| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 10/2/2030 |
| Caveat | When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy |
| Vendor | Ruckus Wireless LLC |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A5076 |
| AES-CFB128 | A5076 |
| AES-CTR | A5076 |
| AES-ECB | A5076 |
| AES-GCM | A5076 |
| Counter DRBG | A5076 |
| ECDSA KeyGen (FIPS186-5) | A5076 |
| ECDSA SigGen (FIPS186-5) | A5076 |
| ECDSA SigVer (FIPS186-5) | A5076 |
| HMAC-SHA-1 | A5076 |
| HMAC-SHA2-256 | A5076 |
| HMAC-SHA2-384 | A5076 |
| HMAC-SHA2-512 | A5076 |
| KAS-ECC-SSC Sp800-56Ar3 | A5076 |
| KAS-FFC-SSC Sp800-56Ar3 | A5076 |
| KDF SNMP (CVL) | A5076 |
| KDF SSH (CVL) | A5076 |
| RSA KeyGen (FIPS186-5) | A5076 |
| RSA SigGen (FIPS186-5) | A5076 |
| RSA SigVer (FIPS186-5) | A5076 |
| SHA-1 | A5076 |
| SHA2-256 | A5076 |
| SHA2-384 | A5076 |
| SHA2-512 | A5076 |
| TLS v1.2 KDF RFC7627 (CVL) | A5076 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Ruckus FastIron ICXTM 7150/8200 Series Switch/Router
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Load Test<br/>Perform Zeroization</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Block ciphers (SSHv2)<br/>Block ciphers (TLSv1.2)<br/>Block ciphers (SNMPv3)</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Ruckus FastIron ICXTM 7150/8200 Series Switch/Router
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Load Test<br/>Perform Zeroization</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Block ciphers (SSHv2)<br/>Block ciphers (TLSv1.2)<br/>Block ciphers (SNMPv3)</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3 clueHigh;
class C5,C6 clueLow;Ruckus Wireless LLC Ruckus FastIron ICXTM 7150/8200 Series Switch/Router
| # | Section | Page |
|---|---|---|
| 1 | General | 6 |
| 1.1 | Overview | 6 |
| 1.2 | Security Levels | 6 |
| 2 | Cryptographic Module Specification | 6 |
| 2.1 | Description | 6 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 10 |
| 2.3 | Excluded Components | 15 |
| 2.4 | Modes of Operation | 15 |
| 2.5 | Algorithms | 15 |
| 2.6 | Security Function Implementations | 16 |
| 2.7 | Algorithm Specific Information | 21 |
| 2.8 | RBG and Entropy | 22 |
| 2.9 | Key Generation | 22 |
| 2.10 | Key Establishment | 23 |
| 2.11 | Industry Protocols | 23 |
| 3 | Cryptographic Module Interfaces | 23 |
| 3.1 | Ports and Interfaces | 23 |
| 4 | Roles, Services, and Authentication | 24 |
| 4.1 | Authentication Methods | 24 |
| 4.2 | Roles | 26 |
| 4.3 | Approved Services | 26 |
| 4.4 | Non-Approved Services | 37 |
| 4.5 | External Software/Firmware Loaded | 38 |
| 5 | Software/Firmware Security | 38 |
| 5.1 | Integrity Techniques | 38 |
| 5.2 | Initiate on Demand | 38 |
| 6 | Operational Environment | 38 |
| 6.1 | Operational Environment Type and Requirements | 38 |
| 7 | Physical Security | 38 |
| 8 | Non-Invasive Security | 39 |
| 9 | Sensitive Security Parameters Management | 39 |
| 9.1 | Storage Areas | 39 |
| 9.2 | SSP Input-Output Methods | 39 |
| 9.3 | SSP Zeroization Methods | 40 |
| 9.4 | SSPs | 40 |
| 9.5 | Transitions | 51 |
| 10 | Self-Tests | 51 |
| 10.1 | Pre-Operational Self-Tests | 51 |
| 10.2 | Conditional Self-Tests | 51 |
| 10.3 | Periodic Self-Test Information | 56 |
| 10.4 | Error States | 58 |
| 11 | Life-Cycle Assurance | 58 |
| 11.1 | Installation, Initialization, and Startup Procedures | 58 |
| 11.2 | Administrator Guidance | 59 |
| 11.3 | Non-Administrator Guidance | 59 |
| 11.4 | End of Life | 59 |
| 12 | Mitigation of Other Attacks | 59 |
| Item | Page |
|---|---|
| Table 1: Security Levels | 6 |
| Table 2: Tested Module Identification – Hardware | 11 |
| Table 3: Modes List and Description | 15 |
| Table 4: Approved Algorithms | 16 |
| Table 5: Vendor-Affirmed Algorithms | 16 |
| Table 6: Security Function Implementations | 21 |
| Table 7: Entropy Certificates | 22 |
| Table 8: Entropy Sources | 22 |
| Table 9: Ports and Interfaces | 24 |
| Table 10: Authentication Methods | 26 |
| Table 11: Roles | 26 |
| Table 12: Approved Services | 37 |
| Table 13: Storage Areas | 39 |
| Table 14: SSP Input-Output Methods | 40 |
| Table 15: SSP Zeroization Methods | 40 |
| Table 16: SSP Table 1 | 45 |
| Table 17: SSP Table 2 | 51 |
| Table 18: Pre-Operational Self-Tests | 51 |
| Table 19: Conditional Self-Tests | 56 |
| Table 20: Pre-Operational Periodic Information | 56 |
| Table 21: Conditional Periodic Information | 58 |
| Table 22: Error States | 58 |
| Figure 1: ICX 7150-24 | 7 |
| Figure 2: ICX 7150-24P | 7 |
| Figure 3: ICX 7150-48 | 7 |
| Figure 4: ICX 7150-48P | 8 |
| Figure 5: ICX 7150-48PF | 8 |
| Figure 6: ICX 7150-48ZP | 8 |
| Figure 7: ICX 7150-C12P | 8 |
| Figure 8: ICX 8200-24/ICX 8200-24P/ICX 8200-24F | 9 |
| Figure 9: ICX 8200-24FX | 9 |
| Figure 10: ICX 8200-24ZP | 9 |
| Figure 11: ICX 8200-48/ICX 8200-48P | 9 |
| Figure 12: ICX 8200-48F | 9 |
| Figure 13: ICX 8200-48PF/ICX 8200-48PF2 | 10 |
| Figure 14: ICX 8200-48ZP2 | 10 |
| Figure 15: ICX 8200-C08PF | 10 |
| Figure 16: ICX 8200-C08ZP | 10 |
| Figure 17: ICX 7150 Series | 12 |
| Figure 18: ICX 7150 Z-Series | 12 |
| Figure 19: ICX 7150 Compact Series | 12 |
| Figure 20: ICX 8200 Series with fixed power supply and fans | 13 |
| Figure 21: ICX 8200 Series with hot-swap power supply and fans | 13 |
| Figure 22: ICX 8200 Compact Series | 14 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 2 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | 1 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 1 |
This is a non-proprietary cryptographic module security policy for Ruckus FastIron ICX™ 7150/8200 Series Switch/Router (hereinafter referred to as the module). The firmware version running on each module is IronWare OS 10.0.10. This security policy describes how the module meets the FIPS 140-3 Level 1 security requirements, and how to operate the module in an approved mode. This security policy may be freely distributed. FIPS 140-3 (Federal Information Processing Standards Publication 140-3
Purpose and Use: The module delivers the performance, flexibility, and scalability required for enterprise access deployment. Module Type: Hardware Module Embodiment: MultiChipStand
Module Characteristics: Cryptographic Boundary: The Tested Operational Environment Physical Perimeter (TOEPP) is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case as shown in the figures below and in the Physical Security section. The cryptographic boundary encompasses the entire TOEPP. This section illustrates the module hardware with the help of photographs. Figure 1: ICX 7150-24 Figure 2: ICX 7150-24P Figure 3: ICX 7150-48
Figure 4: ICX 7150-48P Figure 5: ICX 7150-48PF Figure 6: ICX 7150-48ZP Figure 7: ICX 7150-C12P
Figure 8: ICX 8200-24/ICX 8200-24P/ICX 8200-24F Figure 9: ICX 8200-24FX Figure 10: ICX 8200-24ZP Figure 11: ICX 8200-48/ICX 8200-48P Figure 12: ICX 8200-48F
| Name | Model | Hardware Version | Firmware Version | Processor |
|---|---|---|---|---|
| ICX7150-24 | ICX7150-24 | ICX7150-24 | IronWare OS 10.0.10 | ARM Cortex A9 (ARMv7) |
| ICX7150-24P | ICX7150-24P | ICX7150-24P | IronWare OS 10.0.10 | ARM Cortex A9 (ARMv7) |
| ICX7150-48 | ICX7150-48 | ICX7150-48 | IronWare OS 10.0.10 | ARM Cortex A9 (ARMv7) |
| ICX7150-48P | ICX7150-48P | ICX7150-48P | IronWare OS 10.0.10 | ARM Cortex A9 (ARMv7) |
| ICX7150-48PF | ICX7150-48PF | ICX7150-48PF | IronWare OS 10.0.10 | ARM Cortex A9 (ARMv7) |
| ICX7150-48ZP | ICX7150-48ZP | ICX7150-48ZP | IronWare OS 10.0.10 | ARM Cortex A9 (ARMv7) |
| ICX7150-C12P | ICX7150-C12P | ICX7150-C12P | IronWare OS 10.0.10 | ARM Cortex A9 (ARMv7) |
