| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 10/2/2030 |
| Caveat | When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy |
| Vendor | Ruckus Wireless LLC |
flowchart LR
%% Deterministic review-risk graph for Ruckus FastIron ICXTM 7550/7650/7850 Series Switch/Router
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth<br/>status output</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>bootloader<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Ruckus FastIron ICXTM 7550/7650/7850 Series Switch/Router
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth<br/>status output</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>bootloader<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Ruckus Wireless LLC Ruckus FastIron ICXTM 7550/7650/7850 Series Switch/Router
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1: Security Levels | 6 |
| Table 2: Tested Module Identification – Hardware | 11 |
| Table 3: Modes List and Description | 14 |
| Table 4: Approved Algorithms - Crypto Library I | 15 |
| Table 5: Approved Algorithms - Crypto Library II | 15 |
| Table 6: Vendor-Affirmed Algorithms | 15 |
| Table 7: Security Function Implementations | 21 |
| Table 8: Entropy Certificates | 22 |
| Table 9: Entropy Sources | 22 |
| Table 10: Ports and Interfaces | 24 |
| Table 11: Authentication Methods | 26 |
| Table 12: Roles | 26 |
| Table 13: Approved Services | 38 |
| Table 14: Storage Areas | 40 |
| Table 15: SSP Input-Output Methods | 41 |
| Table 16: SSP Zeroization Methods | 41 |
| Table 17: SSP Table 1 | 47 |
| Table 18: SSP Table 2 | 53 |
| Table 19: Pre-Operational Self-Tests | 54 |
| Table 20: Conditional Self-Tests | 59 |
| Table 21: Pre-Operational Periodic Information | 59 |
| Table 22: Conditional Periodic Information | 61 |
| Table 23: Error States | 61 |
| Figure 1: ICX 7550-24 | 7 |
| Figure 2: ICX 7550-24F | 7 |
| Figure 3: ICX 7550-24P | 7 |
| Figure 4: ICX 7550-24ZP | 8 |
| Figure 5: ICX 7550-48 | 8 |
| Figure 6: ICX 7550-48F | 8 |
| Figure 7: ICX 7550-48P | 8 |
| Figure 8: ICX 7550-48ZP | 9 |
| Figure 9: ICX 7650-48ZP | 9 |
| Figure 10: ICX 7650-48P | 9 |
| Figure 11: ICX 7650-48F | 10 |
| Figure 12: ICX 7850-32Q | 10 |
| Figure 13: ICX 7850-48FS | 10 |
| Figure 14: ICX 7850-48F | 10 |
| Figure 15: ICX 7850-48C | 10 |
| Figure 16: ICX-7550 Series | 12 |
| Figure 17: ICX-7650 Series | 13 |
| Figure 18: ICX-7850 Series | 13 |
This is a non-proprietary cryptographic module security policy for Ruckus FastIron ICX™ 7550/7650/7850 Series Switch/Router (hereinafter referred to as the module). The firmware version running on each module is IronWare OS 10.0.10. This security policy describes how the module meets the FIPS 140-3 Level 1 security requirements, and how to operate the module in an approved mode. This security policy may be freely distributed. FIPS 140-3 (Federal Information Processing Standards Publication 140-3
Section Title Security Level
Overall Level 1 Table 1: Security Levels
Purpose and Use: The module delivers the performance, flexibility, and scalability required for enterprise access deployment. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics:
Cryptographic Boundary: The Tested Operational Environment Physical Perimeter (TOEPP) is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case as shown in the figures below and in the Physical Security section. The cryptographic boundary encompasses the entire TOEPP. This section illustrates the module hardware with the help of photographs. Figure 1: ICX 7550-24 Figure 2: ICX 7550-24F Figure 3: ICX 7550-24P
Figure 4: ICX 7550-24ZP Figure 5: ICX 7550-48 Figure 6: ICX 7550-48F Figure 7: ICX 7550-48P
Figure 8: ICX 7550-48ZP Figure 9: ICX 7650-48ZP Figure 10: ICX 7650-48P
Figure 11: ICX 7650-48F Figure 12: ICX 7850-32Q Figure 13: ICX 7850-48FS Figure 14: ICX 7850-48F Figure 15: ICX 7850-48C
Tested Module Identification
ICX-7550-24P ICX-7550-24P IronWare OS ARM Cortex A72
ICX-7550- ICX-7550- IronWare OS ARM Cortex A72 24ZP 24ZP 10.0.10 (ARMv8) ICX-7550-24F ICX-7550-24F IronWare OS ARM Cortex A72
ICX-7550-48 ICX-7550-48 IronWare OS ARM Cortex A72
ICX-7550-48P ICX-7550-48P IronWare OS ARM Cortex A72
ICX-7550- ICX-7550- IronWare OS ARM Cortex A72 48ZP 48ZP 10.0.10 (ARMv8) ICX-7550-48F ICX-7550-48F IronWare OS ARM Cortex A72
ICX-7650-48P ICX-7650-48P IronWare OS ARM Cortex A57
ICX-7650- ICX-7650- IronWare OS ARM Cortex A57 48ZP 48ZP 10.0.10 (ARMv8) ICX-7650-48F ICX-7650-48F IronWare OS ARM Cortex A57
ICX-7850-32Q ICX-7850-32Q IronWare OS ARM Cortex A57
ICX-7850- ICX-7850- IronWare OS ARM Cortex A57 48FS 48FS 10.0.10 (ARMv8) ICX-7850-48F ICX-7850-48F IronWare OS ARM Cortex A57
ICX-7850-48C ICX-7850-48C IronWare OS ARM Cortex A57
Table 2: Tested Module Identification
Figure 16: ICX-7550 Series Note: The USB Port for external file storage is functionally disabled
Figure 17: ICX-7650 Series Note: The USB Port for external file storage is functionally disabled Figure 18: ICX-7850 Series
Note: The USB Port for external file storage is functionally disabled Tested Module Identification
Modes List and Description: Mode Name Description Type Status Indicator Approved The module is always in the Approved Global indicator after module Mode of approved mode of operation initialization. Please refer to Operation after initial operations are Security Policy, section Life-Cycle performed. Assurance for more information Table 3: Modes List and Description By default, the module is delivered in an un-initialized state but supports an approved mode of operation. Once the module is configured to operate in the approved mode of operation by following the steps in section " Life-Cycle Assurance" of this document by the Crypto Officer, the module can only operate in the approved mode. The module does not claim implementation of a degraded mode of operation.
Approved Algorithms: Crypto Library I Algorithm CAVP Cert Properties Reference AES-CBC A5076 - SP 800-38A AES-CFB128 A5076 - SP 800-38A
Algorithm CAVP Cert Properties Reference AES-CMAC A5076 - SP 800-38B AES-CTR A5076 - SP 800-38A AES-ECB A5076 - SP 800-38A AES-GCM A5076 - SP 800-38D AES-KW A5076 - SP 800-38F AES-KWP A5076 - SP 800-38F Counter DRBG A5076 - SP 800-90A Rev. 1 ECDSA KeyGen (FIPS186-5) A5076 - FIPS 186-5 ECDSA SigGen (FIPS186-5) A5076 - FIPS 186-5 ECDSA SigVer (FIPS186-5) A5076 - FIPS 186-5 HMAC-SHA-1 A5076 - FIPS 198-1 HMAC-SHA2-256 A5076 - FIPS 198-1 HMAC-SHA2-384 A5076 - FIPS 198-1 HMAC-SHA2-512 A5076 - FIPS 198-1 KAS-ECC-SSC Sp800-56Ar3 A5076 - SP 800-56A Rev. 3 KAS-FFC-SSC Sp800-56Ar3 A5076 - SP 800-56A Rev. 3 KDF SNMP (CVL) A5076 - SP 800-135 Rev. 1 KDF SP800-108 A5076 - SP 800-108 Rev. 1 KDF SSH (CVL) A5076 - SP 800-135 Rev. 1 RSA KeyGen (FIPS186-5) A5076 - FIPS 186-5 RSA SigGen (FIPS186-5) A5076 - FIPS 186-5 RSA SigVer (FIPS186-5) A5076 - FIPS 186-5 Safe Primes Key Generation A5076 - SP 800-56A Rev. 3 SHA-1 A5076 - FIPS 180-4 SHA2-256 A5076 - FIPS 180-4 SHA2-384 A5076 - FIPS 180-4 SHA2-512 A5076 - FIPS 180-4 TLS v1.2 KDF RFC7627 (CVL) A5076 - SP 800-135 Rev. 1 Table 4: Approved Algorithms - Crypto Library I Crypto Library II Algorithm CAVP Cert Properties Reference AES-ECB AES 4550 - SP 800-38A AES-GCM AES 4550 - SP 800-38D Table 5: Approved Algorithms - Crypto Library II Vendor-Affirmed Algorithms: Name Properties Implementation Reference CKG Key N/A The module performs Cryptographic Key Type:Asymmetric Generation (CKG) for asymmetric keys as detailed by example 1 in section 4 and section 5 of SP800-133r2 Table 6: Vendor-Affirmed Algorithms
Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.
