All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Infinera G42

Certificate#5064StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorNokia Corporation
Low review priority  ·  no TCB surface named  ·  last validated 6 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/21/2030
CaveatWhen installed, initialized and configured as specified in Section Secure Operation in Section 11 of the Security Policy
VendorNokia Corporation

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Infinera G42
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>upgrade<br/>Update</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>status output<br/>UnAuth</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>kernel<br/>bootloader<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Infinera G42
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>upgrade<br/>Update</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>status output<br/>UnAuth</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>kernel<br/>bootloader<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Nokia Corporation Infinera G42 © 2021-2025 Nokia Corporation

Page 2
Table of Contents
#SectionPage
Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware7
Table 3: Modes List and Description8
Table 4: Approved Algorithms13
Table 5: Vendor-Affirmed Algorithms13
Table 6: Security Function Implementations19
Table 7: Entropy Certificates20
Table 8: Entropy Sources21
Table 9: Ports and Interfaces22
Table 10: Authentication Methods25
Table 11: Roles26
Table 12: Approved Services92
Table 13: Mechanisms and Actions Required94
Table 14: Storage Areas94
Table 15: SSP Input-Output Methods95
Table 16: SSP Zeroization Methods96
Table 17: SSP Table 1106
Table 18: SSP Table 2122
Table 19: Pre-Operational Self-Tests125
Table 20: Conditional Self-Tests132
Table 21: Pre-Operational Periodic Information134
Table 22: Conditional Periodic Information138
Table 23: Error States139
Figure 1: Infinera G42 Module Front View6
Figure 2: Infinera G42 IOP Card6
Figure 3: Infinera G42 XMM4 Card6
Figure 4: Infinera G42 CHM6 Card6
Figure 5: Infinera G42 Module Back View7
Page 5

Section Title Security Level

1 General 1

2 Cryptographic module specification 1

3 Cryptographic module interfaces 1

4 Roles, services, and authentication 3

5 Software/Firmware security 1

6 Operational environment 1

7 Physical security 1

8 Non-invasive security N/A

9 Sensitive security parameter management 1

10 Self-tests 1

11 Life-cycle assurance 1

12 Mitigation of other attacks N/A

Overall Level 1 Table 1: Security Levels

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Infinera G42 is a next-generation compact modular transport network elements deployed as part of a point-to-point, point-to-multipoint network for terrestrial and/or subsea applications. The G42 chassis provides multi-service client access (e.g. Ethernet, Optical Transport Network (OTN), etc.) to the Dense Wavelength Division Multiplexing (DWDM) transport bandwidth. The module is operated in a limited operational environment. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The module is a multiple-chip standalone hardware cryptographic module. The cryptographic boundary is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case and shown in the figures below and in the Physical Security section. These modules are described in more detail further below in this section. © 2021-2025 Nokia Corporation

Page 6

Figure 1: Infinera G42 Module Front View Figure 2: Infinera G42 IOP Card Figure 3: Infinera G42 XMM4 Card Figure 4: Infinera G42 CHM6 Card © 2021-2025 Nokia Corporation

Page 7

Figure 5: Infinera G42 Module Back View

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 8
2.3 Excluded Components
2.4 Modes of Operation

Modes List and Description: Mode Description Type Status Indicator Name Approved The module is only operated in Approved Approved mode message is Mode Approved mode of operation after displayed via the module's initial operations are performed status output interface Table 3: Modes List and Description By default, the module is delivered with a non-compliant state but supports an Approved mode of operation. Once the module is configured to operate in the Approved mode of operation by following the steps in section "Secure Operation" of this document by the Crypto Officer, the module can only operate in the Approved mode. The module does not claim implementation of a degraded mode of operation. The tables in section 2.5 below list all Approved security functions of the module, including specific key size(s) (in bits unless noted otherwise) employed for Approved services, and implemented modes of operation. There are some algorithm modes that were tested but not implemented by the module. Only the algorithms, modes, and key sizes that are implemented by the module are shown in these tables

2.5 Algorithms

Approved Algorithms: Algorithm CAVP Properties Reference Cert AES-CBC A4956 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CBC A4958 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CBC A4959 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CCM A4956 Key Length - 128, 192, 256 SP 800-38C AES-CCM A4958 Key Length - 128, 192, 256 SP 800-38C AES-CMAC A4958 Direction - Generation, Verification SP 800-38B Key Length - 128, 192, 256 AES-CTR A4956 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 © 2021-2025 Nokia Corporation

Page 9

Algorithm CAVP Properties Reference Cert AES-CTR A4958 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-ECB A4958 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-ECB C482 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 AES-GCM A4956 Direction - Decrypt, Encrypt SP 800-38D IV Generation - External Key Length - 128, 192, 256 AES-GCM A4958 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 AES-GCM A4959 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 AES-GCM C501 Direction - Decrypt, Encrypt SP 800-38D IV Generation - External Key Length - 256 Counter DRBG A4958 Prediction Resistance - Yes SP 800-90A Mode - AES-128, AES-192, AES-256 Rev. 1 Derivation Function Enabled - Yes Counter DRBG A4959 Prediction Resistance - Yes SP 800-90A Mode - AES-128, AES-192, AES-256 Rev. 1 Derivation Function Enabled - Yes ECDSA A4958 Curve - P-256, P-384, P-521 FIPS 186-4 KeyGen Secret Generation Mode - Testing Candidates (FIPS186-4) ECDSA A4959 Curve - P-256, P-384, P-521 FIPS 186-4 KeyGen Secret Generation Mode - Testing Candidates (FIPS186-4) ECDSA A4958 Component - No FIPS 186-4 SigGen Curve - P-256, P-384, P-521 (FIPS186-4) Hash Algorithm - SHA2-224, SHA2-256, SHA2384, SHA2-512, SHA2-512/224, SHA2-512/256 ECDSA A4959 Component - No FIPS 186-4 SigGen Curve - P-256, P-384, P-521 (FIPS186-4) Hash Algorithm - SHA2-224, SHA2-256, SHA2384, SHA2-512, SHA2-512/224, SHA2-512/256 ECDSA SigVer A3366 Component - No FIPS 186-4 (FIPS186-4) Curve - P-192, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 ECDSA SigVer A4948 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 © 2021-2025 Nokia Corporation

Page 10

Algorithm CAVP Properties Reference Cert ECDSA SigVer A4949 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 ECDSA SigVer A4952 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 ECDSA SigVer A4953 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 ECDSA SigVer A4955 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 ECDSA SigVer A4956 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 ECDSA SigVer A4958 Component - No FIPS 186-4 (FIPS186-4) Curve - P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2512/256 ECDSA SigVer A4959 Component - No FIPS 186-4 (FIPS186-4) Curve - P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2512/256 ECDSA SigVer A4960 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 ECDSA SigVer A4961 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 ECDSA SigVer A4962 Component - No FIPS 186-4 (FIPS186-4) Curve - P-521 Hash Algorithm - SHA2-512 HMAC-SHA-1 A4956 Key Length - Key Length: 128-512 Increment 128 FIPS 198-1 HMAC-SHA-1 A4958 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 HMAC-SHA2- A4956 Key Length - Key Length: 128-512 Increment 128 FIPS 198-1 HMAC-SHA2- A4957 Key Length - Key Length: 64-2048 Increment 8 FIPS 198-1 HMAC-SHA2- A4958 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 HMAC-SHA2- A4959 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 HMAC-SHA2- A4956 Key Length - Key Length: 384-1024 Increment FIPS 198-1

384 320

HMAC-SHA2- A4958 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 © 2021-2025 Nokia Corporation

Page 11

Algorithm CAVP Properties Reference Cert HMAC-SHA2- A4956 Key Length - Key Length: 512-1024 Increment FIPS 198-1

512 256

HMAC-SHA2- A4958 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 HMAC-SHA2- A4959 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 KAS-ECC-SSC A4958 Domain Parameter Generation Methods - P-256, SP 800-56A Sp800-56Ar3 P-384, P-521 Rev. 3 Scheme ephemeralUnified KAS Role - initiator, responder KAS-ECC-SSC A4959 Domain Parameter Generation Methods - P-256, SP 800-56A Sp800-56Ar3 P-384, P-521 Rev. 3 Scheme ephemeralUnified KAS Role - initiator, responder KAS-FFC-SSC A4958 Domain Parameter Generation Methods - SP 800-56A Sp800-56Ar3 ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, Rev. 3 ffdhe8192, MODP-2048, MODP-3072, MODP4096, MODP-6144, MODP-8192 Scheme dhEphem KAS Role - initiator, responder KDF IKEv2 A4958 Diffie-Hellman Shared Secret Length - Diffie- SP 800-135 (CVL) Hellman Shared Secret Length: 384-2048 Rev. 1 Increment 1664 Derived Keying Material Length - Derived Keying Material Length: 1056, 2432 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 KDF IKEv2 A4959 Diffie-Hellman Shared Secret Length - Diffie- SP 800-135 (CVL) Hellman Shared Secret Length: 384-2048 Rev. 1 Increment 1664 Derived Keying Material Length - Derived Keying Material Length: 1056, 2432 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 KDF SNMP A4958 Password Length - Password Length: 64, 96 SP 800-135 (CVL) Rev. 1 KDF SSH A4958 Cipher - AES-128, AES-192, AES-256 SP 800-135 (CVL) Hash Algorithm - SHA-1, SHA2-224, SHA2-256, Rev. 1 SHA2-384, SHA2-512 PBKDF A4958 Iteration Count - Iteration Count: 10-10000 SP 800-132 Increment 1 Password Length - Password Length: 8-128 Increment 8 RSA KeyGen A4958 Key Generation Mode - B.3.6 FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 © 2021-2025 Nokia Corporation

Page 12

Algorithm CAVP Properties Reference Cert Primality Tests - Table C.2 Private Key Format - Standard RSA KeyGen A4959 Key Generation Mode - B.3.6 FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard RSA SigGen A4958 Signature Type - PKCS 1.5, PKCSPSS FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 RSA SigGen A4959 Signature Type - PKCS 1.5, PKCSPSS FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 RSA SigVer A4958 Signature Type - PKCS 1.5, PKCSPSS FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 RSA SigVer A4959 Signature Type - PKCS 1.5, PKCSPSS FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 Safe Primes A4958 Safe Prime Groups - ffdhe2048, ffdhe3072, SP 800-56A Key ffdhe4096, ffdhe6144, ffdhe8192 Rev. 3 Generation SHA-1 A4956 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 SHA-1 A4958 Message Length - Message Length: 0-65528 FIPS 180-4 Increment 8 SHA2-256 A3366 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-256 A4956 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 SHA2-256 A4957 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 SHA2-256 A4958 Message Length - Message Length: 0-65528 FIPS 180-4 Increment 8 SHA2-256 A4959 Message Length - Message Length: 0-65528 FIPS 180-4 Increment 8 SHA2-384 A4956 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 SHA2-384 A4958 Message Length - Message Length: 0-65528 FIPS 180-4 Increment 8 SHA2-512 A4948 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 SHA2-512 A4949 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 SHA2-512 A4952 Message Length - Message Length: 1536-4096 FIPS 180-4 Increment 8 SHA2-512 A4953 Message Length - Message Length: 1536-4096 FIPS 180-4 Increment 8 SHA2-512 A4954 Message Length - Message Length: 0-65528 FIPS 180-4 Increment 8 SHA2-512 A4955 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 © 2021-2025 Nokia Corporation

Page 13

Algorithm CAVP Properties Reference Cert SHA2-512 A4956 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 SHA2-512 A4958 Message Length - Message Length: 0-65528 FIPS 180-4 Increment 8 SHA2-512 A4959 Message Length - Message Length: 0-65528 FIPS 180-4 Increment 8 SHA2-512 A4960 Message Length - Message Length: 0-65528 FIPS 180-4 Increment 8 SHA2-512 A4961 Message Length - Message Length: 1536-65536 FIPS 180-4 Increment 8 SHA2-512 A4962 Message Length - Message Length: 8-51200 FIPS 180-4 Increment 8 TLS v1.2 KDF A4958 Hash Algorithm - SHA2-256, SHA2-384, SHA2- SP 800-135 RFC7627 512 Rev. 1 (CVL) TLS v1.3 KDF A4958 HMAC Algorithm - SHA2-256, SHA2-384 SP 800-135 (CVL) KDF Running Modes - DHE, PSK, PSK-DHE Rev. 1 Table 4: Approved Algorithms Vendor-Affirmed Algorithms: Name Properties Implementation Reference CKG Key Type:Asymmetric N/A SP 800-133r2 Section 4, Method 1 Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations
Page 14

Name Type Description Properties Algorithms KAS-ECC- CKG KAS ECC Counter DRBG KeyGen (SSH, KAS-KeyGen KeyGen in SSH, CKG TLS and Control TLS and Control Plane IKEv2) Plane IKEv2 services KAS-FFC- CKG KAS FFC Counter DRBG KeyGen (SSH, KAS-KeyGen KeyGen in SSH, Safe Primes Key TLS and Control TLS and Control Generation Plane IKEv2) Plane IKEv2 CKG services KAS-ECC- CKG KAS ECC Counter DRBG KeyGen (Data KAS-KeyGen KeyGen in Data CKG Plane IKEv2) Plane Encryption service KAS-ECC KAS-Full KAS-ECC for Bit-strength KAS-ECC-SSC (SSHv2) SSHv2 service Caveat:Provides Sp800-56Ar3 between 128 KDF SSH and 256 bits of encryption strength KAS-FFC KAS-Full KAS-FFC for Bit-strength KAS-FFC-SSC (SSHv2) SSHv2 service Caveat:Provides Sp800-56Ar3 between 112 Domain and 200 bits of Parameter encryption Generation strength Method : MODP2048, MODP4096, and MODP-8192 KDF SSH KAS-ECC KAS-Full KAS-ECC for Bit-strength KAS-ECC-SSC (TLSv1.2/v1.3) TLSv1.2/v1.3 Caveat:Provides Sp800-56Ar3 service between 128 TLS v1.2 KDF and 256 bits of RFC7627 encryption TLS v1.3 KDF strength KAS-FFC KAS-Full KAS-FFC for Bit-strength KAS-FFC-SSC (TLSv1.2/v1.3) TLSv1.2/v1.3 Caveat:Provides Sp800-56Ar3 service 112 bits of Domain encryption Parameter strength Generation Method: ffdhe2048 TLS v1.2 KDF RFC7627 TLS v1.3 KDF © 2021-2025 Nokia Corporation

Page 15

Name Type Description Properties Algorithms KAS-ECC KAS-Full KAS-ECC for Bit-strength KAS-ECC-SSC (Control Plane Control Plane Caveat:Provides Sp800-56Ar3 IKEv2) IKEv2 service between 128 KDF IKEv2 and 256 bits of encryption strength KAS-FFC KAS-Full KAS-FFC for Bit-strength KAS-FFC-SSC (Control Plane Control Plane Caveat:Provides Sp800-56Ar3 IKEv2) IKEv2 service between 112 Domain and 200 bits of Parameter encryption Generation strength Method: MODP2048, MODP3072, MODP4096, MODP-

6144 and

MODP-8192 KDF IKEv2 KAS-ECC (Data KAS-Full KAS-ECC for Bit-strength KAS-ECC-SSC Plane IKEv2) Data Plane Caveat:Provides Sp800-56Ar3 IKEv2 service 256 bits of Curve: P-521 encryption KDF IKEv2 strength ECDSA KeyGen AsymKeyPair- RSA Keypair ECDSA KeyGen (SSH, TLS and KeyGen generation for (FIPS186-4) Control Plane CKG SSH, TLS and Counter DRBG IKEv2) Control Plane CKG IKEv2 services ECDSA SigGen DigSig-SigGen ECDSA SigGen ECDSA SigGen (SSH, TLS and for SSH, TLS (FIPS186-4) Control Plane and Control IKEv2) Plane IKEv2 services ECDSA SigVer DigSig-SigVer ECDSA SigVer ECDSA SigVer (SSH, TLS and for SSH, TLS (FIPS186-4) Control Plane and Control IKEv2) Plane IKEv2 services RSA KeyGen AsymKeyPair- RSA Keypair RSA KeyGen (SSH, TLS and KeyGen generation for (FIPS186-4) Control Plane CKG SSH, TLS and Counter DRBG IKEv2) Control Plane CKG IKEv2 services RSA SigGen DigSig-SigGen RSA SigGen for RSA SigGen (SSH, TLS and SSH, TLS and (FIPS186-4) Control Plane Control Plane IKEv2) IKEv2 services RSA SigVer DigSig-SigVer RSA SigVer for RSA SigVer (SSH, TLS and SSH, TLS and (FIPS186-4) © 2021-2025 Nokia Corporation