| ICX8200-24 | ICX8200-24 | ICX8200-24 | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200-24P | ICX8200-24P | ICX8200-24P | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200-24F | ICX8200-24F | ICX8200-24F | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200-24FX | ICX8200-24FX | ICX8200-24FX | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200-24ZP | ICX8200-24ZP | ICX8200-24ZP | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200-48 | ICX8200-48 | ICX8200-48 | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200-48P | ICX8200-48P | ICX8200-48P | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200-48F | ICX8200-48F | ICX8200-48F | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200-48PF | ICX8200-48PF | ICX8200-48PF | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200- 48PF2 | ICX8200- 48PF2 | ICX8200- 48PF2 | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200- 48ZP2 | ICX8200- 48ZP2 | ICX8200- 48ZP2 | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200- C08PF | ICX8200- C08PF | ICX8200- C08PF | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
| ICX8200- C08ZP | ICX8200- C08ZP | ICX8200- C08ZP | IronWare OS 10.0.10 | ARM Cortex A55 (ARMv8) |
Figure 13: ICX 8200-48PF/ICX 8200-48PF2 Figure 14: ICX 8200-48ZP2 Figure 15: ICX 8200-C08PF Figure 16: ICX 8200-C08ZP
Tested Module Identification
ICX820048PF2 ICX820048ZP2 ICX8200C08PF ICX8200C08ZP ICX820048PF2 ICX820048ZP2 ICX8200C08PF ICX8200C08ZP Table 2: Tested Module Identification
Figure 17: ICX 7150 Series Note: The USB Port for external file storage is functionally disabled Figure 18: ICX 7150 Z-Series Note: The USB Port for external file storage is functionally disabled Figure 19: ICX 7150 Compact Series Note: The USB Port for external file storage is functionally disabled
Figure 20: ICX 8200 Series with fixed power supply and fans Note: The USB Port for external file storage is functionally disabled Figure 21: ICX 8200 Series with hot-swap power supply and fans Note: The USB Port for external file storage is functionally disabled
Figure 22: ICX 8200 Compact Series Note: The USB Port for external file storage is functionally disabled Figure 23: ICX 8200 Fiber Series Note: The USB Port for external file storage is functionally disabled Tested Module Identification
| Name | Description | Indicator | Type |
|---|---|---|---|
| Approved Mode of Operation | The module is always in the approved mode of operation after initial operations are performed. | Global indicator after module initialization. Please refer to Security Policy, section Life-Cycle Assurance for more information | Approved |
| Name | CAVP Cert | Reference |
|---|---|---|
| AES-CBC | A5076 | SP 800-38A |
| AES-CFB128 | A5076 | SP 800-38A |
| AES-CTR | A5076 | SP 800-38A |
| AES-ECB | A5076 | SP 800-38A |
| AES-GCM | A5076 | SP 800-38D |
| Counter DRBG | A5076 | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-5) | A5076 | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5076 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5076 | FIPS 186-5 |
| HMAC-SHA-1 | A5076 | FIPS 198-1 |
| HMAC-SHA2-256 | A5076 | FIPS 198-1 |
| HMAC-SHA2-384 | A5076 | FIPS 198-1 |
| HMAC-SHA2-512 | A5076 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A5076 | SP 800-56A Rev. 3 |
| KAS-FFC-SSC Sp800-56Ar3 | A5076 | SP 800-56A Rev. 3 |
| KDF SNMP (CVL) | A5076 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A5076 | SP 800-135 Rev. 1 |
| RSA KeyGen (FIPS186-5) | A5076 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5076 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5076 | FIPS 186-5 |
Modes List and Description: Table 3: Modes List and Description By default, the module is delivered in an un-initialized state but supports an approved mode of following the steps in section " Life-Cycle Assurance" of this document by the Crypto Officer, the module can only operate in the approved mode. The module does not claim implementation of a
| Name | CAVP Cert | Reference |
|---|---|---|
| Safe Primes Key Generation | A5076 | SP 800-56A Rev. 3 |
| SHA-1 | A5076 | FIPS 180-4 |
| SHA2-256 | A5076 | FIPS 180-4 |
| SHA2-384 | A5076 | FIPS 180-4 |
| SHA2-512 | A5076 | FIPS 180-4 |
| TLS v1.2 KDF RFC7627 (CVL) | A5076 | SP 800-135 Rev. 1 |
| Name | Description | Approved Functions | Type | Properties | Reference | |
|---|---|---|---|---|---|---|
| CKG | Key Type:Asymmetric | N/A | The module performs Cryptographic Key Generation (CKG) for asymmetric keys as detailed by example 1 in section 4 and section 5 of SP800-133r2 | |||
| KAS-ECC (SSHv2) | Full KAS-ECC Key Agreement used for SSHv2 service | KAS-ECC-SSC Sp800-56Ar3: (A5076) KDF SSH: (A5076) Counter DRBG: (A5076) CKG: () | CKG KAS-Full | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength IG:IG D.F Scenario 2, Path 2, Split |
| Name | Description | Approved Functions | Type | Properties | Reference | |
|---|---|---|---|---|---|---|
| CKG | Key Type:Asymmetric | N/A | The module performs Cryptographic Key Generation (CKG) for asymmetric keys as detailed by example 1 in section 4 and section 5 of SP800-133r2 | |||
| KAS-ECC (SSHv2) | Full KAS-ECC Key Agreement used for SSHv2 service | KAS-ECC-SSC Sp800-56Ar3: (A5076) KDF SSH: (A5076) Counter DRBG: (A5076) CKG: () | CKG KAS-Full | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength IG:IG D.F Scenario 2, Path 2, Split |
Table 4: Approved Algorithms Vendor-Affirmed Algorithms: N/A Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: Non-Approved, Allowed Algorithms with No Security Claimed: Non-Approved, Not Allowed Algorithms:
| Name | Description | Role Access | Approved Functions | Type |
|---|---|---|---|---|
| KAS-FFC (SSHv2) | Full KAS-FFC Key Agreement used for SSHv2 service | Caveat:Key establishment methodology provides between 112 and 200 bits of security strength IG:IG D.F Scenario 2, Path 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800- 135rev1 CVL | KAS-FFC-SSC Sp800-56Ar3: (A5076) Domain Parameter Generation Methods: MODP-2048, MODP-4096, MODP-8192 Safe Primes Key Generation: (A5076) Safe Prime Groups: MODP- 2048, MODP- 4096, MODP- 8192 KDF SSH: (A5076) Counter DRBG: (A5076) CKG: () | CKG KAS-Full |
| KAS-ECC (TLSv1.2) | Full KAS-ECC Key Agreement used for TLSv1.2 service | Caveat:Key establishment methodology provides between 128 and 192 bits of security strength IG:IG D.F Scenario 2, Path 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800- 135rev1 CVL | KAS-ECC-SSC Sp800-56Ar3: (A5076) Domain Parameter Generation Methods: P-256, P-384 TLS v1.2 KDF RFC7627: (A5076) Counter DRBG: (A5076) CKG: () | CKG KAS-Full |
| KAS-FFC (TLSv1.2) | Full KAS-FFC Key Agreement used for TLSv1.2 service | Caveat:Key establishment methodology provides 112 bits of security strength | KAS-FFC-SSC Sp800-56Ar3: (A5076) Domain Parameter Generation | CKG KAS-Full |
| IG:IG D.F Path 2, Scenario 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800- 135rev1 CVL | IG:IG D.F Path 2, Scenario 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800- 135rev1 CVL | Methods: ffdhe2048 Safe Primes Key Generation: (A5076) Safe Prime Groups: ffdhe2048 TLS v1.2 KDF RFC7627: (A5076) Counter DRBG: (A5076) CKG: () | ||
| SSH-KTS (AES and HMAC) | KTS via SSHv2 service by using AES and HMAC | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication method | AES-CBC: (A5076) AES-CTR: (A5076) HMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) | KTS-Wrap |
| TLS-KTS (AES and HMAC) | KTS via TLS v1.2 service by using AES and HMAC | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved | AES-CBC: (A5076) AES-ECB: (A5076) HMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) HMAC-SHA2- 512: (A5076) | KTS-Wrap |
| TLS-KTS (AES- GCM) | KTS via TLSv1.2 service by using AES- GCM | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength Standard:SP 800- 38F IG D.G:Uses a previously approved authenticated symmetric encryption mode | AES-GCM: (A5076) | KTS-Wrap |
| SSH RSA KeyGen | RSA KeyGen for SSHv2 | Keysize:112 bits encryption strength | RSA KeyGen (FIPS186-5): (A5076) Counter DRBG: (A5076) CKG: () | AsymKeyPair- KeyGen CKG |
| SSH RSA SigGen | RSA SigGen for SSHv2 | RSA SigGen (FIPS186-5): (A5076) | DigSig-SigGen | |
| SSH RSA SigVer | RSA SigVer for SSHv2 | RSA SigVer (FIPS186-5): (A5076) | DigSig-SigVer | |
| SSH ECDSA KeyGen | ECDSA KeyGen for SSHv2 | Keysize:128 to 192 bits encryption strength | ECDSA KeyGen (FIPS186-5): (A5076) Counter DRBG: (A5076) CKG: () | AsymKeyPair- KeyGen CKG |
| SSH ECDSA SigGen | ECDSA SigGen for SSHv2 | ECDSA SigGen (FIPS186-5): (A5076) | DigSig-SigGen | |
