| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Software |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 10/7/2030 |
| Caveat | When operated in approved mode, No assurance of the minimum strength of generated SSPs (e.g., keys) |
| Vendor | Persistent Systems, LLC |
flowchart LR
%% Deterministic review-risk graph for Wave Relay® User Space Crypto Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>Recovery</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>status output<br/>UnAuth</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Wave Relay® User Space Crypto Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>Recovery</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>status output<br/>UnAuth</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Persistent Systems, LLC Wave Relay® User Space Crypto Module Document Version: 1.2 Date: September 29, 2025
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) | 7 |
| Table 3: Tested Operational Environments - Software, Firmware, Hybrid | 8 |
| Table 4: Modes List and Description | 9 |
| Table 5: Approved Algorithms | 14 |
| Table 6: Vendor-Affirmed Algorithms | 15 |
| Table 7: Non-Approved, Not Allowed Algorithms | 15 |
| Table 8: Security Function Implementations | 40 |
| Table 9: Ports and Interfaces | 43 |
| Table 10: Authentication Methods | 44 |
| Table 11: Roles | 44 |
| Table 12: Approved Services | 49 |
| Table 13: Non-Approved Services | 49 |
| Table 14: Storage Areas | 52 |
| Table 15: SSP Input-Output Methods | 53 |
| Table 16: SSP Zeroization Methods | 53 |
| Table 17: SSP Table 1 | 56 |
| Table 18: SSP Table 2 | 59 |
| Table 19: Pre-Operational Self-Tests | 61 |
| Table 20: Conditional Self-Tests | 65 |
| Table 21: Pre-Operational Periodic Information | 65 |
| Table 22: Conditional Periodic Information | 66 |
| Table 23: Error States | 67 |
| Table 24 – References | 70 |
| Table 25 – Acronyms and Definitions | 70 |
| Figure 1 Logical Cryptographic Boundary and Physical Perimeter | 6 |
Section Title Security Level
7 Physical security N/A
8 Non-invasive security N/A
12 Mitigation of other attacks N/A
Overall Level 2 Table 1: Security Levels
FIPS validated connectivity drives mission success. This Persistent Systems LLC Wave Relay® User Space Crypto Module, hereafter denoted as the “module”, is a Software cryptographic module embedded in the Wave Relay® System that provides FIPS validated cryptographic algorithms which are used by user space system services & protocols (e.g., TLS, IPsec, etc.) The Wave Relay® System is a peer-to-peer wireless MANET networking solution in which there is no master node. If any device fails, the rest of the devices continue to communicate using any remaining connectivity. By eliminating master nodes, gateways, access points, and central coordinators from the design, Wave Relay® delivers high levels of fault tolerance regardless of which nodes might fail.
Purpose and Use: The module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated cryptography. The module is intended to be used in various products within the vendor’s portfolio of solutions. Built to create powerful, secure networks anywhere, the module is used to unite all critical data sources in real time giving you and your team the confidence to make difficult decisions in the heat of the moment. Module Type: Software Module Embodiment: SingleChip
Module Characteristics: Cryptographic Boundary: The TOEPP of the module is depicted in Figure 1. The Module is a single-chip embodiment. The cryptographic boundary is outlined in red and is defined as a dynamic software library (fips.so). The following block diagram details the module’s boundaries: Figure 1 Logical Cryptographic Boundary and Physical Perimeter
N/A for this module. Tested Module Identification
Package or File Software/ Firmware Features Integrity Test Name Version Wave Relay User 1.0 HMAC-SHA2-256 Space Crypto Module Table 2: Tested Module Identification
Tested Operational Environments - Software, Firmware, Hybrid: Wave Relay® User Space Crypto Module cryptographic module is tested on the following operational environments. Operating Hardware Processors PAA/PAI Hypervisor Version(s) System Platform or Host OS Wave MPU (5th MCIMX6Q6AVT10AE, Yes 1.0 Relay® Generation) MCIMX6Q6AVT10AD OS 2.2 Wave Embedded MCIMX6Q7CZK08AE, Yes 1.0 Relay® Module MSCMMX6QZCK08AB OS 2.2 Wave Embedded MCIMX6Q7CZK08AE, Yes 1.0 Relay® Module lite MSCMMX6QZCK08AB OS 2.2 Wave GVR5 MCIMX6Q7CZK08AE Yes 1.0 Relay® OS 2.2 Wave Integrated MCIMX6Q7CZK08AE Yes 1.0 Relay® Antenna OS 2.2 Series Table 3: Tested Operational Environments - Software, Firmware, Hybrid N/A for this module.
No components were excluded from the cryptographic boundary.
Modes List and Description: The Module supports an Approved mode and Non-Approved mode of operation. The module does not support a degraded mode. The Module’s status output will include a “FIPS Indicator” line. If this line explicitly states “not-approved”, then the Module is in the Non-Approved state; otherwise, the line will be blank, indicating the Approved state.
Mode Description Type Status Name Indicator Approved The module supports Approved services in the Approved FIPS Indicator: Approved mode of operation. Non-Approved services are not supported in this mode. Non- The module is capable of non-approved services Non- FIPS Indicator: Approved in the non-approved mode of operation only. Approved not-approved Table 4: Modes List and Description Mode Change Instructions and Status : The module provides a service level indicator. All Approved services will indicate they are Approved services, and all non-Approved services will indicate they are non-Approved. No additional configuration or initialization is required.