Name Type Description Properties Algorithms KAS-ECC CKG Full KAS-ECC Caveat:Key KAS-ECC-SSC (SSHv2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for SSHv2 methodology (A5076) service provides between KDF SSH:
of security Counter DRBG: strength (A5076) IG:IG D.F CKG: () Scenario 2, Path 2, Split Key Confirmation:No Key Derivation:IG 2.4.B SP 800135rev1 CVL KAS-FFC CKG Full KAS-FFC Caveat:Key KAS-FFC-SSC (SSHv2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for SSHv2 methodology (A5076) service provides between Domain
of security Generation strength Methods: IG:IG D.F MODP-2048, Scenario 2, Path MODP-4096, 2, Split MODP-8192 Key Safe Primes Confirmation:No Key Generation: Key Derivation:IG (A5076) 2.4.B SP 800- Safe Prime 135rev1 CVL Groups: MODP2048, MODP4096, MODP-
Name Type Description Properties Algorithms 8192 KDF SSH: (A5076) Counter DRBG: (A5076) CKG: () KAS-ECC CKG Full KAS-ECC Caveat:Key KAS-ECC-SSC (TLSv1.2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for methodology (A5076) TLSv1.2 service provides between Domain
of security Generation strength Methods: P-256, IG:IG D.F P-384 Scenario 2, Path TLS v1.2 KDF 2, Split RFC7627: Key (A5076) Confirmation:No Counter DRBG: Key Derivation:IG (A5076) 2.4.B SP 800- CKG: () 135rev1 CVL KAS-FFC CKG Full KAS-FFC Caveat:Key KAS-FFC-SSC (TLSv1.2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for methodology (A5076) TLSv1.2 service provides 112 bits Domain of security Parameter strength Generation IG:IG D.F Path 2, Methods: Scenario 2, Split ffdhe2048 Key Safe Primes Confirmation:No Key Generation: Key Derivation:IG (A5076) 2.4.B SP 800- Safe Prime 135rev1 CVL Groups: ffdhe2048 TLS v1.2 KDF RFC7627: (A5076) Counter DRBG: (A5076) CKG: () SSH-KTS (AES KTS-Wrap KTS via SSHv2 Caveat:Key AES-CBC: and HMAC) service by using establishment (A5076) AES and HMAC methodology AES-CTR: provides between (A5076)
of security (A5076) strength HMAC-SHA2Standard:SP 800- 256: (A5076)
Name Type Description Properties Algorithms 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication method TLS-KTS (AES KTS-Wrap KTS via TLS Caveat:Key AES-CBC: and HMAC) v1.2 service by establishment (A5076) using AES and methodology AES-ECB: HMAC provides between (A5076)
of security (A5076) strength HMAC-SHA2Standard:SP 800- 256: (A5076) 38F HMAC-SHA2IG 512: (A5076) D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication method TLS-KTS (AES- KTS-Wrap KTS via Caveat:Key AES-GCM: GCM) TLSv1.2 service establishment (A5076) by using AES- methodology GCM provides between
of security strength Standard:SP 80038F IG D.G:Uses a previously approved authenticated symmetric encryption mode MACSec-KTS KTS-Wrap MACSec Security AES-KW: (AES-KW) KeyWrap using Strength:Provides (A5076) AES-KW to 128 or 256 bits of
Name Type Description Properties Algorithms protect MACSec encryption SAK strength MACSec-KTS KTS-Wrap MACSec Security AES-KWP: (AES-KWP) KeyWrap using Strength:Provides (A5076) AES-KWP to 128 or 256 bits of protect MACSec encryption SAK strength SSH RSA CKG RSA KeyGen Keysize:112 bits RSA KeyGen KeyGen AsymKeyPair- for SSHv2 encryption (FIPS186-5): KeyGen strength (A5076) Counter DRBG: (A5076) CKG: () SSH RSA DigSig-SigGen RSA SigGen for RSA SigGen SigGen SSHv2 (FIPS186-5): (A5076) SSH RSA DigSig-SigVer RSA SigVer for RSA SigVer SigVer SSHv2 (FIPS186-5): (A5076) SSH ECDSA CKG ECDSA KeyGen Keysize:128 to ECDSA KeyGen KeyGen AsymKeyPair- for SSHv2 192 bits (FIPS186-5): KeyGen encryption (A5076) strength Counter DRBG: (A5076) CKG: () SSH ECDSA DigSig-SigGen ECDSA SigGen ECDSA SigGen SigGen for SSHv2 (FIPS186-5): (A5076) SSH ECDSA DigSig-SigVer ECDSA SigVer ECDSA SigVer SigVer for SSHv2 (FIPS186-5): (A5076) TLS RSA CKG RSA KeyGen Keysize:112 bits Counter DRBG: KeyGen AsymKeyPair- for TLSv1.2 encryption (A5076) KeyGen strength RSA KeyGen (FIPS186-5): (A5076) CKG: () TLS RSA DigSig-SigGen RSA SigGen for RSA SigGen SigGen TLSv1.2 (FIPS186-5): (A5076) TLS RSA DigSig-SigVer RSA SigVer for RSA SigVer SigVer TLSv1.2 (FIPS186-5): (A5076) TLS ECDSA CKG ECDSA KeyGen Keysize:128 to Counter DRBG: KeyGen AsymKeyPair- for TLSv1.2 192 bits (A5076) KeyGen encryption ECDSA KeyGen strength (FIPS186-5): (A5076) CKG: ()
Name Type Description Properties Algorithms TLS ECDSA DigSig-SigGen ECDSA SigGen ECDSA SigGen SigGen for TLSv1.2 (FIPS186-5): (A5076) TLS ECDSA DigSig-SigVer ECDSA SigVer ECDSA SigVer SigVer for TLSv1.2 (FIPS186-5): (A5076) Block ciphers BC-UnAuth Block ciphers AES-CBC: (SSHv2) for SSHv2 (A5076) service AES-CTR: (A5076) Block ciphers BC-Auth Block ciphers AES-CBC: (TLSv1.2) BC-UnAuth for TLSv1.2 (A5076) service AES-GCM: (A5076) AES-ECB: (A5076) Block ciphers BC-UnAuth Block ciphers AES-CFB128: (SNMPv3) for SNMPv3 (A5076) service KDF SNMP: (A5076) Block ciphers BC-Auth Block ciphers AES-ECB: (AES (MACSec) for MACSec 4550) service AES-GCM: (AES 4550) KDF SP800108: (A5076) MAC (SSHv2) MAC MAC for SSHv2 HMAC-SHA-1: service (A5076) HMAC-SHA2256: (A5076) HMAC-SHA2512: (A5076) SHA-1: (A5076) SHA2-256: (A5076) SHA2-512: (A5076) MAC (TLSv1.2) MAC Message HMAC-SHA-1: Authentication (A5076) for TLSv1.2 HMAC-SHA2services 256: (A5076) HMAC-SHA2384: (A5076) SHA-1: (A5076) SHA2-256: (A5076) SHA2-384: (A5076)
Name Type Description Properties Algorithms MAC (SNMPv3) MAC Message HMAC-SHA-1: Authentication (A5076) for SNMPv3 HMAC-SHA2services 256: (A5076) HMAC-SHA2384: (A5076) HMAC-SHA2512: (A5076) SHA-1: (A5076) SHA2-256: (A5076) SHA2-384: (A5076) SHA2-512: (A5076) KDF SNMP: (A5076) DRBG Function DRBG Used for DRBG Counter DRBG: generation (A5076) SNMPv3 Keying KAS-135KDF Keying KDF SNMP: Materials materials, used (A5076) Development to derive SNMP session keys TLS Keying KAS-135KDF Keying TLS v1.2 KDF Materials materials, used RFC7627: Development to derive TLS (A5076) session keys Firmware Load DigSig-SigVer Signature RSA SigVer Test Verification for (FIPS186-5): firmware load (A5076) test MACSec-SAK- MAC Used to protect AES-CMAC: Integrity the integrity of (A5076) SAK during key transmission MACsec Keying KBKDF MACsec KDF SP800Materials session keying 108: (A5076) Development materials, used to derive MACsec session keys Table 7: Security Function Implementations
Cert Vendor Name Number E192 Ruckus Wireless LLC Table 8: Entropy Certificates Name Type Operational Sample Entropy Conditioning Environment Size per Component Sample Ruckus IronWare Non- ARM Cortex A57 8 bits 4 bits N/A
Source A72 (ARMv8) Table 9: Entropy Sources Ruckus FastIron™ IronWare 10.0.10 Entropy Source v1.0 is the entropy source used on each Ruckus FastIron ICX™ 7550, 7650, and 7850 Series Router with firmware IronWare OS 10.0.10 to seed the approved DRBG. The noise source of entropy is periodic sampling of the high-
precision CPU clock within the ARM CPU. There is no conditioning component applied on the output of the clock source. Health testing is implemented on the output of the noise source. The entropy source provides a minimum entropy of 4 bits per sample with the sample size of 8 bits. The module makes repeated calls to the entropy source after which the random data is loaded into a buffer. This buffer is used by the DRBG to get entropy input. Buffer size is big enough that the overall effective entropy is more than that is required for the DRBG instantiation. Similar implementation is done for DRBG reseeding.”