| SSH ECDSA SigVer | ECDSA SigVer for SSHv2 | ECDSA SigVer (FIPS186-5): (A5076) | DigSig-SigVer | |
| TLS RSA KeyGen | RSA KeyGen for TLSv1.2 | Keysize:112 bits encryption strength | Counter DRBG: (A5076) RSA KeyGen (FIPS186-5): (A5076) CKG: () | AsymKeyPair- KeyGen CKG |
| TLS RSA SigGen | RSA SigGen for TLSv1.2 | RSA SigGen (FIPS186-5): (A5076) | DigSig-SigGen | |
| TLS RSA SigVer | RSA SigVer for TLSv1.2 | RSA SigVer (FIPS186-5): (A5076) | DigSig-SigVer | |
| TLS ECDSA KeyGen | ECDSA KeyGen for TLSv1.2 | Keysize:128 to 192 bits encryption strength | Counter DRBG: (A5076) ECDSA KeyGen (FIPS186-5): (A5076) CKG: () | AsymKeyPair- KeyGen CKG |
| TLS ECDSA SigGen | ECDSA SigGen for TLSv1.2 | ECDSA SigGen (FIPS186-5): (A5076) | DigSig-SigGen | |
| TLS ECDSA SigVer | ECDSA SigVer for TLSv1.2 | ECDSA SigVer (FIPS186-5): (A5076) | DigSig-SigVer | |
| Block ciphers (SSHv2) | Block ciphers for SSHv2 service | AES-CBC: (A5076) AES-CTR: (A5076) | BC-UnAuth | |
| Block ciphers (TLSv1.2) | Block ciphers for TLSv1.2 service | AES-CBC: (A5076) AES-GCM: (A5076) AES-ECB: (A5076) | BC-Auth BC-UnAuth | |
| Block ciphers (SNMPv3) | Block ciphers for SNMPv3 service | AES-CFB128: (A5076) KDF SNMP: (A5076) | BC-UnAuth | |
| MAC (SSHv2) | MAC for SSHv2 service | HMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) HMAC-SHA2- 512: (A5076) SHA-1: (A5076) SHA2-256: (A5076) SHA2-512: (A5076) | MAC | |
| MAC (TLSv1.2) | Message Authentication for TLSv1.2 services | HMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) HMAC-SHA2- 384: (A5076) | MAC |
Groups: MODP2048, MODP4096, MODP8192
| Name | Description | Approved Functions | Type |
|---|---|---|---|
| MAC (SNMPv3) | Message Authentication for SNMPv3 services | HMAC-SHA-1: (A5076) HMAC-SHA2- 256: (A5076) HMAC-SHA2- 384: (A5076) HMAC-SHA2- 512: (A5076) SHA-1: (A5076) SHA2-256: (A5076) SHA2-384: (A5076) SHA2-512: (A5076) KDF SNMP: (A5076) | MAC |
| Firmware Load Test | Signature Verification for firmware load test | RSA SigVer (FIPS186-5): (A5076) | DigSig-SigVer |
| DRBG Function | Used for DRBG generation | Counter DRBG: (A5076) | DRBG |
| SNMPv3 Keying Materials Development | Keying materials, used to derive SNMP session keys | KDF SNMP: (A5076) | KAS-135KDF |
| TLS Keying Materials Development | Keying materials, used to derive TLS session keys | TLS v1.2 KDF RFC7627: (A5076) | KAS-135KDF |
Table 6: Security Function Implementations 2.7 Algorithm Specific Information Notes:
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Ruckus IronWare 10.0.10 Entropy Source | Non- Physical | 8 bits | ARM Cortex A55 (ARMv8); ARM Cortex A9 (ARMv7) | 4 bits | N/A |
| Cert | Vendor Name | |
|---|---|---|
| Number | ||
| E192 | Ruckus Wireless LLC |
in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the Module being validated. The counter portion of the IV is set by the Module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. In case the Module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.
Table 7: Entropy Certificates NonPhysical N/A Table 8: Entropy Sources Ruckus FastIron™ IronWare 10.0.10 Entropy Source v1.0 is the entropy source used on each Ruckus FastIron ICX™ 7150 and 8200 Series Router with firmware IronWare OS 10.0.10 to seed the approved DRBG. The noise source of entropy is periodic sampling of the highprecision CPU clock within the ARM CPU. There is no conditioning component applied on the output of the clock source. Health testing is implemented on the output of the noise source. The entropy source provides a minimum entropy of 4 bits per sample with the sample size of 8 bits. The module makes repeated calls to the entropy source after which the random data is loaded into a buffer. This buffer is used by the DRBG to get entropy input. Buffer size is big enough that the overall effective entropy is more than that is required for the DRBG instantiation. Similar implementation is done for DRBG reseeding.
The module generates RSA, ECDSA, EC Diffie-Hellman, and Diffie-Hellman asymmetric key pairs compliant with FIPS 186-5, using a NIST SP 800-90Ar1 CTR DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports | Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports | Data Input | Data input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, and SNMPv3 service data. |
| Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports | Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports | Data Output | Data output from the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, and SNMPv3 service data. |
| Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports | Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports | Control Input | Control Data input into the module for all the services defined in Approved Services Table, including TLSv1.2, SSHv2, and SNMPv3 service data. |
| Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports and LEDs | Console port, Mgmt Port, PoE+ ports, Ethernet Ports, SPF/SFP+ uplink/stacking ports and LEDs | Status Output | Status Information output from the module. |
| N/A | N/A | Control Output | N/A |
| Power | Power | Power | Provide the Power Supply to the module. |
The module provides the following key/SSP establishment services in the approved mode of operation:
The module supports SSHv2, TLS v1.2, and SNMPv3 industrial protocols. No parts of the SSH, TLS and SNMP protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information.
| Name | Description | Strength | ||
|---|---|---|---|---|
| Password- Based | The minimum length is eight (8) characters (94 possible characters). The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000. As the module supports at most ten failed attempts to authenticate in a one- minute period, the probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 Integer digits, 52 alphabetic characters, and 32 special characters providing 94 characters to choose from in total. | The probability that a random attempt will succeed or a false acceptance will occur is 1/(94^8) which is less than 1/1,000,000. Please refer to Description section in this table for more details. | Password Based | The probability of successfully authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. Please refer to Description section in this table for more details. |
| RSA- Based Certificate | The modules supports RSA public-key based authentication | With a minimum modulus size of 2048, the | RSA SigVer (FIPS186-5) (A5076) | For multiple attacks during a one- minute period, to |
| mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000. | mechanism using a minimum of RSA 2048 bits, which provides 112 bits of security strength. The probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000. | probability that a random attempt will succeed is 1/(2^112) which is less than 1/1,000,000. Please refer to Description section in this table for more details. | exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 8.65x10^31 (2^112 /60 = 8.65 x 10^31) attempts per second. Please refer to Description section in this table for more details. | |
| ECDSA- Based Certificate | The modules support ECDSA public-key based authentication mechanism using a minimum of curve P- 256, which provides 128 bits of security strength. The probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a one- minute period, the probability of successfully authenticating to the | With a minimum curve of P-256, the probability that a random attempt will succeed is 1/(2^128) which is less than 1/1,000,000. Please refer to Description section in this table for more details. | ECDSA SigVer (FIPS186-5) (A5076) | For multiple attacks during a one- minute period, to exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 5.67x10^36 (2^128 /60 = 5.67 x 10^36) attempts per second. Please refer to Description section in this table for more details. |
Table 9: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided by the module (data input, data output, control input, control output and status output) as above.