Page 16

Name Type Description Properties Algorithms Control Plane Control Plane IKEv2) IKEv2 services ECDSA KeyGen AsymKeyPair- ECDSA Keypair Counter DRBG (Data Plane KeyGen generation for ECDSA KeyGen IKEv2) CKG Data Plane (FIPS186-4) IKEv2 services CKG ECDSA SigGen DigSig-SigGen ECDSA SigGen ECDSA SigGen (Data Plane for Data Plane (FIPS186-4) IKEv2) IKEv2 service ECDSA SigVer DigSig-SigVer ECDSA SigVer ECDSA SigVer (Data Plane for Data Plane (FIPS186-4) IKEv2) IKEv2 service RSA KeyGen AsymKeyPair- RSA Keypair RSA KeyGen (Data Plane KeyGen generation for (FIPS186-4) IKEv2) CKG Data Plane Counter DRBG IKEv2 services CKG RSA SigGen DigSig-SigGen RSA SigGen for RSA SigGen (Data Plane Data Plane (FIPS186-4) IKEv2) IKEv2 service RSA SigVer DigSig-SigVer RSA SigVer for RSA SigVer (Data Plane Data Plane (FIPS186-4) IKEv2) IKEv2 service TLS Keying KAS-135KDF Keying TLS v1.2 KDF Materials materials, used RFC7627 Development to derive TLS TLS v1.3 KDF session keys IPsec/IKEv2 KAS-135KDF Keying KDF IKEv2 Keying Materials materials, used Development to derive IPSec/IKE session keys SNMPv3 Keying KAS-135KDF Keying KDF SNMP Materials materials, used Development to derive SNMP session keys Block Ciphers BC-UnAuth Block Ciphers AES-ECB (SNMPv3) MAC used for HMAC-SHA-1 SNMPv3 service KDF SNMP SHA-1 Block Ciphers BC-Auth Block Cipher for AES-CBC (SSHv2) BC-UnAuth SSHv2 serivce AES-CTR MAC HMAC-SHA-1 HMAC-SHA2HMAC-SHA2SHA-1 SHA2-256 © 2021-2025 Nokia Corporation

Page 17

Name Type Description Properties Algorithms SHA2-512 AES-GCM Block Ciphers BC-Auth Block Cipher AES-CBC (TLSv1.2/v1.3) BC-UnAuth used for AES-GCM MAC TLSv1.2/v1.3 HMAC-SHA2service 256 HMAC-SHA2HMAC-SHA2SHA2-256 SHA2-384 SHA2-512 Block Ciphers BC-Auth Block Ciphers AES-CBC (Control Plane BC-UnAuth for Control Plane AES-CCM IKEv2) MAC IKEv2 service AES-GCM AES-CBC AES-CCM AES-GCM AES-CTR AES-CTR HMAC-SHA-1 HMAC-SHA2HMAC-SHA2HMAC-SHA2HMAC-SHA-1 HMAC-SHA2HMAC-SHA2HMAC-SHA2SHA-1 SHA2-256 SHA2-384 SHA2-512 SHA-1 SHA2-256 SHA2-384 SHA2-512 Block Cipher BC-Auth Block Cipher for AES-GCM (Data Plane Data Plane AES-GCM IKEv2) IKEv2 service AES-CBC HMAC-SHA2HMAC-SHA2© 2021-2025 Nokia Corporation

Page 18

Name Type Description Properties Algorithms SHA2-256 SHA2-512 AES-ECB SSH KTS (AES KTS-Wrap KTS via SSHv2 Bit-strength AES-CBC and HMAC) service by using Caveat:Provides AES-CTR AES and HMAC between 128 HMAC-SHA-1 and 256 bits of HMAC-SHA2encryption 256 strength HMAC-SHA2SHA-1 SHA2-256 SHA2-512 SSH KTS KTS-Wrap KTS via SSHv2 Bit-strength AES-GCM (GCM) service by using Caveat:Provides AES-GCM between 128 and 256 bits of encryption strength TLS KTS (AES KTS-Wrap KTS via Bit-strength AES-CBC and HMAC) TLSv1.2/v1.3 Caveat:Provides HMAC-SHA2service by using between 128 256 AES and HMAC and 256 bits of HMAC-SHA2encryption 384 strength HMAC-SHA2SHA2-256 SHA2-384 SHA2-512 TLS KTS (GCM) KTS-Wrap KTS via Bit-strength AES-GCM TLSv1.2/v1.3 Caveat:Provides service by using between 128 GCM and 256 bits of encryption strength OSPFv2 MAC OSPFv2 HMAC-SHA2Authentication authentication 256 SHA2-256 LUKS Database MAC Database SHA2-512 Protection integrity HMAC-SHA2protection using 512 HMAC-SHA2- PBKDF Firmware Load DigSig-SigVer ECDSA SigVer ECDSA SigVer Test for firmware load (FIPS186-4) test Curve: P-521 © 2021-2025 Nokia Corporation

Page 19

Name Type Description Properties Algorithms NTP MAC NTP SHA-1 Authentication authentication SHA2-256 AES-CMAC DRBG Function DRBG Used for DRBG Counter DRBG generation Counter DRBG Firmware DigSig-SigVer Used for ECDSA SigVer Integrity Test firmware (FIPS186-4) integrity test ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) SHA2-512 ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) SHA2-256 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512 Table 6: Security Function Implementations

2.7 Algorithm Specific Information
Page 20

of AES-GCM is compliant to IG C.H option i) where module implements TLS protocol. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES-GCM key encryption or decryption under this scenario shall be established.

2.8 RBG and Entropy

Cert Vendor Name Number E156 Silicon Laboratories Table 7: Entropy Certificates © 2021-2025 Nokia Corporation

Page 21

Name Type Operational Sample Entropy Conditioning Environment Size per Component Sample EFR32MG21B010F1024IM32 Physical B with SE 128 bits Full A3366 (AESFirmware entropy CBC-MAC) Version 1.2.13 Table 8: Entropy Sources The module implements two approved CTR_DRBGs based on SP800-90Arev1, with Algo Certs. #A4958 and #A4959. Each DRBG is used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). The DRBG is seeded by the entropy source described in the table above. The CTR_DRBG (AES-128/192/256) enables Derivation Function capability. The DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy) and provides at least 256 bits security strength for the following cryptographic keys generation. The entropy source implementation generates an output that is considered to have full entropy. More information can be found in the public use document for ESV cert #E156.

2.9 Key Generation

The module generates RSA, ECDSA, EC Diffie-Hellman, and Diffie-Hellman asymmetric key pairs compliant with FIPS 186-4, using a NIST SP 800-90Arev1 CTR DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).

2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation:

7919 (TLS) and RFC 3526 (IKE).

- SSH (RFC 4419): © 2021-2025 Nokia Corporation

Page 22

MODP-2048 (ID =

  1. MODP-4096 (ID =
  2. MODP-8192 (ID = 18) - TLS (RFC 7919): ffdhe2048 (ID = 256) - IKE (RFC 3526): MODP-2048 (ID =
  3. MODP-3072 (ID =
  4. MODP-4096 (ID =
  5. MODP-6144 (ID =
  6. MODP-8192 (ID = 18) • KAS-ECC Shared Secret Computation: o The module provides SP800-56Arev3 compliant key establishment according to FIPS 140-3 IG D.F scenario 2 path (2) with KAS-ECC shared secret computation. The shared secret computation provides between 128 and 256 bits of encryption strength.
2.11 Industry Protocols

The module supports SSHv2, TLS v1.2, TLSv1.3, SNMPv3 and IKEv2 industrial protocols. No parts of SSH, TLS, SNMP and IKEv2 protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information.

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Physical Port Logical Data That Passes Interface(s) Ethernet Ports and Optical Ports on Data Input Plaintext/Ciphertext Data input to the CHM6 Card; DCN, CRAFT, module for all approved services defined CONSOLE, AUX 1 & AUX 2 Ports in the approved services table on XMM4 Card Ethernet Ports and Optical Ports on Data Output Plaintext/Ciphertext Data output from the CHM6 Card; DCN, CRAFT, module for all approved services defined CONSOLE, AUX 1 & AUX 2 Ports in the approved services table on XMM4 Card DCN, CRAFT, CONSOLE, AUX 1 Control Control information input into the module & AUX 2 Ports on XMM4 Card; Input for all the services defined in the Lamp Test on IOP Card approved services table DCN, CRAFT, CONSOLE, AUX 1 Status Status Information output from the & AUX 2 Ports on XMM4 Card, and Output module for all the services defined in the LEDs approved services table Power Interface Power Power supply Table 9: Ports and Interfaces © 2021-2025 Nokia Corporation

Page 23

The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided by the module (data input, data output, control input, control output and status output) as above. The module’s data output interface will be disabled when performing pre-operational self-tests, loading new firmware, zeroizing keys, or when in an error state.

4 Roles, Services, and Authentication
4.1 Authentication Methods

Method Description Security Strength Strength per Name Mechanism Each Minute Attempt Password- The minimum length Password The The probability of based is eight (8) characters Based probability successfully Authentication (94 possible that a random authenticating to the characters). The attempt will module within one probability that a succeed or a minute is 10/(94^8). random attempt will false Please refer to succeed or a false acceptance Description section acceptance will occur will occur is in this table for more is 1/(94^8) which is 1/(94^8). details less than 1/1,000,000. Please refer As the module to Description supports at most ten section in this failed attempts to table for more authenticate in a one- details minute period, the probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing

94 characters to

choose from in total. © 2021-2025 Nokia Corporation

Page 24

Method Description Security Strength Strength per Name Mechanism Each Minute Attempt RSA-based The modules support RSA SigVer The the probability of Authentication RSA public-key based (FIPS186-4) probability successfully authentication (A4958) that a random authenticating to the mechanism using a attempt will module within a one minimum of RSA succeed is minute period is

2048 bits, which 1/(2^112). 17,000 * 60 =

provides 112 bits of Please refer 1,020,000/(2^112). security strength. The to Description Please refer to probability that a section in this Description section random attempt will table for more in this table for more succeed is 1/(2^112) details details which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one-minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000. ECDSA- The modules support ECDSA The the probability of based ECDSA public-key SigVer probability successfully Authentication based authentication (FIPS186-4) that a random authenticating to the mechanism using a (A4958) attempt will module within a one minimum of curve P- succeed is minute period is 256, which provides 1/(2^128) 17,000 * 60 =

128 bits of security which is less 1,020,000/(2^128).

strength. The than Please refer to probability that a 1/1,000,000. Description section random attempt will Please refer in this table for more succeed is 1/(2^128) to Description details which is less than section in this 1/1,000,000. For table for more multiple attacks during details a one-minute period, as the module at its highest can support at most 17,000 new © 2021-2025 Nokia Corporation

Page 25

Method Description Security Strength Strength per Name Mechanism Each Minute Attempt sessions per second to authenticate in a one-minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000. Table 10: Authentication Methods The module supports identity-based authentication mechanism. The module supports the multiple Crypto Officer roles and User roles. Each role is authenticated by the module upon initial access to the module, as detailed below. Crypto Officer Roles:

Page 26

The module also allows the concurrent operators.

4.2 Roles

Name Type Operator Type Authentication Methods Security Admin (SA) Identity Crypto Officer Password-based Authentication RSA-based Authentication ECDSA-based Authentication Network Admin (NA) Identity Crypto Officer Password-based Authentication RSA-based Authentication ECDSA-based Authentication Encryption Admin (EA) Identity Crypto Officer Password-based Authentication RSA-based Authentication ECDSA-based Authentication Network Engineer (NE) Identity User Password-based Authentication RSA-based Authentication ECDSA-based Authentication Monitoring Access (MA) Identity User Password-based Authentication RSA-based Authentication ECDSA-based Authentication Provisioning (PR) Identity User Password-based Authentication RSA-based Authentication ECDSA-based Authentication Turn-up and Test (TT) Identity User Password-based Authentication RSA-based Authentication ECDSA-based Authentication Table 11: Roles

4.3 Approved Services
Page 27

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Show Show N/A Command Module's None Security Version module's ID used to ID and Admin (SA) and show versioning Network versioning module's informatio Admin (NA) information version n Encryption Admin (EA) Network Engineer (NE) Monitoring Access (MA) Provisionin g (PR) Turn-up and Test (TT) Show Show N/A Command Module's None Security Status module's used to operation Admin (SA) operational show al status Network status Module's Admin (NA) Status Encryption Admin (EA) Network Engineer (NE) Monitoring Access (MA) Provisionin g (PR) Turn-up and Test (TT) User User N/A Command Status of None Security Account account to manage User Admin (SA) Manageme manageme the User account - Operator nt nt account Password: G,R,W,Z - SSH RSA Public Key: G,R,W,Z - SSH ECDSA Public Key: G,R,W,Z © 2021-2025 Nokia Corporation

Page 28

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Certificates Certificates N/A Command Status of None Security Manageme Manageme s used to the Admin (SA) nt nt manage completio - SSH the n of ECDSA certificates network Private configurati Key: on status G,R,W,E,Z - SSH ECDSA Public Key: G,R,W,E,Z - SSH RSA Private Key: G,R,W,E,Z - SSH RSA Public Key: G,R,W,E,Z - TLS ECDSA Private Key: G,R,W,E,Z - TLS ECDSA Public Key: G,R,W,E,Z - TLS RSA Private Key: G,R,W,E,Z - TLS RSA Public Key: G,R,W,E,Z - IPSec/IKE ECDSA Private Key: G,R,W,E,Z - IPSec/IKE ECDSA Public Key: G,R,W,E,Z - IPSec/IKE RSA Private Key: G,R,W,E,Z - IPSec/IKE © 2021-2025 Nokia Corporation

Page 29

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access RSA Public Key: G,R,W,E,Z - Data Plane Encryption ECDSA Private Key: G,R,W,E,Z - Data Plane Encryption ECDSA Public Key: G,R,W,E,Z - Data Plane Encryption RSA Private Key: G,R,W,E,Z - Data Plane Encryption RSA Public Key: G,R,W,E,Z Setup Commands N/A Command Status of None Network Network to configure s to the Admin (NA) (non- the non- configure completio Provisionin security security the n of g (PR) relevant) relevant network network Turn-up network configurati and Test on status (TT) Enable/disa Enable/disa N/A Command Module's None Security ble ble used to approved Admin (SA) approved approved enable or mode mode mode disable status approved mode Configure Configure N/A Command Network None Security Network network s used to access Admin (SA) Access access configure control list Control List control list network configurati access on status control list © 2021-2025 Nokia Corporation

Page 30

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Configure Configure N/A Command performan None Network Performanc Performanc s used to ce Admin (NA) e e configure monitoring Turn-up Monitoring Monitoring performan service and Test Service Service ce configurati (TT) monitoring on status service Configure Provision N/A Command Equipmen None Network Equipment equipment s used to t Admin (NA) configue configurati Network equipment on status Engineer (NE) Configure Configure N/A Command Module's None Network Facilities Facilities s to physical Admin (NA) (physical or (physical or configure or logical Provisionin logical logical the interfaces g (PR) Interfaces) interfaces) module's configruait Turn-up physical or on status and Test logical (TT) interfaces Perform Perform N/A Command Self-tests Firmware Security Self-Test self-tests to trigger completio Integrity Admin (SA) self-tests n status Test Network Admin (NA) Encryption Admin (EA) Network Engineer (NE) Monitoring Access (MA) Provisionin g (PR) Turn-up and Test (TT) Firmware Perform Firmware Command Firmware Firmware Network Update firmware update to trigger update Load Test Admin (NA) update service firmware status - Firmware completio update Load Test n status Key: R,E Perform Zeroize all N/A Command SSPs None Security Zeroization SSPs in the to zeroize zeroizatio Admin (SA) module the module n status - DRBG Entropy Input: Z - DRBG © 2021-2025 Nokia Corporation

Page 31

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - Operator Password: Z - LUKS DB Password: Z - LUKS DB Salt : Z - LUKS DB Integrity Key : Z - SSH DH Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: Z - SSH ECDH Public Key: Z - SSH Peer ECDH Public Key: Z - SSH ECDH Shared Secret: Z - SSH ECDSA Private © 2021-2025 Nokia Corporation

Page 32

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: Z - SSH ECDSA Public Key: Z - SSH RSA Private Key: Z - SSH RSA Public Key: Z - SSH Encryption Key: Z - SSH Integrity Key: Z - TLS DH Private Key: Z - TLS DH Public Key: Z - TLS Peer DH Public Key: Z - TLS DH Shared Secret: Z - TLS ECDH Private Key: Z - TLS ECDH Public Key: Z - TLS Peer ECDH Public Key: Z - TLS ECDH Shared Secret: Z - TLS ECDSA Private Key: Z © 2021-2025 Nokia Corporation