Approved Algorithms: The Module implements cryptographic algorithms in the following providers:
Algorithm CAVP Properties Reference Cert AES-CMAC A5177 Direction - Generation, Verification SP 800-38B Key Length - 128, 192, 256 AES-CTR A5177 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-ECB A5177 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-GCM A5177 Direction - Decrypt, Encrypt SP 800-38D IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 192, 256 AES-GMAC A5177 Direction - Decrypt, Encrypt SP 800-38D IV Generation - External, Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 AES-KW A5177 Direction - Decrypt, Encrypt SP 800-38F Key Length - 128, 192, 256 AES-KWP A5177 Direction - Decrypt, Encrypt SP 800-38F Key Length - 128, 192, 256 AES-OFB A5177 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-XTS Testing A5177 Direction - Decrypt, Encrypt SP 800-38E Revision 2.0 Key Length - 128, 256 Counter DRBG A5177 Prediction Resistance - No, Yes SP 800-90A Mode - AES-128, AES-192, AES-256 Rev. 1 Derivation Function Enabled - No, Yes ECDSA KeyGen A5177 Curve - B-233, B-283, B-409, B-571, K-233, K- FIPS 186-4 (FIPS186-4) 283, K-409, K-571, P-224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates ECDSA KeyVer A5177 Curve - B-163, B-233, B-283, B-409, B-571, K- FIPS 186-4 (FIPS186-4) 163, K-233, K-283, K-409, K-571, P-192, P224, P-256, P-384, P-521 ECDSA SigGen A5177 Component - No, Yes FIPS 186-4 (FIPS186-4) Curve - B-233, B-283, B-409, B-571, K-233, K283, K-409, K-571, P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2512/256 ECDSA SigVer A5177 Component - No, Yes FIPS 186-4 (FIPS186-4) Curve - B-163, B-233, B-283, B-409, B-571, K163, K-233, K-283, K-409, K-571, P-192, P224, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256
Algorithm CAVP Properties Reference Cert Hash DRBG A5177 Prediction Resistance - No, Yes SP 800-90A Mode - SHA-1, SHA2-256, SHA2-512 Rev. 1 HMAC DRBG A5177 Prediction Resistance - No, Yes SP 800-90A Mode - SHA-1, SHA2-256, SHA2-512 Rev. 1 HMAC-SHA-1 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2-224 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2-256 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2-384 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2-512 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2- A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 512/224 8 HMAC-SHA2- A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 512/256 8 HMAC-SHA3-224 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA3-256 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA3-384 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA3-512 A5177 Key Length - Key Length: 8-524288 Increment FIPS 198-1 KAS-ECC CDH- A5177 Curve - B-233, B-283, B-409, B-571, K-233, K- SP 800-56A Component 283, K-409, K-571, P-224, P-256, P-384, P-521 Rev. 3 SP800-56Ar3 (CVL) KAS-ECC-SSC A5177 Domain Parameter Generation Methods - B- SP 800-56A Sp800-56Ar3 233, B-283, B-409, B-571, K-233, K-283, K- Rev. 3 409, K-571, P-224, P-256, P-384, P-521 Scheme ephemeralUnified KAS Role - initiator, responder KAS-FFC-SSC A5177 Domain Parameter Generation Methods - FB, SP 800-56A Sp800-56Ar3 FC, ffdhe2048, ffdhe3072, ffdhe4096, Rev. 3 ffdhe6144, ffdhe8192, MODP-2048, MODP3072, MODP-4096, MODP-6144, MODP-8192 Scheme dhEphem KAS Role - initiator, responder
Algorithm CAVP Properties Reference Cert KAS-IFC-SSC A5177 Modulo - 2048, 3072, 4096, 6144, 8192 SP 800-56A Key Generation Methods - rsakpg1-basic, Rev. 3 rsakpg1-crt, rsakpg1-prime-factor, rsakpg2basic, rsakpg2-crt, rsakpg2-prime-factor Scheme KAS1 KAS Role - initiator, responder KAS2 KAS Role - initiator, responder KDA HKDF A5177 Derived Key Length - 2048 SP 800-56C SP800-56Cr2 Shared Secret Length - Shared Secret Length: Rev. 2 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3384, SHA3-512 KDA OneStep A5177 Derived Key Length - 2048 SP 800-56C SP800-56Cr2 Shared Secret Length - Shared Secret Length: Rev. 2 224-8192 Increment 8 KDA TwoStep A5177 MAC Salting Methods - default, random SP 800-56C SP800-56Cr2 KDF Mode - feedback Rev. 2 Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 KDF ANS 9.42 A5177 KDF Type - DER SP 800-135 (CVL) Hash Algorithm - SHA-1, SHA2-224, SHA2- Rev. 1 256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3384, SHA3-512 Key Data Length - Key Data Length: 8-4096 Increment 8 KDF ANS 9.63 A5177 Hash Algorithm - SHA2-224, SHA2-256, SP 800-135 (CVL) SHA2-384, SHA2-512 Rev. 1 Key Data Length - Key Data Length: 128, 4096 KDF IKEv2 A5177 Diffie-Hellman Shared Secret Length - Diffie- SP 800-135 (CVL) Hellman Shared Secret Length: 224, 8192 Rev. 1 Derived Keying Material Length - Derived Keying Material Length: 160, 16384 Hash Algorithm - SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2-512 KDF SP800-108 A5177 KDF Mode - Counter, Feedback SP 800-108 Supported Lengths - Supported Lengths: 8-4096 Rev. 1 Increment 8
Algorithm CAVP Properties Reference Cert KDF SSH (CVL) A5177 Cipher - AES-128, AES-192, AES-256 SP 800-135 Hash Algorithm - SHA-1, SHA2-224, SHA2- Rev. 1 256, SHA2-384, SHA2-512 KMAC-128 A5177 Message Length - Message Length: 0-65536 SP 800-185 Increment 8 Key Data Length - Key Data Length: 128-1024 Increment 8 KMAC-256 A5177 Message Length - Message Length: 0-65536 SP 800-185 Increment 8 Key Data Length - Key Data Length: 128-1024 Increment 8 KTS-IFC A5177 Modulo - 2048, 3072, 4096, 6144, 8192 SP 800-56B Key Generation Methods - rsakpg1-basic, Rev. 2 rsakpg1-crt, rsakpg1-prime-factor, rsakpg2basic, rsakpg2-crt, rsakpg2-prime-factor Scheme KTS-OAEP-basic KAS Role - initiator, responder Key Transport Method Key Length - 1024 PBKDF A5177 Iteration Count - Iteration Count: 1-10000 SP 800-132 Increment 1 Password Length - Password Length: 8-128 Increment 8 RSA KeyGen A5177 Key Generation Mode - B.3.6 FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard RSA SigGen A5177 Signature Type - PKCS 1.5, PKCSPSS FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072, 4096 RSA Signature A5177 Private Key Format - crt FIPS 186-4 Primitive (CVL) RSA SigVer A5177 Signature Type - PKCS 1.5, PKCSPSS FIPS 186-4 (FIPS186-4) Modulo - 1024, 2048, 3072, 4096 Safe Primes Key A5177 Safe Prime Groups - ffdhe2048, ffdhe3072, SP 800-56A Generation ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, Rev. 3 MODP-3072, MODP-4096, MODP-6144, MODP-8192 Safe Primes Key A5177 Safe Prime Groups - ffdhe2048, ffdhe3072, SP 800-56A Verification ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, Rev. 3 MODP-3072, MODP-4096, MODP-6144, MODP-8192 SHA-1 A5177 Message Length - Message Length: 160, 0- FIPS 180-4
Algorithm CAVP Properties Reference Cert SHA2-224 A5177 Message Length - Message Length: 224, 0- FIPS 180-4
SHA2-256 A5177 Message Length - Message Length: 256, 0- FIPS 180-4
SHA2-384 A5177 Message Length - Message Length: 384, 0- FIPS 180-4
SHA2-512 A5177 Message Length - Message Length: 512, 0- FIPS 180-4
SHA2-512/224 A5177 Message Length - Message Length: 224, 0- FIPS 180-4
SHA2-512/256 A5177 Message Length - Message Length: 256, 0- FIPS 180-4
SHA3-224 A5177 Message Length - Message Length: 0-65536 FIPS 202 Increment 8 SHA3-256 A5177 Message Length - Message Length: 0-65536 FIPS 202 Increment 8 SHA3-384 A5177 Message Length - Message Length: 0-65536 FIPS 202 Increment 8 SHA3-512 A5177 Message Length - Message Length: 0-65536 FIPS 202 Increment 8 SHAKE-128 A5177 Output Length - Output Length: 16-65536 FIPS 202 Increment 8 SHAKE-256 A5177 Output Length - Output Length: 16-65536 FIPS 202 Increment 8 TLS v1.2 KDF A5177 Hash Algorithm - SHA2-256, SHA2-384, SP 800-135 RFC7627 (CVL) SHA2-512 Rev. 1 TLS v1.3 KDF A5177 HMAC Algorithm - SHA2-256, SHA2-384 SP 800-135 (CVL) KDF Running Modes - DHE, PSK, PSK-DHE Rev. 1 Table 5: Approved Algorithms ApprovedAlgorithmsTable From Web Cryptik ApprovedAlgorithmsTable Vendor-Affirmed Algorithms: The Module supports SP800-133rev2, CKG, as the sole vendor affirmed cryptographic algorithm.