The module generates RSA, ECDSA, EC Diffie-Hellman, and Diffie-Hellman asymmetric key pairs compliant with FIPS 186-5, using a NIST SP 800-90Ar1 CTR DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.).
The module provides the following key/SSP establishment services in the approved mode of operation:
The module supports SSHv2, TLS v1.2, SNMPv3 and MACSec industrial protocols. No parts of the SSH, TLS and SNMP protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information.
Physical Port Logical Data That Passes Interface(s) Console port, Mgmt Port, PoE+ Data Input Data input into the module for all the ports, Ethernet Ports, services defined in Approved Services SPF/SFP+, QSFP+, and Table, including TLSv1.2, SSHv2, SNMPv3 QSFP28 ports and MACSec service data. Console port, Mgmt Port, PoE+ Data Output Data output from the module for all the ports, Ethernet Ports, services defined in Approved Services SPF/SFP+, QSFP+, and Table, including TLSv1.2, SSHv2, SNMPv3 QSFP28 ports and MACSec service data. Console port, Mgmt Port, PoE+ Control Control Data input into the module for all ports, Ethernet Ports, Input the services defined in Approved Services SPF/SFP+, QSFP+, and Table, including TLSv1.2, SSHv2, SNMPv3 QSFP28 ports and MACSec service data. Console port, Mgmt Port, PoE+ Status Status Information output from the module. ports, Ethernet Ports, Output SPF/SFP+, QSFP+, and QSFP28 ports and LEDs N/A Control N/A Output Power Power Provide the Power Supply to the module. Table 10: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided by the module (data input, data output, control input, control output and status output) as above.
Method Description Security Strength Each Strength per Name Mechanism Attempt Minute Password- The minimum length is Password The probability The probability of Based eight (8) characters (94 Based that a random successfully possible characters). attempt will authenticating to The probability that a succeed or a the module within random attempt will false one minute is succeed or a false acceptance will 10/(94^8), which is acceptance will occur is occur is less than 1/(94^8) which is less 1/(94^8) which 1/100,000. Please than 1/1,000,000. As the is less than refer to Description module supports at most 1/1,000,000. section in this table ten failed attempts to Please refer to for more details. authenticate in a one- Description minute period, the section in this probability of table for more successfully details.
Method Description Security Strength Each Strength per Name Mechanism Attempt Minute authenticating to the module within one minute is 10/(94^8), which is less than 1/100,000. This calculation is based on the assumption that the typical standard American QWERTY computer keyboard has
alphabetic characters, and 32 special characters providing 94 characters to choose from in total. RSA- The modules supports RSA SigVer With a minimum For multiple attacks Based RSA public-key based (FIPS186-5) modulus size of during a oneCertificate authentication (A5076) 2048, the minute period, to mechanism using a probability that exceed a one in minimum of RSA 2048 a random 100,000 probability bits, which provides 112 attempt will of a successful bits of security strength. succeed is random key guess The probability that a 1/(2^112) which in one minute, an random attempt will is less than attacker would succeed is 1/(2^112) 1/1,000,000. have to be capable which is less than Please refer to of approximately 1/1,000,000. For Description 8.65x10^31 (2^112 multiple attacks during a section in this /60 = 8.65 x 10^31) one-minute period, as table for more attempts per the module at its highest details. second. Please can support at most refer to Description 17,000 new sessions section in this table per second to for more details. authenticate in a oneminute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000. ECDSA- The modules support ECDSA With a minimum For multiple attacks Based ECDSA public-key SigVer curve of P-256, during a oneCertificate based authentication (FIPS186-5) the probability minute period, to mechanism using a (A5076) that a random exceed a one in
Method Description Security Strength Each Strength per Name Mechanism Attempt Minute minimum of curve P- attempt will 100,000 probability 256, which provides 128 succeed is of a successful bits of security strength. 1/(2^128) which random key guess The probability that a is less than in one minute, an random attempt will 1/1,000,000. attacker would succeed is 1/(2^128) Please refer to have to be capable which is less than Description of approximately 1/1,000,000. For section in this 5.67x10^36 (2^128 multiple attacks during a table for more /60 = 5.67 x 10^36) one-minute period, as details. attempts per the module at its highest second. Please can support at most refer to Description 17,000 new sessions section in this table per second to for more details. authenticate in a oneminute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000. Table 11: Authentication Methods The module implements role-based authentication. The module supports the Crypto Officer role and the User role. The module also allows the concurrent operators.