| Name | Strength | Security | Strength per |
|---|---|---|---|
| Mechanism | Attempt | Mechanism | Minute |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | Password-Based RSA-Based Certificate ECDSA-Based Certificate | ||||||
| User | User | Role | Password-Based RSA-Based Certificate ECDSA-Based Certificate | ||||||
| Port Config Admin | Port Config Admin | Role | Password-Based RSA-Based Certificate ECDSA-Based Certificate | ||||||
| Show Status | Provide Module's current status (return codes and/or syslog messages) | Crypto Officer Port Config Admin User | None | Global Indicator or syslog message | Command used to show Module's Status | Module's Operationa l Status | |||
| Show Version | Provide Module's name and | Crypto Officer Port Config | None | Console message | Command to show version | Module's ID and versioning information |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | Password-Based RSA-Based Certificate ECDSA-Based Certificate | ||||||
| User | User | Role | Password-Based RSA-Based Certificate ECDSA-Based Certificate | ||||||
| Port Config Admin | Port Config Admin | Role | Password-Based RSA-Based Certificate ECDSA-Based Certificate | ||||||
| Show Status | Provide Module's current status (return codes and/or syslog messages) | Crypto Officer Port Config Admin User | None | Global Indicator or syslog message | Command used to show Module's Status | Module's Operationa l Status | |||
| Show Version | Provide Module's name and | Crypto Officer Port Config | None | Console message | Command to show version | Module's ID and versioning information | |||
| version information | version information | Admin User | |||||||
| Perform Self-Tests | Perform Self-Tests (Pre- operational self-test and Conditional Self-Tests) | Crypto Officer User Port Config Admin Unauthentic ated | None | Perform self-test completio n message | Command to trigger Self-Test | Status of the self- tests results | |||
| Perform Zeroization | Perform Zeroization | Crypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - User Password: Z - Crypto Officer Password: Z - Port Config Admin Password: Z - Firmware Load Test Key: Z - SSH DH Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: | None | Syslog message | Command to zeroize the module | Status of the SSPs zeroization |
Table 10: Authentication Methods and the User role. The module also allows the concurrent operators.
Table 11: Roles Unauthenticated Users can run the self-test service by power-cycling the module by removing the power and re-applying.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Crypto Officer Authenticat ion | CO Role Authenticat ion | Crypto Officer - Crypto Officer Password: W,Z | None | N/A | CO Authenticat ion Request | Status of the CO authenticat ion |
| User Authenticat ion | User Role Authenticat ion | User - User Password: W,Z | None | N/A | User role authenticat ion request | Status of the User role authenticat ion |
| Port Config Admin Authenticat ion | Port Config Admin Role Authenticat ion | Port Config Admin - Port Config Admin Password: W,Z | None | N/A | Port Config Admin role authenticat ion request | Status of the Port Config Admin role authenticat ion |
| Port Configurati on Mangemen t | Perform Port Configurati on | Crypto Officer Port Config Admin | None | N/A | Commands to configure the port parameters of switch/rout er | Port configurati on completion status information |
| Account Mangemen t | Account Creation | Crypto Officer | None | N/A | Commands to create a new user account | Status of the new user accounts |
| Configure SSHv2 Function | Configure SSHv2 Function | Crypto Officer - SSH RSA Private Key: G,W - SSH RSA Public Key: G,W - SSH ECDSA Private Key: G,W - SSH ECDSA Public Key: G,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V | SSH RSA KeyGen SSH ECDSA KeyGen DRBG Function | Global Indicator and SSHv2 configurati on success status message | Commands to configure SSHv2 | Status of the completion of the SSHv2 configurati on |
| Run SSHv2 Function | Execute SSHv2 Function | Crypto Officer - SSH DH Private Key: G,W,E,Z - SSH DH Public Key: G,R,W,E,Z - SSH Peer DH Public Key: W,E,Z - SSH DH Shared Secret: G,W,E,Z - SSH ECDH Private Key: G,W,E,Z - SSH ECDH Public Key: G,R,W,E,Z - SSH Peer ECDH Public Key: W,E,Z - SSH ECDH Shared Secret: G,W,E,Z - SSH RSA Private Key: E - SSH RSA Public Key: R,E - SSH ECDSA Private Key: E - SSH ECDSA Public Key: R,E - SSH Session | KAS-ECC (SSHv2) KAS-FFC (SSHv2) SSH-KTS (AES and HMAC) SSH RSA SigGen SSH RSA SigVer SSH ECDSA SigGen SSH ECDSA SigVer Block ciphers (SSHv2) MAC (SSHv2) DRBG Function | Global Indicator and successfu l SSHv2 log message | Initiate SSHv2 tunnel establishm ent | Status of SSHv2 tunnel establishm ent |
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Configure SSL over TLSv1.2 Function | Configure SSL over TLSv1.2 Function | Crypto Officer - TLS RSA Private Key: G,W - TLS RSA Public Key: G,W - TLS ECDSA Private Key: G,W - TLS ECDSA Public Key: G,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E | TLS RSA KeyGen TLS ECDSA KeyGen DRBG Function | Global Indicator and TLS v1.2 configurati on success status message | Commands to configure TLSv1.2 | Status of the completion of TLSv1.2 configurati on |
| Run SSL over TLSv1.2 Function | Execute SSL over TLSv1.2 Function | Crypto Officer - TLS DH Private Key: G,W,E,Z - TLS DH Public Key: G,R,W,E,Z - TLS Peer DH Public Key: W,E,Z - TLS DH Shared Secret: G,W,E,Z - TLS ECDH Private Key: G,W,E,Z - TLS ECDH Public Key: | KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) TLS-KTS (AES and HMAC) TLS-KTS (AES- GCM) TLS RSA KeyGen TLS RSA SigGen TLS RSA SigVer TLS ECDSA KeyGen TLS | Global Indicator and successfu l TLS v1.2 log message | Commands to initiate TLSv1.2 | Status of the completion of TLSv1.2 establishm ent |
| ECDSA SigGen TLS ECDSA SigVer Block ciphers (TLSv1.2) MAC (TLSv1.2) DRBG Function TLS Keying Materials Developm ent | G,R,W,E,Z - TLS Peer ECDH Public Key: W,E,Z - TLS ECDH Shared Secret: G,W,E,Z - TLS RSA Private Key: E - TLS RSA Public Key: R,E - TLS Master Secret: G,W,E,Z - TLS Session Encryption Key: G,W,E,Z - TLS Session Authenticatio n Key: G,W,E,Z - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E - TLS ECDSA Private Key: E - TLS ECDSA Public Key: R,E | ECDSA SigGen TLS ECDSA SigVer Block ciphers (TLSv1.2) MAC (TLSv1.2) DRBG Function TLS Keying Materials Developm ent | ||||
| Configure SNMPv3 Function | Configure SNMPv3 Function | Crypto Officer - SNMPv3 Authenticatio n Secret: W,E - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z | Block ciphers (SNMPv3) MAC (SNMPv3) | Global Indicator and SNMPv3 configurati on success status message | Commands to configure SNMPv3 service | Status of the completion of SNMPv3 configurati on |
| Run SNMPv3 Function | Execute SNMPv3 Function | Crypto Officer - SNMPv3 Authenticatio n Secret: W,E - SNMPv3 Encryption Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z | Block ciphers (SNMPv3) MAC (SNMPv3) SNMPv3 Keying Materials Developm ent | Global Indicator and successfu l SNMPv3 log message | Commands to initiate SNMPv3 service | Status of the completion of SNMPv3 establishm ent |
| Firmware Load Test | Execute the Firmware Load Test | Crypto Officer - Firmware Load Test Key: E | Firmware Load Test | Global indicator and successfu l Firmware Loading status message | Commands to load new firmware image | Outcome of the Firmware Load Test |
n s l W,E G,W,E,Z G,W,E,Z W,E G,W,E,Z G,W,E,Z Table 12: Approved Services Unauthenticated Services Unauthenticated Users can run the self-test service by power-cycling the module by removing the power and re-applying.