Page 33

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - TLS ECDSA Public Key: Z - TLS RSA Private Key: Z - TLS RSA Public Key: Z - TLS Master Secret: Z - TLS Encryption Key: Z - TLS Integrity Key: Z - IPSec/IKE DH Private Key: Z - IPSec/IKE DH Public Key: Z - IPSec/IKE Peer DH Public Key: Z - IPSec/IKE DH Shared Secret: Z - IPSec/IKE ECDH Private Key: Z - IPSec/IKE ECDH Public Key: Z - IPSec/IKE Peer ECDH Public Key: Z - IPSec/IKE ECDH Shared Secret: Z © 2021-2025 Nokia Corporation

Page 34

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - IPSec/IKE ECDSA Private Key: Z - IPSec/IKE ECDSA Public Key: Z - IPSec/IKE RSA Private Key: Z - IPSec/IKE RSA Public Key: Z - IPSec/IKE Pre-shared Secret: Z - IPSec/IKE SKEYSEE D: Z - IPSec/IKE Encryption Key: Z - IPSec/IKE Integrity Key: Z - SNMPv3 Encryption Key: Z - SNMPv3 Integrity Key: Z - Data Plane Encryption Pre-shared Secret: Z - Data Plane Encryption ECDH Private Key: Z - Data Plane Encryption ECDH Public Key: © 2021-2025 Nokia Corporation

Page 35

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Z - Data Plane Encryption Peer ECDH Public Key: Z - Data Plane Encryption ECDH Shared Secret: Z - Data Plane Encryption ECDSA Private Key: Z - Data Plane Encryption ECDSA Public Key: Z - Data Plane Encryption RSA Private Key: Z - Data Plane Encryption RSA Public Key: Z - Data Plane Encryption IKE-SA Session Key: Z - Data Plane Encryption Child-SA Session Key: Z © 2021-2025 Nokia Corporation

Page 36

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - SNMPv3 Authenticat ion Secret: Z Configure Configure Global Commman SSHv2 KAS-ECC- Security SSHv2 SSHv2 approved ds used to service KeyGen Admin (SA) service service mode configure configurati (SSH, TLS - SSH DH indicator SSHv2 on status and Control Private and service Plane Key: W,Z SSHv2 IKEv2) - SSH DH service KAS-FFC- Public Key: configurati KeyGen W,Z on status (SSH, TLS - SSH Peer and Control DH Public Plane Key: W,Z IKEv2) - SSH DH KAS-ECC Shared (SSHv2) Secret: KAS-FFC W,Z (SSHv2) - SSH ECDSA ECDH KeyGen Private (SSH, TLS Key: W,Z and Control - SSH Plane ECDH IKEv2) Public Key: ECDSA W,Z SigGen - SSH Peer (SSH, TLS ECDH and Control Public Key: Plane W,Z IKEv2) - SSH ECDSA ECDH SigVer Shared (SSH, TLS Secret: and Control W,Z Plane - SSH IKEv2) ECDSA RSA Private KeyGen Key: W,Z (SSH, TLS - SSH and Control ECDSA Plane Public Key: IKEv2) W,Z RSA - SSH RSA SigGen Private (SSH, TLS Key: W,Z and Control - SSH RSA Plane Public Key: © 2021-2025 Nokia Corporation

Page 37

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access IKEv2) W,Z RSA SigVer - SSH (SSH, TLS Encryption and Control Key: W,Z Plane - SSH IKEv2) Integrity Block Key: W,Z Ciphers - DRBG (SSHv2) Entropy SSH KTS Input: W,Z (AES and - DRBG HMAC) Seed: W,Z SSH KTS - DRBG (GCM) Internal DRBG State V Function value: W,Z - DRBG Key: W,Z Configure Configure Global Commman TLS KAS-ECC- Security TLS TLS approved ds used to (v1.2/v1.3 KeyGen Admin (SA) (v1.2/v1.3) (v1.2/v1.3) mode configure ) service (SSH, TLS - TLS DH Service service indicator TLS configurati and Control Private and OSPF (v1.2/v1.3) on status Plane Key: W,Z service service IKEv2) - TLS DH configurati KAS-FFC- Public Key: on status KeyGen W,Z (SSH, TLS - TLS Peer and Control DH Public Plane Key: W,Z IKEv2) - TLS DH KAS-ECC Shared (TLSv1.2/v Secret: 1.3) W,Z KAS-FFC - TLS (TLSv1.2/v ECDH 1.3) Private ECDSA Key: W,Z KeyGen - TLS (SSH, TLS ECDH and Control Public Key: Plane W,Z IKEv2) - TLS Peer ECDSA ECDH SigGen Public Key: (SSH, TLS W,Z and Control - TLS Plane ECDH IKEv2) Shared ECDSA Secret: © 2021-2025 Nokia Corporation

Page 38

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access SigVer W,Z (SSH, TLS - TLS and Control ECDSA Plane Private IKEv2) Key: W,Z RSA - TLS KeyGen ECDSA (SSH, TLS Public Key: and Control W,Z Plane - TLS RSA IKEv2) Private RSA Key: W,Z SigGen - TLS RSA (SSH, TLS Public Key: and Control W,Z Plane - TLS IKEv2) Master RSA SigVer Secret: (SSH, TLS W,Z and Control - TLS Plane Encryption IKEv2) Key: W,Z Block - TLS Ciphers Integrity (TLSv1.2/v Key: W,Z 1.3) - DRBG TLS KTS Entropy (AES and Input: W,Z HMAC) - DRBG TLS KTS Seed: W,Z (GCM) - DRBG DRBG Internal Function State V TLS Keying value: W,Z Materials - DRBG Developme Key: W,Z nt Configure Configure Global Commman SNMP Block Security SNMP SNMP approved ds used to service Ciphers Admin (SA) service service mode configure configurati (SNMPv3) - SNMPv3 indicator SNMP on status SNMPv3 Authenticat and service Keying ion Secret: SNMP Materials W,Z service Developme - SNMPv3 configurati nt Encryption on status Key: W,Z - SNMPv3 Integrity Key: W,Z © 2021-2025 Nokia Corporation

Page 39

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Configure Configure Global Commman Control KAS-ECC- Security Control Control approved ds used to Plane KeyGen Admin (SA) Plane Plane mode configure IPSec/IKE (SSH, TLS - IPSec/IKE IPSec/IKEv IPSec/IKEv indicator Control v2 service and Control DH Private

2 Service 2 Service and Plane configurati Plane Key: W,Z

Control IPSec/IKE on status IKEv2) - IPSec/IKE Plane v2 service KAS-FFC- DH Public IPSec/IKE KeyGen Key: W,Z v2 service (SSH, TLS - IPSec/IKE configurati and Control Peer DH on status Plane Public Key: IKEv2) W,Z KAS-ECC - IPSec/IKE (Control DH Shared Plane Secret: IKEv2) W,Z KAS-FFC - IPSec/IKE (Control ECDH Plane Private IKEv2) Key: W,Z ECDSA - IPSec/IKE KeyGen ECDH (SSH, TLS Public Key: and Control W,Z Plane - IPSec/IKE IKEv2) Peer ECDSA ECDH SigGen Public Key: (SSH, TLS W,Z and Control - IPSec/IKE Plane ECDH IKEv2) Shared ECDSA Secret: SigVer W,Z (SSH, TLS - IPSec/IKE and Control ECDSA Plane Private IKEv2) Key: W,Z RSA - IPSec/IKE KeyGen ECDSA (SSH, TLS Public Key: and Control W,Z Plane - IPSec/IKE IKEv2) RSA RSA Private SigGen Key: W,Z (SSH, TLS - IPSec/IKE and Control RSA Public Plane Key: W,Z © 2021-2025 Nokia Corporation

Page 40

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access IKEv2) - IPSec/IKE RSA SigVer Pre-shared (SSH, TLS Secret: and Control W,Z Plane - IPSec/IKE IKEv2) SKEYSEE Block D: W,Z Ciphers - IPSec/IKE (Control Encryption Plane Key: W,Z IKEv2) - IPSec/IKE DRBG Integrity Function Key: W,Z IPsec/IKEv - DRBG

2 Keying Entropy

Materials Input: W,Z Developme - DRBG nt Seed: W,Z - DRBG Internal State V value: W,Z - DRBG Key: W,Z Configure Configure Global Commman Data KAS-ECC- Encryption Data Plane Data Plane approved ds used to Plane KeyGen Admin (EA) Encryption Encryption mode configure Encryptio (Data Plane - Data Service Service indicator Data Plane n service IKEv2) Plane and Data Encryption configurati KAS-ECC Encryption Plane service on status (Data Plane ECDH Encryptio IKEv2) Private n service ECDSA Key: W,Z configurati KeyGen - Data on status (Data Plane Plane IKEv2) Encryption ECDSA ECDH SigGen Public Key: (Data Plane W,Z IKEv2) - Data ECDSA Plane SigVer Encryption (Data Plane Peer IKEv2) ECDH RSA Public Key: KeyGen W,Z (Data Plane - Data IKEv2) Plane RSA Encryption SigGen ECDH © 2021-2025 Nokia Corporation

Page 41

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access (Data Plane Shared IKEv2) Secret: RSA SigVer W,Z (Data Plane - Data IKEv2) Plane Block Encryption Cipher ECDSA (Data Plane Private IKEv2) Key: W,Z DRBG - Data Function Plane Encryption ECDSA Public Key: W,Z - Data Plane Encryption RSA Private Key: W,Z - Data Plane Encryption RSA Public Key: W,Z - Data Plane Encryption Pre-shared Secret: W,Z - Data Plane Encryption IKE-SA Session Key: W,Z - Data Plane Encryption Child-SA Session Key: W,Z - DRBG Entropy Input: W,Z - DRBG Seed: W,Z © 2021-2025 Nokia Corporation

Page 42

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - DRBG Internal State V value: W,Z - DRBG Key: W,Z Configure Configure Global Command OSPF OSPFv2 Security OSPF OSPF approved s used to configurati Authenticati Admin (SA) Service Service mode configure on status on - OSPFv2 indicator OSPF Authenticat and OSPF service ion Key : service W,Z configurati Network on status Admin (NA) log - OSPFv2 Authenticat ion Key : W,Z Configure Configure Global Command Status of LUKS Security LUKS LUKS approved s to completio Database Admin (SA) Database Database mode configure n of LUKS Protection - LUKS DB Protection protection indicator LUKS database Password: Service service and LUKS database service G,W,Z Database service configurati service on configurati on status Run SSHv2 Run SSHv2 Global Initiate SSHv2 KAS-ECC- Security service service approved SSHv2 service KeyGen Admin (SA) mode service running (SSH, TLS - DRBG indicator establishm status and Control Entropy and ent request Plane Input: SSHv2 IKEv2) G,W,E,Z service KAS-FFC- - DRBG running KeyGen Seed: status (SSH, TLS G,W,E,Z and Control - DRBG Plane Internal IKEv2) State V KAS-ECC value: (SSHv2) G,W,E,Z KAS-FFC - DRBG (SSHv2) Key: ECDSA G,W,E,Z KeyGen - SSH DH (SSH, TLS Private and Control Key: Plane G,W,E,Z © 2021-2025 Nokia Corporation

Page 43

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access IKEv2) - SSH DH ECDSA Public Key: SigGen G,W,E,Z (SSH, TLS - SSH Peer and Control DH Public Plane Key: IKEv2) G,W,E,Z ECDSA - SSH DH SigVer Shared (SSH, TLS Secret: and Control G,W,E,Z Plane - SSH IKEv2) ECDH RSA Private KeyGen Key: (SSH, TLS G,W,E,Z and Control - SSH Plane ECDH IKEv2) Public Key: RSA G,W,E,Z SigGen - SSH Peer (SSH, TLS ECDH and Control Public Key: Plane G,W,E,Z IKEv2) - SSH RSA SigVer ECDH (SSH, TLS Shared and Control Secret: Plane G,W,E,Z IKEv2) - SSH Block ECDSA Ciphers Private (SSHv2) Key: SSH KTS G,W,E,Z (AES and - SSH HMAC) ECDSA SSH KTS Public Key: (GCM) G,W,E,Z DRBG - SSH RSA Function Private Key: G,W,E,Z - SSH RSA Public Key: G,W,E,Z - SSH Encryption Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 44

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - SSH Integrity Key: G,W,E,Z Network Admin (NA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,W,E,Z - SSH Peer DH Public Key: G,W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,W,E,Z - SSH Peer ECDH Public Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 45

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - SSH ECDH Shared Secret: G,W,E,Z - SSH ECDSA Private Key: G,W,E,Z - SSH ECDSA Public Key: G,W,E,Z - SSH RSA Private Key: G,W,E,Z - SSH RSA Public Key: G,W,E,Z - SSH Encryption Key: G,W,E,Z - SSH Integrity Key: G,W,E,Z Encryption Admin (EA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - SSH DH Private Key: © 2021-2025 Nokia Corporation

Page 46

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access G,W,E,Z - SSH DH Public Key: G,W,E,Z - SSH Peer DH Public Key: G,W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,W,E,Z - SSH Peer ECDH Public Key: G,W,E,Z - SSH ECDH Shared Secret: G,W,E,Z - SSH ECDSA Private Key: G,W,E,Z - SSH ECDSA Public Key: G,W,E,Z - SSH RSA Private Key: G,W,E,Z - SSH RSA Public Key: G,W,E,Z - SSH Encryption Key: © 2021-2025 Nokia Corporation

Page 47

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access G,W,E,Z - SSH Integrity Key: G,W,E,Z Network Engineer (NE) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,W,E,Z - SSH Peer DH Public Key: G,W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,W,E,Z - SSH Peer ECDH © 2021-2025 Nokia Corporation

Page 48

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Public Key: G,W,E,Z - SSH ECDH Shared Secret: G,W,E,Z - SSH ECDSA Private Key: G,W,E,Z - SSH ECDSA Public Key: G,W,E,Z - SSH RSA Private Key: G,W,E,Z - SSH RSA Public Key: G,W,E,Z - SSH Encryption Key: G,W,E,Z - SSH Integrity Key: G,W,E,Z Monitoring Access (MA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 49

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,W,E,Z - SSH Peer DH Public Key: G,W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,W,E,Z - SSH Peer ECDH Public Key: G,W,E,Z - SSH ECDH Shared Secret: G,W,E,Z - SSH ECDSA Private Key: G,W,E,Z - SSH ECDSA Public Key: G,W,E,Z - SSH RSA Private Key: G,W,E,Z - SSH RSA Public Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 50

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - SSH Encryption Key: G,W,E,Z - SSH Integrity Key: G,W,E,Z Provisionin g (PR) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,W,E,Z - SSH Peer DH Public Key: G,W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 51

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - SSH Peer ECDH Public Key: G,W,E,Z - SSH ECDH Shared Secret: G,W,E,Z - SSH ECDSA Private Key: G,W,E,Z - SSH ECDSA Public Key: G,W,E,Z - SSH RSA Private Key: G,W,E,Z - SSH RSA Public Key: G,W,E,Z - SSH Encryption Key: G,W,E,Z - SSH Integrity Key: G,W,E,Z Turn-up and Test (TT) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG © 2021-2025 Nokia Corporation

Page 52

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: G,W,E,Z - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,W,E,Z - SSH Peer DH Public Key: G,W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,W,E,Z - SSH Peer ECDH Public Key: G,W,E,Z - SSH ECDH Shared Secret: G,W,E,Z - SSH ECDSA Private Key: G,W,E,Z - SSH ECDSA Public Key: G,W,E,Z - SSH RSA Private Key: G,W,E,Z - SSH RSA © 2021-2025 Nokia Corporation

Page 53

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Public Key: G,W,E,Z - SSH Encryption Key: G,W,E,Z - SSH Integrity Key: G,W,E,Z Run TLS Run TLS Global Initiate TLS KAS-ECC- Security (v1.2/v1.3) (v1.2/v1.3) approved TLS (v1.2/v1.3 KeyGen Admin (SA) Service Service mode (v1.2/v1.3) ) service (SSH, TLS - DRBG indicator service running and Control Entropy and TLS establishm status Plane Input: (v1.2/v1.3 ent request IKEv2) G,W,E,Z ) service KAS-FFC- - DRBG running KeyGen Seed: status (SSH, TLS G,W,E,Z and Control - DRBG Plane Internal IKEv2) State V KAS-ECC value: (TLSv1.2/v G,W,E,Z 1.3) - DRBG KAS-FFC Key: (TLSv1.2/v G,W,E,Z 1.3) - TLS DH ECDSA Private KeyGen Key: (SSH, TLS G,W,E,Z and Control - TLS DH Plane Public Key: IKEv2) G,W,E,Z ECDSA - TLS Peer SigGen DH Public (SSH, TLS Key: and Control G,W,E,Z Plane - TLS DH IKEv2) Shared ECDSA Secret: SigVer G,W,E,Z (SSH, TLS - TLS and Control ECDH Plane Private IKEv2) Key: RSA G,W,E,Z KeyGen - TLS (SSH, TLS ECDH © 2021-2025 Nokia Corporation