Name Properties Implementation Reference CKG - Symmetric Key Type:Symmetric and N/A SP800-133rev2, and Asymmetric Asymmetric Section 4, Example 1 Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: The module does not support any Non-Approved but Allowed Algorithms in the Approved Mode of Operation. N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: The module does not implement any Non-Approved, Algorithms Allowed with No Security Claimed in the Approved Mode of Operation. N/A for this module. Non-Approved, Not Allowed Algorithms: The Module implements the Non-Approved, Not Allowed cryptographic algorithms listed in the table below. Name Use and Function AES (GCM) - Ext IV GCM with Externally Generated IVs Table 7: Non-Approved, Not Allowed Algorithms
The table below shows the Security Function Implementations that the module implements: Name Type Description Properties Algorithms BCU BC-UnAuth Symmetric Data Publication:FIPS 197 AES-CBC: (A5177) Encryption/Decryption Key Length: 128, 192, 256 AES-CBC-CS1: (A5177) Key Length: 128, 192, 256 AES-CBC-CS2: (A5177) Key Length: 128, 192, 256 AES-CBC-CS3: (A5177) Key Length: 128, 192, 256 AES-CFB128: (A5177) Key Length: 128, 192, 256 AES-CFB8: (A5177) Key Length: 128, 192, 256 AES-CTR: (A5177) Key Length: 128, 192, 256 AES-ECB: (A5177) Key Length: 128, 192, 256 AES-XTS Testing Revision 2.0: (A5177) Key Length: 128, 256 AES-OFB: (A5177) Key Length: 128, 192, 256 AES-CFB1: (A5177) Key Length: 128, 192, 256 BCA BC-Auth Authenticated Publications:FIPS197, AES-CCM: (A5177) Symmetric SP800-38C, SP800- Key Length: 128, 192, 256 Encryption/Decryption 38D, SP800-38F AES-GCM: (A5177) Key Length: 128, 192, 256
Name Type Description Properties Algorithms AES-KW: (A5177) Key Length: 128, 192, 256 AES-KWP: (A5177) Key Length: 128, 192, 256 SigVer DigSig-SigVer Signature Verification Publication:186-4 ECDSA SigVer (FIPS186-4): (A5177) Capabilities: Capabilities: Curve: P-
Capabilities: Curve: P-224 Hash Algorithm: SHA-1 Capabilities: Curve: P-256 Hash Algorithm: SHA-1 Capabilities: Curve: P-384 Hash Algorithm: SHA-1 Capabilities: Curve: P-521 Hash Algorithm: SHA-1 Capabilities: Curve: K-163 Hash Algorithm: SHA-1 Capabilities: Curve: K-233 Hash Algorithm: SHA-1 Capabilities: Curve: K-283 Hash Algorithm: SHA-1 Capabilities: Curve: K-409 Hash Algorithm: SHA-1 Capabilities: Curve: K-571 Hash Algorithm: SHA-1 Capabilities: Curve: B-163 Hash Algorithm: SHA-1 Capabilities: Curve: B-233 Hash Algorithm: SHA-1 Capabilities: Curve: B-283 Hash Algorithm: SHA-1 Capabilities: Curve: B-409 Hash Algorithm: SHA-1 Capabilities: Curve: B-571 Hash Algorithm: SHA-1 Capabilities: Curve: P-192
Name Type Description Properties Algorithms Hash Algorithm: SHA2-224 Capabilities: Curve: P-224 Hash Algorithm: SHA2-224 Capabilities: Curve: P-256 Hash Algorithm: SHA2-224 Capabilities: Curve: P-
Capabilities: Curve: P-521 Hash Algorithm: SHA2-224 Capabilities: Curve: K-163 Hash Algorithm: SHA2-224 Capabilities: Curve: K-
Capabilities: Curve: K-283 Hash Algorithm: SHA2-224 Capabilities: Curve: K-409 Hash Algorithm: SHA2-224 Capabilities: Curve: K-
Capabilities: Curve: B-163 Hash Algorithm: SHA2-224 Capabilities: Curve: B-233 Hash Algorithm: SHA2-224 Capabilities: Curve: B-
Capabilities: Curve: B-409 Hash Algorithm: SHA2-224 Capabilities: Curve: B-571 Hash Algorithm: SHA2-224 Capabilities: Curve: P-
Capabilities: Curve: P-224 Hash Algorithm: SHA2-256 Capabilities: Curve: P-256 Hash Algorithm: SHA2-256 Capabilities: Curve: P-
Name Type Description Properties Algorithms Algorithm: SHA2-256 Capabilities: Curve: K-163 Hash Algorithm: SHA2-256 Capabilities: Curve: K-
Capabilities: Curve: K-283 Hash Algorithm: SHA2-256 Capabilities: Curve: K-409 Hash Algorithm: SHA2-256 Capabilities: Curve: K-
Capabilities: Curve: B-163 Hash Algorithm: SHA2-256 Capabilities: Curve: B-233 Hash Algorithm: SHA2-256 Capabilities: Curve: B-
Capabilities: Curve: B-409 Hash Algorithm: SHA2-256 Capabilities: Curve: B-571 Hash Algorithm: SHA2-256 Capabilities: Curve: P-
Capabilities: Curve: P-224 Hash Algorithm: SHA2-384 Capabilities: Curve: P-256 Hash Algorithm: SHA2-384 Capabilities: Curve: P-
Capabilities: Curve: P-521 Hash Algorithm: SHA2-384 Capabilities: Curve: K-163 Hash Algorithm: SHA2-384 Capabilities: Curve: K-
Capabilities: Curve: K-283 Hash Algorithm: SHA2-384 Capabilities: Curve: K-409 Hash Algorithm:
Name Type Description Properties Algorithms SHA2-384 Capabilities: Curve: K-
Capabilities: Curve: B-163 Hash Algorithm: SHA2-384 Capabilities: Curve: B-233 Hash Algorithm: SHA2-384 Capabilities: Curve: B-
Capabilities: Curve: B-409 Hash Algorithm: SHA2-384 Capabilities: Curve: B-571 Hash Algorithm: SHA2-384 Capabilities: Curve: P-
Capabilities: Curve: P-224 Hash Algorithm: SHA2-512 Capabilities: Curve: P-256 Hash Algorithm: SHA2-512 Capabilities: Curve: P-
Capabilities: Curve: P-521 Hash Algorithm: SHA2-512 Capabilities: Curve: K-163 Hash Algorithm: SHA2-512 Capabilities: Curve: K-
Capabilities: Curve: K-283 Hash Algorithm: SHA2-512 Capabilities: Curve: K-409 Hash Algorithm: SHA2-512 Capabilities: Curve: K-
Capabilities: Curve: B-163 Hash Algorithm: SHA2-512 Capabilities: Curve: B-233 Hash Algorithm: SHA2-512 Capabilities: Curve: B-
Name Type Description Properties Algorithms Capabilities: Curve: B-409 Hash Algorithm: SHA2-512 Capabilities: Curve: B-571 Hash Algorithm: SHA2-512 Capabilities: Curve: P-
512/224 Capabilities: Curve: P-224 Hash Algorithm: SHA2-512/224 Capabilities: Curve: P-256 Hash Algorithm: SHA2-512/224 Capabilities: Curve: P-384 Hash Algorithm: SHA2-512/224 Capabilities: Curve: P-521 Hash Algorithm: SHA2-512/224 Capabilities: Curve: K-163 Hash Algorithm: SHA2-512/224 Capabilities: Curve: K-233 Hash Algorithm: SHA2-512/224 Capabilities: Curve: K-283 Hash Algorithm: SHA2-512/224 Capabilities: Curve: K-409 Hash Algorithm: SHA2-512/224 Capabilities: Curve: K-571 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-163 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-233 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-283 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-409 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-571 Hash