The module also supports the firmware load test by using RSA 2048 bits with SHA2-256 (RSA Cert. #A5076) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails
The module performs the Firmware Integrity tests by using CRC-32 during the Pre-Operational Self-Test. At Module’s initialization, the integrity of the runtime executable binary file is verified using the following two integrity check mechanisms to ensure that the module has not been tampered:
Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the module to initiate the firmware integrity test on-demand. This automatically performs the integrity test of all firmware components included within the boundary of the module.
Type of Operational Environment: Limited
The module is a multi-chip standalone hardware cryptographic module. The module meets the FIPS 140-3 Level 1 security requirements as production grade equipment.
| Name | Type | Description |
|---|---|---|
| DRAM | Dynamic | Volatile Memory |
| Flash | Static | Non-Volatile Memory |
| Name | Approved Functions | Type | From | To | Distributio n Type | Entry Type |
|---|---|---|---|---|---|---|
| Peer Public Key Input | Plaintext | External (Outside of the Module's Boundary ) | Module | Automated | Electroni c | |
| Module Public Key Output | Plaintext | Module | External (Outside of the Module's Boundary ) | Automated | Electroni c | |
| Password/Secre t Input via SSHv2 encrypted by AES and HMAC | SSH-KTS (AES and HMAC) | Encrypte d | External (Outside of the Module's Boundary ) | Module | Automated | Electroni c |
| Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC | TLS-KTS (AES and HMAC) | Encrypte d | External (Outside of the Module's Boundary ) | Module | Automated | Electroni c |
| Password/Secre t Input via TLS | TLS-KTS (AES- GCM) | Encrypte d | External (Outside of the | Module | Automated | Electroni c |
| v1.2 encrypted by AES-GCM | Module's Boundary ) |
No approved non-invasive attack mitigation test metrics are defined at this time.
| Name | Type | Description | Strength | Use |
|---|---|---|---|---|
| DRBG Entropy Input | Entropy Input - CSP | Used to seed the DRBG | 960 - at least 256 bits | DRBG Function |
| DRBG Seed | DRBG Seed - CSP | Used in DRBG Generation | 384 bits - 384 bits | DRBG Function |
| DRBG Internal State V value | DRBG Internal State V value - CSP | Used in DRBG Generation | 128 bits - 128 bits | DRBG Function |
| DRBG Key | DRBG Key - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function |
| User Password | Authenticati on Data - CSP | User authenticatio n | 8-60 Character s - 8-60 Character s | |
| Crypto Officer Password | Authenticati on Data - CSP | Crypto Officer authenticatio n | 8-60 Character s - 8-60 Character s |
) m Table 14: SSP Input-Output Methods
Table 15: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement. n n s s
| Name | Type | Description | Strength | Use | ||
|---|---|---|---|---|---|---|
| Port Config Admin Password | Authenticati on Data - CSP | Port Config Admin authenticatio n | 8-60 Character s - 8-60 Character s | |||
| RADIUS Secret | Authenticati on Data - CSP | RADIUS Server Authenticati on | 8-64 Character s - 8-64 Character s | |||
| Firmware Load Test Key | Public Key - CSP | Used for Firmware Load Test | 2048 bits - 112 bits | Firmware Load Test | ||
| SSH ECDH Private Key | Private Key - CSP | Used to derive the SSH ECDH Shared Secret | Curves: 256, 384, 521 bits - 128 to 256 bits | KAS- ECC (SSHv2) | KAS-ECC (SSHv2) | |
| SSH ECDH Public Key | Public Key - PSP | Used to derive SSH ECDH Shared Secret | Curves: 256, 384, 521 bits - 128-256 bits | KAS-ECC (SSHv2) | ||
| SSH Peer ECDH Public Key | Public Key - PSP | Used to derive SSH ECDH Shared Secret | Curves: 256, 384, 521 bits - 128 to 256 bits | KAS- ECC (SSHv2) | ||
| SSH ECDH Shared Secret | Shared Secret - CSP | Used to derive SSH Session Encryption Keys, SSH Session Authenticati on Keys | Curves: 256, 384, 521 bits - 128 to 256 bits | KAS- ECC (SSHv2) | KAS-ECC (SSHv2) | |
| SSH DH Private Key | Private Key - CSP | Used to derive the SSH DH Shared Secret | MODP- 2048, MODP- 4096, MODP- 8192 - 112-200 bits | KAS- FFC (SSHv2) | KAS-FFC (SSHv2) | |
| SSH DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 4096, | KAS-FFC (SSHv2) | ||
| SSH Peer DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 4096, MODP- 8192 - 112-200 bits | KAS- FFC (SSHv2) | ||
| SSH DH Shared Secret | Shared Secret - CSP | Used to derive SSH Session Encryption Keys, SSH Session Authenticati on Keys | MODP- 2048, MODP- 4096, MODP- 8192 - 112-200 bits | KAS- FFC (SSHv2) | KAS-FFC (SSHv2) | |
| SSH RSA Private Key | Private Key - CSP | Used for SSH session authenticatio n | Modulus 2048 bits - 112 bits | SSH RSA SigGen | SSH RSA KeyGen | |
| SSH RSA Public Key | Public Key - PSP | Used for SSH sessions authenticatio n | Modulus 2048 bits - 112 bits | SSH RSA KeyGen | ||
| SSH ECDSA Private Key | Private Key - CSP | Used for SSH session authenticatio n | Curve P- 256/P- 384 - 128-192 bits | SSH ECDSA SigGen | SSH ECDSA KeyGen | |
| SSH ECDSA Public Key | Public Key - PSP | Used for SSH sessions authenticatio n | Curve P- 256/P- 384 - 128-192 bits | SSH ECDSA KeyGen | ||
| SSH Session Encryption Key | Session Key - CSP | Used for SSH Session confidentialit y protection | 128-256 bits - 128-256 bits | Block ciphers (SSHv2) | KAS-ECC (SSHv2) KAS-FFC (SSHv2) | |
| SSH Session Authenticati on Key | Session Key - CSP | Used for SSH Session | At least 160 bits - At least 160 bits | MAC (SSHv2) | KAS-ECC (SSHv2) KAS-FFC (SSHv2) | |
| TLS ECDH Private Key | Private Key - CSP | Used to derive the TLS ECDH Shared Secret | Curves: 256, 384 bits - 128 to 192 bits | KAS- ECC (TLSv1.2 ) | KAS-ECC (TLSv1.2) | |
| TLS ECDH Public Key | Public Key - PSP | Used to derive TLS ECDH Shared Secret | Curves: 256, 384 bits - 128 to 192 bits | KAS-ECC (TLSv1.2) | ||
| TLS Peer ECDH Public Key | Public Key - PSP | Used to derive TLS ECDH Shared Secret | Curves: 256, 384 bits - 128 to 192 bits | KAS- ECC (TLSv1.2 ) | ||
| TLS ECDH Shared Secret | Shared Secret - CSP | Used to derive TLS Session Encryption Keys, TLS Session Authenticati on Keys | Curves: 256, 384 bits - 128 to 192 bits | KAS- ECC (TLSv1.2 ) | KAS-ECC (TLSv1.2) | |
| TLS DH Private Key | Private Key - CSP | Used to derive the TLS DH Shared Secret | ffdhe204 8 - 112 bits | KAS- FFC (TLSv1.2 ) | KAS-FFC (TLSv1.2) | |
| TLS DH Public Key | Public Key - PSP | Used to derive TLS DH Shared Secret | ffdhe204 8 - 112 bits | KAS-FFC (TLSv1.2) | ||
| TLS Peer DH Public Key | Public Key - PSP | Used to derive TLS DH Shared Secret | ffdhe204 8 - 112 bits | KAS- FFC (TLSv1.2 ) | ||
| TLS DH Shared Secret | Shared Secret - CSP | Used to derive TLS Session Encryption Keys, TLS Session Authenticati on Keys | ffdhe204 8 - 112 bits | KAS- FFC (TLSv1.2 ) | KAS-FFC (TLSv1.2) | |
| TLS RSA Private Key | Private Key - CSP | Used for TLS session authenticatio n | Modulus 2048 bits - 112 bits | TLS RSA SigGen | TLS RSA KeyGen | |
| TLS RSA Public Key | Public Key - PSP | Used for TLS sessions authenticatio n | Modulus 2048 bits - 112 bits | TLS RSA KeyGen | ||
| TLS ECDSA Private Key | Private Key - CSP | Used for TLS session authenticatio n | Curve P- 256/P- 384 - 128-192 bits | TLS ECDSA SigGen | TLS ECDSA KeyGen | |
| TLS ECDSA Public Key | Public Key - PSP | Used for TLS sessions authenticatio n | Curve P- 256/P- 384 - 128-192 bits | TLS ECDSA KeyGen | ||
| TLS Master Secret | Master Secret - CSP | Used to protect TLS Session. Pre-master secret | At least 112 bits - At least 112 bits | KAS- ECC (TLSv1.2 ) KAS- FFC (TLSv1.2 ) | TLS Keying Materials Developme nt | |
| TLS Session Encryption Key | Session Key - CSP | Used to protect TLS Session. TLS Master secret | 128-256 bits - 128-256 bits | Block ciphers (TLSv1.2 ) | KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) TLS Keying Materials Developme nt | |
| TLS Session Authenticati on Key | Session Key - CSP | Used to protect TLS Session. TLS master secret | at least 112 bits - at least 112 bits | MAC (TLSv1.2 ) | KAS-ECC (TLSv1.2) KAS-FFC (TLSv1.2) TLS Keying Materials Developme nt | |
