Curve P-521 and SHA2-512 (ECDSA Cert. #A4956) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails. Any firmware loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation.

4.6 Bypass Actions and Status
4.7 Cryptographic Output Actions and Status

The module implements Self-initiated cryptographic output capability without external operator request. The Security Admin (SA) shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two © 2021-2025 Nokia Corporation.

Page 94
MechanismInspectionInspection Guidance
Frequency
Tamper Evidence Labels (P/N 550- 0158-001 and P/N 550-0159-001)90 daysTamper evidence labels should be checked for nicks and scratches that make the metal case visible through the nicked or scratched seal. Tamper Evidence Label (TEL) may show any of the following as evidence of tampering or removal: TEL is not preset in the positions prescribed (as shown above); TEL has been cut; TEL is not stuck

independent internal actions to activate the capability to prevent the inadvertent output due to a single error.

4.8 Additional Information

The module supports unauthenticated service. The unauthenticated User/Operators can trigger the self-test service by power-cycling the module, and is able to observe the module’s LEDs status.

5 Software/Firmware Security
5.1 Integrity Techniques

The module is provided in the form of binary executable code. To ensure firmware security, the module is protected by conducting multiple layers firmware integrity tests. Please refer to section 10.1 Pre-Operational Self-Tests of this Security Policy document for more details. If the firmware integrity test fails, the module would enter to an Error state with all crypto functionality inhibited.

5.2 Initiate on Demand

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the module to initiate the firmware integrity test on-demand.

6 Operational Environment
6.1 Operational Environment Type and Requirements

N/A for this module. Type of Operational Environment: Limited

7 Physical Security
7.1 Mechanisms and Actions Required
Page 95
MechanismInspectionInspection Guidance
Frequency
down well, or is loose; Self-destruction of the TEL (broken bits or shreds) present as from an attempt of removal; Tracking numbers do not match those recorded.
Production grade componentsN/AN/A

N/A N/A Table 13: Mechanisms and Actions Required Appling Tamper Evidence Labels The tamper evident labels shall be installed on the security devices containing the module prior to operating in Approved mode. TELs shall be applied as depicted in the figures below. Any unused TELs must be securely stored, accounted for, and maintained by the Security Admin (SA) in a protected location. Should the Security Admin (SA) have to remove, change or replace TELs for any reason, the Security Admin (SA) must examine the location from which the TEL was removed and ensure that no residual debris is still remaining on the chassis or card. If residual debris remains, the CO must remove the debris using a damp cloth. Any deviation of the TELs placement by unauthorized operators such as tearing, misconfiguration, removal, change, replacement or any other change in the TELs from its original configuration as depicted below shall mean the module is no longer in Approved mode of operation. Returning the system back to Approved mode of operation requires the replacement of the TELs as depicted below and any additional requirement per the site security policy which are out of scope of this Security Policy. The Security Admin (SA)checks the integrity of the label by following the guidance listed above. In case of notification of tamper evidence, the Security Admin (SA) shall not power on this module and shall contact Infinera Support team. The picture below shows the physical interface side of the module’s enclosure with tamperevident labels.

7.2 User Placed Tamper Seals

Number: Twenty-one (21) Small Tamper Evident Labels (P/N 550-0158-001) and Two (2) Large Tamper Evident Labels (P/N 550-0159-001). Placement: © 2021-2025 Nokia Corporation.

Page 96

Figure 6: TELs on top of chassis Figure 7: TELs on rear of chassis © 2021-2025 Nokia Corporation.

Page 97

Figure 8: TELs on front of chassis - IOP card (slot

  1. Figure 9: TELs on front of chassis - XMM4 card (slot
  2. Figure 10: TELs on front of chassis - XMM4 card (slot 3) © 2021-2025 Nokia Corporation.
Page 98

Figure 11: TELs on front of chassis - CHM6 card (slot 4) Figure 12: TELs on front of chassis - CHM6 card (slot 4) and Blank card (slot 6) © 2021-2025 Nokia Corporation.

Page 99

Figure 13: TELs on front of chassis - CHM6 card (slot 5) Figure 14: TELs on front of chassis - CHM6 card (slot 5) and Blank card (slot 7) © 2021-2025 Nokia Corporation.

Page 100

Figure 15: TELs on front of chassis - CHM6 card (slot 4 and slot 5) and Blank card (slot 6 and slot 7) Surface Preparation: Clean the chassis of any grease, dirt, or oil before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Operator Responsible for Securing Unused Seals: Must be stored in a secure location under controlled access

7.3 Filler Panels

The module uses the filler panels with Hardware number: GX-BLANK while in the approved mode.

8 Non-Invasive Security

N/A for this module. © 2021-2025 Nokia Corporation.

Page 101
Sensitive security parameter
NameTypeDescription
DRAMDynamicVolatile memory
FlashStaticNon-Volatile memory
Service
NameApproved FunctionsTypeFromTo
Module Public Key OutputPlaintextModuleExternal (Outside the Module's Boundary)AutomatedElectronic
Peer Public Key InputPlaintextExternal (Outside the Module's Boundary)ModuleAutomatedElectronic
SSPs Input/Output protected by TLS KTS (GCM)TLS KTS (GCM)EncryptedExternal (Outside the Module's Boundary)ModuleAutomatedElectronic
SSPs Input/Output protected by TLS KTS (AES and HMAC)TLS KTS (AES and HMAC)EncryptedExternal (Outside the Module's Boundary)ModuleAutomatedElectronic
SSPs Input/Output protected by SSH KTS (GCM)SSH KTS (GCM)EncryptedExternal (Outside the Module's Boundary)ModuleAutomatedElectronic
SSPs Input/Output protected by SSH KTS (AES and HMAC)SSH KTS (AES and HMAC)EncryptedExternal (Outside the Module's Boundary)ModuleAutomatedElectronic
9 Sensitive Security Parameters Management
9.1 Storage Areas
9.2 SSP Input-Output Methods

Table 15: SSP Input-Output Methods © 2021-2025 Nokia Corporation.