Name Type Description Properties Algorithms Algorithm: SHA2-512/224 Capabilities: Curve: P-192 Hash Algorithm: SHA2-512/256 Capabilities: Curve: P-224 Hash Algorithm: SHA2-512/256 Capabilities: Curve: P-256 Hash Algorithm: SHA2-512/256 Capabilities: Curve: P-384 Hash Algorithm: SHA2-512/256 Capabilities: Curve: P-521 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-163 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-233 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-283 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-409 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-571 Hash Algorithm: SHA2-512/256 Capabilities: Curve: B-163 Hash Algorithm: SHA2-512/256 Capabilities: Curve: B-233 Hash Algorithm: SHA2-512/256 Capabilities: Curve: B-283 Hash Algorithm: SHA2-512/256 Capabilities: Curve: B-409 Hash Algorithm: SHA2-512/256 Capabilities: Curve: B-571 Hash Algorithm: SHA2-512/256 RSA SigVer (FIPS186-4): (A5177)
Name Type Description Properties Algorithms Capabilities: Signature Type: PKCS
Pair: Hash Algorithm: SHA-1 Hash Pair: Hash Algorithm: SHA2-224 Hash Pair: Hash Algorithm: SHA2-
SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Hash Pair: Hash Algorithm: SHA2-512/224 Hash Pair: Hash Algorithm: SHA2512/256 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA-1 Hash Pair: Hash Algorithm: SHA2-
SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Hash Pair: Hash Algorithm: SHA2512/224 Hash Pair: Hash Algorithm: SHA2-512/256 Properties: Modulo:
SHA-1 Hash Pair: Hash Algorithm: SHA2-224 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Hash Pair: Hash Algorithm: SHA2512/224 Hash Pair: Hash Algorithm: SHA2-512/256 Properties: Modulo:
SHA-1 Hash Pair: Hash Algorithm: SHA2-224 Hash Pair: Hash
Name Type Description Properties Algorithms Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Hash Pair: Hash Algorithm: SHA2512/224 Hash Pair: Hash Algorithm: SHA2-512/256 Capabilities: Signature Type: PKCSPSS Properties: Modulo: 1024 Hash Pair: Hash Algorithm: SHA-1 Salt Length: 20 Hash Pair: Hash Algorithm: SHA2-224 Salt Length:
SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length:
SHA2-512/224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2512/256 Salt Length: 32 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA-1 Salt Length: 20 Hash Pair: Hash Algorithm: SHA2-
Algorithm: SHA2-256 Salt Length:
SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Hash Pair: Hash Algorithm: SHA2-512/224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-512/256 Salt
Name Type Description Properties Algorithms Length: 32 Properties: Modulo:
SHA-1 Salt Length: 20 Hash Pair: Hash Algorithm: SHA2-224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-256 Salt Length:
SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Hash Pair: Hash Algorithm: SHA2-512/224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-512/256 Salt Length: 32 Properties: Modulo:
SHA-1 Salt Length: 20 Hash Pair: Hash Algorithm: SHA2-224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-256 Salt Length:
SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Hash Pair: Hash Algorithm: SHA2-512/224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-512/256 Salt Length: 32 Public Exponent Mode: Random AKP-KG AsymKeyPair- Asymmetric Key Pair Publication:SP800- ECDSA KeyGen (FIPS186-4): KeyGen Generation 56Br2, FIPS 186-4 (A5177) Curves:: B-233, B-283, B-409, B571, K-233, K-283, K-409, K-571,
Name Type Description Properties Algorithms P-224, P-256, P-384, P-521 RSA KeyGen (FIPS186-4): (A5177) Modulo: 2048, 3072, 4096 KTS-IFC: (A5177) Modulo: 2048, 3072, 4096, 6144, 8192 CKG - Symmetric and Asymmetric: () Safe Primes Key Generation: (A5177) AKP-DP AsymKeyPair- Domain Parameter Publications:SP800- KAS-ECC-SSC Sp800-56Ar3: DomPar Generation 56Ar3 (A5177) Methods: B-233, B-283, B-409, B571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 KAS-FFC-SSC Sp800-56Ar3: (A5177) Methods: FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP3072, MODP-4096, MODP-6144, MODP-8192 AKP-KV AsymKeyPair- ECDSA Key Publication:FIPS186- ECDSA KeyVer (FIPS186-4): KeyVer Verification 4 (A5177) Curve: B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K409, K-571, P-192, P-224, P-256, P384, P-521 Safe Primes Key Verification: (A5177)
Name Type Description Properties Algorithms AKV-PKV AsymKeyPair- Public Key Validation Publication:FIPS 186- KTS-IFC: (A5177) PubKeyVal 4 Modulo: 2048, 3072, 4096, 6144, 8192 SigGen DigSig-SigGen Signature Generation Publication:FIPS 186- ECDSA SigGen (FIPS186-4): and Signature 4 (A5177) Primitive Capabilities: Capabilities: Curve: P-
Capabilities: Curve: P-256 Hash Algorithm: SHA2-224 Capabilities: Curve: P-384 Hash Algorithm: SHA2-224 Capabilities: Curve: P-
Capabilities: Curve: K-233 Hash Algorithm: SHA2-224 Capabilities: Curve: K-283 Hash Algorithm: SHA2-224 Capabilities: Curve: K-
Capabilities: Curve: K-571 Hash Algorithm: SHA2-224 Capabilities: Curve: B-233 Hash Algorithm: SHA2-224 Capabilities: Curve: B-
Capabilities: Curve: B-409 Hash Algorithm: SHA2-224 Capabilities: Curve: B-571 Hash Algorithm: SHA2-224 Capabilities: Curve: P-
Capabilities: Curve: P-256 Hash Algorithm: SHA2-256 Capabilities: Curve: P-384 Hash Algorithm: SHA2-256 Capabilities: Curve: P-
Name Type Description Properties Algorithms Capabilities: Curve: K-233 Hash Algorithm: SHA2-256 Capabilities: Curve: K-283 Hash Algorithm: SHA2-256 Capabilities: Curve: K-
Capabilities: Curve: K-571 Hash Algorithm: SHA2-256 Capabilities: Curve: B-233 Hash Algorithm: SHA2-256 Capabilities: Curve: B-
Capabilities: Curve: B-409 Hash Algorithm: SHA2-256 Capabilities: Curve: B-571 Hash Algorithm: SHA2-256 Capabilities: Curve: P-
Capabilities: Curve: P-256 Hash Algorithm: SHA2-384 Capabilities: Curve: P-384 Hash Algorithm: SHA2-384 Capabilities: Curve: P-
Capabilities: Curve: K-233 Hash Algorithm: SHA2-384 Capabilities: Curve: K-283 Hash Algorithm: SHA2-384 Capabilities: Curve: K-
Capabilities: Curve: K-571 Hash Algorithm: SHA2-384 Capabilities: Curve: B-233 Hash Algorithm: SHA2-384 Capabilities: Curve: B-
Capabilities: Curve: B-409 Hash Algorithm: SHA2-384 Capabilities:
Name Type Description Properties Algorithms Curve: B-571 Hash Algorithm: SHA2-384 Capabilities: Curve: P-