Name Type Operator Type Authentication Methods Crypto Officer Role CO Password-Based RSA-Based Certificate ECDSA-Based Certificate User Role User Password-Based RSA-Based Certificate ECDSA-Based Certificate Port Config Admin Role Port Config Password-Based Admin RSA-Based Certificate ECDSA-Based Certificate Table 12: Roles
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s Show Provide Global Command Module's None Crypto Status Module's Indicator used to Operationa Officer current or syslog show l Status Port Config status message Module's Admin (return Status User codes and/or syslog messages) Show Provide Console Command Module's None Crypto Version Module's message to show ID and Officer name and version versioning Port Config version information Admin information User Perform Perform Perform Command Status of None Crypto Self-Tests Self-Tests self-test to trigger the self- Officer (Pre- completio Self-Test tests User operational n results Port Config self-test message Admin and Unauthentic Conditional ated Self-Tests) Perform Perform Syslog Command Status of None Crypto Zeroization Zeroization message to zeroize the SSPs Officer the module zeroization - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - User Password: Z - Crypto Officer Password: Z - Port Config Admin Password: Z - Firmware Load Test Key: Z - SSH DH
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: Z - SSH ECDH Public Key: Z - SSH Peer ECDH Public Key: Z - SSH ECDH Shared Secret: Z - SSH ECDSA Private Key: Z - SSH ECDSA Public Key: Z - SSH RSA Private Key: Z - SSH RSA Public Key: Z - SSH Session Encryption Key: Z - SSH Session Authenticatio n Key: Z - TLS DH Private Key: Z
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s - TLS DH Public Key: Z - TLS Peer DH Public Key: Z - TLS DH Shared Secret: Z - TLS ECDH Private Key: Z - TLS ECDH Public Key: Z - TLS Peer ECDH Public Key: Z - TLS ECDH Shared Secret: Z - TLS ECDSA Private Key: Z - TLS ECDSA Public Key: Z - TLS RSA Private Key: Z - TLS RSA Public Key: Z - TLS Master Secret: Z - TLS Session Encryption Key: Z - SNMPv3 Authenticatio n Secret: Z - SNMPv3 Encryption Key: Z - SNMPv3
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s Integrity Key: Z - MACSec CAK: Z - MACSec ICK: Z - MACSec SAK: Z - MACSec KEK: Z Crypto CO Role N/A CO Status of None Crypto Officer Authenticat Authenticat the CO Officer Authenticat ion ion authenticat - Crypto ion Request ion Officer Password: W,Z User User Role N/A User role Status of None User Authenticat Authenticat authenticat the User - User ion ion ion request role Password: authenticat W,Z ion Port Config Port Config N/A Port Config Status of None Port Config Admin Admin Admin role the Port Admin Authenticat Role authenticat Config - Port Config ion Authenticat ion request Admin role Admin ion authenticat Password: ion W,Z Port Perform N/A Commands Port None Crypto Configurati Port to configurati Officer on Configurati configure on Port Config Mangemen on the port completion Admin t parameters status of information switch/rout er Account Account N/A Commands Status of None Crypto Mangemen Creation to create a the new Officer t new user user account accounts Configure Configure Global Commands Status of SSH RSA Crypto SSHv2 SSHv2 Indicator to the KeyGen Officer Function Function and configure completion SSH - SSH RSA SSHv2 SSHv2 of the ECDSA Private Key: configurati SSHv2 KeyGen G,W on configurati DRBG - SSH RSA success on Function Public Key: G,W
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s status - SSH message ECDSA Private Key: G,W - SSH ECDSA Public Key: G,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E Run Execute Global Initiate Status of KAS-ECC Crypto SSHv2 SSHv2 Indicator SSHv2 SSHv2 (SSHv2) Officer Function Function and tunnel tunnel KAS-FFC - SSH DH successfu establishm establishm (SSHv2) Private Key: l SSHv2 ent ent SSH-KTS G,W,E,Z log (AES and - SSH DH message HMAC) Public Key: SSH RSA G,R,W,E,Z SigGen - SSH Peer SSH RSA DH Public SigVer Key: W,E,Z SSH - SSH DH ECDSA Shared SigGen Secret: SSH G,W,E,Z ECDSA - SSH ECDH SigVer Private Key: Block G,W,E,Z ciphers - SSH ECDH (SSHv2) Public Key: MAC G,R,W,E,Z (SSHv2) - SSH Peer DRBG ECDH Public Function Key: W,E,Z - SSH ECDH Shared Secret: G,W,E,Z
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s - SSH RSA Private Key: E - SSH RSA Public Key: R,E - SSH ECDSA Private Key: E - SSH ECDSA Public Key: R,E - SSH Session Encryption Key: G,W,E,Z - SSH Session Authenticatio n Key: G,W,E,Z - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E - RADIUS Secret: W,E Port Config Admin - SSH DH Private Key: R,E - SSH DH Public Key: R,E - SSH Peer DH Public
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s Key: R,E - SSH DH Shared Secret: R,E - SSH ECDH Private Key: R,E - SSH ECDH Public Key: R,E - SSH Peer ECDH Public Key: R,E - SSH ECDH Shared Secret: R,E - SSH RSA Private Key: R,E - SSH RSA Public Key: R,E - SSH ECDSA Private Key: R,E - SSH ECDSA Public Key: R,E - SSH Session Encryption Key: R,E - SSH Session Authenticatio n Key: R,E - DRBG Entropy Input: R,E - DRBG Seed: R,E - DRBG Internal State V value: R,E - DRBG Key:
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s R,E - RADIUS Secret: W,E User - SSH DH Private Key: R,E - SSH DH Public Key: R,E - SSH Peer DH Public Key: R,E - SSH DH Shared Secret: R,E - SSH ECDH Private Key: R,E - SSH ECDH Public Key: R,E - SSH Peer ECDH Public Key: R,E - SSH ECDH Shared Secret: R,E - SSH RSA Private Key: R,E - SSH RSA Public Key: R,E - SSH ECDSA Private Key: R,E - SSH ECDSA Public Key: R,E - SSH Session Encryption Key: R,E - SSH Session
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s Authenticatio n Key: R,E - DRBG Entropy Input: R,E - DRBG Seed: R,E - DRBG Internal State V value: R,E - DRBG Key: R,E - RADIUS Secret: W,E Configure Configure Global Commands Status of TLS RSA Crypto SSL over SSL over Indicator to the KeyGen Officer TLSv1.2 TLSv1.2 and TLS configure completion TLS - TLS RSA Function Function v1.2 TLSv1.2 of TLSv1.2 ECDSA Private Key: configurati configurati KeyGen G,W on on DRBG - TLS RSA success Function Public Key: status G,W message - TLS ECDSA Private Key: G,W - TLS ECDSA Public Key: G,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E Run SSL Execute Global Commands Status of KAS-ECC Crypto over SSL over Indicator to initiate the (TLSv1.2) Officer TLSv1.2 TLSv1.2 and TLSv1.2 completion KAS-FFC - TLS DH Function Function successfu of TLSv1.2 (TLSv1.2) Private Key: l TLS v1.2 TLS-KTS G,W,E,Z
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s log establishm (AES and - TLS DH message ent HMAC) Public Key: TLS-KTS G,R,W,E,Z (AES- - TLS Peer GCM) DH Public TLS RSA Key: W,E,Z KeyGen - TLS DH TLS RSA Shared SigGen Secret: TLS RSA G,W,E,Z SigVer - TLS ECDH TLS Private Key: ECDSA G,W,E,Z KeyGen - TLS ECDH TLS Public Key: ECDSA G,R,W,E,Z SigGen - TLS Peer TLS ECDH Public ECDSA Key: W,E,Z SigVer - TLS ECDH Block Shared ciphers Secret: (TLSv1.2) G,W,E,Z MAC - TLS RSA (TLSv1.2) Private Key: DRBG E Function - TLS RSA TLS Public Key: Keying R,E Materials - TLS Master Developm Secret: ent G,W,E,Z - TLS Session Encryption Key: G,W,E,Z - TLS Session Authenticatio n Key: G,W,E,Z - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s Internal State V value: G,W,E - DRBG Key: G,W,E - TLS ECDSA Private Key: E - TLS ECDSA Public Key: R,E Configure Configure Global Commands Status of MACSec- Crypto MACSec MACSec Indicator to the KTS Officer Function Function and configure completion (AES-KW) - MACSec MACSec MACSec of MACSec- CAK: W,E configurati service MACSec KTS - MACSec on on configurati (AES- ICK: success on KWP) G,W,E,Z status Block - MACSec message ciphers SAK: (MACSec) G,W,E,Z MACSec- - MACSec SAK- KEK: Integrity G,W,E,Z Run Execute Global Commands Status of MACSec- Crypto MACSec MACSec Indicator to initiate the KTS Officer Function Function and MACSec completion (AES-KW) - MACSec successfu service of MACSec- CAK: W,E l MACSec MACSec KTS - MACSec log establishm (AES- ICK: message ent KWP) G,W,E,Z Block - MACSec ciphers SAK: (MACSec) G,W,E,Z MACSec- - MACSec SAK- KEK: Integrity G,W,E,Z MACsec Keying Materials Developm ent
Name Descriptio Indicator Inputs Outputs Security SSP Access n Function s Configure Configure Global Commands Status of Block Crypto SNMPv3 SNMPv3 Indicator to the ciphers Officer Function Function and configure completion (SNMPv3) - SNMPv3 SNMPv3 SNMPv3 of MAC Authenticatio configurati service SNMPv3 (SNMPv3) n Secret: on configurati W,E success on - SNMPv3 status Encryption message Key: G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Run Execute Global Commands Status of Block Crypto SNMPv3 SNMPv3 Indicator to initiate the ciphers Officer Function Function and SNMPv3 completion (SNMPv3) - SNMPv3 successfu service of MAC Authenticatio l SNMPv3 SNMPv3 (SNMPv3) n Secret: log establishm SNMPv3 W,E message ent Keying - SNMPv3 Materials Encryption Developm Key: ent G,W,E,Z - SNMPv3 Integrity Key: G,W,E,Z Firmware Execute Global Commands Outcome Firmware Crypto Load Test the indicator to load of the Load Test Officer Firmware and new Firmware - Firmware Load Test successfu firmware Load Test Load Test l image Key: E Firmware Loading status message Table 13: Approved Services
The module also supports the firmware load test by using RSA 2048 bits with SHA2-256 (RSA Cert. #A5076) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails.