Page 102
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseModule Reboot
Zeroization upon session terminationSession termination will automatically zeroize all session based temporary SSPsSession terminationTerminate session
Zeroization upon rebooting the moduleReboot to zeroize all temporary SSPs stored in Module's DRAMRebootReboot
DRBG Entropy InputEntropy Inputs - CSPUsed to seed the DRBG384 bits - At least 256 bitsDRBG Function
DRBG SeedDRBG Seed - CSPUsed for DRBG generation256 bits - 256 bitsDRBG Function
DRBG Internal State V valueDRBG Internal State V value - CSPUsed for DRBG generation256 bits - 256 bitsDRBG Function
DRBG KeyDRBG Key - CSPUsed for DRBG generation256 bits - 256 bitsDRBG Function
Operator PasswordAuthenticati on Data - CSPUsed for operator authenticati on8-30 characte rs - N/A
LUKS DB PasswordHMAC key - CSPUsed for LUKS DB Integrity Key derivation512 bits - 512 bitsDRBG FunctionLUKS Database Protection
LUKS DB SaltSalt - CSPUsed for LUKS DB Integrity256 bits - 256 bitsDRBG FunctionLUKS Database Protection
Sensitive security parameter
NameTypeDescriptionStrengthGenerationEstablishmentStorageZeroizationUseModule RebootSize - Strengt h
Zeroization upon session terminationSession termination will automatically zeroize all session based temporary SSPsSession terminationTerminate session
Zeroization upon rebooting the moduleReboot to zeroize all temporary SSPs stored in Module's DRAMRebootReboot
DRBG Entropy InputEntropy Inputs - CSPUsed to seed the DRBG384 bits - At least 256 bitsDRBG Function
DRBG SeedDRBG Seed - CSPUsed for DRBG generation256 bits - 256 bitsDRBG Function
DRBG Internal State V valueDRBG Internal State V value - CSPUsed for DRBG generation256 bits - 256 bitsDRBG Function
DRBG KeyDRBG Key - CSPUsed for DRBG generation256 bits - 256 bitsDRBG Function
Operator PasswordAuthenticati on Data - CSPUsed for operator authenticati on8-30 characte rs - N/A
LUKS DB PasswordHMAC key - CSPUsed for LUKS DB Integrity Key derivation512 bits - 512 bitsDRBG FunctionLUKS Database Protection
LUKS DB SaltSalt - CSPUsed for LUKS DB Integrity256 bits - 256 bitsDRBG FunctionLUKS Database Protection
LUKS DB Integrity KeyAuthenticati on - CSPUsed for LUKS Database integrity protection512 bits - 512 bitsPBKDF (A4958)LUKS Database Protection
Firmware Load Test KeyPublic Key - PSPUsed for firmware load testP-521 - 256 bitsFirmware Load Test
SSH DH Private KeyPrivate Key - CSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 4096, and MODP- 8192 - 112-200 bitsKAS- FFC- KeyGen (SSH, TLS and Control Plane IKEv2)KAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)
SSH DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 4096, and MODP- 8192 - 112-200 bitsKAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)
SSH Peer DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 4096, and MODP- 8192 - N/AKAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)
SSH DH Shared SecretShared Secret - CSPUsed to derive SSH Encryption Key and SSH Integrity KeyMODP- 2048, MODP- 4096, and MODP- 8192 - 112-200 bitsKAS-FFC (SSHv2)KAS-FFC (SSHv2)
SSH ECDH Private KeyPrivate Key - CSPUsed to derive SSHP-256, P-384,KAS- ECC-KAS-ECC- KeyGen
ECDH Shared SecretECDH Shared SecretP-521 - 128-256 bitsKeyGen (SSH, TLS and Control Plane IKEv2)(SSH, TLS and Control Plane IKEv2)
SSH ECDH Public KeyPublic Key - PSPUsed to derive SSH ECDH Shared SecretP-256, P-384, P-521 - 128-256 bitsKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2)
SSH Peer ECDH Public KeyPublic Key - PSPUsed to derive SSH ECDH Shared SecretP-256, P-384, P-521 - N/AKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2)
SSH ECDH Shared SecretShared Secret - CSPUsed to derive SSH Encryption Key and SSH Integrity KeyP-256, P-384, P-521 - 128-256 bitsKAS-ECC (SSHv2)KAS-ECC (SSHv2)
SSH ECDSA Private KeyPrivate Key - CSPUsed for SSH authenticati onP-256, P-384 and P- 521 - 128-256 bitsECDSA KeyGen (SSH, TLS and Control Plane IKEv2)ECDSA SigGen (SSH, TLS and Control Plane IKEv2)
SSH ECDSA Public KeyPublic Key - PSPUsed for SSH authetnicati onP-256, P-384 and P- 521 - 128-256 bitsECDSA KeyGen (SSH, TLS and Control Plane IKEv2)ECDSA SigVer (SSH, TLS and Control Plane IKEv2)
SSH RSA Private KeyPrivate Key - CSPUsed for SSH authetnicati on2048, 3072 and 4096 bits - 112 -152 bitsRSA KeyGen (SSH, TLS and Control Plane IKEv2)RSA SigGen (SSH, TLS and Control Plane IKEv2)
SSH RSA Public KeyPublic Key - PSPUsed for SSH2048, 3072RSA KeyGenRSA SigVer (SSH, TLS
authetnicati onauthetnicati onand 4096 bits - 112 -152 bits(SSH, TLS and Control Plane IKEv2)and Control Plane IKEv2)
SSH Encryption KeySymmetric Key - CSPUsed for SSH traffic protection128-256 bits - 128-256 bitsKAS-ECC (SSHv2) KAS-FFC (SSHv2)Block Ciphers (SSHv2)
SSH Integrity KeyAuthenticati on Key - CSPUsed for SSH traffic integrity protectionat least 112 bits - at least 112 bitsKAS-ECC (SSHv2) KAS-FFC (SSHv2)Block Ciphers (SSHv2)
TLS DH Private KeyPrivate Key - CSPUsed to drive TLS DH Shared Secretffdhe204 8 - 112 bitsKAS- FFC- KeyGen (SSH, TLS and Control Plane IKEv2)KAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)
TLS DH Public KeyPublic Key - PSPUsed to drive TLS DH Shared Secretffdhe204 8 - 112 bitsKAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)
TLS Peer DH Public KeyPublic Key - PSPUsed to derive TLS DH Shared Secretffdhe204 8 - 112 bitsKAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)
TLS DH Shared SecretShared Secret - CSPUsed to derive TLS encryption Key and TLS Integrity Keyffdhe204 8 - 112 bitsKAS-FFC (TLSv1.2/v1 .3)KAS-FFC (TLSv1.2/v1 .3)
TLS ECDH Private KeyPrivate Key - CSPUsed to drive TLS ECDH Shared SecretP-256, P-384 and P- 521 - 128-256 bitsKAS- ECC- KeyGen (SSH, TLS and ControlKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2)
TLS ECDH Public KeyPublic Key - PSPUsed to drive TLS ECDH Shared SecretP-256, P-384 and P- 521 - 128-256 bitsKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2)
TLS Peer ECDH Public KeyPublic Key - PSPUsed to derive TLS ECDH Shared SecretP-256, P-384 and P- 521 - N/AKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2)
TLS ECDH Shared SecretShared Secret - CSPUsed to derive TLS Encryption Key and TLS Integrity KeyP-256, P-384 and P- 521 - 128-256 bitsKAS-ECC (TLSv1.2/v1 .3)KAS-ECC (TLSv1.2/v1 .3)
TLS ECDSA Private KeyPrivate Key - CSPUsed for TLS authenticati onP-256, P-384 and P- 521 - 128-256 bitsECDSA KeyGen (SSH, TLS and Control Plane IKEv2)ECDSA SigGen (SSH, TLS and Control Plane IKEv2)
TLS ECDSA Public KeyPublic Key - PSPUsed for TLS authenticati onP-256, P-384 and P- 521 - 128-256 bitsECDSA KeyGen (SSH, TLS and Control Plane IKEv2)ECDSA SigVer (SSH, TLS and Control Plane IKEv2)
TLS RSA Private KeyPrivate Key - CSPUsed for TLS authenticati on2048 bits - 112 bitsRSA KeyGen (SSH, TLS and Control Plane IKEv2)RSA SigGen (SSH, TLS and Control Plane IKEv2)
TLS RSA Public KeyPublic Key - PSPUsed for TLS peer authenticati on2048 bits - 112 bitsRSA KeyGen (SSH, TLS and Control Plane IKEv2)RSA SigVer (SSH, TLS and Control Plane IKEv2)