| SNMPv3 Authenticati on Secret | Authenticati on Secret - CSP | Used for SNMPv3 user authenticatio n | 8-20 character s - N/A |
n s s MODP2048, MODP4096, MODP2048, MODP4096, KASECC KASECC KASECC KASFFC
MODPderive SSH MODPSecret MODPderive SSH MODPEncryption MODPSession n n Curve PSSH 256/Psessions n KASFFC KASFFC
KASECC ) KASECC ) KASECC ) KASFFC ) KASFFC ) KASFFC )
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|
| SNMPv3 Encryption Key | Encryption Key - CSP | Used to protect SNMPv3 traffic confidentialit y | 128 bits - 128 bits | SNMPv3 Keying Materials Developme nt | Block ciphers (SNMPv 3) | ||||
| SNMPv3 Integrity Key | Authenticati on Key - CSP | Used to secure SNMPv3 traffic integrity | At least 160 bits - At least 112 bits | SNMPv3 Keying Materials Developme nt | MAC (SNMPv 3) | ||||
| DRBG Entropy Input | DRAM:Plaintex t | Zeroization Command | Until Reboot | DRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||
| DRBG Seed | DRAM:Plaintex t | Zeroization Command | Until Reboot | DRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||
| DRBG Internal State V value | DRAM:Plaintex t | Zeroization Command | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With |
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| SNMPv3 Encryption Key | Encryption Key - CSP | Used to protect SNMPv3 traffic confidentialit y | 128 bits - 128 bits | SNMPv3 Keying Materials Developme nt | Block ciphers (SNMPv 3) | |||||
| SNMPv3 Integrity Key | Authenticati on Key - CSP | Used to secure SNMPv3 traffic integrity | At least 160 bits - At least 112 bits | SNMPv3 Keying Materials Developme nt | MAC (SNMPv 3) | |||||
| DRBG Entropy Input | DRAM:Plaintex t | Zeroization Command | Until Reboot | DRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With | ||||||
| DRBG Seed | DRAM:Plaintex t | Zeroization Command | Until Reboot | DRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With | ||||||
| DRBG Internal State V value | DRAM:Plaintex t | Zeroization Command | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With | ||||||
| DRBG Key | DRAM:Plaintex t | Zeroization Command | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used With | ||||||
| User Password | Flash:Plaintext | Zeroization Command | Password/Secre t Input via SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM | |||||||
| Crypto Officer Password | Flash:Plaintext | Zeroization Command | Password/Secre t Input via SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM | |||||||
| Port Config Admin Password | Flash:Plaintext | Zeroization Command | Password/Secre t Input via SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted | |||||||
| RADIUS Secret | Flash:Plaintext | Zeroization Command | Password/Secre t Input via SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM | |||||||
| Firmware Load Test Key | Flash:Plaintext | N/A | ||||||||
| SSH ECDH Private Key | DRAM:Plaintex t | Zeroization Command | While SSH tunnel is on | SSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used With | ||||||
| SSH ECDH Public Key | DRAM:Plaintex t | Zeroization Command | Module Public Key Output | While SSH tunnel is on | SSH ECDH Private Key:Paired With | |||||
| SSH Peer ECDH Public Key | DRAM:Plaintex t | Zeroization Command | Peer Public Key Input | While SSH tunnel is on | SSH ECDH Private Key:Used With | |||||
| SSH ECDH Shared Secret | DRAM:Plaintex t | Zeroization Command | While SSH tunnel is on | SSH ECDH Private Key:Derived From SSH ECDH Public Key:Derived From | ||||||
| SSH DH Private Key | DRAM:Plaintex t | Zeroization Command | While SSH tunnel is on | SSH DH Public Key:Paired With SSH Peer DH Public Key:Used With | ||||||
| SSH DH Public Key | DRAM:Plaintex t | Zeroization Command | Module Public Key Output | While SSH tunnel is on | SSH DH Private Key:Paired With | |||||
| SSH Peer DH Public Key | DRAM:Plaintex t | Zeroization Command | Peer Public Key Input | While SSH tunnel is on | SSH DH Private Key:Used With | |||||
| SSH DH Shared Secret | DRAM:Plaintex t | Zeroization Command | While SSH tunnel is on | SSH DH Private Key:Derived From SSH DH Public Key:Derived From | ||||||
| SSH RSA Private Key | Flash:Plaintext | Zeroization Command | SSH RSA Public Key:Paired With | |||||||
| SSH RSA Public Key | Flash:Plaintext | Zeroization Command | Module Public Key Output | SSH RSA Private Key:Paired With | ||||||
| SSH ECDSA Private Key | Flash:Plaintext | Zeroization Command | SSH ECDSA Public Key:Paired With | |||||||
| SSH ECDSA Public Key | Flash:Plaintext | Zeroization Command | Module Public Key Output | SSH ECDSA Private Key:Paired With | ||||||
| SSH Session Encryption Key | DRAM:Plaintex t | Zeroization Command | While SSH tunnel is on | SSH Session Authentication Key:Used With | ||||||
| SSH Session Authenticatio n Key | DRAM:Plaintex t | Zeroization Command | While SSH | SSH Session Encryption |
| Name | Storage | Zeroization | Use | Input | Tunnel is on |
|---|---|---|---|---|---|
| TLS ECDH Private Key | DRAM:Plaintex t | Zeroization Command | TLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used With | While TLS tunnel is on | |
| TLS ECDH Public Key | DRAM:Plaintex t | Zeroization Command | TLS ECDH Private Key:Paired With | Module Public Key Output | While TLS tunnel is on |
| TLS Peer ECDH Public Key | DRAM:Plaintex t | Zeroization Command | TLS ECDH Private Key:Used With | Peer Public Key Input | While TLS tunnel is on |
| TLS ECDH Shared Secret | DRAM:Plaintex t | Zeroization Command | TLS ECDH Private Key:Derived From TLS ECDH Public Key:Derived From | While TLS tunnel is on | |
| TLS DH Private Key | DRAM:Plaintex t | Zeroization Command | TLS DH Public Key:Paired With TLS Peer DH Public Key:Used With | While TLS tunnel is on | |
| TLS DH Public Key | DRAM:Plaintex t | Zeroization Command | TLS DH Private Key:Paired With | Module Public Key Output | While TLS tunnel is on |
| TLS Peer DH Public Key | DRAM:Plaintex t | Zeroization Command | TLS DH Private Key:Used With | Peer Public Key Input | While TLS tunnel is on |
| TLS DH Shared Secret | DRAM:Plaintex t | Zeroization Command | TLS DH Private Key:Derived From TLS DH | While TLS tunnel is on | |
| TLS RSA Private Key | Flash:Plaintext | Zeroization Command | TLS RSA Public Key:Paired With | ||
| TLS RSA Public Key | Flash:Plaintext | Zeroization Command | TLS RSA Private Key:Paired With | Module Public Key Output | |
| TLS ECDSA Private Key | Flash:Plaintext | Zeroization Command | TLS ECDSA Public Key:Paired With | ||
| TLS ECDSA Public Key | Flash:Plaintext | Zeroization Command | TLS ECDSA Private Key:Paired With | Module Public Key Output | |
| TLS Master Secret | DRAM:Plaintex t | Zeroization Command | TLS ECDH Shared Secret:Derive d From | While TLS tunnel is on | |
| TLS Session Encryption Key | DRAM:Plaintex t | Zeroization Command | TLS Session Authentication Key:Used With | While TLS tunnel is on | |
| TLS Session Authenticatio n Key | DRAM:Plaintex t | Zeroization Command | TLS Session Encryption Key:Used With | While TLS tunnel is on | |
| SNMPv3 Authenticatio n Secret | DRAM:Plaintex t | Zeroization Command | SNMPv3 Encryption Key:Derive To SNMPv3 Integrity Key:Derive To | Password/Secre t Input via SSHv2 encrypted by AES and HMAC | While SNMPv3 tunnel is on |
| SNMPv3 Encryption Key | DRAM:Plaintex t | Zeroization Command | SNMPv3 Authentication Secret:Derive d From | While SNMPv3 tunnel is on | |
| SNMPv3 Integrity Key | DRAM:Plaintex t | Zeroization Command | SNMPv3 Authentication Secret:Derive d From SNMPv3 Encryption | While SNMPv3 tunnel is on |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Indicat or | Conditio ns | ||
|---|---|---|---|---|---|---|---|---|---|
| CRC-32 (Bootloader) | CRC-32 (Bootloader) | KAT | SW/FW Integrity | The module performs the Bootloader integrity test by using CRC-32 at the power up | N/A | Module is in normal state | |||