The module supports unauthenticated service. The unauthenticated User/Operators can trigger the self-test service by power-cycling the module, and is able to observe the module’s LEDs status.
The module performs the Firmware Integrity tests by using CRC-32 during the Pre-Operational Self-Test. At Module’s initialization, the integrity of the runtime executable binary file (SPR10010dufi.bin) is verified using the following two integrity check mechanisms to ensure that the module has not been tampered:
Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the module to initiate the firmware integrity test on-demand. This automatically performs the integrity test of all firmware components included within the boundary of the module.
Type of Operational Environment: Limited
The module is a multi-chip standalone hardware cryptographic module. The module meets the FIPS 140-3 Level 1 security requirements as production grade components.
No approved non-invasive attack mitigation test metrics are defined at this time.
Storage Description Persistence Area Type Name DRAM Volatile Memory Dynamic Flash Non-Volatile Memory Static Table 14: Storage Areas
Name From To Format Distributio Entry SFI or Type n Type Type Algorith m Peer Public Key External Module Plaintext Automated Electroni Input (Outside c of the Module's Boundary ) Module Public Module External Plaintext Automated Electroni Key Output (Outside c of the Module's Boundary ) Password/Secre External Module Encrypte Automated Electroni SSH-KTS t Input via (Outside d c (AES and SSHv2 of the HMAC) encrypted by Module's AES and HMAC Boundary ) Password/Secre External Module Encrypte Automated Electroni TLS-KTS t Input via TLS (Outside d c (AES and v1.2 encrypted of the HMAC) by AES and Module's HMAC Boundary )
Name From To Format Distributio Entry SFI or Type n Type Type Algorith m Password/Secre External Module Encrypte Automated Electroni TLS-KTS t Input via TLS (Outside d c (AESv1.2 encrypted of the GCM) by AES-GCM Module's Boundary ) MACSec SAK Module External Encrypte Automated Electroni MACSecOutput (Outside d c KTS encrypted by of the (AES-KW) MACSec KEK Module's using AES-KW Boundary ) MACSec SAK Module External Encrypte Automated Electroni MACSecOutput (Outside d c KTS encrypted by of the (AESMACSec KEK Module's KWP) using AES-KWP Boundary ) Table 15: SSP Input-Output Methods
Zeroization Description Rationale Operator Method Initiation Zeroization CO issues the zeroization command will erase 'fips zeroize all' Command zeroization all SSPs stored in the DRAM or in the Command service Flash of the module. Table 16: SSP Zeroization Methods Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement.
Name Description Size - Type - Generate Establishe Used By Strength Category d By d By DRBG Used to 960 - at Entropy DRBG Entropy seed the least 256 Input - CSP Function Input DRBG bits DRBG Seed Used in 384 bits - DRBG Seed DRBG DRBG 384 bits - CSP Function Generation
Name Description Size - Type - Generate Establishe Used By Strength Category d By d By DRBG Used in 128 bits - DRBG DRBG Internal DRBG 128 bits Internal Function State V Generation State V value value - CSP DRBG Key Used in 256 bits - DRBG Key - DRBG DRBG 256 bits CSP Function Generation User User 8-60 Authenticati Password authenticati Characte on Data on rs - 8-60 CSP Characte rs Crypto Crypto 8-60 Authenticati Officer Officer Characte on Data Password authenticati rs - 8-60 CSP on Characte rs Port Config Port Config 8-60 Authenticati Admin Admin Characte on Data Password authenticati rs - 8-60 CSP on Characte rs RADIUS RADIUS 8-64 Authenticati Secret Server Characte on Data Authenticati rs - 8-64 CSP on Characte rs Firmware Used for 2048 bits Public Key - Firmware Load Test Firmware - 112 bits CSP Load Test Key Load Test SSH ECDH Used to Curves: Private Key KAS- KAS-ECC Private Key derive the 256, 384, - CSP ECC (SSHv2) SSH ECDH 521 bits - (SSHv2) Shared 128 to Secret 256 bits SSH ECDH Used to Curves: Public Key - KAS-ECC Public Key derive SSH 256, 384, PSP (SSHv2) ECDH 521 bits Shared 128-256 Secret bits SSH Peer Used to Curves: Public Key - KAS-ECC ECDH derive SSH 256, 384, PSP (SSHv2) Public Key ECDH 521 bits Shared 128 to Secret 256 bits SSH ECDH Used to Curves: Shared KAS-ECC KAS-ECC Shared derive SSH 256, 384, Secret - (SSHv2) (SSHv2) Secret Session 521 bits - CSP
Name Description Size - Type - Generate Establishe Used By Strength Category d By d By Encryption 128 to Keys, SSH 256 bits Session Authenticati on Keys SSH DH Used to MODP- Private Key KAS-FFC KAS-FFC Private Key derive the 2048, - CSP (SSHv2) (SSHv2) SSH DH MODPShared 4096, Secret MODP-
112-200 bits SSH DH Used to MODP- Public Key - KAS-FFC Public Key derive SSH 2048, PSP (SSHv2) DH Shared MODPSecret 4096, MODP-
112-200 bits SSH Peer Used to MODP- Public Key - KAS-FFC DH Public derive SSH 2048, PSP (SSHv2) Key DH Shared MODPSecret 4096, MODP-
112-200 bits SSH DH Used to MODP- Shared KAS-FFC KAS-FFC Shared derive SSH 2048, Secret - (SSHv2) (SSHv2) Secret Session MODP- CSP Encryption 4096, Keys, SSH MODPSession 8192 Authenticati 112-200 on Keys bits SSH RSA Used for Modulus Private Key SSH SSH RSA Private Key SSH 2048 bits - CSP RSA SigGen session - 112 bits KeyGen authenticati on SSH RSA Used for Modulus Public Key - SSH RSA Public Key SSH 2048 bits PSP KeyGen sessions - 112 bits authenticati on
Name Description Size - Type - Generate Establishe Used By Strength Category d By d By SSH Used for Curve P- Private Key SSH SSH ECDSA SSH 256/P- - CSP ECDSA ECDSA Private Key session 384 - KeyGen SigGen authenticati 128-192 on bits SSH Used for Curve P- Public Key - SSH ECDSA SSH 256/P- PSP ECDSA Public Key sessions 384 - KeyGen authenticati 128-192 on bits SSH Used for 128-256 Session KAS-ECC Block Session SSH bits - Key - CSP (SSHv2) ciphers Encryption Session 128-256 KAS-FFC (SSHv2) Key confidentiali bits (SSHv2) ty protection SSH Used for At least Session KAS-ECC MAC Session SSH 160 bits - Key - CSP (SSHv2) (SSHv2) Authenticati Session At least KAS-FFC on Key integrity 160 bits (SSHv2) protection TLS ECDH Used to Curves: Private Key KAS- KAS-ECC Private Key derive the 256, 384 - CSP ECC (TLSv1.2) TLS ECDH bits - 128 (TLSv1.2 Shared to 192 ) Secret bits TLS ECDH Used to Curves: Public Key - KAS-ECC Public Key derive TLS 256, 384 PSP (TLSv1.2) ECDH bits - 128 Shared to 192 Secret bits TLS Peer Used to Curves: Public Key - KAS-ECC ECDH derive TLS 256, 384 PSP (TLSv1.2) Public Key ECDH bits - 128 Shared to 192 Secret bits TLS ECDH Used to Curves: Shared KAS-ECC KAS-ECC Shared derive TLS 256, 384 Secret - (TLSv1.2) (TLSv1.2) Secret Session bits - 128 CSP Encryption to 192 Keys, TLS bits Session Authenticati on Keys TLS DH Used to ffdhe204 Private Key KAS-FFC KAS-FFC Private Key derive the 8 - 112 - CSP (TLSv1.2 (TLSv1.2) TLS DH bits ) Shared Secret