TLS Master SecretTLS Master Secret - CSPUsed to derive TLS Encryption Key and TLS Integrity Key384 bits - 384 bitsTLS Keying Materials Developme ntTLS Keying Materials Developme nt
TLS Encryption KeyEncryption Key - CSPUsed to protect TLS traffic confidentiali ty.128-256 bits - 128-256 bitsKAS-ECC (TLSv1.2/v1 .3) KAS-FFC (TLSv1.2/v1 .3)Block Ciphers (TLSv1.2/v1 .3)
TLS Integrity KeyAuthenticati on Key - CSPUsed to protect traffic confidentiali ty.at least 112 bits - at least 112 bitsKAS-ECC (TLSv1.2/v1 .3) KAS-FFC (TLSv1.2/v1 .3)Block Ciphers (TLSv1.2/v1 .3)
IPSec/IKE DH Private KeyPrivate Key - CSPUsed for IPsec/IKE DH Shared Secret derivationMODP- 2048, MODP- 3072, MODP- 4096, MODP- 6144 and MODP- 8192 - 112-200 bitsKAS- FFC- KeyGen (SSH, TLS and Control Plane IKEv2)KAS-FFC- SSC Sp800- 56Ar3 (A4958)
IPSec/IKE DH Public KeyPublic Key - PSPUsed for IPsec/IKE DH Shared Secret derivationMODP- 2048, MODP- 3072, MODP- 4096, MODP- 6144 and MODP- 8192 - 112-200 bitsKAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)
IPSec/IKE Peer DH Public KeyPublic Key - PSPUsed for IPsec/IKE DH Shared Secret derivationMODP- 2048, MODP- 3072, MODP- 4096, MODP- 6144 and MODP- 8192 - N/AKAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)
IPSec/IKE DH Shared SecretShared Secret - CSPUsed for IPSec/IKE Encryption Key and IPSec/IKE Integrity key derivationMODP- 2048, MODP- 3072, MODP- 4096, MODP- 6144 and MODP- 8192 - 112-200 bitsKAS-FFC- KeyGen (SSH, TLS and Control Plane IKEv2)KAS-FFC (Control Plane IKEv2)
IPSec/IKE ECDH Private KeyPrivate Key - CSPUsed for IPSec/IKE ECDH Shared Secret derivationP-256, P-384 and P- 521 - 128-256 bitsKAS- ECC- KeyGen (SSH, TLS and Control Plane IKEv2)KAS-ECC (Control Plane IKEv2)
IPSec/IKE ECDH Public KeyPublic Key - PSPUsed for IPSec/IKE ECDH Shared Secret derivationP-256, P-384 and P- 521 - 128-256 bitsKAS-ECC- KeyGen (SSH, TLS and Control Plane IKEv2)
IPSec/IKE Peer ECDH Public KeyPublic Key - PSPUsed for IPSec/IKE ECDH Shared Secret derivationP-256, P-384 and P- 521 - 128-256 bitsKAS-ECC (Control Plane IKEv2)
IPSec/IKE ECDH Shared SecretShared Secret - CSPUsed for IPSec/IKE Encryption Key and IPSec/IKE Integrity Key derivationP-256, P-384 and P- 521 - 128-256 bitsKAS-ECC (Control Plane IKEv2)KAS-ECC (Control Plane IKEv2)
IPSec/IKE ECDSA Private KeyPrivate Key - CSPUsed for IPSec/IKE peer authenticati onP-256, P-384 and P- 521 - 128-256 bitsECDSA SigGen (SSH, TLS and Control Plane IKEv2)ECDSA SigGen (SSH, TLS and Control Plane IKEv2)
IPSec/IKE ECDSA Public KeyPublic Key - PSPUsed for IPSec/IKE peer authenticati onP-256, P-384 and P- 521 - 128-256 bitsECDSA KeyGen (SSH, TLS and Control Plane IKEv2)ECDSA SigVer (SSH, TLS and Control Plane IKEv2)
IPSec/IKE RSA Private KeyPrivate Key - CSPUsed for IPSec/IKE peer authenticati on2048, 3072 and 4096 bits - 112-152 bitsRSA KeyGen (SSH, TLS and Control Plane IKEv2)RSA SigGen (SSH, TLS and Control Plane IKEv2)
IPSec/IKE RSA Public KeyPublic Key - PSPUsed for IPSec/IKE peer authenticati on2048, 3072 and 4096 bits - 112-152 bitsRSA KeyGen (SSH, TLS and Control Plane IKEv2)RSA SigVer (SSH, TLS and Control Plane IKEv2)
IPSec/IKE Pre-shared SecretShared Secret - CSPUsed for IPSec/IKE peer authenticati on256 bits - N/AIPsec/IKEv2 Keying Materials Developme nt
IPSec/IKE SKEYSEEDKeying Material - CSPKeying material used to derive the IPSec/IKE Encryption Key and160 bits - N/AIPsec/IKEv2 Keying Materials Developme nt
IPSec/IKE Encryption KeyEncryption Key - CSPUsed for IPSec/IKE traffic confidentiali ty protection128-256 bits - 128-256 bitsIPsec/IKEv2 Keying Materials Developme ntBlock Ciphers (Control Plane IKEv2)
IPSec/IKE Integrity KeyAuthenticati on Key - CSPUsed for IPSec/IKE traffic integrity protectionAt least 112 bits - At least 112 bitsBlock Ciphers (Control Plane IKEv2)Block Ciphers (Control Plane IKEv2)
SNMPv3 Authenticati on SecretAuthenticati on Secret - CSPUsed to SNMPv3 authenticati on64 characte rs - N/ASNMPv3 Keying Materials Developme nt
SNMPv3 Encryption KeySymmetric Key - CSPUsed to secure SNMPv3 traffic confidentiali ty128-256 bits - 128-256 bitsSNMPv3 Keying Materials Developme ntBlock Ciphers (SNMPv3)
SNMPv3 Integrity KeyAuthenticati on Key - CSPUsed to secure SNMPv3 traffic integrityAt least 112 bits - At least 112 bitsSNMPv3 Keying Materials Developme ntBlock Ciphers (SNMPv3)
Data Plane Encryption ECDH Private KeyPrivate Key - CSPUsed to derive Data Plane Encryption ECDH Shared SecretP-521 - 256 bitsKAS- ECC- KeyGen (Data Plane IKEv2)KAS-ECC (Data Plane IKEv2)
Data Plane Encryption ECDH Public KeyPublic Key - PSPUsed to derive Data Plane Encryption ECDH Shared SecretP-521 - 256 bitsKAS-ECC- KeyGen (Data Plane IKEv2)
Data Plane Encryption ECDHShared Secret - CSPUsed to derive Data PlaneP-521 - 256 bitsKAS-ECC (Data Plane IKEv2)KAS-ECC (Data Plane IKEv2)
Shared SecretEncryption IKE-SA Session Key and Data Plane Encryption Child-SA Session Key
Data Plane Encryption Peer ECDH Public KeyPublic Key - PSPUsed to derive Data Plane Encryption ECDH Shared SecretP-521 - 256 bitsKAS-ECC (Data Plane IKEv2)
Data Plane Encryption ECDSA Private KeyPrivate Key - CSPUsed for Data Plane Encryption authenticati onP-256, P-384 and P- 521 - 128-256 bitsECDSA KeyGen (Data Plane IKEv2)ECDSA SigGen (Data Plane IKEv2)
Data Plane Encryption ECDSA Public KeyPublic Key - PSPUsed for Data Plane Encryption authenticati onP-256, P-384 and P- 521 - 128-256 bitsECDSA KeyGen (Data Plane IKEv2)ECDSA SigVer (Data Plane IKEv2)
Data Plane Encryption RSA Private KeyPrivate Key - CSPUsed for Data Plane Encryption authenticati on2048, 3072 and 4096 bits - 112- 152 bitsRSA KeyGen (Data Plane IKEv2)RSA SigGen (Data Plane IKEv2)
Data Plane Encryption RSA Public KeyPublic Key - PSPUsed for Data Plane Encryption authenticati on2048, 3072 and 4096 bits - 112- 152 bitsRSA KeyGen (Data Plane IKEv2)RSA SigVer (Data Plane IKEv2)
Data Plane Encryption Pre-shared SecretShared Secret - CSPUsed for Data Plane Encryption serviceCurves: P-256, P-384, P-521 -KAS-ECC (Data Plane IKEv2)
authenticati onauthenticati on128-256 bits
Data Plane Encryption IKE-SA Session KeyAuthenticat ed Symmetric Key - CSPUsed to secure Data Plane Encryption traffic confidentiali ty256 bits - 256 bitsKAS-ECC (Data Plane IKEv2)Block Cipher (Data Plane IKEv2)
Data Plane Encryption Child-SA Session KeyAuthenticat ed Symmetric Key - CSPUsed to secure Data Plane Encryption Child-SA traffic confidentiali ty256 bits - 256 bitsKAS-ECC (Data Plane IKEv2)Block Cipher (Data Plane IKEv2)
NTP Authenticati on KeyAuthenticati on - CSPUsed for NTP authenticati on8-40 characte rs - N/ANTP Authenticati on
OSPFv2 Authenticati on KeyAuthenticati on - CSPUsed for OSPFv2 authenticati on8-25 characte rs - N/AOSPFv2 Authenticati on
DRBG Entropy InputDRAM:PlaintextZeroizatio n command Session terminatio n RebootDRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used WithUntil Reboot
DRBG SeedDRAM:PlaintextZeroizatio n command Session terminatio n RebootDRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used WithUntil Reboot
DRBG Internal State V valueDRAM:PlaintextZeroizatio n command SessionDRBG Entropy Input:Used With DRBG Seed:Used WithUntil Reboot
9.3 SSP Zeroization Methods