Capabilities: Curve: P-256 Hash Algorithm: SHA2-512 Capabilities: Curve: P-384 Hash Algorithm: SHA2-512 Capabilities: Curve: P-
Capabilities: Curve: K-233 Hash Algorithm: SHA2-512 Capabilities: Curve: K-283 Hash Algorithm: SHA2-512 Capabilities: Curve: K-
Capabilities: Curve: K-571 Hash Algorithm: SHA2-512 Capabilities: Curve: B-233 Hash Algorithm: SHA2-512 Capabilities: Curve: B-
Capabilities: Curve: B-409 Hash Algorithm: SHA2-512 Capabilities: Curve: B-571 Hash Algorithm: SHA2-512 Capabilities: Curve: P-
512/224 Capabilities: Curve: P-256 Hash Algorithm: SHA2-512/224 Capabilities: Curve: P-384 Hash Algorithm: SHA2-512/224 Capabilities: Curve: P-521 Hash Algorithm: SHA2-512/224 Capabilities: Curve: K-233 Hash Algorithm: SHA2-512/224 Capabilities: Curve: K-283 Hash
Name Type Description Properties Algorithms Algorithm: SHA2-512/224 Capabilities: Curve: K-409 Hash Algorithm: SHA2-512/224 Capabilities: Curve: K-571 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-233 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-283 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-409 Hash Algorithm: SHA2-512/224 Capabilities: Curve: B-571 Hash Algorithm: SHA2-512/224 Capabilities: Curve: P-224 Hash Algorithm: SHA2-512/256 Capabilities: Curve: P-256 Hash Algorithm: SHA2-512/256 Capabilities: Curve: P-384 Hash Algorithm: SHA2-512/256 Capabilities: Curve: P-521 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-233 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-283 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-409 Hash Algorithm: SHA2-512/256 Capabilities: Curve: K-571 Hash Algorithm: SHA2-512/256 Capabilities: Curve: B-233 Hash Algorithm: SHA2-512/256 Capabilities: Curve: B-283 Hash
Name Type Description Properties Algorithms Algorithm: SHA2-512/256 Capabilities: Curve: B-409 Hash Algorithm: SHA2-512/256 Capabilities: Curve: B-571 Hash Algorithm: SHA2-512/256 RSA SigGen (FIPS186-4): (A5177) Capabilities: Signature Type: PKCS
Pair: Hash Algorithm: SHA2-224 Hash Pair: Hash Algorithm: SHA2-
SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-224 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-
Pair: Hash Algorithm: SHA2-224 Hash Pair: Hash Algorithm: SHA2-
SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Capabilities: Signature Type: PKCSPSS Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-256 Salt Length:
SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512
Name Type Description Properties Algorithms Salt Length: 64 Hash Pair: Hash Algorithm: SHA2-512/224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-512/256 Salt Length: 32 Properties: Modulo:
SHA2-224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length:
SHA2-512 Salt Length: 64 Hash Pair: Hash Algorithm: SHA2512/224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-512/256 Salt Length: 32 Properties: Modulo:
SHA2-224 Salt Length: 24 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length:
SHA2-512 Salt Length: 64 RSA Signature Primitive: (A5177) Private Key Format: crt RAND DRBG Random Number Publication:SP800- Hash DRBG: (A5177) Genreation 90A Mode: SHA-1, SHA2-256, SHA2Counter DRBG: (A5177) Mode: AES-128, AES-192, AESHMAC DRBG: (A5177)
Name Type Description Properties Algorithms Mode: SHA-1, SHA2-256, SHA2Sym-KG CKG Cryptographic Key Counter DRBG: (A5177) Generation Mode: AES-128, AES-192, AESHash DRBG: (A5177) Mode=: SHA-1, SHA2-256, SHA2HMAC DRBG: (A5177) Mode: SHA-1, SHA2-256, SHA2CKG - Symmetric and Asymmetric: () KDF KAS-135KDF Application-Specific Publication:SP800- KDF ANS 9.42: (A5177) Key Derivation 135 KDF Type: DER Hash Algorithm: SHA-1, SHA2224, SHA2-256, SHA2-384, SHA2512, SHA2-512/224, SHA2512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 KDF ANS 9.63: (A5177) Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512 KDF IKEv2: (A5177) Capabilities: Initiator Nonce Length: 128, 2048 Responder Nonce Length: 128, 2048 Diffie-Hellman Shared Secret Length: 224, 8192 Derived Keying Material Length: 160, 16384 Derived Keying Material Child Length: 160, 16384 Hash Algorithm: SHA-1, SHA2-224,
Name Type Description Properties Algorithms SHA2-256, SHA2-384, SHA2-512 KDF SSH: (A5177) Cipher: AES-128, AES-192, AESHash: SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2-512 TLS v1.2 KDF RFC7627: (A5177) Hash Algorithm: SHA2-256, SHA2384, SHA2-512 TLS v1.3 KDF: (A5177) HMAC Algorithm: SHA2-256, SHA2-384 KDF Running Modes: DHE, PSK, PSK-DHE KDA KAS-56CKDF Key Derivation Publication:SP800- KDA HKDF SP800-56Cr2: (A5177) Methods in Key 56Cr2 HMAC Algorithm: SHA-1, SHA2Establishment 224, SHA2-256, SHA2-384, SHA2Schemes 512, SHA2-512/224, SHA2512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 KDA OneStep SP800-56Cr2: (A5177) Auxiliary Function Name: SHA2512, HMAC-SHA2-224, KMACKDA TwoStep SP800-56Cr2: (A5177) Capabilities: Fixed Info Pattern: algorithmId||l||uPartyInfo||vPartyInfo Fixed Info Encoding: concatenation KDF Mode: feedback MAC Modes: HMAC-SHA-1, HMAC-SHA2-224,
Name Type Description Properties Algorithms HMAC-SHA2-256, HMAC-SHA2384, HMAC-SHA2-512, HMACSHA2-512/224, HMAC-SHA2512/256, HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3384, HMAC-SHA3-512 Fixed Data Order: after fixed data Counter Lengths: 8 The KDF supports an empty IV The KDF requires an empty IV Supported Lengths: 2048 KAS-KG KAS-KeyGen KAS Key Generation Publication:SP800- KAS-ECC-SSC Sp800-56Ar3: Methods 56Ar3 (A5177) Domain Parameter Generation Methods: B-233, B-283, B-409, B571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 KAS-FFC-SSC Sp800-56Ar3: (A5177) Domain Parameter Generation Methods: FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP3072, MODP-4096, MODP-6144, MODP-8192 KAS-IFC-SSC: (A5177) Key Generation Methods: rsakpg1basic, rsakpg1-crt, rsakpg1-primefactor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor SSC KAS-SSC Key Agreement IG:IG D.F Scenario 2, KAS-FFC-SSC Sp800-56Ar3: Shared Secret path (1) (A5177) Calculation Domain Parameter Generation