Name Description Size - Type - Generate Establishe Used By Strength Category d By d By TLS DH Used to ffdhe204 Public Key - KAS-FFC Public Key derive TLS 8 - 112 PSP (TLSv1.2) DH Shared bits Secret TLS Peer Used to ffdhe204 Public Key - KAS-FFC DH Public derive TLS 8 - 112 PSP (TLSv1.2) Key DH Shared bits Secret TLS DH Used to ffdhe204 Shared KAS-FFC KAS-FFC Shared derive TLS 8 - 112 Secret - (TLSv1.2) (TLSv1.2) Secret Session bits CSP Encryption Keys, TLS Session Authenticati on Keys TLS RSA Used for Modulus Private Key TLS RSA TLS RSA Private Key TLS session 2048 bits - CSP KeyGen SigGen authenticati - 112 bits on TLS RSA Used for Modulus Public Key - TLS RSA Public Key TLS 2048 bits PSP KeyGen sessions - 112 bits authenticati on TLS ECDSA Used for Curve P- Private Key TLS TLS Private Key TLS session 256/P- - CSP ECDSA ECDSA authenticati 384 - KeyGen SigGen on 128-192 bits TLS ECDSA Used for Curve P- Public Key - TLS Public Key TLS 256/P- PSP ECDSA sessions 384 - KeyGen authenticati 128-192 on bits TLS Master Used to At least Master TLS KAS-ECC Secret protect TLS 112 bits - Secret - Keying (TLSv1.2) Session. At least CSP Materials KAS-FFC Pre-master 112 bits Developme (TLSv1.2) secret nt TLS Used to 128-256 Session KAS-ECC Block Session protect TLS bits - Key - CSP (TLSv1.2) ciphers Encryption Session. 128-256 KAS-FFC (TLSv1.2) Key TLS Master bits (TLSv1.2) secret TLS Keying Materials
Name Description Size - Type - Generate Establishe Used By Strength Category d By d By Developme nt TLS Used to at least Session KAS-ECC MAC Session protect TLS 112 bits - Key - CSP (TLSv1.2) (TLSv1.2) Authenticati Session. at least KAS-FFC on Key TLS master 112 bits (TLSv1.2) secret TLS Keying Materials Developme nt SNMPv3 Used for 8-20 Authenticati Authenticati SNMPv3 character on Secret on Secret user s - N/A CSP authenticati on SNMPv3 Used to 128 bits - Encryption SNMPv3 Block Encryption protect 128 bits Key - CSP Keying ciphers Key SNMPv3 Materials (SNMPv3) traffic Developme confidentiali nt ty SNMPv3 Used to At least Authenticati SNMPv3 MAC Integrity Key secure 160 bits - on Key - Keying (SNMPv3) SNMPv3 At least CSP Materials traffic 112 bits Developme integrity nt MACSec Used to 128 bits - MACSec MACsec CAK derive N/A Secret - Keying MACSec CSP Materials ICK and Developme MACSec nt KEK MACSec Used to 128 bits - Integrity MACsec MACSecICK protect the 128 bits Key - CSP Keying SAKMACSec Materials Integrity Integrity Developme AESnt CMAC (A5076) MACSec Used to 128 bits - Encryption MACSec- Block SAK protect the 128 bits Key - CSP KTS (AES- ciphers MACSec KW) (MACSec) traffic MACSecconfidentiali KTS (AESty KWP) TLS Keying Materials
Name Description Size - Type - Generate Establishe Used By Strength Category d By d By Developme nt MACSecSAKIntegrity MACSec Used to 128 bits - Encryption MACsec MACSecKEK transport 128 bits Key - CSP Keying KTS (AESMACSec Materials KW) SAK to Peer Developme MACSecnt KTS (AESKWP) Table 17: SSP Table 1 Name Input - Output Storage Storage Zeroizatio Related SSPs Duratio n n DRBG DRAM:Plaintex Until Zeroization DRBG Entropy Input t Reboot Command Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With DRBG Seed DRAM:Plaintex Until Zeroization DRBG t Reboot Command Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With DRBG DRAM:Plaintex Until Zeroization DRBG Internal State t Reboot Command Entropy V value Input:Used With DRBG Seed:Used With DRBG Key:Used With
Name Input - Output Storage Storage Zeroizatio Related SSPs Duratio n n DRBG Key DRAM:Plaintex Until Zeroization DRBG t Reboot Command Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used With User Password/Secre Flash:Plaintext Zeroization Password t Input via Command SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM Crypto Officer Password/Secre Flash:Plaintext Zeroization Password t Input via Command SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM Port Config Password/Secre Flash:Plaintext Zeroization Admin t Input via Command Password SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted
Name Input - Output Storage Storage Zeroizatio Related SSPs Duratio n n by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM RADIUS Password/Secre Flash:Plaintext Zeroization Secret t Input via Command SSHv2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES and HMAC Password/Secre t Input via TLS v1.2 encrypted by AES-GCM Firmware Flash:Plaintext N/A Load Test Key SSH ECDH DRAM:Plaintex While Zeroization SSH ECDH Private Key t SSH Command Public tunnel is Key:Paired on With SSH Peer ECDH Public Key:Used With SSH ECDH Module Public DRAM:Plaintex While Zeroization SSH ECDH Public Key Key Output t SSH Command Private tunnel is Key:Paired on With SSH Peer Peer Public Key DRAM:Plaintex While Zeroization SSH ECDH ECDH Public Input t SSH Command Private Key tunnel is Key:Used on With SSH ECDH DRAM:Plaintex While Zeroization SSH ECDH Shared t SSH Command Private Secret tunnel is Key:Derived on From SSH ECDH Public Key:Derived From
Name Input - Output Storage Storage Zeroizatio Related SSPs Duratio n n SSH DH DRAM:Plaintex While Zeroization SSH DH Private Key t SSH Command Public tunnel is Key:Paired on With SSH Peer DH Public Key:Used With SSH DH Module Public DRAM:Plaintex While Zeroization SSH DH Public Key Key Output t SSH Command Private tunnel is Key:Paired on With SSH Peer DH Peer Public Key DRAM:Plaintex While Zeroization SSH DH Public Key Input t SSH Command Private tunnel is Key:Used on With SSH DH DRAM:Plaintex While Zeroization SSH DH Shared t SSH Command Private Secret tunnel is Key:Derived on From SSH DH Public Key:Derived From SSH RSA Flash:Plaintext Zeroization SSH RSA Private Key Command Public Key:Paired With SSH RSA Module Public Flash:Plaintext Zeroization SSH RSA Public Key Key Output Command Private Key:Paired With SSH ECDSA Flash:Plaintext Zeroization SSH ECDSA Private Key Command Public Key:Paired With SSH ECDSA Module Public Flash:Plaintext Zeroization SSH ECDSA Public Key Key Output Command Private Key:Paired With SSH Session DRAM:Plaintex While Zeroization SSH Session Encryption t SSH Command Authentication Key tunnel is Key:Used on With SSH Session DRAM:Plaintex While Zeroization SSH Session Authenticatio t SSH Command Encryption n Key