Table 16: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement. n © 2021-2025 Nokia Corporation. h

Page 103

n © 2021-2025 Nokia Corporation. h MODP2048, MODP4096, MODP2048, MODP4096, MODP2048, MODP4096, MODP8192 N/A MODP2048, MODP4096, KASFFCKeyGen KAS-FFCKeyGen KAS-FFCKeyGen KAS-FFCKeyGen KASECCKAS-ECCKeyGen

Page 104

h n © 2021-2025 Nokia Corporation. KAS-ECCKeyGen KAS-ECCKeyGen

Page 105

n h © 2021-2025 Nokia Corporation. KASFFCKeyGen KAS-FFCKeyGen .3) KASECCKeyGen KAS-FFCKeyGen KAS-FFCKeyGen .3) KAS-ECCKeyGen

Page 106

n h and P521 N/A © 2021-2025 Nokia Corporation. KAS-ECCKeyGen .3) KAS-ECCKeyGen .3)

Page 107

n h .3) .3) .3) .3) .3) MODP2048, MODP3072, MODP4096, MODP6144 MODP2048, MODP3072, MODP4096, MODP6144 © 2021-2025 Nokia Corporation. KASFFCKeyGen KAS-FFCKeyGen .3) KAS-FFCSSC Sp80056Ar3

Page 108

n h MODP2048, MODP3072, MODP4096, MODP6144 MODP8192 N/A MODP2048, MODP3072, MODP4096, MODP6144 © 2021-2025 Nokia Corporation. KAS-FFCKeyGen KAS-FFCKeyGen KASECCKeyGen KAS-ECCKeyGen