Page 54

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access and Control Public Key: Plane G,W,E,Z IKEv2) - TLS Peer RSA ECDH SigGen Public Key: (SSH, TLS G,W,E,Z and Control - TLS Plane ECDH IKEv2) Shared RSA SigVer Secret: (SSH, TLS G,W,E,Z and Control - TLS Plane ECDSA IKEv2) Private Block Key: Ciphers G,W,E,Z (TLSv1.2/v - TLS 1.3) ECDSA TLS KTS Public Key: (AES and G,W,E,Z HMAC) - TLS RSA TLS KTS Private (GCM) Key: DRBG G,W,E,Z Function - TLS RSA TLS Keying Public Key: Materials G,W,E,Z Developme - TLS nt Master Secret: G,W,E,Z - TLS Encryption Key: G,W,E,Z - TLS Integrity Key: G,W,E,Z Network Admin (NA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG © 2021-2025 Nokia Corporation

Page 55

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - TLS DH Private Key: G,W,E,Z - TLS DH Public Key: G,W,E,Z - TLS Peer DH Public Key: G,W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH Public Key: G,W,E,Z - TLS Peer ECDH Public Key: G,W,E,Z - TLS ECDH Shared Secret: G,W,E,Z - TLS ECDSA Private Key: G,W,E,Z - TLS ECDSA Public Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 56

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - TLS RSA Private Key: G,W,E,Z - TLS RSA Public Key: G,W,E,Z - TLS Master Secret: G,W,E,Z - TLS Encryption Key: G,W,E,Z - TLS Integrity Key: G,W,E,Z Encryption Admin (EA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - TLS DH Private Key: G,W,E,Z - TLS DH Public Key: G,W,E,Z - TLS Peer DH Public Key: G,W,E,Z - TLS DH Shared © 2021-2025 Nokia Corporation

Page 57

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH Public Key: G,W,E,Z - TLS Peer ECDH Public Key: G,W,E,Z - TLS ECDH Shared Secret: G,W,E,Z - TLS ECDSA Private Key: G,W,E,Z - TLS ECDSA Public Key: G,W,E,Z - TLS RSA Private Key: G,W,E,Z - TLS RSA Public Key: G,W,E,Z - TLS Master Secret: G,W,E,Z - TLS Encryption Key: G,W,E,Z - TLS Integrity Key: G,W,E,Z Network © 2021-2025 Nokia Corporation

Page 58

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Engineer (NE) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - TLS DH Private Key: G,W,E,Z - TLS DH Public Key: G,W,E,Z - TLS Peer DH Public Key: G,W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH Public Key: G,W,E,Z - TLS Peer ECDH Public Key: G,W,E,Z - TLS ECDH Shared Secret: © 2021-2025 Nokia Corporation

Page 59

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access G,W,E,Z - TLS ECDSA Private Key: G,W,E,Z - TLS ECDSA Public Key: G,W,E,Z - TLS RSA Private Key: G,W,E,Z - TLS RSA Public Key: G,W,E,Z - TLS Master Secret: G,W,E,Z - TLS Encryption Key: G,W,E,Z - TLS Integrity Key: G,W,E,Z Monitoring Access (MA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - TLS DH Private © 2021-2025 Nokia Corporation

Page 60

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: G,W,E,Z - TLS DH Public Key: G,W,E,Z - TLS Peer DH Public Key: G,W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH Public Key: G,W,E,Z - TLS Peer ECDH Public Key: G,W,E,Z - TLS ECDH Shared Secret: G,W,E,Z - TLS ECDSA Private Key: G,W,E,Z - TLS ECDSA Public Key: G,W,E,Z - TLS RSA Private Key: G,W,E,Z - TLS RSA Public Key: G,W,E,Z - TLS Master © 2021-2025 Nokia Corporation

Page 61

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Secret: G,W,E,Z - TLS Encryption Key: G,W,E,Z - TLS Integrity Key: G,W,E,Z Provisionin g (PR) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - TLS DH Private Key: G,W,E,Z - TLS DH Public Key: G,W,E,Z - TLS Peer DH Public Key: G,W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH © 2021-2025 Nokia Corporation

Page 62

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Public Key: G,W,E,Z - TLS Peer ECDH Public Key: G,W,E,Z - TLS ECDH Shared Secret: G,W,E,Z - TLS ECDSA Private Key: G,W,E,Z - TLS ECDSA Public Key: G,W,E,Z - TLS RSA Private Key: G,W,E,Z - TLS RSA Public Key: G,W,E,Z - TLS Master Secret: G,W,E,Z - TLS Encryption Key: G,W,E,Z - TLS Integrity Key: G,W,E,Z Turn-up and Test (TT) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z © 2021-2025 Nokia Corporation

Page 63

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - TLS DH Private Key: G,W,E,Z - TLS DH Public Key: G,W,E,Z - TLS Peer DH Public Key: G,W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH Public Key: G,W,E,Z - TLS Peer ECDH Public Key: G,W,E,Z - TLS ECDH Shared Secret: G,W,E,Z - TLS ECDSA Private Key: G,W,E,Z - TLS ECDSA Public Key: © 2021-2025 Nokia Corporation

Page 64

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access G,W,E,Z - TLS RSA Private Key: G,W,E,Z - TLS RSA Public Key: G,W,E,Z - TLS Master Secret: G,W,E,Z - TLS Encryption Key: G,W,E,Z - TLS Integrity Key: G,W,E,Z Run Control Run Control Global Command Control KAS-ECC- Security Plane Plane approved to run Run Plane KeyGen Admin (SA) IPsec/IKEv IPsec/IKEv mode Control IPsec/IKE (SSH, TLS - DRBG

2 Service 2 Service indicator Plane v2 service and Control Entropy

and Run IPsec/IKEv running Plane Input: IPsec/IKE 2 service status IKEv2) G,W,E,Z v2 service KAS-FFC- - DRBG completio KeyGen Seed: n status (SSH, TLS G,W,E,Z log and Control - DRBG Plane Internal IKEv2) State V KAS-ECC value: (Control G,W,E,Z Plane - DRBG IKEv2) Key: KAS-FFC G,W,E,Z (Control - IPSec/IKE Plane DH Private IKEv2) Key: ECDSA G,W,E,Z KeyGen - IPSec/IKE (SSH, TLS DH Public and Control Key: Plane G,W,E,Z IKEv2) - IPSec/IKE ECDSA Peer DH SigGen Public Key: (SSH, TLS G,W,E,Z © 2021-2025 Nokia Corporation

Page 65

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access and Control - IPSec/IKE Plane DH Shared IKEv2) Secret: ECDSA G,W,E,Z SigVer - IPSec/IKE (SSH, TLS ECDH and Control Private Plane Key: IKEv2) G,W,E,Z RSA - IPSec/IKE KeyGen ECDH (SSH, TLS Public Key: and Control G,W,E,Z Plane - IPSec/IKE IKEv2) Peer RSA ECDH SigGen Public Key: (SSH, TLS G,W,E,Z and Control - IPSec/IKE Plane ECDH IKEv2) Shared RSA SigVer Secret: (SSH, TLS G,W,E,Z and Control - IPSec/IKE Plane ECDSA IKEv2) Private Block Key: Ciphers G,W,E,Z (Control - IPSec/IKE Plane ECDSA IKEv2) Public Key: DRBG G,W,E,Z Function - IPSec/IKE IPsec/IKEv RSA

2 Keying Private

Materials Key: Developme G,W,E,Z nt - IPSec/IKE RSA Public Key: G,W,E,Z - IPSec/IKE Pre-shared Secret: G,W,E,Z - IPSec/IKE SKEYSEE D: G,W,E,Z - IPSec/IKE © 2021-2025 Nokia Corporation

Page 66

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Encryption Key: G,W,E,Z - IPSec/IKE Integrity Key: G,W,E,Z Network Admin (NA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - IPSec/IKE DH Private Key: G,W,E,Z - IPSec/IKE DH Public Key: G,W,E,Z - IPSec/IKE Peer DH Public Key: G,W,E,Z - IPSec/IKE DH Shared Secret: G,W,E,Z - IPSec/IKE ECDH Private Key: G,W,E,Z - IPSec/IKE ECDH Public Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 67

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - IPSec/IKE Peer ECDH Public Key: G,W,E,Z - IPSec/IKE ECDH Shared Secret: G,W,E,Z - IPSec/IKE ECDSA Private Key: G,W,E,Z - IPSec/IKE ECDSA Public Key: G,W,E,Z - IPSec/IKE RSA Private Key: G,W,E,Z - IPSec/IKE RSA Public Key: G,W,E,Z - IPSec/IKE Pre-shared Secret: G,W,E,Z - IPSec/IKE SKEYSEE D: G,W,E,Z - IPSec/IKE Encryption Key: G,W,E,Z - IPSec/IKE Integrity Key: G,W,E,Z Encryption Admin (EA) - DRBG Entropy Input: G,W,E,Z © 2021-2025 Nokia Corporation

Page 68

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - IPSec/IKE DH Private Key: G,W,E,Z - IPSec/IKE DH Public Key: G,W,E,Z - IPSec/IKE Peer DH Public Key: G,W,E,Z - IPSec/IKE DH Shared Secret: G,W,E,Z - IPSec/IKE ECDH Private Key: G,W,E,Z - IPSec/IKE ECDH Public Key: G,W,E,Z - IPSec/IKE Peer ECDH Public Key: G,W,E,Z - IPSec/IKE ECDH Shared Secret: G,W,E,Z - IPSec/IKE ECDSA Private © 2021-2025 Nokia Corporation

Page 69

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: G,W,E,Z - IPSec/IKE ECDSA Public Key: G,W,E,Z - IPSec/IKE RSA Private Key: G,W,E,Z - IPSec/IKE RSA Public Key: G,W,E,Z - IPSec/IKE Pre-shared Secret: G,W,E,Z - IPSec/IKE SKEYSEE D: G,W,E,Z - IPSec/IKE Encryption Key: G,W,E,Z - IPSec/IKE Integrity Key: G,W,E,Z Network Engineer (NE) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - IPSec/IKE © 2021-2025 Nokia Corporation

Page 70

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access DH Private Key: G,W,E,Z - IPSec/IKE DH Public Key: G,W,E,Z - IPSec/IKE Peer DH Public Key: G,W,E,Z - IPSec/IKE DH Shared Secret: G,W,E,Z - IPSec/IKE ECDH Private Key: G,W,E,Z - IPSec/IKE ECDH Public Key: G,W,E,Z - IPSec/IKE Peer ECDH Public Key: G,W,E,Z - IPSec/IKE ECDH Shared Secret: G,W,E,Z - IPSec/IKE ECDSA Private Key: G,W,E,Z - IPSec/IKE ECDSA Public Key: G,W,E,Z - IPSec/IKE RSA Private Key: G,W,E,Z - IPSec/IKE © 2021-2025 Nokia Corporation

Page 71

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access RSA Public Key: G,W,E,Z - IPSec/IKE Pre-shared Secret: G,W,E,Z - IPSec/IKE SKEYSEE D: G,W,E,Z - IPSec/IKE Encryption Key: G,W,E,Z - IPSec/IKE Integrity Key: G,W,E,Z Provisionin g (PR) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - IPSec/IKE DH Private Key: G,W,E,Z - IPSec/IKE DH Public Key: G,W,E,Z - IPSec/IKE Peer DH Public Key: G,W,E,Z - IPSec/IKE DH Shared © 2021-2025 Nokia Corporation

Page 72

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Secret: G,W,E,Z - IPSec/IKE ECDH Private Key: G,W,E,Z - IPSec/IKE ECDH Public Key: G,W,E,Z - IPSec/IKE Peer ECDH Public Key: G,W,E,Z - IPSec/IKE ECDH Shared Secret: G,W,E,Z - IPSec/IKE ECDSA Private Key: G,W,E,Z - IPSec/IKE ECDSA Public Key: G,W,E,Z - IPSec/IKE RSA Private Key: G,W,E,Z - IPSec/IKE RSA Public Key: G,W,E,Z - IPSec/IKE Pre-shared Secret: G,W,E,Z - IPSec/IKE SKEYSEE D: G,W,E,Z - IPSec/IKE Encryption Key: © 2021-2025 Nokia Corporation

Page 73

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access G,W,E,Z - IPSec/IKE Integrity Key: G,W,E,Z Turn-up and Test (TT) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - IPSec/IKE DH Private Key: G,W,E,Z - IPSec/IKE DH Public Key: G,W,E,Z - IPSec/IKE Peer DH Public Key: G,W,E,Z - IPSec/IKE DH Shared Secret: G,W,E,Z - IPSec/IKE ECDH Private Key: G,W,E,Z - IPSec/IKE ECDH Public Key: G,W,E,Z - IPSec/IKE © 2021-2025 Nokia Corporation

Page 74

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Peer ECDH Public Key: G,W,E,Z - IPSec/IKE ECDH Shared Secret: G,W,E,Z - IPSec/IKE ECDSA Private Key: G,W,E,Z - IPSec/IKE ECDSA Public Key: G,W,E,Z - IPSec/IKE RSA Private Key: G,W,E,Z - IPSec/IKE RSA Public Key: G,W,E,Z - IPSec/IKE Pre-shared Secret: G,W,E,Z - IPSec/IKE SKEYSEE D: G,W,E,Z - IPSec/IKE Encryption Key: G,W,E,Z - IPSec/IKE Integrity Key: G,W,E,Z Monitoring Access (MA) - DRBG Entropy Input: G,W,E,Z © 2021-2025 Nokia Corporation

Page 75

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - IPSec/IKE DH Private Key: G,W,E,Z - IPSec/IKE DH Public Key: G,W,E,Z - IPSec/IKE Peer DH Public Key: G,W,E,Z - IPSec/IKE DH Shared Secret: G,W,E,Z - IPSec/IKE ECDH Private Key: G,W,E,Z - IPSec/IKE ECDH Public Key: G,W,E,Z - IPSec/IKE Peer ECDH Public Key: G,W,E,Z - IPSec/IKE ECDH Shared Secret: G,W,E,Z - IPSec/IKE ECDSA Private © 2021-2025 Nokia Corporation

Page 76

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: G,W,E,Z - IPSec/IKE ECDSA Public Key: G,W,E,Z - IPSec/IKE RSA Private Key: G,W,E,Z - IPSec/IKE RSA Public Key: G,W,E,Z - IPSec/IKE Pre-shared Secret: G,W,E,Z - IPSec/IKE SKEYSEE D: G,W,E,Z - IPSec/IKE Encryption Key: G,W,E,Z - IPSec/IKE Integrity Key: G,W,E,Z Run SNMP Run SNMP Global Initiate SNMP Block Security Service Service approved SNMP service Ciphers Admin (SA) mode service running (SNMPv3) - SNMPv3 indicator establishm status SNMPv3 Authenticat and ent request Keying ion Secret: SNMP Materials G,W,E,Z service Developme - SNMPv3 running nt Encryption status Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Network Admin (NA) - SNMPv3 Authenticat ion Secret: © 2021-2025 Nokia Corporation

Page 77

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Encryption Admin (EA) - SNMPv3 Authenticat ion Secret: G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Network Engineer (NE) - SNMPv3 Authenticat ion Secret: G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Monitoring Access (MA) - SNMPv3 Authenticat ion Secret: G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 78

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - SNMPv3 Integrity Key: G,W,E,Z Provisionin g (PR) - SNMPv3 Authenticat ion Secret: G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Turn-up and Test (TT) - SNMPv3 Authenticat ion Secret: G,W,E,Z - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Run Data Run Data Global Command Data KAS-ECC- Security Plane Plane approved to run Plane KeyGen Admin (SA) Encrypiton Encrypiton mode OSPF Encryptio (Data Plane - DRBG Service Service indicator service n service IKEv2) Entropy and Data running KAS-ECC Input: Plane status (Data Plane G,W,E,Z Encryptio IKEv2) - DRBG n service ECDSA Seed: completio KeyGen G,W,E,Z n status (Data Plane - DRBG log IKEv2) Internal ECDSA State V SigGen value: (Data Plane G,W,E,Z IKEv2) - DRBG ECDSA Key: © 2021-2025 Nokia Corporation

Page 79

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access SigVer G,W,E,Z (Data Plane - Data IKEv2) Plane RSA Encryption KeyGen ECDH (Data Plane Private IKEv2) Key: RSA G,W,E,Z SigGen - Data (Data Plane Plane IKEv2) Encryption RSA SigVer ECDH (Data Plane Public Key: IKEv2) G,W,E,Z Block - Data Cipher Plane (Data Plane Encryption IKEv2) Peer DRBG ECDH Function Public Key: G,W,E,Z - Data Plane Encryption ECDH Shared Secret: G,W,E,Z - Data Plane Encryption ECDSA Private Key: G,W,E,Z - Data Plane Encryption ECDSA Public Key: G,W,E,Z - Data Plane Encryption RSA Private Key: G,W,E,Z - Data © 2021-2025 Nokia Corporation