Name Input - Output Storage Storage Zeroizatio Related SSPs Duratio n n tunnel is Key:Used on With TLS ECDH DRAM:Plaintex While Zeroization TLS ECDH Private Key t TLS Command Public tunnel is Key:Paired on With TLS Peer ECDH Public Key:Used With TLS ECDH Module Public DRAM:Plaintex While Zeroization TLS ECDH Public Key Key Output t TLS Command Private tunnel is Key:Paired on With TLS Peer Peer Public Key DRAM:Plaintex While Zeroization TLS ECDH ECDH Public Input t TLS Command Private Key tunnel is Key:Used on With TLS ECDH DRAM:Plaintex While Zeroization TLS ECDH Shared t TLS Command Private Secret tunnel is Key:Derived on From TLS ECDH Public Key:Derived From TLS DH DRAM:Plaintex While Zeroization TLS DH Private Key t TLS Command Public tunnel is Key:Paired on With TLS Peer DH Public Key:Used With TLS DH Module Public DRAM:Plaintex While Zeroization TLS DH Public Key Key Output t TLS Command Private tunnel is Key:Paired on With TLS Peer DH Peer Public Key DRAM:Plaintex While Zeroization TLS DH Public Key Input t TLS Command Private tunnel is Key:Used on With TLS DH DRAM:Plaintex While Zeroization TLS DH Shared t TLS Command Private Secret tunnel is Key:Derived on From TLS DH
Name Input - Output Storage Storage Zeroizatio Related SSPs Duratio n n Public Key:Derived From TLS RSA Flash:Plaintext Zeroization TLS RSA Private Key Command Public Key:Paired With TLS RSA Module Public Flash:Plaintext Zeroization TLS RSA Public Key Key Output Command Private Key:Paired With TLS ECDSA Flash:Plaintext Zeroization TLS ECDSA Private Key Command Public Key:Paired With TLS ECDSA Module Public Flash:Plaintext Zeroization TLS ECDSA Public Key Key Output Command Private Key:Paired With TLS Master DRAM:Plaintex While Zeroization TLS ECDH Secret t TLS Command Shared tunnel is Secret:Derive on d From TLS Session DRAM:Plaintex While Zeroization TLS Session Encryption t TLS Command Authentication Key tunnel is Key:Used on With TLS Session DRAM:Plaintex While Zeroization TLS Session Authenticatio t TLS Command Encryption n Key tunnel is Key:Used on With SNMPv3 Password/Secre DRAM:Plaintex While Zeroization SNMPv3 Authenticatio t Input via t SNMPv3 Command Encryption n Secret SSHv2 tunnel is Key:Derive To encrypted by on SNMPv3 AES and HMAC Integrity Key:Derive To SNMPv3 DRAM:Plaintex While Zeroization SNMPv3 Encryption t SNMPv3 Command Authentication Key tunnel is Secret:Derive on d From SNMPv3 DRAM:Plaintex While Zeroization SNMPv3 Integrity Key t SNMPv3 Command Authentication tunnel is Secret:Derive on d From SNMPv3 Encryption
Name Input - Output Storage Storage Zeroizatio Related SSPs Duratio n n Key:Used With MACSec Password/Secre Flash:Plaintext Until Zeroization MACSec CAK t Input via Zeroized Command ICK:Derived SSHv2 From encrypted by MACSec AES and HMAC SAK:Derived From MACSec KEK:Derived From MACSec ICK DRAM:Plaintex While Zeroization MACSec t MACSec Command KEK:Used session With is on MACSec SAK MACSec SAK DRAM:Plaintex While Zeroization MACSec Output t MACSec Command CAK:Derived encrypted by session From MACSec KEK is on using AES-KW MACSec SAK Output encrypted by MACSec KEK using AES-KWP MACSec KEK DRAM:Plaintex While Zeroization MACSec t MACSec Command SAK:Encrypts session is on Table 18: SSP Table 2
The module includes an implementation of SHA-1 for hashing and message authentication. This implementation will be non-Approved for all uses starting January 1, 2031. User should move to SHA2, which is available in this module.”
Algorithm or Test Test Test Indicator Details Test Properties Method Type CRC-32 N/A KAT SW/FW Module is in The module performs the (Bootloader) Integrity normal state Bootloader integrity test
Algorithm or Test Test Test Indicator Details Test Properties Method Type by using CRC-32 at the power up CRC-32 N/A KAT SW/FW Module is in The module performs the (Firmware) Integrity normal state Firmware integrity test by using CRC-32 at the power up Table 19: Pre-Operational Self-Tests The modules perform the self-tests, including the pre-operational self-tests and conditional selftests. The module runs all self-tests without operator intervention. In the event that a self-test fails, the module will enter an error state, output an error message and follow up with a module reboot. The module permits operators to initiate the pre-operational or conditional self-tests on demand for periodic testing of the module by rebooting the system (i.e., power-cycling).
Algorithm or Test Test Test Test Indicat Details Conditio Properti Metho Type or ns es d AES-CBC Encrypt KAT 128 bits KAT CAST Module Encrypt Power Up (A5076) is in normal state AES-CBC Decrypt KAT 128 bits KAT CAST Module Decrypt Power Up (A5076) is in normal state AES-GCM Authenticated 128 bits KAT CAST Module Encrypt Power Up Encrypt KAT (A5076) is in normal state AES-GCM Authenticated 128 bits KAT CAST Module Decrypt Power Up Decrypt KAT (A5076) is in normal state AES-CMAC Encrypt KAT 128 bits KAT CAST Module Encrypt Power Up (A5076) is in normal state AES-CMAC Decrypt KAT 128 bits KAT CAST Module Decrypt Power Up (5076) is in normal state Counter DRBG AES-128 KAT CAST Module Instantiate, Power Up Instantiate/Generate/Res is in Generate, eed KAT (A5076) normal and Reseed state KATs
Algorithm or Test Test Test Test Indicat Details Conditio Properti Metho Type or ns es d HMAC-SHA-1 KAT SHA-1 KAT CAST Module HMAC- Power Up (A5076) is in SHA-1 normal state HMAC-SHA2-256 KAT SHA2- KAT CAST Module HMAC- Power Up (A5076) 256 is in SHA2-256 normal state HMAC-SHA2-384 KAT SHA2- KAT CAST Module HMAC- Power Up (A5076) 384 is in SHA2-384 normal state HMAC-SHA2-512 KAT SHA2- KAT CAST Module HMAC- Power Up (A5076) 512 is in SHA2-512 normal state KAS-ECC-SSC Sp800- P-256 KAT CAST Module Primitive Z Power Up 56Ar3 KAT (A5076) Curve is in KAT normal state KAS-FFC-SSC Sp800- MODP- KAT CAST Module Primitive Z Power Up 56Ar3 KAT (A5076) 2048 is in KAT normal state ECDSA SigGen Curve P- KAT CAST Module N/A Power Up (FIPS186-5) KAT 256 is in (A5076) normal state ECDSA SigVer Curve P- KAT CAST Module N/A Power Up (FIPS186-5) KAT 256 is in (A5076) normal state RSA SigGen (FIPS186- 2048 bit KAT CAST Module RSA Power Up 5) KAT (A5076) modulus is in SigGen with normal KAT SHA2- state RSA SigVer (FIPS186-5) 2048 bit KAT CAST Module RSA SigVer Power Up KAT (A5076) modulus is in KAT with normal SHA2- state KDF SNMP KAT (A5076) N/A KAT CAST Module N/A Power Up is in normal state
Algorithm or Test Test Test Test Indicat Details Conditio Properti Metho Type or ns es d KDF SSH KAT (A5076) N/A KAT CAST Module N/A Power Up is in normal state TLS v1.2 KDF RFC7627 N/A KAT CAST Module N/A Power Up KAT (A5076) is in normal state SHA-1 KAT (A5076) N/A KAT CAST Module N/A Power Up is in normal state SHA2-256 KAT (A5076) N/A KAT CAST Module N/A Power Up is in normal state SHA2-384 KAT (A5076) N/A KAT CAST Module N/A Power Up is in normal state SHA2-512 KAT (A5076) N/A KAT CAST Module N/A Power Up is in normal state ECDSA KeyGen Curve P- PCT PCT Module N/A Performs (FIPS186-5) PCT 256 is in all (A5076) normal required state pair-wise consisten cy tests on the newly generated keypairs before the first operation al use. RSA KeyGen (FIPS186- 2048 bit PCT PCT Module RSA Performs 5) PCT (A5076) Modulus is in all normal required state pair-wise consisten cy tests on the newly generated