Page 110

n © 2021-2025 Nokia Corporation. h KAS-ECCKeyGen KASECCKeyGen

Page 112

n h Table 17: SSP Table 1 © 2021-2025 Nokia Corporation. n n n n n n

Page 113
Sensitive security parameter
NameStorageZeroizationUse
DRBG KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used WithUntil Reboot
Operator PasswordFlash:Obfuscat edZeroizatio n commandUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC)
LUKS DB PasswordFlash:PlaintextZeroizatio n commandLUKS DB Salt :Used WithUntil zeroized
LUKS DB SaltFlash:PlaintextZeroizatio n commandLUKS DB Password:Used WithUntil zeroized
LUKS DB Integrity KeyFlash:PlaintextZeroizatio n commandLUKS DB Password:Derived From LUKS DB Salt :Derived FromUntil zeroized
Firmware Load Test KeyFlash:PlaintextN/AN/A. This PSP is only used for Firmware Load Test, which is not subject to the zeroization requirement s.
SSH DH Private KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH DH Public Key:Paired Withwhile SSH session is on
SSH DH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH DH Private Key:Paired Withwhile SSH session is onModule Public Key Output
SSH Peer DH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH DH Private Key:Used Withwhile SSH session is onPeer Public Key Input
SSH DH Shared SecretDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH Encryption Key:Derived To SSH Integrity Key:Derived To SSH DH Private Key:Derived From SSH Peer DH Public Key:Derived Fromwhile SSH session is on
SSH ECDH Private KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH ECDH Public Key:Paired Withwhile SSH session is on
SSH ECDH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH ECDH Private Key:Paired Withwhile SSH session is onModule Public Key Output
SSH Peer ECDH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH ECDH Private Key:Used Withwhile SSH session is onPeer Public Key Input
SSH ECDH Shared SecretDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH ECDH Private Key:Derived From SSH Peer ECDH Public Key:Derived From SSH Encryption Key:Derive To SSH Integrity Key:Derive Towhile SSH session is on
SSH ECDSA Private KeyFlash:PlaintextZeroizatio n commandSSH ECDSA Public Key:Paired WithUntil zeroized
SSH ECDSA Public KeyFlash:PlaintextZeroizatio n commandSSH ECDSA Private Key:Paired WithUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and
SSH RSA Private KeyFlash:PlaintextZeroizatio n commandSSH RSA Public Key:Paired WithUntil zeroized
SSH RSA Public KeyFlash:PlaintextZeroizatio n commandSSH RSA Private Key:Paired WithUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC)
SSH Encryption KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH Integrity Key:Used Withwhile SSH session is on
SSH Integrity KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSSH Encryption Key:Used Withwhile SSH session is on
TLS DH Private KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS DH Public Key:Paired Withwhile TLS session is on
TLS DH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS DH Private Key:Paired Withwhile TLS tunnel is onModule Public Key Output
TLS Peer DH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS DH Private Key:Used With TLS DH Shared Secret:Derived Towhile TLS tunnel is onPeer Public Key Input
TLS DH Shared SecretDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS DH Private Key:Derived From TLS Peer DH Public Key:Derived Fromwhile TLS tunnel is on
TLS ECDH Private KeyDRAM:PlaintextZeroizatio n command Session terminatioTLS ECDH Public Key:Paired Withwhile TLS tunnel is on
TLS ECDH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS ECDH Private Key:Paired Withwhile TLS tunnel is onModule Public Key Output
TLS Peer ECDH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS ECDH Private Key:Used Withwhile TLS tunnel is onPeer Public Key Input
TLS ECDH Shared SecretDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived Fromwhile TLS tunnel is on
TLS ECDSA Private KeyFlash:PlaintextZeroizatio n commandTLS ECDSA Public Key:Paired WithUntil zeroized
TLS ECDSA Public KeyFlash:PlaintextZeroizatio n commandTLS ECDSA Private Key:Paired WithUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM)
TLS RSA Private KeyFlash:PlaintextZeroizatio n commandTLS RSA Public Key:Paired WithUntil zeroized
TLS RSA Public KeyFlash:PlaintextZeroizatio n commandTLS RSA Private Key:Paired WithUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC)
TLS Master SecretDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS DH Shared Secret:Derived Fromwhile TLS session is on
TLS Encryption KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS Integrity Key:Used Withwhile TLS session is on
TLS Integrity KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS Encryption Key:Used Withwhile TLS session is on
IPSec/IKE DH Private KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE DH Public Key:Paired Withwhile Control Panel IPSec/IKE session is on
IPSec/IKE DH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE DH Private Key:Paired Withwhile Control Panel IPSec/IKE session is onModule Public Key Output
IPSec/IKE Peer DH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE DH Private Key:Used Withwhile Control Panel IPSec/IKE session is onPeer Public Key Input
IPSec/IKE DH Shared SecretDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE SKEYSEED:Deriv e TOwhile Control Panel IPSec/IKE session is on
IPSec/IKE ECDH Private KeyDRAM:PlaintextZeroizatio n command Session terminatioIPSec/IKE ECDH Public Key:Paired Withwhile Control Panel IPSec/IKE session is on
IPSec/IKE ECDH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE ECDH Private Key:Paired Withwhile Control Panel IPSec/IKE session is onModule Public Key Output
IPSec/IKE Peer ECDH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE ECDH Private Key:Used Withwhile Control Panel IPSec/IKE session is onPeer Public Key Input
IPSec/IKE ECDH Shared SecretDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE SKEYSEED:Deriv e Towhile Control Panel IPSec/IKE session is on
IPSec/IKE ECDSA Private KeyFlash:PlaintextZeroizatio n commandIPSec/IKE ECDSA Public Key:Paired WithUntil zeroized
IPSec/IKE ECDSA Public KeyFlash:PlaintextZeroizatio n commandIPSec/IKE ECDSA Private Key:Paired WithUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM)
IPSec/IKE RSA Private KeyFlash:PlaintextZeroizatio n commandIPSec/IKE RSA Public Key:Paired WithUntil zeroized
IPSec/IKE RSA Public KeyFlash:PlaintextZeroizatio n commandIPSec/IKE RSA Private Key:Paired WithUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC)
IPSec/IKE Pre-shared SecretFlash:PlaintextZeroizatio n commandIPSec/IKE SKEYSEED:Deriv ed ToUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM)
IPSec/IKE SKEYSEEDDRAM:PlaintextZeroizatio n command Session terminatio n RebootTLS ECDH Shared Secret:Derived From IPSec/IKE DH Shared Secret:Derived Fromwhile Control Panel IPSec/IKE session is on
IPSec/IKE Encryption KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE SKEYSEED:Deriv ed Fromwhile Control Panel IPSec/IKE session is on
IPSec/IKE Integrity KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE SKEYSEED:Deriv ed Fromwhile Control Panel IPSec/IKE session is on
SNMPv3 Authenticati on SecretFlash:PlaintextZeroizatio n commandUntil zeroizedSSPs Input/Outp ut
SNMPv3 Encryption KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSNMPv3 Authentication Secret:Derived From SNMPv3 Integrity Key:Used Withwhile SNMPv3 session is on
SNMPv3 Integrity KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootSNMPv3 Authentication Secret:Derived From SNMPv3 Encryption Key:Used Withwhile SNMPv3 session is on
Data Plane Encryption ECDH Private KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootData Plane Encryption ECDH Public Key:Paired Withwhile Data Plane Encryption session is on
Data Plane Encryption ECDH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootIPSec/IKE ECDH Private Key:Paired Withwhile Data Plane Encryption session is onModule Public Key Output
Data Plane Encryption ECDH Shared SecretDRAM:PlaintextZeroizatio n command Session terminatio n RebootData Plane Encryption ECDH Private Key:Derived From Data Plane Encryption Peer ECDH Public Key:Derived From Data Plane Encryption IKE-SA Session Key:Derived To Data Plane Encryption Child- SA Session Key :Derived Towhile Data Plane Encryption session is on
Data Plane Encryption Peer ECDH Public KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootData Plane Encryption ECDH Private Key:Used Withwhile Data Plane Encryption session is onPeer Public Key Input
Data Plane Encryption ECDSA Private KeyFlash:PlaintextZeroizatio n commandData Plane Encryption ECDSA Private Key:Paired WithUntil zeroized
Data Plane Encryption ECDSA Public KeyFlash:PlaintextZeroizatio n commandData Plane Encryption ECDSA Private Key:Paired WithUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and
Data Plane Encryption RSA Private KeyFlash:PlaintextZeroizatio n commandData Plane Encryption RSA Public Key:Paired WithUntil zeroized
Data Plane Encryption RSA Public KeyFlash:PlaintextZeroizatio n commandData Plane Encryption RSA Private Key:Paired WithUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES
Data Plane Encryption Pre-shared SecretFlash:Obfuscat edZeroizatio n commandIPSec/IKE SKEYSEED:Used With IPSec/IKE Encryption Key:Derived to IPSec/IKE Authentication Key:Derived toUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC)
Data Plane Encryption IKE-SA Session KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootData Plane Encryption ECDH Shared Secret:Derived Fromwhile Data Plane Encryption session is on
Data Plane Encryption Child-SA Session KeyDRAM:PlaintextZeroizatio n command Session terminatio n RebootData Plane Encryption ECDH Shared Secret:Derived Fromwhile Data Plane Encryption session is on
NTP Authenticati on KeyFlash:PlaintextZeroizatio n commandUntil zeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC)
OSPFv2 Authenticati on KeyFlash:PlaintextZeroizatio n commandUntil ZeroizedSSPs Input/Outp ut protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected
Page 129
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorIndicat orConditio ns
Gecko Firmware Bootloader Integrity TestGecko Firmware Bootloader Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A3366ECDSA SigVer P-256 with SHA2-256Module is in normal state
Gecko Firmware Application Integrity TestGecko Firmware Application Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A3366ECDSA SigVer P-256 with SHA2-256Module is in normal state
CHM6_Zynq Firmware Bootloader Integrity TestCHM6_Zynq Firmware Bootloader Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4955ECDSA SigVer P-521 with SHA2-512Module is in normal state
DCO_NXP Firmware Bootloader Integrity TestDCO_NXP Firmware Bootloader Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4955ECDSA SigVer P-521 with SHA2-512Module is in normal state
DCO_Zynq Firmware Bootloader Integrity TestDCO_Zynq Firmware Bootloader Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4955ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4_Intel Firmware Bootloader Integrity TestXMM4_Intel Firmware Bootloader Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4955ECDSA SigVer P-521 with SHA2-512Module is in normal state
CHM6_Zynq Firmware Kernel Integrity TestCHM6_Zynq Firmware Kernel Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4952ECDSA SigVer P-521 with SHA2-512Module is in normal state
CHM6_Zynq Firmware init script Integrity TestCHM6_Zynq Firmware init script Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4948ECDSA SigVer P-521 with SHA2-512Module is in normal state
CHM6_Zynq Firmware Application Manifest file Integrity TestCHM6_Zynq Firmware Application Manifest file Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4948ECDSA SigVer P-521 with SHA2-512Module is in normal state
CHM6_Zynq Firmware Application Integrity TestCHM6_Zynq Firmware Application Integrity TestKATSW/FW IntegritySHA2-512 from SHA Cert. #A4954SHA2-512Module is in normal state
DCO_NXP Firmware Kernel Integrity TestDCO_NXP Firmware Kernel Integrity TestKATSW/FW IntegrityECDSA from ECDSA Cert. #A4953ECDSA SigVer P-521 with SHA2-512Module is in normal state
DCO_NXP Firmware init script IntegrityDCO_NXP Firmware init script IntegrityKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4949ECDSA SigVer P-521 with SHA2-512Module is in normal state
DCO_NXP Firmware Application Manifest file Integrity TestDCO_NXP Firmware Application Manifest file Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4949ECDSA SigVer P-521 with SHA2-512Module is in normal state