Page 80

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Plane Encryption RSA Public Key: G,W,E,Z - Data Plane Encryption Pre-shared Secret: G,W,E,Z - Data Plane Encryption IKE-SA Session Key: G,W,E,Z - Data Plane Encryption Child-SA Session Key: G,W,E,Z Network Admin (NA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - Data Plane Encryption ECDH Private Key: G,W,E,Z © 2021-2025 Nokia Corporation

Page 81

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access - Data Plane Encryption ECDH Public Key: G,W,E,Z - Data Plane Encryption Peer ECDH Public Key: G,W,E,Z - Data Plane Encryption ECDH Shared Secret: G,W,E,Z - Data Plane Encryption ECDSA Private Key: G,W,E,Z - Data Plane Encryption ECDSA Public Key: G,W,E,Z - Data Plane Encryption RSA Private Key: G,W,E,Z - Data Plane Encryption RSA Public Key: G,W,E,Z - Data Plane Encryption © 2021-2025 Nokia Corporation

Page 82

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Pre-shared Secret: G,W,E,Z - Data Plane Encryption IKE-SA Session Key: G,W,E,Z - Data Plane Encryption Child-SA Session Key: G,W,E,Z Encryption Admin (EA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - Data Plane Encryption ECDH Private Key: G,W,E,Z - Data Plane Encryption ECDH Public Key: G,W,E,Z - Data Plane © 2021-2025 Nokia Corporation

Page 83

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Encryption Peer ECDH Public Key: G,W,E,Z - Data Plane Encryption ECDH Shared Secret: G,W,E,Z - Data Plane Encryption ECDSA Private Key: G,W,E,Z - Data Plane Encryption ECDSA Public Key: G,W,E,Z - Data Plane Encryption RSA Private Key: G,W,E,Z - Data Plane Encryption RSA Public Key: G,W,E,Z - Data Plane Encryption Pre-shared Secret: G,W,E,Z - Data Plane Encryption IKE-SA Session © 2021-2025 Nokia Corporation

Page 84

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: G,W,E,Z - Data Plane Encryption Child-SA Session Key: G,W,E,Z Network Engineer (NE) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - Data Plane Encryption ECDH Private Key: G,W,E,Z - Data Plane Encryption ECDH Public Key: G,W,E,Z - Data Plane Encryption Peer ECDH Public Key: G,W,E,Z - Data Plane © 2021-2025 Nokia Corporation

Page 85

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Encryption ECDH Shared Secret: G,W,E,Z - Data Plane Encryption ECDSA Private Key: G,W,E,Z - Data Plane Encryption ECDSA Public Key: G,W,E,Z - Data Plane Encryption RSA Private Key: G,W,E,Z - Data Plane Encryption RSA Public Key: G,W,E,Z - Data Plane Encryption Pre-shared Secret: G,W,E,Z - Data Plane Encryption IKE-SA Session Key: G,W,E,Z - Data Plane Encryption Child-SA Session © 2021-2025 Nokia Corporation

Page 86

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Key: G,W,E,Z Monitoring Access (MA) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - Data Plane Encryption ECDH Private Key: G,W,E,Z - Data Plane Encryption ECDH Public Key: G,W,E,Z - Data Plane Encryption Peer ECDH Public Key: G,W,E,Z - Data Plane Encryption ECDH Shared Secret: G,W,E,Z - Data Plane © 2021-2025 Nokia Corporation

Page 87

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Encryption ECDSA Private Key: G,W,E,Z - Data Plane Encryption ECDSA Public Key: G,W,E,Z - Data Plane Encryption RSA Private Key: G,W,E,Z - Data Plane Encryption RSA Public Key: G,W,E,Z - Data Plane Encryption Pre-shared Secret: G,W,E,Z - Data Plane Encryption IKE-SA Session Key: G,W,E,Z - Data Plane Encryption Child-SA Session Key: G,W,E,Z Provisionin g (PR) - DRBG Entropy Input: © 2021-2025 Nokia Corporation

Page 88

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V value: G,W,E,Z - DRBG Key: G,W,E,Z - Data Plane Encryption ECDH Private Key: G,W,E,Z - Data Plane Encryption ECDH Public Key: G,W,E,Z - Data Plane Encryption Peer ECDH Public Key: G,W,E,Z - Data Plane Encryption ECDH Shared Secret: G,W,E,Z - Data Plane Encryption ECDSA Private Key: G,W,E,Z - Data Plane Encryption © 2021-2025 Nokia Corporation

Page 89

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access ECDSA Public Key: G,W,E,Z - Data Plane Encryption RSA Private Key: G,W,E,Z - Data Plane Encryption RSA Public Key: G,W,E,Z - Data Plane Encryption Pre-shared Secret: G,W,E,Z - Data Plane Encryption IKE-SA Session Key: G,W,E,Z - Data Plane Encryption Child-SA Session Key: G,W,E,Z Turn-up and Test (TT) - DRBG Entropy Input: G,W,E,Z - DRBG Seed: G,W,E,Z - DRBG Internal State V © 2021-2025 Nokia Corporation

Page 90

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access value: G,W,E,Z - DRBG Key: G,W,E,Z - Data Plane Encryption ECDH Private Key: G,W,E,Z - Data Plane Encryption ECDH Public Key: G,W,E,Z - Data Plane Encryption Peer ECDH Public Key: G,W,E,Z - Data Plane Encryption ECDH Shared Secret: G,W,E,Z - Data Plane Encryption ECDSA Private Key: G,W,E,Z - Data Plane Encryption ECDSA Public Key: G,W,E,Z - Data Plane Encryption RSA © 2021-2025 Nokia Corporation

Page 91

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access Private Key: G,W,E,Z - Data Plane Encryption RSA Public Key: G,W,E,Z - Data Plane Encryption Pre-shared Secret: G,W,E,Z - Data Plane Encryption IKE-SA Session Key: G,W,E,Z - Data Plane Encryption Child-SA Session Key: G,W,E,Z Run OSPF Run OSPF Global Command OSPF OSPFv2 Security Service Service approved to run running Authenticati Admin (SA) mode OSPF status on - OSPFv2 indicator Function Authenticat and OSPF ion Key : service W,E completio Network n status Admin (NA) log - OSPFv2 Authenticat ion Key : W,E Encryption Admin (EA) - OSPFv2 Authenticat ion Key : W,E Network Engineer © 2021-2025 Nokia Corporation

Page 92

Name Descriptio Indicator Inputs Outputs Security SSP n Functions Access (NE) - OSPFv2 Authenticat ion Key : W,E Monitoring Access (MA) - OSPFv2 Authenticat ion Key : W,E Provisionin g (PR) - OSPFv2 Authenticat ion Key : W,E Turn-up and Test (TT) - OSPFv2 Authenticat ion Key : W,E Configure Configure Global Command Status of NTP Security NTP NTP approved s to the Authenticati Admin (SA) Authenticati Authenticati mode configure completio on - NTP on on Scheme indicator NTP n of NTP Authenticat and Key and NTP service configurati ion Key : service on G,W,Z configurati on status Run LUKS Run LUKS Global Command LUKS LUKS Security Database database approved to run running Database Admin (SA) Protection protection mode LUKS status Protection - LUKS DB Service service indicator protection Password: and LUKS service W,E,Z service - LUKS DB completio Salt : n status W,E,Z log Table 12: Approved Services

4.4 Non-Approved Services
Page 93
4.5 External Software/Firmware Loaded

The module supports the firmware load test by using ECDSA with Curve P-521 and SHA2-512 (ECDSA Cert. #A4956) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails. Any firmware loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation.

4.6 Bypass Actions and Status
4.7 Cryptographic Output Actions and Status

The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.

4.8 Additional Information

The module supports unauthenticated service. The unauthenticated User/Operators can trigger the self-test service by power-cycling the module, and is able to observe the module’s LEDs status.

5 Software/Firmware Security
5.1 Integrity Techniques

The module is provided in the form of binary executable code. To ensure firmware security, the module is protected by conducting multiple layers firmware integrity tests. Please refer to section 10.1 Pre-Operational Self-Tests of this Security Policy document for more details. If the firmware integrity test fails, the module would enter to an Error state with all crypto functionality inhibited.

5.2 Initiate on Demand
Page 94

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the module to initiate the firmware integrity test on-demand.

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited Module is operated in a limited operational environment. New firmware versions within the scope of this validation must be validated through the FIPS 140-3 CMVP. Any firmware loaded into the module that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation.

7 Physical Security

The module meets the FIPS 140-3 Level 1 security requirements as production grade equipment.

7.1 Mechanisms and Actions Required

Mechanism Inspection Inspection Frequency Guidance Production grade components N/A N/A Table 13: Mechanisms and Actions Required

8 Non-Invasive Security
9 Sensitive Security Parameters Management
9.1 Storage Areas

Storage Description Persistence Area Type Name DRAM Volatile memory Dynamic Flash Non-Volatile memory Static Table 14: Storage Areas © 2021-2025 Nokia Corporation

Page 95
9.2 SSP Input-Output Methods

Name From To Format Distribution Entry SFI or Type Type Type Algorithm Module Module External Plaintext Automated Electronic Public Key (Outside Output the Module’s Boundary) Peer Public External Module Plaintext Automated Electronic Key Input (Outside the Module’s Boundary) SSPs External Module Encrypted Automated Electronic TLS KTS Input/Output (Outside (GCM) protected by the TLS KTS Module’s (GCM) Boundary) SSPs External Module Encrypted Automated Electronic TLS KTS Input/Output (Outside (AES and protected by the HMAC) TLS KTS Module’s (AES and Boundary) HMAC) SSPs External Module Encrypted Automated Electronic SSH KTS Input/Output (Outside (GCM) protected by the SSH KTS Module’s (GCM) Boundary) SSPs External Module Encrypted Automated Electronic SSH KTS Input/Output (Outside (AES and protected by the HMAC) SSH KTS Module’s (AES and Boundary) HMAC) Table 15: SSP Input-Output Methods

9.3 SSP Zeroization Methods

Zeroization Description Rationale Operator Method Initiation Zeroization CO issues zeroization The zeroization command will Module command service: "fips zeroize" to erase all SSPs stored in the RAM Reboot zeroize all SSPs and in the Flash of the module. Session Zeroization upon session Session termination will Terminate termination termination automatically zeroize all session session based temporary SSPs © 2021-2025 Nokia Corporation

Page 96

Zeroization Description Rationale Operator Method Initiation Reboot Zeroization upon Reboot to zeroize all temporary Reboot rebooting the module SSPs stored in Module's DRAM Table 16: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement.

9.4 SSPs

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h DRBG Used to 384 bits Entropy DRBG Entropy seed the - At least Inputs - Function Input DRBG 256 bits CSP DRBG Used for 256 bits DRBG DRBG Seed DRBG - 256 Seed - CSP Function generation bits DRBG Used for 256 bits DRBG DRBG Internal DRBG - 256 Internal Function State V generation bits State V value value - CSP DRBG Key Used for 256 bits DRBG Key DRBG DRBG - 256 - CSP Function generation bits Operator Used for 8-30 Authenticati Password operator characte on Data authenticati rs - N/A CSP on LUKS DB Used for 512 bits HMAC key - DRBG LUKS Password LUKS DB - 512 CSP Function Database Integrity bits Protection Key derivation LUKS DB Used for 256 bits Salt - CSP DRBG LUKS Salt LUKS DB - 256 Function Database Integrity bits Protection Key derivation LUKS DB Used for 512 bits Authenticati PBKDF LUKS Integrity LUKS - 512 on - CSP (A4958) Database Key Database bits Protection integrity protection Firmware Used for P-521 - Public Key - Firmware Load Test firmware 256 bits PSP Load Test Key load test © 2021-2025 Nokia Corporation

Page 97

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h SSH DH Used to MODP- Private Key KAS- KAS-FFCPrivate Key derive SSH 2048, - CSP FFC- KeyGen DH Shared MODP- KeyGen (SSH, TLS Secret 4096, (SSH, and Control and TLS and Plane MODP- Control IKEv2)

8192 - Plane

112-200 IKEv2) bits SSH DH Used to MODP- Public Key - KAS-FFCPublic Key derive SSH 2048, PSP KeyGen DH Shared MODP- (SSH, TLS Secret 4096, and Control and Plane MODP- IKEv2)

8192 -

112-200 bits SSH Peer Used to MODP- Public Key - KAS-FFCDH Public derive SSH 2048, PSP KeyGen Key DH Shared MODP- (SSH, TLS Secret 4096, and Control and Plane MODP- IKEv2)

8192 -

N/A SSH DH Used to MODP- Shared KAS-FFC KAS-FFC Shared derive SSH 2048, Secret - (SSHv2) (SSHv2) Secret Encryption MODP- CSP Key and 4096, SSH and Integrity MODPKey 8192 112-200 bits SSH ECDH Used to P-256, Private Key KAS- KAS-ECCPrivate Key derive SSH P-384, - CSP ECC- KeyGen ECDH P-521 - KeyGen (SSH, TLS Shared 128-256 (SSH, and Control Secret bits TLS and Plane Control IKEv2) Plane IKEv2) SSH ECDH Used to P-256, Public Key - KAS-ECCPublic Key derive SSH P-384, PSP KeyGen ECDH P-521 - (SSH, TLS and Control © 2021-2025 Nokia Corporation

Page 98

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h Shared 128-256 Plane Secret bits IKEv2) SSH Peer Used to P-256, Public Key - KAS-ECCECDH derive SSH P-384, PSP KeyGen Public Key ECDH P-521 - (SSH, TLS Shared N/A and Control Secret Plane IKEv2) SSH ECDH Used to P-256, Shared KAS-ECC KAS-ECC Shared derive SSH P-384, Secret - (SSHv2) (SSHv2) Secret Encryption P-521 - CSP Key and 128-256 SSH bits Integrity Key SSH Used for P-256, Private Key ECDSA ECDSA ECDSA SSH P-384 - CSP KeyGen SigGen Private Key authenticati and P- (SSH, (SSH, TLS on 521 - TLS and and Control 128-256 Control Plane bits Plane IKEv2) IKEv2) SSH Used for P-256, Public Key - ECDSA ECDSA ECDSA SSH P-384 PSP KeyGen SigVer Public Key authetnicati and P- (SSH, TLS (SSH, TLS on 521 - and Control and Control 128-256 Plane Plane bits IKEv2) IKEv2) SSH RSA Used for 2048, Private Key RSA RSA Private Key SSH 3072 - CSP KeyGen SigGen authetnicati and (SSH, (SSH, TLS on 4096 TLS and and Control bits - Control Plane

112 -152 Plane IKEv2)

bits IKEv2) SSH RSA Used for 2048, Public Key - RSA RSA SigVer Public Key SSH 3072 PSP KeyGen (SSH, TLS authetnicati and (SSH, TLS and Control on 4096 and Control Plane bits - Plane IKEv2)

112 -152 IKEv2)

bits SSH Used for 128-256 Symmetric KAS-ECC Block Encryption SSH traffic bits - Key - CSP (SSHv2) Ciphers Key protection 128-256 KAS-FFC (SSHv2) bits (SSHv2) © 2021-2025 Nokia Corporation

Page 99

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h SSH Used for at least Authenticati KAS-ECC Block Integrity SSH traffic 112 bits on Key - (SSHv2) Ciphers Key integrity - at least CSP KAS-FFC (SSHv2) protection 112 bits (SSHv2) TLS DH Used to ffdhe204 Private Key KAS- KAS-FFCPrivate Key drive TLS 8 - 112 - CSP FFC- KeyGen DH Shared bits KeyGen (SSH, TLS Secret (SSH, and Control TLS and Plane Control IKEv2) Plane IKEv2) TLS DH Used to ffdhe204 Public Key - KAS-FFCPublic Key drive TLS 8 - 112 PSP KeyGen DH Shared bits (SSH, TLS Secret and Control Plane IKEv2) TLS Peer Used to ffdhe204 Public Key - KAS-FFCDH Public derive TLS 8 - 112 PSP KeyGen Key DH Shared bits (SSH, TLS Secret and Control Plane IKEv2) TLS DH Used to ffdhe204 Shared KAS-FFC KAS-FFC Shared derive TLS 8 - 112 Secret - (TLSv1.2/v1 (TLSv1.2/v1 Secret encryption bits CSP .3) .3) Key and TLS Integrity Key TLS ECDH Used to P-256, Private Key KAS- KAS-ECCPrivate Key drive TLS P-384 - CSP ECC- KeyGen ECDH and P- KeyGen (SSH, TLS Shared 521 - (SSH, and Control Secret 128-256 TLS and Plane bits Control IKEv2) Plane IKEv2) TLS ECDH Used to P-256, Public Key - KAS-ECCPublic Key drive TLS P-384 PSP KeyGen ECDH and P- (SSH, TLS Shared 521 - and Control Secret 128-256 Plane bits IKEv2) © 2021-2025 Nokia Corporation