Algorithm or Test Test Test Test Indicat Details Conditio Properti Metho Type or ns es d key pairs before the first operation al use. KAS-ECC-SSC Sp800- Curve P- PCT PCT Module N/A Performs 56Ar3 PCT (A5076) 256 with is in all SHA2- normal required
consisten cy tests on the newly generated key pairs before the first operation al use. KAS-FFC-SSC Sp800- MODP- PCT PCT Module N/A Performs 56Ar3 PCT (A5076) 2048 is in all normal required state pair-wise consisten cy tests on the newly generated key pairs before the first operation al use. RSA SigVer (FIPS186-5) 2048 bits KAT SW/F Module N/A When Firmware Load Test with W is in firmware SHA2- Load normal has been
to the module KDF-SP800-108 KAT N/A KAT CAST Module N/A Power Up (A5076) is in normal state AES-GCM Authenticated 128 bits KAT CAST Module Encrypt Power Up Encrypt KAT (AES 4550) is in normal state
Algorithm or Test Test Test Test Indicat Details Conditio Properti Metho Type or ns es d AES-GCM Authenticated 128 bits KAT CAST Module Decrypt Power Up Decrypt KAT (AES 4550) is in normal state Entropy 90B Start-up Repetitio RCT CAST Module Designed to Power Up Repetition Count Test n Count is in quickly (RCT) Test normal detect state catastrophic failures that cause the noise source to become "stuck" on a single output value for a long period of time Entropy 90B Start-up Adaptive APT CAST Module Designed to Power Up Adaptive Proportion Test Proportio is in detect a (APT) n Test normal large loss of state entropy that might occur as a result of some physical failure or environment al change affecting the noise source Entropy 90B Continuous Repetitio RCT CAST Module Designed to Entropy Repetition Count Test n Count is in quickly data is (RCT) Test normal detect generated state catastrophic from the failures that Entropy cause the Source noise Continuou source to s become "stuck" on a single output value for a long
Algorithm or Test Test Test Test Indicat Details Conditio Properti Metho Type or ns es d period of time Entropy 90B Continuous Adaptive APT CAST Module Designed to Entropy Adaptive Proportion Test Proportio is in detect a data is (APT) n Test normal large loss of generated state entropy that from the might occur Entropy as a result Source of some Continuou physical s failure or environment al change affecting the noise source Table 20: Conditional Self-Tests
Algorithm or Test Method Test Type Period Periodic Test Method CRC-32 KAT SW/FW Integrity Recommend 60 Reboot (Bootloader) Days CRC-32 KAT SW/FW Integrity Recommend 60 Reboot (Firmware) Days Table 21: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method AES-CBC Encrypt KAT KAT CAST Recommend Reboot (A5076) 60 Days AES-CBC Decrypt KAT KAT CAST Recommend Reboot (A5076) 60 Days AES-GCM Authenticated KAT CAST Recommend Reboot Encrypt KAT (A5076) 60 Days AES-GCM Authenticated KAT CAST Recommend Reboot Decrypt KAT (A5076) 60 Days AES-CMAC Encrypt KAT KAT CAST Recommend Reboot (A5076) 60 Days AES-CMAC Decrypt KAT KAT CAST Recommend Reboot (5076) 60 Days
Algorithm or Test Test Method Test Type Period Periodic Method Counter DRBG KAT CAST Recommend Reboot Instantiate/Generate/Reseed 60 Days KAT (A5076) HMAC-SHA-1 KAT (A5076) KAT CAST Recommend Reboot
HMAC-SHA2-256 KAT KAT CAST Recommend Reboot (A5076) 60 Days HMAC-SHA2-384 KAT KAT CAST Recommend Reboot (A5076) 60 Days HMAC-SHA2-512 KAT KAT CAST Recommend Reboot (A5076) 60 Days KAS-ECC-SSC Sp800- KAT CAST Recommend Reboot 56Ar3 KAT (A5076) 60 Days KAS-FFC-SSC Sp800- KAT CAST Recommend Reboot 56Ar3 KAT (A5076) 60 Days ECDSA SigGen (FIPS186-5) KAT CAST Recommend Reboot KAT (A5076) 60 Days ECDSA SigVer (FIPS186-5) KAT CAST Recommend Reboot KAT (A5076) 60 Days RSA SigGen (FIPS186-5) KAT CAST Recommend Reboot KAT (A5076) 60 Days RSA SigVer (FIPS186-5) KAT CAST Recommend Reboot KAT (A5076) 60 Days KDF SNMP KAT (A5076) KAT CAST Recommend Reboot
KDF SSH KAT (A5076) KAT CAST Recommend Reboot
TLS v1.2 KDF RFC7627 KAT CAST Recommend Reboot KAT (A5076) 60 Days SHA-1 KAT (A5076) KAT CAST Recommend Reboot
SHA2-256 KAT (A5076) KAT CAST Recommend Reboot
SHA2-384 KAT (A5076) KAT CAST Recommend Reboot
SHA2-512 KAT (A5076) KAT CAST Recommend Reboot
ECDSA KeyGen (FIPS186- PCT PCT Recommend Reboot 5) PCT (A5076) 60 Days RSA KeyGen (FIPS186-5) PCT PCT Recommend Reboot PCT (A5076) 60 Days KAS-ECC-SSC Sp800- PCT PCT Recommend Reboot 56Ar3 PCT (A5076) 60 Days KAS-FFC-SSC Sp800- PCT PCT Recommend Reboot 56Ar3 PCT (A5076) 60 Days RSA SigVer (FIPS186-5) KAT SW/FW Load Recommend Reboot Firmware Load Test 60 Days
Algorithm or Test Test Method Test Type Period Periodic Method KDF-SP800-108 KAT KAT CAST Recommend Reboot (A5076) 60 Days AES-GCM Authenticated KAT CAST Recommend Reboot Encrypt KAT (AES 4550) 60 Days AES-GCM Authenticated KAT CAST Recommend Reboot Decrypt KAT (AES 4550) 60 Days Entropy 90B Start-up RCT CAST N/A N/A Repetition Count Test (RCT) Entropy 90B Start-up APT CAST N/A N/A Adaptive Proportion Test (APT) Entropy 90B Continuous RCT CAST N/A N/A Repetition Count Test (RCT) Entropy 90B Continuous APT CAST N/A N/A Adaptive Proportion Test (APT) Table 22: Conditional Periodic Information
Name Description Conditions Recovery Indicator Method Error If self-test tests fail, the module is Self-test Reboot the System State put into an error state failure module Halt Table 23: Error States If any of the above-mentioned self-tests fail, the module reports the cause of the error and enters an error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and reperforming the self-tests, including the pre-operational software integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs. The table below shows the different causes that lead to the Error State and the status indicators reported.
The module meets all the Level 1 requirements for FIPS 140-3. Follow the secure operations provided below to place the module in approved mode. Operating this module without maintaining the following settings will put the module operate in a non-compliant state. The module runs firmware version IronWare OS 10.0.10. This is the only allowable firmware image for this current approved mode of operation. The Crypto Officer shall load the FIPS 140-3 validated firmware only to maintain validation. Any firmware/software loaded into this module
that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation. The module is initiated into the approved mode of operation via the following procedures through the Command Line interface (CLI):
No specific Administrator guidance.
No specific Non-Administrator guidance.
Crypto Officers should follow the procedure below for the secure destruction of their module: Note: This process will cause the module to no longer function after it has wiped all configurations and keys.
Module will begin zeroization process and wipe all security parameters and configurations