| CRC-32 (Firmware) | CRC-32 (Firmware) | KAT | SW/FW Integrity | The module performs the Firmware integrity test by using CRC-32 at the power up | N/A | Module is in normal state | |||
| AES-CBC Encrypt KAT (A5076) | AES-CBC Encrypt KAT (A5076) | KAT | CAST | Encrypt | 128 bits | Module is in normal state | Power Up | ||
| AES-CBC Decrypt KAT (A5076) | AES-CBC Decrypt KAT (A5076) | KAT | CAST | Decrypt | 128 bits | Module is in | Power Up |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Indicat or | Conditio ns | ||
|---|---|---|---|---|---|---|---|---|---|
| CRC-32 (Bootloader) | CRC-32 (Bootloader) | KAT | SW/FW Integrity | The module performs the Bootloader integrity test by using CRC-32 at the power up | N/A | Module is in normal state | |||
| CRC-32 (Firmware) | CRC-32 (Firmware) | KAT | SW/FW Integrity | The module performs the Firmware integrity test by using CRC-32 at the power up | N/A | Module is in normal state | |||
| AES-CBC Encrypt KAT (A5076) | AES-CBC Encrypt KAT (A5076) | KAT | CAST | Encrypt | 128 bits | Module is in normal state | Power Up | ||
| AES-CBC Decrypt KAT (A5076) | AES-CBC Decrypt KAT (A5076) | KAT | CAST | Decrypt | 128 bits | Module is in | Power Up |
SHA-1 The module includes an implementation of SHA-1 for hashing and message authentication. This implementation will be non-Approved for all uses starting January 1, 2031. User should move to SHA2, which is available in this module.
N/A N/A Table 18: Pre-Operational Self-Tests The modules perform the self-tests, including the pre-operational self-tests and conditional selftests. The module runs all self-tests without operator intervention. In the event that a self-test fails, the module will enter an error state, output an error message and follow up with a module reboot. The module permits operators to initiate the pre-operational or conditional self-tests on demand for periodic testing of the module by rebooting the system (i.e., power-cycling).
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicat or normal state | Conditio ns | |
|---|---|---|---|---|---|---|---|---|---|
| AES-GCM Authenticated Encrypt KAT (A5076) | AES-GCM Authenticated Encrypt KAT (A5076) | KAT | CAST | Encrypt | 128 bits | Module is in normal state | Power Up | ||
| AES-GCM Authenticated Decrypt KAT (A5076) | AES-GCM Authenticated Decrypt KAT (A5076) | KAT | CAST | Decrypt | 128 bits | Module is in normal state | Power Up | ||
| Counter DRBG Instantiate/Generate/Res eed KAT (A5076) | Counter DRBG Instantiate/Generate/Res eed KAT (A5076) | KAT | CAST | Instantiate, Generate, and Reseed KATs | AES-128 | Module is in normal state | Power Up | ||
| HMAC-SHA-1 KAT (A5076) | HMAC-SHA-1 KAT (A5076) | KAT | CAST | HMAC- SHA-1 | SHA-1 | Module is in normal state | Power Up | ||
| HMAC-SHA2-256 KAT (A5076) | HMAC-SHA2-256 KAT (A5076) | KAT | CAST | HMAC- SHA2-256 | SHA2- 256 | Module is in normal state | Power Up | ||
| HMAC-SHA2-384 KAT (A5076) | HMAC-SHA2-384 KAT (A5076) | KAT | CAST | HMAC- SHA2-384 | SHA2- 384 | Module is in normal state | Power Up | ||
| HMAC-SHA2-512 KAT (A5076) | HMAC-SHA2-512 KAT (A5076) | KAT | CAST | HMAC- SHA2-512 | SHA2- 512 | Module is in normal state | Power Up | ||
| KAS-ECC-SSC Sp800- 56Ar3 KAT (A5076) | KAS-ECC-SSC Sp800- 56Ar3 KAT (A5076) | KAT | CAST | Primitive Z KAT | P-256 Curve | Module is in normal state | Power Up | ||
| KAS-FFC-SSC Sp800- 56Ar3 KAT (A5076) | KAS-FFC-SSC Sp800- 56Ar3 KAT (A5076) | KAT | CAST | Primitive Z KAT | MODP- 2048 | Module is in normal state | Power Up | ||
| ECDSA SigGen (FIPS186-5) KAT (A5076) | ECDSA SigGen (FIPS186-5) KAT (A5076) | KAT | CAST | N/A | Curve P- 256 | Module is in normal state | Power Up | ||
| ECDSA SigVer (FIPS186-5) KAT (A5076) | ECDSA SigVer (FIPS186-5) KAT (A5076) | KAT | CAST | N/A | Curve P- 256 | Module is in normal state | Power Up | ||
| RSA SigGen (FIPS186- 5) KAT (A5076) | RSA SigGen (FIPS186- 5) KAT (A5076) | KAT | CAST | RSA SigGen KAT | 2048 bit modulus with SHA2- 256 | Module is in normal state | Power Up | ||
| RSA SigVer (FIPS186-5) KAT (A5076) | RSA SigVer (FIPS186-5) KAT (A5076) | KAT | CAST | RSA SigVer KAT | 2048 bit modulus with SHA2- 256 | Module is in normal state | Power Up | ||
| KDF SNMP KAT (A5076) | KDF SNMP KAT (A5076) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| KDF SSH KAT (A5076) | KDF SSH KAT (A5076) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| TLS v1.2 KDF RFC7627 KAT (A5076) | TLS v1.2 KDF RFC7627 KAT (A5076) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| SHA-1 KAT (A5076) | SHA-1 KAT (A5076) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| SHA2-256 KAT (A5076) | SHA2-256 KAT (A5076) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| SHA2-384 KAT (A5076) | SHA2-384 KAT (A5076) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| SHA2-512 KAT (A5076) | SHA2-512 KAT (A5076) | KAT | CAST | N/A | N/A | Module is in normal state | Power Up | ||
| ECDSA KeyGen (FIPS186-5) PCT (A5076) | ECDSA KeyGen (FIPS186-5) PCT (A5076) | PCT | PCT | N/A | Curve P- 256 | Module is in normal state | Performs all required pair-wise consisten cy tests on the newly generated | ||
| RSA KeyGen (FIPS186- 5) PCT (A5076) | RSA KeyGen (FIPS186- 5) PCT (A5076) | PCT | PCT | RSA | 2048 bit Modulus | Module is in normal state | Performs all required pair-wise consisten cy tests on the newly generated key pairs before the first operation al use. | ||
| KAS-ECC-SSC Sp800- 56Ar3 PCT (A5076) | KAS-ECC-SSC Sp800- 56Ar3 PCT (A5076) | PCT | PCT | N/A | Curve P- 256 with SHA2- 256 | Module is in normal state | Performs all required pair-wise consisten cy tests on the newly generated key pairs before the first operation al use. | ||
| KAS-FFC-SSC Sp800- 56Ar3 PCT (A5076) | KAS-FFC-SSC Sp800- 56Ar3 PCT (A5076) | PCT | PCT | N/A | MODP- 2048 | Module is in normal state | Performs all required pair-wise consisten cy tests on the newly generated key pairs before the first operation al use. | ||
| RSA SigVer (FIPS186-5) Firmware Load Test | RSA SigVer (FIPS186-5) Firmware Load Test | KAT | SW/F W Load | N/A | 2048 bits with SHA2- 256 | Module is in normal state | When firmware has been uploaded to the module | ||
| Entropy 90B Start-up Repetition Count Test (RCT) | Entropy 90B Start-up Repetition Count Test (RCT) | RCT | CAST | Designed to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output value for a long period of time | Repetitio n Count Test | Module is in normal state | Power Up | ||
| Entropy 90B Start-up Adaptive Proportion Test (APT) | Entropy 90B Start-up Adaptive Proportion Test (APT) | APT | CAST | Designed to detect a large loss of entropy that might occur as a result of some physical failure or environment al change affecting the noise source | Adaptive Proportio n Test | Module is in normal state | Power Up | ||
| Entropy 90B Continuous Repetition Count Test (RCT) | Entropy 90B Continuous Repetition Count Test (RCT) | RCT | CAST | Designed to quickly detect catastrophic failures that cause the noise source to become "stuck" on a single output value | Repetitio n Count Test | Module is in normal state | Entropy data is generated from the Entropy Source - Continuou s | ||
| Entropy 90B Continuous Adaptive Proportion Test (APT) | Entropy 90B Continuous Adaptive Proportion Test (APT) | APT | CAST | Designed to detect a large loss of entropy that might occur as a result of some physical failure or environment al change affecting the noise source | Adaptive Proportio n Test | Module is in normal state | Entropy data is generated from the Entropy Source - Continuou s | ||
| CRC-32 (Bootloader) | CRC-32 (Bootloader) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| CRC-32 (Firmware) | CRC-32 (Firmware) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| AES-CBC Encrypt KAT (A5076) | AES-CBC Encrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC Decrypt KAT (A5076) | AES-CBC Decrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM Authenticated Encrypt KAT (A5076) | AES-GCM Authenticated Encrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM Authenticated Decrypt KAT (A5076) | AES-GCM Authenticated Decrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG Instantiate/Generate/Reseed KAT (A5076) | Counter DRBG Instantiate/Generate/Reseed KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA-1 KAT (A5076) | HMAC-SHA-1 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot |
d SHA2256 SHA2384 SHA2512 MODP2048 Curve P256 Curve P256 HMACSHA-1 HMACSHA2-256 HMACSHA2-384 HMACSHA2-512 N/A N/A
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicat or normal state | Conditio ns | |
|---|---|---|---|---|---|---|---|---|---|
| Entropy 90B Continuous Adaptive Proportion Test (APT) | Entropy 90B Continuous Adaptive Proportion Test (APT) | APT | CAST | Designed to detect a large loss of entropy that might occur as a result of some physical failure or environment al change affecting the noise source | Adaptive Proportio n Test | Module is in normal state | Entropy data is generated from the Entropy Source - Continuou s | ||
| CRC-32 (Bootloader) | CRC-32 (Bootloader) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| CRC-32 (Firmware) | CRC-32 (Firmware) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| AES-CBC Encrypt KAT (A5076) | AES-CBC Encrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC Decrypt KAT (A5076) | AES-CBC Decrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM Authenticated Encrypt KAT (A5076) | AES-GCM Authenticated Encrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM Authenticated Decrypt KAT (A5076) | AES-GCM Authenticated Decrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG Instantiate/Generate/Reseed KAT (A5076) | Counter DRBG Instantiate/Generate/Reseed KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA-1 KAT (A5076) | HMAC-SHA-1 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicat or normal state | Conditio ns | |
|---|---|---|---|---|---|---|---|---|---|
| Entropy 90B Continuous Adaptive Proportion Test (APT) | Entropy 90B Continuous Adaptive Proportion Test (APT) | APT | CAST | Designed to detect a large loss of entropy that might occur as a result of some physical failure or environment al change affecting the noise source | Adaptive Proportio n Test | Module is in normal state | Entropy data is generated from the Entropy Source - Continuou s | ||
| CRC-32 (Bootloader) | CRC-32 (Bootloader) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| CRC-32 (Firmware) | CRC-32 (Firmware) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| AES-CBC Encrypt KAT (A5076) | AES-CBC Encrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC Decrypt KAT (A5076) | AES-CBC Decrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM Authenticated Encrypt KAT (A5076) | AES-GCM Authenticated Encrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM Authenticated Decrypt KAT (A5076) | AES-GCM Authenticated Decrypt KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG Instantiate/Generate/Reseed KAT (A5076) | Counter DRBG Instantiate/Generate/Reseed KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA-1 KAT (A5076) | HMAC-SHA-1 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2-256 KAT (A5076) | HMAC-SHA2-256 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2-384 KAT (A5076) | HMAC-SHA2-384 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2-512 KAT (A5076) | HMAC-SHA2-512 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KAS-ECC-SSC Sp800- 56Ar3 KAT (A5076) | KAS-ECC-SSC Sp800- 56Ar3 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KAS-FFC-SSC Sp800- 56Ar3 KAT (A5076) | KAS-FFC-SSC Sp800- 56Ar3 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA SigGen (FIPS186-5) KAT (A5076) | ECDSA SigGen (FIPS186-5) KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA SigVer (FIPS186-5) KAT (A5076) | ECDSA SigVer (FIPS186-5) KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| RSA SigGen (FIPS186-5) KAT (A5076) | RSA SigGen (FIPS186-5) KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| RSA SigVer (FIPS186-5) KAT (A5076) | RSA SigVer (FIPS186-5) KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KDF SNMP KAT (A5076) | KDF SNMP KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KDF SSH KAT (A5076) | KDF SSH KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| TLS v1.2 KDF RFC7627 KAT (A5076) | TLS v1.2 KDF RFC7627 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| SHA-1 KAT (A5076) | SHA-1 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| SHA2-256 KAT (A5076) | SHA2-256 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| SHA2-384 KAT (A5076) | SHA2-384 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| SHA2-512 KAT (A5076) | SHA2-512 KAT (A5076) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA KeyGen (FIPS186- 5) PCT (A5076) | ECDSA KeyGen (FIPS186- 5) PCT (A5076) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| RSA KeyGen (FIPS186-5) PCT (A5076) | RSA KeyGen (FIPS186-5) PCT (A5076) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| KAS-ECC-SSC Sp800- 56Ar3 PCT (A5076) | KAS-ECC-SSC Sp800- 56Ar3 PCT (A5076) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| KAS-FFC-SSC Sp800- 56Ar3 PCT (A5076) | KAS-FFC-SSC Sp800- 56Ar3 PCT (A5076) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| RSA SigVer (FIPS186-5) Firmware Load Test | RSA SigVer (FIPS186-5) Firmware Load Test | KAT | SW/FW Load | Recommend 60 Days | Reboot | ||||
| Entropy 90B Start-up Repetition Count Test (RCT) | Entropy 90B Start-up Repetition Count Test (RCT) | RCT | CAST | N/A | N/A | ||||
| Entropy 90B Start-up Adaptive Proportion Test (APT) | Entropy 90B Start-up Adaptive Proportion Test (APT) | APT | CAST | N/A | N/A | ||||
| Entropy 90B Continuous Repetition Count Test (RCT) | Entropy 90B Continuous Repetition Count Test (RCT) | RCT | CAST | N/A | N/A | ||||
| Entropy 90B Continuous Adaptive Proportion Test (APT) | Entropy 90B Continuous Adaptive Proportion Test (APT) | APT | CAST | N/A | N/A |
d s Table 19: Conditional Self-Tests
Table 20: Pre-Operational Periodic Information
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error State | If self-test tests fail, the module is put into an error state | Self-test failure | System Halt | Reboot the module |
N/A N/A N/A N/A Table 21: Conditional Periodic Information
Table 22: Error States If any of the above-mentioned self-tests fail, the module reports the cause of the error and enters an error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and reperforming the self-tests, including the pre-operational software integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs. The table below shows the different causes that lead to the Error State and the status indicators reported.
The module meets all the Level 1 requirements for FIPS 140-3. Follow the secure operations provided below to place the module in approved mode. Operating this module without maintaining the following settings will put the module operate in a non-compliant state. The module runs firmware version IronWare OS 10.0.10. This is the only allowable firmware image for this current approved mode of operation. The Crypto Officer shall load the FIPS 140-3 validated firmware only to maintain validation. Any firmware/software loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation. The module is initiated into the approved mode of operation via the following procedures through the Command Line interface (CLI): 1. 2. 3. 4. 5. The Crypto Officer must login by using the default login password. The Crypto Officer shall replace the default login password with a new one. Enter into the configuration mode by using ‘conf t’ command. Enable approved mode by using ‘fips enable’ command. Create accounts for Port Config Admin role and User role respectively.
No specific Administrator guidance.
No specific Non-Administrator guidance.
Crypto Officers should follow the procedure below for the secure destruction of their module. Please note that this process will cause the module to no longer function after it has wiped all configurations and keys.