Page 100

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h TLS Peer Used to P-256, Public Key - KAS-ECCECDH derive TLS P-384 PSP KeyGen Public Key ECDH and P- (SSH, TLS Shared 521 - and Control Secret N/A Plane IKEv2) TLS ECDH Used to P-256, Shared KAS-ECC KAS-ECC Shared derive TLS P-384 Secret - (TLSv1.2/v1 (TLSv1.2/v1 Secret Encryption and P- CSP .3) .3) Key and 521 TLS 128-256 Integrity bits Key TLS Used for P-256, Private Key ECDSA ECDSA ECDSA TLS P-384 - CSP KeyGen SigGen Private Key authenticati and P- (SSH, (SSH, TLS on 521 - TLS and and Control 128-256 Control Plane bits Plane IKEv2) IKEv2) TLS Used for P-256, Public Key - ECDSA ECDSA ECDSA TLS P-384 PSP KeyGen SigVer Public Key authenticati and P- (SSH, TLS (SSH, TLS on 521 - and Control and Control 128-256 Plane Plane bits IKEv2) IKEv2) TLS RSA Used for 2048 Private Key RSA RSA Private Key TLS bits - - CSP KeyGen SigGen authenticati 112 bits (SSH, (SSH, TLS on TLS and and Control Control Plane Plane IKEv2) IKEv2) TLS RSA Used for 2048 Public Key - RSA RSA SigVer Public Key TLS peer bits - PSP KeyGen (SSH, TLS authenticati 112 bits (SSH, TLS and Control on and Control Plane Plane IKEv2) IKEv2) TLS Master Used to 384 bits TLS Master TLS Keying TLS Keying Secret derive TLS - 384 Secret - Materials Materials Encryption bits CSP Developme Developme Key and nt nt TLS Integrity Key © 2021-2025 Nokia Corporation

Page 101

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h TLS Used to 128-256 Encryption KAS-ECC Block Encryption protect TLS bits - Key - CSP (TLSv1.2/v1 Ciphers Key traffic 128-256 .3) (TLSv1.2/v1 confidentiali bits KAS-FFC .3) ty. (TLSv1.2/v1 .3) TLS Used to at least Authenticati KAS-ECC Block Integrity protect 112 bits on Key - (TLSv1.2/v1 Ciphers Key traffic - at least CSP .3) (TLSv1.2/v1 confidentiali 112 bits KAS-FFC .3) ty. (TLSv1.2/v1 .3) IPSec/IKE Used for MODP- Private Key KAS- KAS-FFCDH Private IPsec/IKE 2048, - CSP FFC- SSC Sp800Key DH Shared MODP- KeyGen 56Ar3 Secret 3072, (SSH, (A4958) derivation MODP- TLS and 4096, Control MODP- Plane

6144 IKEv2)
8192 -

112-200 bits IPSec/IKE Used for MODP- Public Key - KAS-FFCDH Public IPsec/IKE 2048, PSP KeyGen Key DH Shared MODP- (SSH, TLS Secret 3072, and Control derivation MODP- Plane 4096, IKEv2) MODP6144 and MODP-

8192 -

112-200 bits IPSec/IKE Used for MODP- Public Key - KAS-FFCPeer DH IPsec/IKE 2048, PSP KeyGen Public Key DH Shared MODP- (SSH, TLS Secret 3072, and Control derivation MODP- Plane 4096, IKEv2) MODP6144 and © 2021-2025 Nokia Corporation

Page 102

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h MODP-

8192 -

N/A IPSec/IKE Used for MODP- Shared KAS-FFC- KAS-FFC DH Shared IPSec/IKE 2048, Secret - KeyGen (Control Secret Encryption MODP- CSP (SSH, TLS Plane Key and 3072, and Control IKEv2) IPSec/IKE MODP- Plane Integrity key 4096, IKEv2) derivation MODP6144 and MODP-

8192 -

112-200 bits IPSec/IKE Used for P-256, Private Key KAS- KAS-ECC ECDH IPSec/IKE P-384 - CSP ECC- (Control Private Key ECDH and P- KeyGen Plane Shared 521 - (SSH, IKEv2) Secret 128-256 TLS and derivation bits Control Plane IKEv2) IPSec/IKE Used for P-256, Public Key - KAS-ECCECDH IPSec/IKE P-384 PSP KeyGen Public Key ECDH and P- (SSH, TLS Shared 521 - and Control Secret 128-256 Plane derivation bits IKEv2) IPSec/IKE Used for P-256, Public Key - KAS-ECC Peer ECDH IPSec/IKE P-384 PSP (Control Public Key ECDH and P- Plane Shared 521 - IKEv2) Secret 128-256 derivation bits IPSec/IKE Used for P-256, Shared KAS-ECC KAS-ECC ECDH IPSec/IKE P-384 Secret - (Control (Control Shared Encryption and P- CSP Plane Plane Secret Key and 521 - IKEv2) IKEv2) IPSec/IKE 128-256 Integrity bits Key derivation IPSec/IKE Used for P-256, Private Key ECDSA ECDSA ECDSA IPSec/IKE P-384 - CSP SigGen SigGen Private Key peer and P- (SSH, (SSH, TLS © 2021-2025 Nokia Corporation

Page 103

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h authenticati 521 - TLS and and Control on 128-256 Control Plane bits Plane IKEv2) IKEv2) IPSec/IKE Used for P-256, Public Key - ECDSA ECDSA ECDSA IPSec/IKE P-384 PSP KeyGen SigVer Public Key peer and P- (SSH, TLS (SSH, TLS authenticati 521 - and Control and Control on 128-256 Plane Plane bits IKEv2) IKEv2) IPSec/IKE Used for 2048, Private Key RSA RSA RSA IPSec/IKE 3072 - CSP KeyGen SigGen Private Key peer and (SSH, (SSH, TLS authenticati 4096 TLS and and Control on bits - Control Plane 112-152 Plane IKEv2) bits IKEv2) IPSec/IKE Used for 2048, Public Key - RSA RSA SigVer RSA Public IPSec/IKE 3072 PSP KeyGen (SSH, TLS Key peer and (SSH, TLS and Control authenticati 4096 and Control Plane on bits - Plane IKEv2) 112-152 IKEv2) bits IPSec/IKE Used for 256 bits Shared IPsec/IKEv2 Pre-shared IPSec/IKE - N/A Secret - Keying Secret peer CSP Materials authenticati Developme on nt IPSec/IKE Keying 160 bits Keying IPsec/IKEv2 SKEYSEED material - N/A Material - Keying used to CSP Materials derive the Developme IPSec/IKE nt Encryption Key and IPSec/IKE Integrity Key IPSec/IKE Used for 128-256 Encryption IPsec/IKEv2 Block Encryption IPSec/IKE bits - Key - CSP Keying Ciphers Key traffic 128-256 Materials (Control confidentiali bits Developme Plane ty nt IKEv2) protection © 2021-2025 Nokia Corporation

Page 104

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h IPSec/IKE Used for At least Authenticati Block Block Integrity IPSec/IKE 112 bits on Key - Ciphers Ciphers Key traffic - At least CSP (Control (Control integrity 112 bits Plane Plane protection IKEv2) IKEv2) SNMPv3 Used to 64 Authenticati SNMPv3 Authenticati SNMPv3 characte on Secret - Keying on Secret authenticati rs - N/A CSP Materials on Developme nt SNMPv3 Used to 128-256 Symmetric SNMPv3 Block Encryption secure bits - Key - CSP Keying Ciphers Key SNMPv3 128-256 Materials (SNMPv3) traffic bits Developme confidentiali nt ty SNMPv3 Used to At least Authenticati SNMPv3 Block Integrity secure 112 bits on Key - Keying Ciphers Key SNMPv3 - At least CSP Materials (SNMPv3) traffic 112 bits Developme integrity nt Data Plane Used to P-521 - Private Key KAS- KAS-ECC Encryption derive Data 256 bits - CSP ECC- (Data Plane ECDH Plane KeyGen IKEv2) Private Key Encryption (Data ECDH Plane Shared IKEv2) Secret Data Plane Used to P-521 - Public Key - KAS-ECCEncryption derive Data 256 bits PSP KeyGen ECDH Plane (Data Plane Public Key Encryption IKEv2) ECDH Shared Secret Data Plane Used to P-521 - Shared KAS-ECC KAS-ECC Encryption derive Data 256 bits Secret - (Data Plane (Data Plane ECDH Plane CSP IKEv2) IKEv2) Shared Encryption Secret IKE-SA Session Key and Data Plane Encryption Child-SA Session Key © 2021-2025 Nokia Corporation

Page 105

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h Data Plane Used to P-521 - Public Key - KAS-ECC Encryption derive Data 256 bits PSP (Data Plane Peer ECDH Plane IKEv2) Public Key Encryption ECDH Shared Secret Data Plane Used for P-256, Private Key ECDSA ECDSA Encryption Data Plane P-384 - CSP KeyGen SigGen ECDSA Encryption and P- (Data (Data Plane Private Key authenticati 521 - Plane IKEv2) on 128-256 IKEv2) bits Data Plane Used for P-256, Public Key - ECDSA ECDSA Encryption Data Plane P-384 PSP KeyGen SigVer ECDSA Encryption and P- (Data Plane (Data Plane Public Key authenticati 521 - IKEv2) IKEv2) on 128-256 bits Data Plane Used for 2048, Private Key RSA RSA Encryption Data Plane 3072 - CSP KeyGen SigGen RSA Encryption and (Data (Data Plane Private Key authenticati 4096 Plane IKEv2) on bits - IKEv2) 112- 152 bits Data Plane Used for 2048, Public Key - RSA RSA SigVer Encryption Data Plane 3072 PSP KeyGen (Data Plane RSA Public Encryption and (Data Plane IKEv2) Key authenticati 4096 IKEv2) on bits 112- 152 bits Data Plane Used for Curves: Shared KAS-ECC Encryption Data Plane P-256, Secret - (Data Plane Pre-shared Encryption P-384, CSP IKEv2) Secret service P-521 authenticati 128-256 on bits Data Plane Used to 256 bits Authenticat KAS-ECC Block Encryption secure Data - 256 ed (Data Plane Cipher IKE-SA Plane bits Symmetric IKEv2) (Data Plane Session Encryption Key - CSP IKEv2) Key traffic confidentiali ty © 2021-2025 Nokia Corporation

Page 106

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h Data Plane Used to 256 bits Authenticat KAS-ECC Block Encryption secure Data - 256 ed (Data Plane Cipher Child-SA Plane bits Symmetric IKEv2) (Data Plane Session Encryption Key - CSP IKEv2) Key Child-SA traffic confidentiali ty NTP Used for 8-40 Authenticati NTP Authenticati NTP characte on - CSP Authenticati on Key authenticati rs - N/A on on OSPFv2 Used for 8-25 Authenticati OSPFv2 Authenticati OSPFv2 characte on - CSP Authenticati on Key authenticati rs - N/A on on Table 17: SSP Table 1 Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n DRBG DRAM:Plaintext Until Reboot Zeroizatio DRBG Seed:Used Entropy n With Input command DRBG Internal Session State V terminatio value:Used With n DRBG Key:Used Reboot With DRBG Seed DRAM:Plaintext Until Reboot Zeroizatio DRBG Entropy n Input:Used With command DRBG Internal Session State V terminatio value:Used With n DRBG Key:Used Reboot With DRBG DRAM:Plaintext Until Reboot Zeroizatio DRBG Entropy Internal n Input:Used With State V command DRBG Seed:Used value Session With terminatio DRBG Key:Used n With Reboot DRBG Key DRAM:Plaintext Until Reboot Zeroizatio DRBG Entropy n Input:Used With command DRBG Seed:Used Session With terminatio DRBG Internal © 2021-2025 Nokia Corporation

Page 107

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n n State V Reboot value:Used With Operator SSPs Flash:Obfuscat Until Zeroizatio Password Input/Outp ed zeroized n ut command protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) LUKS DB Flash:Plaintext Until Zeroizatio LUKS DB Salt Password zeroized n :Used With command LUKS DB Flash:Plaintext Until Zeroizatio LUKS DB Salt zeroized n Password:Used command With LUKS DB Flash:Plaintext Until Zeroizatio LUKS DB Integrity Key zeroized n Password:Derived command From LUKS DB Salt :Derived From Firmware Flash:Plaintext N/A. This N/A Load Test PSP is only Key used for Firmware Load Test, © 2021-2025 Nokia Corporation

Page 108

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n which is not subject to the zeroization requirement s. SSH DH DRAM:Plaintext while SSH Zeroizatio SSH DH Public Private Key session is n Key:Paired With on command Session terminatio n Reboot SSH DH Module DRAM:Plaintext while SSH Zeroizatio SSH DH Private Public Key Public Key session is n Key:Paired With Output on command Session terminatio n Reboot SSH Peer Peer DRAM:Plaintext while SSH Zeroizatio SSH DH Private DH Public Public Key session is n Key:Used With Key Input on command Session terminatio n Reboot SSH DH DRAM:Plaintext while SSH Zeroizatio SSH Encryption Shared session is n Key:Derived To Secret on command SSH Integrity Session Key:Derived To terminatio SSH DH Private n Key:Derived From Reboot SSH Peer DH Public Key:Derived From SSH ECDH DRAM:Plaintext while SSH Zeroizatio SSH ECDH Public Private Key session is n Key:Paired With on command Session terminatio n Reboot SSH ECDH Module DRAM:Plaintext while SSH Zeroizatio SSH ECDH Public Key Public Key session is n Private Key:Paired Output on command With Session terminatio © 2021-2025 Nokia Corporation

Page 109

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n n Reboot SSH Peer Peer DRAM:Plaintext while SSH Zeroizatio SSH ECDH ECDH Public Key session is n Private Key:Used Public Key Input on command With Session terminatio n Reboot SSH ECDH DRAM:Plaintext while SSH Zeroizatio SSH ECDH Shared session is n Private Secret on command Key:Derived From Session SSH Peer ECDH terminatio Public n Key:Derived From Reboot SSH Encryption Key:Derive To SSH Integrity Key:Derive To SSH Flash:Plaintext Until Zeroizatio SSH ECDSA ECDSA zeroized n Public Key:Paired Private Key command With SSH SSPs Flash:Plaintext Until Zeroizatio SSH ECDSA ECDSA Input/Outp zeroized n Private Key:Paired Public Key ut command With protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected © 2021-2025 Nokia Corporation

Page 110

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n by SSH KTS (AES and HMAC) SSH RSA Flash:Plaintext Until Zeroizatio SSH RSA Public Private Key zeroized n Key:Paired With command SSH RSA SSPs Flash:Plaintext Until Zeroizatio SSH RSA Private Public Key Input/Outp zeroized n Key:Paired With ut command protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) SSH DRAM:Plaintext while SSH Zeroizatio SSH Integrity Encryption session is n Key:Used With Key on command Session terminatio n Reboot SSH DRAM:Plaintext while SSH Zeroizatio SSH Encryption Integrity Key session is n Key:Used With on command Session © 2021-2025 Nokia Corporation

Page 111

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n terminatio n Reboot TLS DH DRAM:Plaintext while TLS Zeroizatio TLS DH Public Private Key session is n Key:Paired With on command Session terminatio n Reboot TLS DH Module DRAM:Plaintext while TLS Zeroizatio TLS DH Private Public Key Public Key tunnel is on n Key:Paired With Output command Session terminatio n Reboot TLS Peer Peer DRAM:Plaintext while TLS Zeroizatio TLS DH Private DH Public Public Key tunnel is on n Key:Used With Key Input command TLS DH Shared Session Secret:Derived To terminatio n Reboot TLS DH DRAM:Plaintext while TLS Zeroizatio TLS DH Private Shared tunnel is on n Key:Derived From Secret command TLS Peer DH Session Public terminatio Key:Derived From n Reboot TLS ECDH DRAM:Plaintext while TLS Zeroizatio TLS ECDH Public Private Key tunnel is on n Key:Paired With command Session terminatio n Reboot TLS ECDH Module DRAM:Plaintext while TLS Zeroizatio TLS ECDH Public Key Public Key tunnel is on n Private Key:Paired Output command With Session terminatio n Reboot TLS Peer Peer DRAM:Plaintext while TLS Zeroizatio TLS ECDH ECDH Public Key tunnel is on n Private Key:Used Public Key Input command With © 2021-2025 Nokia Corporation