DCO_NXP Firmware Application Integrity TestDCO_NXP Firmware Application Integrity TestKATSW/FW IntegritySHA2-512 from SHA Cert. #A4954SHA2-512Module is in normal state
DCO_Zynq Firmware Kernel Integrity TestDCO_Zynq Firmware Kernel Integrity TestKATSW/FW IntegrityECDSA SigVer fromECDSA SigVer P-521 with SHA2-512Module is in normal state
DCO_Zynq Firmware Application Integrity TestDCO_Zynq Firmware Application Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4960ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4_Intel Firmware Kernel Integrity TestXMM4_Intel Firmware Kernel Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4962ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4_Intel Firmware init script Integrity TestXMM4_Intel Firmware init script Integrity TestKATSW/FW IntegrityECDSA from ECDSA Cert. #A4956ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4 Intel Firmware Application Manifest file Integrity TestXMM4 Intel Firmware Application Manifest file Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4956ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4 Intel Firmware Application Integrity TestXMM4 Intel Firmware Application Integrity TestKATSW/FW IntegritySHA2-512 from SHA Cert. #A4958SHA2-512Module is in normal state
SHA2-256 KAT (A3366)SHA2-256 KAT (A3366)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A3366)ECDSA SigVer (FIPS186-4) KAT (A3366)Known Answer Test (KAT)CASTN/ACurve: P-256Module is in normal statePower up
9.5 Transitions
10 Self-Tests
10.1 Pre-Operational Self-Tests
Page 131
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorIndicat orConditio ns
DCO_Zynq Firmware Application Integrity TestDCO_Zynq Firmware Application Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4960ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4_Intel Firmware Kernel Integrity TestXMM4_Intel Firmware Kernel Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4962ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4_Intel Firmware init script Integrity TestXMM4_Intel Firmware init script Integrity TestKATSW/FW IntegrityECDSA from ECDSA Cert. #A4956ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4 Intel Firmware Application Manifest file Integrity TestXMM4 Intel Firmware Application Manifest file Integrity TestKATSW/FW IntegrityECDSA SigVer from ECDSA Cert. #A4956ECDSA SigVer P-521 with SHA2-512Module is in normal state
XMM4 Intel Firmware Application Integrity TestXMM4 Intel Firmware Application Integrity TestKATSW/FW IntegritySHA2-512 from SHA Cert. #A4958SHA2-512Module is in normal state
SHA2-256 KAT (A3366)SHA2-256 KAT (A3366)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A3366)ECDSA SigVer (FIPS186-4) KAT (A3366)Known Answer Test (KAT)CASTN/ACurve: P-256Module is in normal statePower up
SHA2-512 KAT (A4955)SHA2-512 KAT (A4955)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4955)ECDSA SigVer (FIPS186-4) KAT (A4955)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
SHA2-512 KAT (A4960)SHA2-512 KAT (A4960)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4960)ECDSA SigVer (FIPS186-4) KAT (A4960)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
SHA2-512 KAT (A4961)SHA2-512 KAT (A4961)Known Answer Test (KAT)CASTN/ASHA2- 512Module is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4961)ECDSA SigVer (FIPS186-4) KAT (A4961)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
SHA2-512 KAT (A4948)SHA2-512 KAT (A4948)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4948)ECDSA SigVer (FIPS186-4) KAT (A4948)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
SHA2-512 KAT (A4952)SHA2-512 KAT (A4952)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4952)ECDSA SigVer (FIPS186-4) KAT (A4952)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
SHA2-512 KAT (A4949)SHA2-512 KAT (A4949)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4949)ECDSA SigVer (FIPS186-4) KAT (A4949)Known AnswerCASTN/ACurve: P-521Module is inPower up
Test (KAT)Test (KAT)normal state
SHA2-512 KAT (A4953)SHA2-512 KAT (A4953)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4953)ECDSA SigVer (FIPS186-4) KAT (A4953)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
SHA2-512 KAT (A4954)SHA2-512 KAT (A4954)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
AES-CBC Encrypt KAT (A4959)AES-CBC Encrypt KAT (A4959)Known Answer Test (KAT)CASTEncryption KAT128 bitsModule is in normal statePower up
AES-CBC Decrypt KAT (A4959)AES-CBC Decrypt KAT (A4959)Known Answer Test (KAT)CASTDecryption KAT128 bitsModule is in normal statePower up
AES-GCM Authenticated Encrypt KAT (A4959)AES-GCM Authenticated Encrypt KAT (A4959)Known Answer Test (KAT)CASTAuthenticat ed Encryption KAT256 bitsModule is in normal statePower up
AES-GCM Authenticated Decrypt KAT (A4959)AES-GCM Authenticated Decrypt KAT (A4959)Known Answer Test (KAT)CASTAuthenticat ed Decryption KAT256 bitsModule is in normal statePower up
Counter DRBG Generate/Reseed/Insta ntiate KAT (A4959)Counter DRBG Generate/Reseed/Insta ntiate KAT (A4959)Known Answer Test (KAT)CASTGenerate KAT, Reseed KAT, and Instantiate KATN/AModule is in normal statePower up
KDF IKEv2 KAT (A4959)KDF IKEv2 KAT (A4959)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
KAS-ECC-SSC Sp800- 56Ar3 KAT (A4959)KAS-ECC-SSC Sp800- 56Ar3 KAT (A4959)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
RSA SigGen (FIPS186- 4) KAT (A4959)RSA SigGen (FIPS186- 4) KAT (A4959)Known AnswerCASTN/AModulus: 2048 bitsModule is inPower up
Test (KAT)Test (KAT)normal state
RSA SigVer (FIPS186- 4) KAT (A4959)RSA SigVer (FIPS186- 4) KAT (A4959)Known Answer Test (KAT)CASTN/AModulus: 2048 bitsModule is in normal statePower up
SHA2-512 KAT (A4959)SHA2-512 KAT (A4959)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
HMAC-SHA2-512 KAT (A4959)HMAC-SHA2-512 KAT (A4959)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4962)ECDSA SigVer (FIPS186-4) KAT (A4962)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
SHA2-512 KAT (A4962)SHA2-512 KAT (A4962)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
AES-CBC Encrypt KAT (A4956)AES-CBC Encrypt KAT (A4956)Known Answer Test (KAT)CASTEncryption KAT128, 192 and 256 bitsModule is in normal statePower up
AES-CBC Decrypt KAT (A4956)AES-CBC Decrypt KAT (A4956)Known Answer Test (KAT)CASTDecryption KAT128, 192 and 256 bitsModule is in normal statePower up
AES-CCM Authenticated Encrypt KAT (A4956)AES-CCM Authenticated Encrypt KAT (A4956)Known Answer Test (KAT)CASTAuthenticat ed Encryption KAT256 bitsModule is in normal statePower up
AES-CCM Authenticated Decrypt KAT (A4956)AES-CCM Authenticated Decrypt KAT (A4956)Known Answer Test (KAT)CASTAuthenticat ed Decryption KAT256 bitsModule is in normal statePower up
AES-GCM Authenticated Encrypt KAT (A4956)AES-GCM Authenticated Encrypt KAT (A4956)Known Answer Test (KAT)CASTAuthenticat ed Encryption KAT256 bitsModule is in normal statePower up
AES-GCM Authenticated Decrypt KAT (A4956)AES-GCM Authenticated Decrypt KAT (A4956)Known Answer Test (KAT)CASTAuthenticat ed Decryption KAT256 bitsModule is in normal statePower up
HMAC-SHA-1 KAT (A4956)HMAC-SHA-1 KAT (A4956)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
HMAC-SHA2-256 KAT (A4956)HMAC-SHA2-256 KAT (A4956)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
HMAC-SHA2-384 KAT (A4956)HMAC-SHA2-384 KAT (A4956)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
HMAC-SHA2-512 KAT (A4956)HMAC-SHA2-512 KAT (A4956)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4956)ECDSA SigVer (FIPS186-4) KAT (A4956)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
SHA2-256 KAT (A4957)SHA2-256 KAT (A4957)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
HMAC-SHA2-256 KAT (A4957)HMAC-SHA2-256 KAT (A4957)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
AES-ECB Encrypt KAT (A4958)AES-ECB Encrypt KAT (A4958)Known Answer Test (KAT)CASTEncryption KAT128 bitsModule is in normal statePower up
AES-ECB Decrypt KAT (A4958)AES-ECB Decrypt KAT (A4958)Known Answer Test (KAT)CASTDecryption KAT128 bitsModule is in normal statePower up
AES-GCM Authenticated Encrypt KAT (A4958)AES-GCM Authenticated Encrypt KAT (A4958)Known Answer Test (KAT)CASTAuthenticat ed Encryption KAT256 bitsModule is in normal statePower up
AES-GCM Authenticated Decrypt KAT (A4958)AES-GCM Authenticated Decrypt KAT (A4958)Known Answer Test (KAT)CASTAuthenticat ed Decryption KAT256 bitsModule is in normal statePower up
Counter DRBG Generate/Reseed/Insta ntiate KAT (A4958)Counter DRBG Generate/Reseed/Insta ntiate KAT (A4958)Known AnswerCASTGenerate KAT, ReseedN/AModule is inPower up
Test (KAT)Test (KAT)KAT, and Instantiate KATnormal state
ECDSA SigGen (FIPS186-4) KAT (A4958)ECDSA SigGen (FIPS186-4) KAT (A4958)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4958)ECDSA SigVer (FIPS186-4) KAT (A4958)Known Answer Test (KAT)CASTN/ACurve: P-521Module is in normal statePower up
HMAC-SHA2-256 KAT (A4958)HMAC-SHA2-256 KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
KDF SSH KAT (A4958)KDF SSH KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
KDF IKEv2 KAT (A4958)KDF IKEv2 KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
KDF SNMP KAT (A4958)KDF SNMP KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
TLS v1.2 KDF RFC7627 KAT (A4958)TLS v1.2 KDF RFC7627 KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
TLS v1.3 KDF KAT (A4958)TLS v1.3 KDF KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
KAS-ECC-SSC KAT (A4958)KAS-ECC-SSC KAT (A4958)Known Answer Test (KAT)CASTKAS-ECC- SSC Primitive ZN/AModule is in normal statePower up
KAS-FFC-SSC KAT (A4958)KAS-FFC-SSC KAT (A4958)Known Answer Test (KAT)CASTKAS-FFC- SSC Primitive ZN/AModule is in normal statePower up
PBKDF KAT (A4958)PBKDF KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
RSA SigGen KAT (A4958)RSA SigGen KAT (A4958)Known Answer Test (KAT)CASTN/AModulus: 2048 bitsModule is in normal statePower up
RSA SigVer KAT (A4958)RSA SigVer KAT (A4958)Known Answer Test (KAT)CASTN/AModulus: 2048 bitsModule is in normal statePower up
SHA-1 KAT (A4958)SHA-1 KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
SHA2-512 KAT (A4958)SHA2-512 KAT (A4958)Known Answer Test (KAT)CASTN/AN/AModule is in normal statePower up
AES-GCM Authenticated Encrypt KAT (C501)AES-GCM Authenticated Encrypt KAT (C501)Known Answer Test (KAT)CASTAuthenticat ed Encryption KAT256 bitsModule is in normal statePower up
AES-GCM Authenticated Decrypt KAT (C501)AES-GCM Authenticated Decrypt KAT (C501)Known Answer Test (KAT)CASTAuthenticat ed Decryption KAT256 bitsModule is in normal statePower up
Entropy Source Start-up Health Test (RCT)Entropy Source Start-up Health Test (RCT)RCTCASTN/AN/AModule is in normal statePower up
Entropy Source Start-up Health Test (APT)Entropy Source Start-up Health Test (APT)APTCASTN/AN/AModule is in normal statePower up
Entropy Source Continuous Health Test (RCT)Entropy Source Continuous Health Test (RCT)RCTCASTN/AN/AModule is in normal statePower up
Entropy Source Continuous Health Test (APT)Entropy Source Continuous Health Test (APT)APTCASTN/AN/AModule is in normal statePower up
ECDSA KeyGen (FIPS186-4) PCT (A4958)ECDSA KeyGen (FIPS186-4) PCT (A4958)Pair-Wise Consisten cy Test (PCT)PCTN/ACurve: P-256Module is in normal stateECDSA Keypair generatio n
RSA KeyGen (FIPS186- 4) PCT (A4958)RSA KeyGen (FIPS186- 4) PCT (A4958)Pair-Wise ConsistenPCTN/AModulus: 2048 bitsModule is inRSA Keypair
cy Test (PCT)cy Test (PCT)normal stategeneratio n
KAS-ECC-SSC (FIPS186-4) PCT (A4958)KAS-ECC-SSC (FIPS186-4) PCT (A4958)Pair-Wise Consisten cy Test (PCT)PCTN/ACurve: P-256Module is in normal stateKAS- ECC Keypair generatio n
KAS-FFC-SSC (FIPS186-4) PCT (A4958)KAS-FFC-SSC (FIPS186-4) PCT (A4958)Pair-Wise Consisten cy Test (PCT)PCTN/AMODP- 2048Module is in normal stateKAS-FFC Keypair generatio n
KAS-ECC-SSC Sp800- 56Ar3 PCT (A4959)KAS-ECC-SSC Sp800- 56Ar3 PCT (A4959)Pair-Wise Consisten cy Test (PCT)PCTN/ACurve: P-256Module is in normal stateECDSA Keypair generatio n
ECDSA KeyGen (FIPS186-4) PCT (A4959)ECDSA KeyGen (FIPS186-4) PCT (A4959)Pair-Wise Consisten cy Test (PCT)PCTN/ACurve: P-256Module is in normal stateECDSA Keypair generatio n
Firmware Load TestFirmware Load TestECDSA SigVerSW/F W LoadN/ACurve: P-521Module is in normal stateFirmware Load Test
Gecko Firmware Bootloader Integrity TestGecko Firmware Bootloader Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
Gecko Firmware Application Integrity TestGecko Firmware Application Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
CHM6_Zynq Firmware Bootloader Integrity TestCHM6_Zynq Firmware Bootloader Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
DCO_NXP FirmwareDCO_NXP FirmwareKATSW/FW IntegrityOn-demandModule Reboot