Name Type Description Properties Algorithms Methods: FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP3072, MODP-4096, MODP-6144, MODP-8192 KAS-ECC-SSC Sp800-56Ar3: (A5177) Curve: Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K571, P-224, P-256, P-384, P-521 KAS-IFC-SSC: (A5177) Modulo: 2048, 3072, 4096, 6144, 8192 KAS-ECC CDH-Component SP800-56Ar3: (A5177) Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P224, P-256, P-384, P-521 KBKDF KBKDF Key Based Key Publication:SP800- KDF SP800-108: (A5177) Derivation 108 Capabilities: KDF Mode: Counter MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2384, HMAC-SHA2-512 Supported Lengths: 8-4096 Increment 8 Fixed Data Order: Before Fixed Data Counter Length: 32 Custom Key In Length: 0; KDF Mode: Feedback MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, HMAC-SHA-1, HMAC-SHA2-224,
Name Type Description Properties Algorithms HMAC-SHA2-256, HMAC-SHA2384, HMAC-SHA2-512 Supported Lengths: 8-4096 Increment 8 Fixed Data Order: Before Fixed Data Counter Length: 32 Supports Empty IV Requires Empty IV Custom Key In Length: 0 AKP-E AsymKeyPair- Asymmetric Key Pair Standard:SP800- KTS-IFC: (A5177) Encap Encapsulation 56Br2 Modulo: 2048, 3072, 4096, 6144, IG D.G.:Approved 8192 Key Confirmation:No Caveat:Key establishment methodology provides between 112 and 200 bits of security strength AKP-D AsymKeyPair- Asymmetric Key Pair Standard:SP800- KTS-IFC: (A5177) Decap Decapsulation 56Br2 Modulo: 2048, 3072, 4096, 6144, IG D.G.:Approved 8192 Key Confirmation:No Caveat:Key establishment methodology provides between 112 and 200 bits of security strength MAC MAC Message Publication:FIPS 198, AES-CMAC: (A5177) Authentication SP800-38B, SP800- Key Length: 128, 192, 256 38D, SP800-185 AES-GMAC: (A5177) Key Length: 128, 192, 256 HMAC-SHA-1: (A5177)
Name Type Description Properties Algorithms Key Length: 8-524288 Increment 8 HMAC-SHA2-224: (A5177) Key Length: 8-524288 Increment 8 HMAC-SHA2-256: (A5177) Key Length: 8-524288 Increment 8 HMAC-SHA2-384: (A5177) Key Length: 8-524288 Increment 8 HMAC-SHA2-512: (A5177) Key Length: 8-524288 Increment 8 HMAC-SHA2-512/224: (A5177) Key Length: 8-524288 Increment 8 HMAC-SHA2-512/256: (A5177) Key Length: 8-524288 Increment 8 HMAC-SHA3-224: (A5177) Key Length: 8-524288 Increment 8 HMAC-SHA3-256: (A5177) Key Length: 8-524288 Increment 8 HMAC-SHA3-384: (A5177) Key Length: 8-524288 Increment 8 KMAC-256: (A5177) Key Length: 128-1024 Increment 8 KMAC-128: (A5177) Key Length: 128-1024 Increment 8 HMAC-SHA3-512: (A5177) Key Length: 8-524288 Increment 8 PBKDF PBKDF Password Based Key Publication:SP800- PBKDF: (A5177) Derivation 132 HMAC Algorithm: SHA-1, SHA2224, SHA2-256, SHA2-384, SHA2512, SHA2-512/224, SHA2-512/256 SHS SHA Message Digest Publications:FIPS SHA-1: (A5177) 180-4, FIPS 202 Message Length: 0-65536 Increment 8, 160
Name Type Description Properties Algorithms SHA2-224: (A5177) Message Length: 0-65536 Increment 8, 224 SHA2-256: (A5177) Message Length: 0-65536 Increment 8, 256 SHA2-384: (A5177) Message Length: 0-65536 Increment 8, 384 SHA2-512: (A5177) Message Length: 0-65536 Increment 8, 512 SHA2-512/224: (A5177) Message Length: 0-65536 Increment 8, 224 SHA2-512/256: (A5177) Message Length: 0-65536 Increment 8, 256 SHA3-224: (A5177) Message Length: 0-65536 Increment SHA3-256: (A5177) Message Length: 0-65536 Increment SHA3-384: (A5177) Message Length: 0-65536 Increment SHA3-512: (A5177) Message Length: 0-65536 Increment SHAKE-128: (A5177) Output Length: 16-65536 Increment
Name Type Description Properties Algorithms SHAKE-256: (A5177) Output Length: 16-65536 Increment Table 8: Security Function Implementations
Below are the documentation requirements for specific algorithms and conditions, as mandated by Implementation Guidance. FIPS140-3 IG C.H, Option 2: AES GCM IV Uniqueness The IV is generated internally at its entirety randomly. The generation uses an Approved DRBG (Cert. #A5177) that is internal to the module’s boundary. The IV length is fixed at 96 bits (per SP 800-38D). FIPS140-3 IG C.I: XTS-AES Requirements The XTS algorithm implementation includes a check prior to use to ensure Key_1 ≠ Key_2. FIPS 140-3 IG D.N: PBKDF Requirements The module conforms to IG D.N, Option 1a. The password length is 8
The Module uses an entropy source from within the TOEPP, but outside of the cryptographic boundary. The module exercises no control over the source of entropy per IG 9.3.A, Scenario 2B. The size of the entropy provided to the DRBG varies depending on the DRBG mechanism (i.e., HASH, CTR, HMAC) and desired security strength. No assurance of the minimum strength of generated SSPs (e.g., keys). N/A for this module.
The module generates both symmetric and asymmetric cryptographic keys using the internal DRBG (CAVP Cert. #A5177). The module implements key generation methods according to SP 800-133r2 Section 4, Example 1, without the use of V. The key generation methods are specified in the Vendor Affirmed Algorithms table and the Security Function Implementations table. Additionally, the module implements key derivation methods according to Section 6.2 of SP 800-133r2. The key derivation methods are specified in the Security Function Implementations table.
The module does not establish SSPs using an approved key agreement scheme (KAS) or key transport scheme (KTS). However, it does offer some or all of the underlying KAS cryptographic functionality and approved authenticated algorithms that can be used by an external operator/application as part of an approved KAS or KTS. The module supports KAS-ECC-SSC, KAS-FFC-SSC, KAS-IFC-SSC, AES-KW, AES-KWP, and KTS-IFC. KAS-IFC SSC [56Br2] - Per [IG] D.F Scenario 1 path (1), compliant the derivation of a shared secret Z in one of the schemes in Sections 8.2 and 8.3 of SP 800-56Brev2. KAS-SSC [56Ar3] - Per [IG] D.F Scenario 2 path (2), compliant with the derivation of a shared secret Z in one or more of the key agreement schemes in Section 6 of SP 800-56Arev3. Testing is split into (i) testing the computation of the shared secret and (ii) testing the key derivation function used in deriving the keying material comply to IG 2.4.B. KAS-SSC as a service: The module does not establish SSPs using an approved key agreement scheme (KAS). However, it does offer some or all of the underlying KAS cryptographic functionality to be used by an external operator/application as part of an approved KAS.