Page 112

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n Session terminatio n Reboot TLS ECDH DRAM:Plaintext while TLS Zeroizatio TLS ECDH Shared tunnel is on n Private Secret command Key:Derived From Session TLS Peer ECDH terminatio Public n Key:Derived From Reboot TLS ECDSA Flash:Plaintext Until Zeroizatio TLS ECDSA Private Key zeroized n Public Key:Paired command With TLS ECDSA SSPs Flash:Plaintext Until Zeroizatio TLS ECDSA Public Key Input/Outp zeroized n Private Key:Paired ut command With protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) TLS RSA Flash:Plaintext Until Zeroizatio TLS RSA Public Private Key zeroized n Key:Paired With command © 2021-2025 Nokia Corporation

Page 113

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n TLS RSA SSPs Flash:Plaintext Until Zeroizatio TLS RSA Private Public Key Input/Outp zeroized n Key:Paired With ut command protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) TLS Master DRAM:Plaintext while TLS Zeroizatio TLS DH Shared Secret session is n Secret:Derived on command From Session terminatio n Reboot TLS DRAM:Plaintext while TLS Zeroizatio TLS Integrity Encryption session is n Key:Used With Key on command Session terminatio n Reboot TLS Integrity DRAM:Plaintext while TLS Zeroizatio TLS Encryption Key session is n Key:Used With on command Session © 2021-2025 Nokia Corporation

Page 114

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n terminatio n Reboot IPSec/IKE DRAM:Plaintext while Zeroizatio IPSec/IKE DH DH Private Control n Public Key:Paired Key Panel command With IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE Module DRAM:Plaintext while Zeroizatio IPSec/IKE DH DH Public Public Key Control n Private Key:Paired Key Output Panel command With IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE Peer DRAM:Plaintext while Zeroizatio IPSec/IKE DH Peer DH Public Key Control n Private Key:Used Public Key Input Panel command With IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE DRAM:Plaintext while Zeroizatio IPSec/IKE DH Shared Control n SKEYSEED:Deriv Secret Panel command e TO IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE DRAM:Plaintext while Zeroizatio IPSec/IKE ECDH ECDH Control n Public Key:Paired Private Key Panel command With IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE Module DRAM:Plaintext while Zeroizatio IPSec/IKE ECDH ECDH Public Key Control n Private Key:Paired Public Key Output Panel command With IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE Peer DRAM:Plaintext while Zeroizatio IPSec/IKE ECDH Peer ECDH Public Key Control n Private Key:Used Public Key Input Panel command With © 2021-2025 Nokia Corporation

Page 115

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE DRAM:Plaintext while Zeroizatio IPSec/IKE ECDH Control n SKEYSEED:Deriv Shared Panel command e To Secret IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE Flash:Plaintext Until Zeroizatio IPSec/IKE ECDSA ECDSA zeroized n Public Key:Paired Private Key command With IPSec/IKE SSPs Flash:Plaintext Until Zeroizatio IPSec/IKE ECDSA ECDSA Input/Outp zeroized n Private Key:Paired Public Key ut command With protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) IPSec/IKE Flash:Plaintext Until Zeroizatio IPSec/IKE RSA RSA Private zeroized n Public Key:Paired Key command With © 2021-2025 Nokia Corporation

Page 116

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n IPSec/IKE SSPs Flash:Plaintext Until Zeroizatio IPSec/IKE RSA RSA Public Input/Outp zeroized n Private Key:Paired Key ut command With protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) IPSec/IKE SSPs Flash:Plaintext Until Zeroizatio IPSec/IKE Pre-shared Input/Outp zeroized n SKEYSEED:Deriv Secret ut command ed To protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected © 2021-2025 Nokia Corporation

Page 117

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) IPSec/IKE DRAM:Plaintext while Zeroizatio TLS ECDH SKEYSEED Control n Shared Panel command Secret:Derived IPSec/IKE Session From session is terminatio IPSec/IKE DH on n Shared Reboot Secret:Derived From IPSec/IKE DRAM:Plaintext while Zeroizatio IPSec/IKE Encryption Control n SKEYSEED:Deriv Key Panel command ed From IPSec/IKE Session session is terminatio on n Reboot IPSec/IKE DRAM:Plaintext while Zeroizatio IPSec/IKE Integrity Key Control n SKEYSEED:Deriv Panel command ed From IPSec/IKE Session session is terminatio on n Reboot SNMPv3 SSPs Flash:Plaintext Until Zeroizatio Authenticati Input/Outp zeroized n on Secret ut command protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) © 2021-2025 Nokia Corporation

Page 118

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) SNMPv3 DRAM:Plaintext while Zeroizatio SNMPv3 Encryption SNMPv3 n Authentication Key session is command Secret:Derived on Session From terminatio SNMPv3 Integrity n Key:Used With Reboot SNMPv3 DRAM:Plaintext while Zeroizatio SNMPv3 Integrity Key SNMPv3 n Authentication session is command Secret:Derived on Session From terminatio SNMPv3 n Encryption Reboot Key:Used With Data Plane DRAM:Plaintext while Data Zeroizatio Data Plane Encryption Plane n Encryption ECDH ECDH Encryption command Public Key:Paired Private Key session is Session With on terminatio n Reboot Data Plane Module DRAM:Plaintext while Data Zeroizatio IPSec/IKE ECDH Encryption Public Key Plane n Private Key:Paired ECDH Output Encryption command With Public Key session is Session on terminatio n Reboot Data Plane DRAM:Plaintext while Data Zeroizatio Data Plane Encryption Plane n Encryption ECDH ECDH Encryption command Private Shared session is Session Key:Derived From Secret on terminatio Data Plane © 2021-2025 Nokia Corporation

Page 119

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n n Encryption Peer Reboot ECDH Public Key:Derived From Data Plane Encryption IKE-SA Session Key:Derived To Data Plane Encryption ChildSA Session Key :Derived To Data Plane Peer DRAM:Plaintext while Data Zeroizatio Data Plane Encryption Public Key Plane n Encryption ECDH Peer ECDH Input Encryption command Private Key:Used Public Key session is Session With on terminatio n Reboot Data Plane Flash:Plaintext Until Zeroizatio Data Plane Encryption zeroized n Encryption ECDSA command ECDSA Private Private Key Key:Paired With Data Plane SSPs Flash:Plaintext Until Zeroizatio Data Plane Encryption Input/Outp zeroized n Encryption ECDSA ut command ECDSA Private Public Key protected Key:Paired With by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected © 2021-2025 Nokia Corporation

Page 120

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n by SSH KTS (AES and HMAC) Data Plane Flash:Plaintext Until Zeroizatio Data Plane Encryption zeroized n Encryption RSA RSA Private command Public Key:Paired Key With Data Plane SSPs Flash:Plaintext Until Zeroizatio Data Plane Encryption Input/Outp zeroized n Encryption RSA RSA Public ut command Private Key:Paired Key protected With by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) Data Plane SSPs Flash:Obfuscat Until Zeroizatio IPSec/IKE Encryption Input/Outp ed zeroized n SKEYSEED:Used Pre-shared ut command With Secret protected IPSec/IKE by TLS Encryption KTS Key:Derived to (GCM) IPSec/IKE SSPs Authentication Input/Outp Key:Derived to ut © 2021-2025 Nokia Corporation

Page 121

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) Data Plane DRAM:Plaintext while Data Zeroizatio Data Plane Encryption Plane n Encryption ECDH IKE-SA Encryption command Shared Session Key session is Session Secret:Derived on terminatio From n Reboot Data Plane DRAM:Plaintext while Data Zeroizatio Data Plane Encryption Plane n Encryption ECDH Child-SA Encryption command Shared Session Key session is Session Secret:Derived on terminatio From n Reboot NTP SSPs Flash:Plaintext Until Zeroizatio Authenticati Input/Outp zeroized n on Key ut command protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and © 2021-2025 Nokia Corporation

Page 122

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) OSPFv2 SSPs Flash:Plaintext Until Zeroizatio Authenticati Input/Outp Zeroized n on Key ut command protected by TLS KTS (GCM) SSPs Input/Outp ut protected by TLS KTS (AES and HMAC) SSPs Input/Outp ut protected by SSH KTS (GCM) SSPs Input/Outp ut protected by SSH KTS (AES and HMAC) Table 18: SSP Table 2 © 2021-2025 Nokia Corporation

Page 123
9.5 Transitions
10 Self-Tests
10.1 Pre-Operational Self-Tests

Algorithm or Test Test Test Test Indicator Details Properties Method Type Gecko Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA Bootloader Integrity P-256 with Integrity normal state SigVer from Test SHA2-256 ECDSA Cert. #A3366 Gecko Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA Application Integrity P-256 with Integrity normal state SigVer from Test SHA2-256 ECDSA Cert. #A3366 CHM6_Zynq ECDSA SigVer KAT SW/FW Module is in ECDSA Firmware Bootloader P-521 with Integrity normal state SigVer from Integrity Test SHA2-512 ECDSA Cert. #A4955 DCO_NXP Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA Bootloader Integrity P-521 with Integrity normal state SigVer from Test SHA2-512 ECDSA Cert. #A4955 DCO_Zynq Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA Bootloader Integrity P-521 with Integrity normal state SigVer from Test SHA2-512 ECDSA Cert. #A4955 XMM4_Intel ECDSA SigVer KAT SW/FW Module is in ECDSA Firmware Bootloader P-521 with Integrity normal state SigVer from Integrity Test SHA2-512 ECDSA Cert. #A4955 © 2021-2025 Nokia Corporation

Page 124

Algorithm or Test Test Test Test Indicator Details Properties Method Type CHM6_Zynq ECDSA SigVer KAT SW/FW Module is in ECDSA Firmware Kernel P-521 with Integrity normal state SigVer from Integrity Test SHA2-512 ECDSA Cert. #A4952 CHM6_Zynq ECDSA SigVer KAT SW/FW Module is in ECDSA Firmware init script P-521 with Integrity normal state SigVer from Integrity Test SHA2-512 ECDSA Cert. #A4948 CHM6_Zynq ECDSA SigVer KAT SW/FW Module is in ECDSA Firmware Application P-521 with Integrity normal state SigVer from Manifest file Integrity SHA2-512 ECDSA Cert. Test #A4948 CHM6_Zynq SHA2-512 KAT SW/FW Module is in SHA2-512 Firmware Application Integrity normal state from SHA Integrity Test Cert. #A4954 DCO_NXP Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA from Kernel Integrity Test P-521 with Integrity normal state ECDSA Cert. SHA2-512 #A4953 DCO_NXP Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA init script Integrity P-521 with Integrity normal state SigVer from SHA2-512 ECDSA Cert. #A4949 DCO_NXP Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA Application Manifest P-521 with Integrity normal state SigVer from file Integrity Test SHA2-512 ECDSA Cert. #A4949 DCO_NXP Firmware SHA2-512 KAT SW/FW Module is in SHA2-512 Application Integrity Integrity normal state from SHA Test Cert. #A4954 DCO_Zynq Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA Kernel Integrity Test P-521 with Integrity normal state SigVer from SHA2-512 ECDSA Cert. #A4961 DCO_Zynq Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA Application Integrity P-521 with Integrity normal state SigVer from Test SHA2-512 ECDSA Cert. #A4960 XMM4_Intel ECDSA SigVer KAT SW/FW Module is in ECDSA Firmware Kernel P-521 with Integrity normal state SigVer from Integrity Test SHA2-512 ECDSA Cert. #A4962 XMM4_Intel ECDSA SigVer KAT SW/FW Module is in ECDSA from Firmware init script P-521 with Integrity normal state ECDSA Cert. Integrity Test SHA2-512 #A4956 XMM4 Intel Firmware ECDSA SigVer KAT SW/FW Module is in ECDSA Application Manifest P-521 with Integrity normal state SigVer from file Integrity Test SHA2-512 ECDSA Cert. #A4956 © 2021-2025 Nokia Corporation

Page 125

Algorithm or Test Test Test Test Indicator Details Properties Method Type XMM4 Intel Firmware SHA2-512 KAT SW/FW Module is in SHA2-512 Application Integrity Integrity normal state from SHA Test Cert. #A4958 Table 19: Pre-Operational Self-Tests The module performs the following self-tests, including the pre-operational self-tests and Conditional self-tests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.

10.2 Conditional Self-Tests

Algorithm or Test Test Test Test Indicat Details Conditio Properti Method Type or ns es SHA2-256 KAT (A3366) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-256 Answer is in (A3366) Test normal (KAT) state SHA2-512 KAT (A4955) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4955) Test normal (KAT) state SHA2-512 KAT (A4960) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4960) Test normal (KAT) state © 2021-2025 Nokia Corporation

Page 126

Algorithm or Test Test Test Test Indicat Details Conditio Properti Method Type or ns es SHA2-512 KAT (A4961) SHA2- Known CAST Module N/A Power up

512 Answer is in

Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4961) Test normal (KAT) state SHA2-512 KAT (A4948) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4948) Test normal (KAT) state SHA2-512 KAT (A4952) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4952) Test normal (KAT) state SHA2-512 KAT (A4949) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4949) Test normal (KAT) state SHA2-512 KAT (A4953) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4953) Test normal (KAT) state SHA2-512 KAT (A4954) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state AES-CBC Encrypt KAT 128 bits Known CAST Module Encryption Power up (A4959) Answer is in KAT © 2021-2025 Nokia Corporation

Page 127

Algorithm or Test Test Test Test Indicat Details Conditio Properti Method Type or ns es Test normal (KAT) state AES-CBC Decrypt KAT 128 bits Known CAST Module Decryption Power up (A4959) Answer is in KAT Test normal (KAT) state AES-GCM 256 bits Known CAST Module Authenticat Power up Authenticated Encrypt Answer is in ed KAT (A4959) Test normal Encryption (KAT) state KAT AES-GCM 256 bits Known CAST Module Authenticat Power up Authenticated Decrypt Answer is in ed KAT (A4959) Test normal Decryption (KAT) state KAT Counter DRBG N/A Known CAST Module Generate Power up Generate/Reseed/Insta Answer is in KAT, ntiate KAT (A4959) Test normal Reseed (KAT) state KAT, and Instantiate KAT KDF IKEv2 KAT N/A Known CAST Module N/A Power up (A4959) Answer is in Test normal (KAT) state KAS-ECC-SSC Sp800- Curve: Known CAST Module N/A Power up 56Ar3 KAT (A4959) P-521 Answer is in Test normal (KAT) state RSA SigGen (FIPS186- Modulus: Known CAST Module N/A Power up

  1. KAT (A4959) 2048 bits Answer is in Test normal (KAT) state RSA SigVer (FIPS186- Modulus: Known CAST Module N/A Power up
  2. KAT (A4959) 2048 bits Answer is in Test normal (KAT) state SHA2-512 KAT (A4959) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state HMAC-SHA2-512 KAT N/A Known CAST Module N/A Power up (A4959) Answer is in Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4962) © 2021-2025 Nokia Corporation
Page 128

Algorithm or Test Test Test Test Indicat Details Conditio Properti Method Type or ns es Test normal (KAT) state SHA2-512 KAT (A4962) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state AES-CBC Encrypt KAT 128, 192 Known CAST Module Encryption Power up (A4956) and 256 Answer is in KAT bits Test normal (KAT) state AES-CBC Decrypt KAT 128, 192 Known CAST Module Decryption Power up (A4956) and 256 Answer is in KAT bits Test normal (KAT) state AES-CCM 256 bits Known CAST Module Authenticat Power up Authenticated Encrypt Answer is in ed KAT (A4956) Test normal Encryption (KAT) state KAT AES-CCM 256 bits Known CAST Module Authenticat Power up Authenticated Decrypt Answer is in ed KAT (A4956) Test normal Decryption (KAT) state KAT AES-GCM 256 bits Known CAST Module Authenticat Power up Authenticated Encrypt Answer is in ed KAT (A4956) Test normal Encryption (KAT) state KAT AES-GCM 256 bits Known CAST Module Authenticat Power up Authenticated Decrypt Answer is in ed KAT (A4956) Test normal Decryption (KAT) state KAT HMAC-SHA-1 KAT N/A Known CAST Module N/A Power up (A4956) Answer is in Test normal (KAT) state HMAC-SHA2-256 KAT N/A Known CAST Module N/A Power up (A4956) Answer is in Test normal (KAT) state HMAC-SHA2-384 KAT N/A Known CAST Module N/A Power up (A4956) Answer is in Test normal (KAT) state HMAC-SHA2-512 KAT N/A Known CAST Module N/A Power up (A4956) Answer is in Test normal (KAT) state © 2021-2025 Nokia Corporation