Table 19: Pre-Operational Self-Tests The module performs the following self-tests, including the pre-operational self-tests and Conditional self-tests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.

10.2 Conditional Self-Tests
Page 136

N/A N/A N/A N/A N/A N/A N/A N/A N/A © 2021-2025 Nokia Corporation. N/A N/A N/A N/A N/A N/A N/A N/A KAS-ECCSSC KAS-FFCSSC N/A

Page 138
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicat orConditio ns
cy Test (PCT)cy Test (PCT)normal stategeneratio n
KAS-ECC-SSC (FIPS186-4) PCT (A4958)KAS-ECC-SSC (FIPS186-4) PCT (A4958)Pair-Wise Consisten cy Test (PCT)PCTN/AModule is in normal stateKAS- ECC Keypair generatio nCurve: P-256
KAS-FFC-SSC (FIPS186-4) PCT (A4958)KAS-FFC-SSC (FIPS186-4) PCT (A4958)Pair-Wise Consisten cy Test (PCT)PCTN/AModule is in normal stateKAS-FFC Keypair generatio nMODP- 2048
KAS-ECC-SSC Sp800- 56Ar3 PCT (A4959)KAS-ECC-SSC Sp800- 56Ar3 PCT (A4959)Pair-Wise Consisten cy Test (PCT)PCTN/AModule is in normal stateECDSA Keypair generatio nCurve: P-256
ECDSA KeyGen (FIPS186-4) PCT (A4959)ECDSA KeyGen (FIPS186-4) PCT (A4959)Pair-Wise Consisten cy Test (PCT)PCTN/AModule is in normal stateECDSA Keypair generatio nCurve: P-256
Firmware Load TestFirmware Load TestECDSA SigVerSW/F W LoadN/AModule is in normal stateFirmware Load TestCurve: P-521
Gecko Firmware Bootloader Integrity TestGecko Firmware Bootloader Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
Gecko Firmware Application Integrity TestGecko Firmware Application Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
CHM6_Zynq Firmware Bootloader Integrity TestCHM6_Zynq Firmware Bootloader Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
DCO_NXP FirmwareDCO_NXP FirmwareKATSW/FW IntegrityOn-demandModule Reboot
DCO_Zynq Firmware Bootloader Integrity TestDCO_Zynq Firmware Bootloader Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
XMM4_Intel Firmware Bootloader Integrity TestXMM4_Intel Firmware Bootloader Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
CHM6_Zynq Firmware Kernel Integrity TestCHM6_Zynq Firmware Kernel Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
CHM6_Zynq Firmware init script Integrity TestCHM6_Zynq Firmware init script Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
CHM6_Zynq Firmware Application Manifest file Integrity TestCHM6_Zynq Firmware Application Manifest file Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
CHM6_Zynq Firmware Application Integrity TestCHM6_Zynq Firmware Application Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
DCO_NXP Firmware Kernel Integrity TestDCO_NXP Firmware Kernel Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
DCO_NXP Firmware init script IntegrityDCO_NXP Firmware init script IntegrityKATSW/FW IntegrityOn-demandModule Reboot
DCO_NXP Firmware Application Manifest file Integrity TestDCO_NXP Firmware Application Manifest file Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
DCO_NXP Firmware Application Integrity TestDCO_NXP Firmware Application Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
DCO_Zynq Firmware Kernel Integrity TestDCO_Zynq Firmware Kernel Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
DCO_Zynq Firmware Application Integrity TestDCO_Zynq Firmware Application Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
XMM4_Intel Firmware Kernel Integrity TestXMM4_Intel Firmware Kernel Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
XMM4_Intel Firmware init script Integrity TestXMM4_Intel Firmware init script Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
XMM4 Intel Firmware Application Manifest file Integrity TestXMM4 Intel Firmware Application Manifest file Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
XMM4 Intel Firmware Application Integrity TestXMM4 Intel Firmware Application Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
SHA2-256 KAT (A3366)SHA2-256 KAT (A3366)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A3366)ECDSA SigVer (FIPS186-4) KAT (A3366)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4955)SHA2-512 KAT (A4955)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4955)ECDSA SigVer (FIPS186-4) KAT (A4955)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4960)SHA2-512 KAT (A4960)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4960)ECDSA SigVer (FIPS186-4) KAT (A4960)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4961)SHA2-512 KAT (A4961)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4961)ECDSA SigVer (FIPS186-4) KAT (A4961)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4948)SHA2-512 KAT (A4948)Known Answer Test (KAT)CASTOn-demandModule Reboot