The module does not implement any Industry Protocols. The module is a cryptographic toolkit that may be used in support for Industry Protocols but does not itself implement the protocol.
The Module’s ports and associated FIPS defined logical interface categories are listed below. Physical Logical Data That Passes Port Interface(s) N/A Control
Method Name Description Security Strength Each Strength per Minute Mechanism Attempt Role Based Signature SigVer RSA 3072-bit has Each authentication Authentication Verification a security strength attempt takes of 128 bits. The approximately 0.3 probability of seconds, which results in a successfully maximum of 200 guessing the authentication attempts private key is per minute. The probably 1/(2^128). of a brute force attack being successful within a given minute is 200/(2^128). Table 10: Authentication Methods
The Module supports one distinct operator role, Crypto Officer (CO). One authentication is allowed per Module reset. The Module does not support concurrent operators. The Cryptographic Officer’s authentication public key is protected by the physical and logical design of the module; it is stored as part of the module binary itself. The Roles Table below lists all operator roles supported by the Module. Name Type Operator Type Authentication Methods Cryptographic Officer Role CO Role Based Authentication Table 11: Roles
All approved services implemented by the Module are listed in the table below: The SSPs modes of access shown in the table below are defined as:
Name Descript Indicator Input Outputs Secur SSP ion s ity Access Funct ions Module Self- Perform OSSL_FIPS_PARAM_I Power Status None Cryptogr Test module NDICATOR aphic initializa Officer tion, pre- operatio Software nal, and Integrity conditio Key: E nal - CO cryptogr Authenti aphic cation algorith Key: E m selftests. Show Status Shows OSSL_FIPS_PARAM_I None Status None Cryptogr module's NDICATOR aphic status Officer Show Version Shows OSSL_FIPS_PARAM_I None Module None Cryptogr module's NDICATOR Base aphic versioni Name + Officer ng Module informat Version ion Number Symmetric Encrypti OSSL_FIPS_PARAM_I AES Plaintext BCU Cryptogr Encryption/D on and NDICATOR Key, or BCA aphic ecryption decrypti Plaint Cipherte Officer on of ext or xt - AES data. Cipher Key: text W,E,Z Keyed MAC Compute OSSL_FIPS_PARAM_I Messa Message MAC Cryptogr a NDICATOR ge, Authenti aphic Message HMA cation Officer Authenti C, Code - AES cation AES, Key: Code or W,E,Z KMA - MAC C Key Key: W,E,Z Hash Compute OSSL_FIPS_PARAM_I Messa Hash SHS Cryptogr a NDICATOR ge Value aphic Message Officer Digest
Name Descript Indicator Input Outputs Secur SSP ion s ity Access Funct ions Random Bit Generate OSSL_FIPS_PARAM_I DRB Random RAN Cryptogr Generation random NDICATOR G Values D aphic values Selecti Officer on - DRBGV: W,E,Z - DRBGC: W,E,Z - DRBGKey: W,E,Z - DRBGEI: G,W,E,Z Signature Signatur OSSL_FIPS_PARAM_I Privat Digital SigGe Cryptogr Generation e NDICATOR()=1 e Key, Signatur n aphic Generati Messa e Officer on ge - RSA Private Key: W,E,Z ECDSA Private Key: W,E,Z Signature Signatur OSSL_FIPS_PARAM_I Public Status SigVe Cryptogr Verification e NDICATOR Key, r aphic Verificat Signat Officer ion ure - RSA Public Key: W,E,Z ECDSA Public Key: W,E,Z Key Generate OSSL_FIPS_PARAM_I Key Private AKP- Cryptogr Generation asymmet NDICATOR Attrib Key, KG aphic ric keys utes, AKP- Officer
Name Descript Indicator Input Outputs Secur SSP ion s ity Access Funct ions (i.e., Key Public DP - DRBGRSA, Size Key RAN V: E,Z EC) D - RSA KAS- Private KG Key: Sym- G,R,Z KG - RSA Public Key: G,R,Z ECDSA Private Key: G,R,Z ECDSA Public Key: G,R,Z - KAS Private Key: G,R,Z - KAS Public Key: G,R,Z - DRBGC: E,Z - DRBGKey: E,Z Key Asymme OSSL_FIPS_PARAM_I Public Validity AKP- Cryptogr Verification tric Key NDICATOR Key KV aphic Verificat AKV- Officer ion PKV ECDSA Public Key: W,E,Z - KAS Public
Name Descript Indicator Input Outputs Secur SSP ion s ity Access Funct ions Key: W,E,Z Key Derive OSSL_FIPS_PARAM_I Key Key KDF Cryptogr Derivation keys NDICATOR Materi Material KDA aphic using al, KBK Officer SP800- Passp DF - AES 56Cr2, hrase PBK Key: SP800- DF W,E,Z 135, - MAC SP800- Key: 108, or W,E,Z SP800- - Key
derivatio G,R,W,E n ,Z methods Passphra se: W,E,Z Shared Secret Key OSSL_FIPS_PARAM_I RSA Key SSC Cryptogr Calculation agreeme NDICATOR or Material aphic nt using KAS Officer KAS- Public - Key ECC, and Material: KAS- Privat G,R,Z FFC, or e - RSA KAS- Keys Private IFC Key: W,E,Z - RSA Public Key: W,E,Z - KAS Private Key: W,E,Z - KAS Public Key: W,E,Z
Name Descript Indicator Input Outputs Secur SSP ion s ity Access Funct ions Key Key OSSL_FIPS_PARAM_I AES Wrapped BCA Cryptogr Transport transport NDICATOR Key, or AKP- aphic using RSA Encapsul E Officer AES- Key ated Key AKP- - AES KW or D Key: KTS- W,E,Z IFC - RSA Public Key: W,E,Z - RSA Private Key: W,E,Z Table 12: Approved Services
All approved services implemented by the Module are listed in the table below: Name Description Algorithms Role Authenticated Symmetric GCM using externally AES (GCM) - CO Encryption/Decryption generated IVs Ext IV Table 13: Non-Approved Services
The module does not support an External Software/Firmware Load capability.
The Module is composed of the following component(s):
The software component is protected with the authentication technique, HMAC-SHA2-256, as described in Table 16.
The operator can initiate the integrity test on demand by power cycling the hardware.
Type of Operational Environment: Modifiable The Module has a modifiable operational environment under the FIPS 140-3 definitions. The tested operational environments are listed in Section 2.1. The Operating Environment is modifiable and allows the operator to load and execute software. How Requirements are Satisfied : The module supports a modifiable operational environment. The operator may load and execute software that was not included in the original evaluation as the underlying Wave Relay OS 2.2 operational environment is modifiable. Each instance of a cryptographic module controls its own SSPs and are not owned or controlled by external processes/operators. This requirement is not enforced by administrative documentation and procedures but by the cryptographic module itself. The operational environment provides the capability to separate individual application processes from each other in order to prevent uncontrolled access to CSPs and uncontrolled modification of SSPs.
All cryptographic software, SPPs and control/status information is under the control of an operating system that implements mandatory access control. The Operating system protects against unauthorized execution, unauthorized modification, and unauthorized reading of SSPs and status data. Processes that are spawned by the cryptographic module are owned by the module and are not owned by external processes/operators. The Operating System provides an audit mechanism with the date and time of each audited event.
The module is software and as such, physical security requirements do not apply. N/A for this module.