Page 129

Algorithm or Test Test Test Test Indicat Details Conditio Properti Method Type or ns es ECDSA SigVer N/A Known CAST Module N/A Power up (FIPS186-4) KAT Answer is in (A4956) Test normal (KAT) state SHA2-256 KAT (A4957) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state HMAC-SHA2-256 KAT N/A Known CAST Module N/A Power up (A4957) Answer is in Test normal (KAT) state AES-ECB Encrypt KAT 128 bits Known CAST Module Encryption Power up (A4958) Answer is in KAT Test normal (KAT) state AES-ECB Decrypt KAT 128 bits Known CAST Module Decryption Power up (A4958) Answer is in KAT Test normal (KAT) state AES-GCM 256 bits Known CAST Module Authenticat Power up Authenticated Encrypt Answer is in ed KAT (A4958) Test normal Encryption (KAT) state KAT AES-GCM 256 bits Known CAST Module Authenticat Power up Authenticated Decrypt Answer is in ed KAT (A4958) Test normal Decryption (KAT) state KAT Counter DRBG N/A Known CAST Module Generate Power up Generate/Reseed/Insta Answer is in KAT, ntiate KAT (A4958) Test normal Reseed (KAT) state KAT, and Instantiate KAT ECDSA SigGen Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4958) Test normal (KAT) state ECDSA SigVer Curve: Known CAST Module N/A Power up (FIPS186-4) KAT P-521 Answer is in (A4958) Test normal (KAT) state HMAC-SHA2-256 KAT N/A Known CAST Module N/A Power up (A4958) Answer is in Test normal (KAT) state © 2021-2025 Nokia Corporation

Page 130

Algorithm or Test Test Test Test Indicat Details Conditio Properti Method Type or ns es KDF SSH KAT (A4958) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state KDF IKEv2 KAT N/A Known CAST Module N/A Power up (A4958) Answer is in Test normal (KAT) state KDF SNMP KAT N/A Known CAST Module N/A Power up (A4958) Answer is in Test normal (KAT) state TLS v1.2 KDF N/A Known CAST Module N/A Power up RFC7627 KAT (A4958) Answer is in Test normal (KAT) state TLS v1.3 KDF KAT N/A Known CAST Module N/A Power up (A4958) Answer is in Test normal (KAT) state KAS-ECC-SSC KAT N/A Known CAST Module KAS-ECC- Power up (A4958) Answer is in SSC Test normal Primitive Z (KAT) state KAS-FFC-SSC KAT N/A Known CAST Module KAS-FFC- Power up (A4958) Answer is in SSC Test normal Primitive Z (KAT) state PBKDF KAT (A4958) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state RSA SigGen KAT Modulus: Known CAST Module N/A Power up (A4958) 2048 bits Answer is in Test normal (KAT) state RSA SigVer KAT Modulus: Known CAST Module N/A Power up (A4958) 2048 bits Answer is in Test normal (KAT) state SHA-1 KAT (A4958) N/A Known CAST Module N/A Power up Answer is in Test normal (KAT) state SHA2-512 KAT (A4958) N/A Known CAST Module N/A Power up Answer is in © 2021-2025 Nokia Corporation

Page 131

Algorithm or Test Test Test Test Indicat Details Conditio Properti Method Type or ns es Test normal (KAT) state AES-GCM 256 bits Known CAST Module Authenticat Power up Authenticated Encrypt Answer is in ed KAT (C501) Test normal Encryption (KAT) state KAT AES-GCM 256 bits Known CAST Module Authenticat Power up Authenticated Decrypt Answer is in ed KAT (C501) Test normal Decryption (KAT) state KAT Entropy Source Start-up N/A RCT CAST Module N/A Power up Health Test (RCT) is in normal state Entropy Source Start-up N/A APT CAST Module N/A Power up Health Test (APT) is in normal state Entropy Source N/A RCT CAST Module N/A Power up Continuous Health Test is in (RCT) normal state Entropy Source N/A APT CAST Module N/A Power up Continuous Health Test is in (APT) normal state ECDSA KeyGen Curve: Pair-Wise PCT Module N/A ECDSA (FIPS186-4) PCT P-256 Consisten is in Keypair (A4958) cy Test normal generatio (PCT) state n RSA KeyGen (FIPS186- Modulus: Pair-Wise PCT Module N/A RSA 4) PCT (A4958) 2048 bits Consisten is in Keypair cy Test normal generatio (PCT) state n KAS-ECC-SSC Curve: Pair-Wise PCT Module N/A KAS(FIPS186-4) PCT P-256 Consisten is in ECC (A4958) cy Test normal Keypair (PCT) state generatio n KAS-FFC-SSC MODP- Pair-Wise PCT Module N/A KAS-FFC (FIPS186-4) PCT 2048 Consisten is in Keypair (A4958) cy Test normal generatio (PCT) state n KAS-ECC-SSC Sp800- Curve: Pair-Wise PCT Module N/A ECDSA 56Ar3 PCT (A4959) P-256 Consisten is in Keypair cy Test normal generatio (PCT) state n © 2021-2025 Nokia Corporation

Page 132

Algorithm or Test Test Test Test Indicat Details Conditio Properti Method Type or ns es ECDSA KeyGen Curve: Pair-Wise PCT Module N/A ECDSA (FIPS186-4) PCT P-256 Consisten is in Keypair (A4959) cy Test normal generatio (PCT) state n Firmware Load Test Curve: ECDSA SW/F Module N/A Firmware P-521 SigVer W is in Load Load normal Test state Table 20: Conditional Self-Tests The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.3 Periodic Self-Test Information

Algorithm or Test Method Test Type Period Periodic Test Method Gecko Firmware KAT SW/FW Integrity On-demand Module Reboot Bootloader Integrity Test Gecko Firmware KAT SW/FW Integrity On-demand Module Reboot Application Integrity Test CHM6_Zynq KAT SW/FW Integrity On-demand Module Reboot Firmware Bootloader Integrity Test DCO_NXP KAT SW/FW Integrity On-demand Module Reboot Firmware Bootloader Integrity Test DCO_Zynq KAT SW/FW Integrity On-demand Module Reboot Firmware Bootloader Integrity Test XMM4_Intel KAT SW/FW Integrity On-demand Module Reboot Firmware Bootloader Integrity Test CHM6_Zynq KAT SW/FW Integrity On-demand Module Reboot Firmware Kernel Integrity Test CHM6_Zynq KAT SW/FW Integrity On-demand Module Reboot Firmware init © 2021-2025 Nokia Corporation

Page 133

Algorithm or Test Method Test Type Period Periodic Test Method script Integrity Test CHM6_Zynq KAT SW/FW Integrity On-demand Module Reboot Firmware Application Manifest file Integrity Test CHM6_Zynq KAT SW/FW Integrity On-demand Module Reboot Firmware Application Integrity Test DCO_NXP KAT SW/FW Integrity On-demand Module Reboot Firmware Kernel Integrity Test DCO_NXP KAT SW/FW Integrity On-demand Module Reboot Firmware init script Integrity DCO_NXP KAT SW/FW Integrity On-demand Module Reboot Firmware Application Manifest file Integrity Test DCO_NXP KAT SW/FW Integrity On-demand Module Reboot Firmware Application Integrity Test DCO_Zynq KAT SW/FW Integrity On-demand Module Reboot Firmware Kernel Integrity Test DCO_Zynq KAT SW/FW Integrity On-demand Module Reboot Firmware Application Integrity Test XMM4_Intel KAT SW/FW Integrity On-demand Module Reboot Firmware Kernel Integrity Test XMM4_Intel KAT SW/FW Integrity On-demand Module Reboot Firmware init script Integrity Test XMM4 Intel KAT SW/FW Integrity On-demand Module Reboot Firmware Application Manifest file Integrity Test XMM4 Intel KAT SW/FW Integrity On-demand Module Reboot Firmware © 2021-2025 Nokia Corporation

Page 134

Algorithm or Test Method Test Type Period Periodic Test Method Application Integrity Test Table 21: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method SHA2-256 KAT (A3366) Known CAST On-demand Module Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A3366) Answer Test Reboot (KAT) SHA2-512 KAT (A4955) Known CAST On-demand Module Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4955) Answer Test Reboot (KAT) SHA2-512 KAT (A4960) Known CAST On-demand Module Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4960) Answer Test Reboot (KAT) SHA2-512 KAT (A4961) Known CAST On-demand Module Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4961) Answer Test Reboot (KAT) SHA2-512 KAT (A4948) Known CAST On-demand Module Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4948) Answer Test Reboot (KAT) SHA2-512 KAT (A4952) Known CAST On-demand Module Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4952) Answer Test Reboot (KAT) SHA2-512 KAT (A4949) Known CAST On-demand Module Answer Test Reboot (KAT) © 2021-2025 Nokia Corporation

Page 135

Algorithm or Test Test Method Test Type Period Periodic Method ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4949) Answer Test Reboot (KAT) SHA2-512 KAT (A4953) Known CAST On-demand Module Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4953) Answer Test Reboot (KAT) SHA2-512 KAT (A4954) Known CAST On-demand Module Answer Test Reboot (KAT) AES-CBC Encrypt KAT Known CAST On-demand Module (A4959) Answer Test Reboot (KAT) AES-CBC Decrypt KAT Known CAST On-demand Module (A4959) Answer Test Reboot (KAT) AES-GCM Authenticated Known CAST On-demand Module Encrypt KAT (A4959) Answer Test Reboot (KAT) AES-GCM Authenticated Known CAST On-demand Module Decrypt KAT (A4959) Answer Test Reboot (KAT) Counter DRBG Known CAST On-demand Module Generate/Reseed/Instantiate Answer Test Reboot KAT (A4959) (KAT) KDF IKEv2 KAT (A4959) Known CAST On-demand Module Answer Test Reboot (KAT) KAS-ECC-SSC Sp800- Known CAST On-demand Module 56Ar3 KAT (A4959) Answer Test Reboot (KAT) RSA SigGen (FIPS186-4) Known CAST On-demand Module KAT (A4959) Answer Test Reboot (KAT) RSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4959) Answer Test Reboot (KAT) SHA2-512 KAT (A4959) Known CAST On-demand Module Answer Test Reboot (KAT) HMAC-SHA2-512 KAT Known CAST On-demand Module (A4959) Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4962) Answer Test Reboot (KAT) © 2021-2025 Nokia Corporation

Page 136

Algorithm or Test Test Method Test Type Period Periodic Method SHA2-512 KAT (A4962) Known CAST On-demand Module Answer Test Reboot (KAT) AES-CBC Encrypt KAT Known CAST On-demand Module (A4956) Answer Test Reboot (KAT) AES-CBC Decrypt KAT Known CAST On-demand Module (A4956) Answer Test Reboot (KAT) AES-CCM Authenticated Known CAST On-demand Module Encrypt KAT (A4956) Answer Test Reboot (KAT) AES-CCM Authenticated Known CAST On-demand Module Decrypt KAT (A4956) Answer Test Reboot (KAT) AES-GCM Authenticated Known CAST On-demand Module Encrypt KAT (A4956) Answer Test Reboot (KAT) AES-GCM Authenticated Known CAST On-demand Module Decrypt KAT (A4956) Answer Test Reboot (KAT) HMAC-SHA-1 KAT (A4956) Known CAST On-demand Module Answer Test Reboot (KAT) HMAC-SHA2-256 KAT Known CAST On-demand Module (A4956) Answer Test Reboot (KAT) HMAC-SHA2-384 KAT Known CAST On-demand Module (A4956) Answer Test Reboot (KAT) HMAC-SHA2-512 KAT Known CAST On-demand Module (A4956) Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4956) Answer Test Reboot (KAT) SHA2-256 KAT (A4957) Known CAST On-demand Module Answer Test Reboot (KAT) HMAC-SHA2-256 KAT Known CAST On-demand Module (A4957) Answer Test Reboot (KAT) AES-ECB Encrypt KAT Known CAST On-demand Module (A4958) Answer Test Reboot (KAT) AES-ECB Decrypt KAT Known CAST On-demand Module (A4958) Answer Test Reboot (KAT) © 2021-2025 Nokia Corporation

Page 137

Algorithm or Test Test Method Test Type Period Periodic Method AES-GCM Authenticated Known CAST On-demand Module Encrypt KAT (A4958) Answer Test Reboot (KAT) AES-GCM Authenticated Known CAST On-demand Module Decrypt KAT (A4958) Answer Test Reboot (KAT) Counter DRBG Known CAST On-demand Module Generate/Reseed/Instantiate Answer Test Reboot KAT (A4958) (KAT) ECDSA SigGen (FIPS186-4) Known CAST On-demand Module KAT (A4958) Answer Test Reboot (KAT) ECDSA SigVer (FIPS186-4) Known CAST On-demand Module KAT (A4958) Answer Test Reboot (KAT) HMAC-SHA2-256 KAT Known CAST On-demand Module (A4958) Answer Test Reboot (KAT) KDF SSH KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) KDF IKEv2 KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) KDF SNMP KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) TLS v1.2 KDF RFC7627 Known CAST On-demand Module KAT (A4958) Answer Test Reboot (KAT) TLS v1.3 KDF KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) KAS-ECC-SSC KAT Known CAST On-demand Module (A4958) Answer Test Reboot (KAT) KAS-FFC-SSC KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) PBKDF KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) RSA SigGen KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) RSA SigVer KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) © 2021-2025 Nokia Corporation

Page 138

Algorithm or Test Test Method Test Type Period Periodic Method SHA-1 KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) SHA2-512 KAT (A4958) Known CAST On-demand Module Answer Test Reboot (KAT) AES-GCM Authenticated Known CAST On-demand Module Encrypt KAT (C501) Answer Test Reboot (KAT) AES-GCM Authenticated Known CAST On-demand Module Decrypt KAT (C501) Answer Test Reboot (KAT) Entropy Source Start-up RCT CAST On-demand Module Health Test (RCT) Reboot Entropy Source Start-up APT CAST On-demand Module Health Test (APT) Reboot Entropy Source Continuous RCT CAST On-demand Module Health Test (RCT) Reboot Entropy Source Continuous APT CAST On-demand Module Health Test (APT) Reboot ECDSA KeyGen (FIPS186- Pair-Wise PCT On-demand Module

  1. PCT (A4958) Consistency Reboot Test (PCT) RSA KeyGen (FIPS186-4) Pair-Wise PCT On-demand Module PCT (A4958) Consistency Reboot Test (PCT) KAS-ECC-SSC (FIPS186-4) Pair-Wise PCT On-demand Module PCT (A4958) Consistency Reboot Test (PCT) KAS-FFC-SSC (FIPS186-4) Pair-Wise PCT On-demand Module PCT (A4958) Consistency Reboot Test (PCT) KAS-ECC-SSC Sp800- Pair-Wise PCT On-demand Module 56Ar3 PCT (A4959) Consistency Reboot Test (PCT) ECDSA KeyGen (FIPS186- Pair-Wise PCT On-demand Module
  2. PCT (A4959) Consistency Reboot Test (PCT) Firmware Load Test ECDSA SW/FW Load On-demand Module SigVer Reboot Table 22: Conditional Periodic Information
10.4 Operator Initiation of Self-Tests

On demand and periodic self-tests are performed by powering off the module and powering it on again. This service performs the same cryptographic algorithm tests executed during pre-operational self-tests and CASTs. During the execution of the periodic and on-demand © 2021-2025 Nokia Corporation

Page 139

self-tests, crypto services are not available and no data output or input is possible.

10.5 Error States

Name Description Conditions Recovery Indicator Method Error If self-test tests fail, the module is Self-tests Reboot the System State put into an error state failure module Halt Table 23: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module meets all the Level 1 requirements for FIPS 140-3. Follow the secure operations provided below to place the module in approved mode. Operating this module without maintaining the following settings would put module operated in a non-compliance state. Secure Operation The Security Admin (SA) must configure and enforce the following initialization steps. Step

  1. Strictly follow up the steps in section Physical Security to place the Opacity Shield and Tamper Evident Labels on the module. Step
  2. Ensure that the firmware version R6.2.2 or R6.2.3 is running on the module. To verify the firmware version, the Security Admin (SA) shall use the following command. >show sw-management software-load-active swload-version swload-label software-load-active swload-version 'R6.2.2' or >show sw-management software-load-active swload-version swload-label software-load-active swload-version 'R6.2.3' Step
  3. Enable approved mode. © 2021-2025 Nokia Corporation
Page 140

Execute the following steps to enable approved mode on the module: • To enable approved mode via CLI: Execute the following command from the CLI interface: ‘fips mode-enable’ A confirmation message is displayed. Enter y to proceed with the operation. This operation will cold reboot the system, delete the entire system configuration, including networking details, and may leave the system unreachable until the reboot is complete. • To enable approved mode via WebGUI: Navigate to Security > FIPS tab. Click ‘FIPS Control’. A pop-up window is displayed. Select mode-enable against Action field and click Submit. A success message is displayed Step

  1. Create the User account and privileges for other roles defined in the Security Policy. Step
  2. Ensuring that any of the deleted/deprecated algorithms by NIST SP800-140Crev2 and/or NIST SP800-131Arev2 are disabled as applicable in the FIPS 140-3 validated firmware.
11.2 Administrator Guidance

No specific Administrator guidance.

11.3 Non-Administrator Guidance

No specific Non-Administrator guidance.

12 Mitigation of Other Attacks

N/A for this module. © 2021-2025 Nokia Corporation