MODP2048 W Table 20: Conditional Self-Tests N/A N/A N/A N/A N/A n KASECC n n n n The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.3 Periodic Self-Test Information
Page 140
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic Method
XMM4_Intel Firmware Kernel Integrity TestXMM4_Intel Firmware Kernel Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
XMM4_Intel Firmware init script Integrity TestXMM4_Intel Firmware init script Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
XMM4 Intel Firmware Application Manifest file Integrity TestXMM4 Intel Firmware Application Manifest file Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
XMM4 Intel Firmware Application Integrity TestXMM4 Intel Firmware Application Integrity TestKATSW/FW IntegrityOn-demandModule Reboot
SHA2-256 KAT (A3366)SHA2-256 KAT (A3366)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A3366)ECDSA SigVer (FIPS186-4) KAT (A3366)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4955)SHA2-512 KAT (A4955)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4955)ECDSA SigVer (FIPS186-4) KAT (A4955)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4960)SHA2-512 KAT (A4960)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4960)ECDSA SigVer (FIPS186-4) KAT (A4960)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4961)SHA2-512 KAT (A4961)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4961)ECDSA SigVer (FIPS186-4) KAT (A4961)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4948)SHA2-512 KAT (A4948)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4948)ECDSA SigVer (FIPS186-4) KAT (A4948)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4952)SHA2-512 KAT (A4952)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4952)ECDSA SigVer (FIPS186-4) KAT (A4952)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4949)SHA2-512 KAT (A4949)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4949)ECDSA SigVer (FIPS186-4) KAT (A4949)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4953)SHA2-512 KAT (A4953)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4953)ECDSA SigVer (FIPS186-4) KAT (A4953)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4954)SHA2-512 KAT (A4954)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-CBC Encrypt KAT (A4959)AES-CBC Encrypt KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-CBC Decrypt KAT (A4959)AES-CBC Decrypt KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-GCM Authenticated Encrypt KAT (A4959)AES-GCM Authenticated Encrypt KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-GCM Authenticated Decrypt KAT (A4959)AES-GCM Authenticated Decrypt KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
Counter DRBG Generate/Reseed/Instantiate KAT (A4959)Counter DRBG Generate/Reseed/Instantiate KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
KDF IKEv2 KAT (A4959)KDF IKEv2 KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
KAS-ECC-SSC Sp800- 56Ar3 KAT (A4959)KAS-ECC-SSC Sp800- 56Ar3 KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
RSA SigGen (FIPS186-4) KAT (A4959)RSA SigGen (FIPS186-4) KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
RSA SigVer (FIPS186-4) KAT (A4959)RSA SigVer (FIPS186-4) KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4959)SHA2-512 KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
HMAC-SHA2-512 KAT (A4959)HMAC-SHA2-512 KAT (A4959)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4962)ECDSA SigVer (FIPS186-4) KAT (A4962)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4962)SHA2-512 KAT (A4962)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-CBC Encrypt KAT (A4956)AES-CBC Encrypt KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-CBC Decrypt KAT (A4956)AES-CBC Decrypt KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-CCM Authenticated Encrypt KAT (A4956)AES-CCM Authenticated Encrypt KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-CCM Authenticated Decrypt KAT (A4956)AES-CCM Authenticated Decrypt KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-GCM Authenticated Encrypt KAT (A4956)AES-GCM Authenticated Encrypt KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-GCM Authenticated Decrypt KAT (A4956)AES-GCM Authenticated Decrypt KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
HMAC-SHA-1 KAT (A4956)HMAC-SHA-1 KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
HMAC-SHA2-256 KAT (A4956)HMAC-SHA2-256 KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
HMAC-SHA2-384 KAT (A4956)HMAC-SHA2-384 KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
HMAC-SHA2-512 KAT (A4956)HMAC-SHA2-512 KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4956)ECDSA SigVer (FIPS186-4) KAT (A4956)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-256 KAT (A4957)SHA2-256 KAT (A4957)Known Answer Test (KAT)CASTOn-demandModule Reboot
HMAC-SHA2-256 KAT (A4957)HMAC-SHA2-256 KAT (A4957)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-ECB Encrypt KAT (A4958)AES-ECB Encrypt KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-ECB Decrypt KAT (A4958)AES-ECB Decrypt KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-GCM Authenticated Encrypt KAT (A4958)AES-GCM Authenticated Encrypt KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-GCM Authenticated Decrypt KAT (A4958)AES-GCM Authenticated Decrypt KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
Counter DRBG Generate/Reseed/Instantiate KAT (A4958)Counter DRBG Generate/Reseed/Instantiate KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigGen (FIPS186-4) KAT (A4958)ECDSA SigGen (FIPS186-4) KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
ECDSA SigVer (FIPS186-4) KAT (A4958)ECDSA SigVer (FIPS186-4) KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
HMAC-SHA2-256 KAT (A4958)HMAC-SHA2-256 KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
KDF SSH KAT (A4958)KDF SSH KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
KDF IKEv2 KAT (A4958)KDF IKEv2 KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
KDF SNMP KAT (A4958)KDF SNMP KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
TLS v1.2 KDF RFC7627 KAT (A4958)TLS v1.2 KDF RFC7627 KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
TLS v1.3 KDF KAT (A4958)TLS v1.3 KDF KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
KAS-ECC-SSC KAT (A4958)KAS-ECC-SSC KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
KAS-FFC-SSC KAT (A4958)KAS-FFC-SSC KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
PBKDF KAT (A4958)PBKDF KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
RSA SigGen KAT (A4958)RSA SigGen KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
RSA SigVer KAT (A4958)RSA SigVer KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA-1 KAT (A4958)SHA-1 KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
SHA2-512 KAT (A4958)SHA2-512 KAT (A4958)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-GCM Authenticated Encrypt KAT (C501)AES-GCM Authenticated Encrypt KAT (C501)Known Answer Test (KAT)CASTOn-demandModule Reboot
AES-GCM Authenticated Decrypt KAT (C501)AES-GCM Authenticated Decrypt KAT (C501)Known Answer Test (KAT)CASTOn-demandModule Reboot
Entropy Source Start-up Health Test (RCT)Entropy Source Start-up Health Test (RCT)RCTCASTOn-demandModule Reboot
Entropy Source Start-up Health Test (APT)Entropy Source Start-up Health Test (APT)APTCASTOn-demandModule Reboot
Entropy Source Continuous Health Test (RCT)Entropy Source Continuous Health Test (RCT)RCTCASTOn-demandModule Reboot
Entropy Source Continuous Health Test (APT)Entropy Source Continuous Health Test (APT)APTCASTOn-demandModule Reboot
ECDSA KeyGen (FIPS186- 4) PCT (A4958)ECDSA KeyGen (FIPS186- 4) PCT (A4958)Pair-Wise Consistency Test (PCT)PCTOn-demandModule Reboot
RSA KeyGen (FIPS186-4) PCT (A4958)RSA KeyGen (FIPS186-4) PCT (A4958)Pair-Wise Consistency Test (PCT)PCTOn-demandModule Reboot
KAS-ECC-SSC (FIPS186-4) PCT (A4958)KAS-ECC-SSC (FIPS186-4) PCT (A4958)Pair-Wise Consistency Test (PCT)PCTOn-demandModule Reboot
KAS-FFC-SSC (FIPS186-4) PCT (A4958)KAS-FFC-SSC (FIPS186-4) PCT (A4958)Pair-Wise Consistency Test (PCT)PCTOn-demandModule Reboot
KAS-ECC-SSC Sp800- 56Ar3 PCT (A4959)KAS-ECC-SSC Sp800- 56Ar3 PCT (A4959)Pair-Wise Consistency Test (PCT)PCTOn-demandModule Reboot
ECDSA KeyGen (FIPS186- 4) PCT (A4959)ECDSA KeyGen (FIPS186- 4) PCT (A4959)Pair-Wise Consistency Test (PCT)PCTOn-demandModule Reboot
Firmware Load TestFirmware Load TestECDSA SigVerSW/FW LoadOn-demandModule Reboot

Table 21: Pre-Operational Periodic Information © 2021-2025 Nokia Corporation.

Page 145
Service
NameDescriptionRole AccessIndicator
Error StateIf self-test tests fail, the module is put into an error stateSelf-tests failureSystem HaltReboot the module

Table 22: Conditional Periodic Information

10.4 Operator Initiation of Self-Tests

On demand and periodic self-tests are performed by powering off the module and powering it on again. This service performs the same cryptographic algorithm tests executed during pre-operational self-tests and CASTs. During the execution of the periodic and on-demand self-tests, crypto services are not available and no data output or input is possible.

10.5 Error States

Table 23: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module meets all the Level 1 requirements for FIPS 140-3. Follow the secure operations provided below to place the module in approved mode. Operating this module without maintaining the following settings would put module operated in a non-compliance state. Secure Operation The Security Admin (SA) must configure and enforce the following initialization steps. Step 1. Strictly follow up the steps in section Physical Security to place the Opacity Shield and Tamper Evident Labels on the module. © 2021-2025 Nokia Corporation.

Page 146

Step

  1. Ensure that the firmware version R6.2.2 or R6.2.3 is running on the module. To verify the firmware version, the Security Admin (SA) shall use the following command. >show sw-management software-load-active swload-version swload-label software-load-active swload-version 'R6.2.2' or >show sw-management software-load-active swload-version swload-label software-load-active swload-version 'R6.2.3' Step
  2. Enable approved mode. Execute the following steps to enable approved mode on the module: • To enable approved mode via CLI: Execute the following command from the CLI interface: ‘fips mode-enable’ A confirmation message is displayed. Enter y to proceed with the operation. This operation will cold reboot the system, delete the entire system configuration, including networking details, and may leave the system unreachable until the reboot is complete. • To enable approved mode via WebGUI: Navigate to Security > FIPS tab. Click ‘FIPS Control’. A pop-up window is displayed, and select mode-enable against Action field and click ‘Submit’. A success message is displayed Step
  3. Create the User account and privileges for other roles defined in the Security Policy. Step
  4. Ensuring that any of the deleted/deprecated algorithms by NIST SP800-140Cr2 and/or NIST SP800-131Ar2 are disabled as applicable in the FIPS certified version of the firmware. © 2021-2025 Nokia Corporation.
Page 147
11.2 Administrator Guidance

No specific Administrator guidance.

11.3 Non-Administrator Guidance

No specific Non-Administrator guidance.

12 Mitigation of Other Attacks

N/A for this module. © 2021-2025 Nokia Corporation.