The Module does not implement any mitigation method against non-invasive attack.
Storage Area Name Description Persistence Type System Memory (S1) Stored in plaintext in volatile memory (RAM). Dynamic Binary (S2) Stored in plaintext as part of the module binary itself. Static Table 14: Storage Areas
Name From To Format Distribution Entry SFI or Type Type Type Algorithm Input in Application System Plaintext Manual Electronic plaintext Software Memory (IO1) (outside) (S1) Output in System Application Plaintext Manual Electronic plaintext Memory Software (IO2) (S1) (outside) Input Application System Encrypted Manual Electronic AKP-D encapsulated Software Memory (IO3) (outside) (S1) Output System Application Encrypted Manual Electronic AKP-E encapsulated Memory Software (IO4) (S1) (outside) Input Application System Encrypted Manual Electronic BCA wrapped Software Memory (IO5) (outside) (S1)
Name From To Format Distribution Entry SFI or Type Type Type Algorithm Output System Application Encrypted Manual Electronic BCA wrapped Memory Software (IO6) (S1) (outside) Table 15: SSP Input-Output Methods
Zeroization Description Rationale Operator Method Initiation Z1 Zeroisation Active overwriting of SSP values with 0s Automatic upon use immediately after SSP is no longer needed upon use Table 16: SSP Zeroization Methods
All usage of these SSPs by the Module are described in the services detailed in Section 4.3. Name Description Size - Strength Type - Generated Established Used Category By By By DRBG-EI Entropy Input 384 - 768 - 128 to 256 bits ENT - CSP RAND DRBG-V DRBG internal state value 440 - 888 (Hash_DRBG); DRBG - RAND AKP(V for all DRBGs) 128 (CTR_DRBG); 160- CSP KG
to 256 SymKG KASKG DRBG-C DRBG internal state value 440 - 888 (Hash_DRBG); DRBG - RAND AKP(C for HASH_DRBG) 128 (CTR_DRBG); 160- CSP KG
to 256 SymKG KASKG DRBG-Key DRBG internal state value 128 to 256 bits DRBG - RAND AKP(Key for HMAC_DRBG (CTR_DRBG); 160-512 CSP KG and CTR_DRBG) (HMAC_DRBG) - 128 to RAND
KG KASKG AES Key Used for 128, 192, 256 - 128, 192, Symmetric BCU encryption/decryption 256 - CSP BCA operations. May also be KBKDF used for MAC (AES- MAC
Name Description Size - Strength Type - Generated Established Used Category By By By CMAC, AES-GMAC) or KBKDF. MAC Key Used for Message HMAC: 8 to 524288 MAC - CSP KDF Authentication (HMAC or (Increment 8) (Legacy less KDA KMAC) than 112) KMAC: 128- KBKDF
RSA Private Signature Generation, 2048, 3072, 4096, 6144 Asymmetric AKP-KG SigGen Key KTS-IFC, KAS-IFC (KAS-IFC and KTS-IFC - CSP SSC only), 8192 (KAS-IFC and AKP-D KTS-IFC only) - 112-150 RSA Public Used for signature 1024 (Legacy), 2048, 3072, Asymmetric AKP-KG SigVer Key verification, KTS-IFC, 4096, 6144 (KAS-IFC and - PSP SSC KAS-IFC KTS-IFC only), 8192 AKP-E (KAS-IFC and KTS-IFC only) - 112-150 (Legacy >112) CO Used for authenticating 3072 - 128 Asymmetric At SigVer Authentication the CO - PSP manufacturing Key Software Used for Module Integrity 256 - 256 MAC - At MAC Integrity Key Neither manufacturing ECDSA Used for signature B-233, B-283, B-409, B- Asymmetric AKP-KG SigGen Private Key generation 571, K-233, K-283, K-409, - CSP K-571, P-224, P-256, P-384, P-521 - 112-256 ECDSA Public Used for signature B-163, B-233, B-283, B- Asymmetric AKP-KG SigVer Key verification 409, B-571, K-163, K-233, - PSP K-283, K-409, K-571, P192, P-224, P-256, P-384,
Name Description Size - Strength Type - Generated Established Used Category By By By P-521 - 112-256 (Legacy >112) KAS Private Used for key agreement ECC: B-233, B-283, B-409, Asymmetric KAS-KG SSC Key (FFC and ECC) B-571, K-233, K-283, K- - CSP 409, K-571, P-224, P-256, P-384, P-521; FFC: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 - 112-256 KAS Public Used for key agreement ECC: B-233, B-283, B-409, Asymmetric KAS-KG SSC Key (FFC and ECC) B-571, K-233, K-283, K- - PSP 409, K-571, P-224, P-256, P-384, P-521; FFC: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 - 112-256 Passphrase Passphrase to be used 64-1024 - N/A PBKDF2 - PBKDF with PBKDF2 CSP Key Material May be intended for or Varies - 128 to 256 Key SSC the result of SSC, KDA, Material KDF, or KTS CSP Table 17: SSP Table 1
Name Input - Output Storage Storage Zeroization Related SSPs Duration DRBG-EI Input in plaintext System Memory Until use Z1 DRBG-V:Used to derive (IO1) (S1):Plaintext completes DRBG-C:Used to derive DRBG-Key:Used to derive DRBG-V System Memory Until use Z1 DRBG-EI:Derived From (S1):Plaintext completes DRBG-C:Used With DRBG-Key:Used With DRBG-C System Memory Until use Z1 DRBG-EI:Derived From (S1):Plaintext completes DRBG-V:Used With DRBG-Key System Memory Until use Z1 DRBG-EI:Derived From (S1):Plaintext completes DRBG-V:Used With AES Key Input in plaintext System Memory Until use Z1 (IO1) (S1):Plaintext completes Output in plaintext (IO2) MAC Key Input in plaintext System Memory Until use Z1 (IO1) (S1):Plaintext completes Output in plaintext (IO2) RSA Private Key Input in plaintext System Memory Until use Z1 RSA Public Key:Paired (IO1) (S1):Plaintext completes With Output in plaintext (IO2) RSA Public Key Input in plaintext System Memory Until use Z1 RSA Private Key:Paired (IO1) (S1):Plaintext completes With Output in plaintext (IO2) CO Authentication Binary (S2):Plaintext Until use Z1 Software Integrity Key System Memory completes Key:Protected by (S1):Plaintext
Name Input - Output Storage Storage Zeroization Related SSPs Duration Software Integrity Binary (S2):Plaintext Until use Z1 Key System Memory completes (S1):Plaintext ECDSA Private Input in plaintext System Memory Until use Z1 Key (IO1) (S1):Plaintext completes Output in plaintext (IO2) ECDSA Public Input in plaintext System Memory Until use Z1 ECDSA Private Key:Paired Key (IO1) (S1):Plaintext completes With Output in plaintext (IO2) KAS Private Key Input in plaintext System Memory Until use Z1 KAS Public Key:Paired (IO1) (S1):Plaintext completes With Output in plaintext DRBG-State:Generated with (IO2) Key Material:Establishes KAS Public Key Input in plaintext System Memory Until use Z1 KAS Private Key:Paired (IO1) (S1):Plaintext completes With Output in plaintext DRBG-State:Generated with (IO2) Key Material:Establishes Passphrase Input in plaintext System Memory Until use Z1 Key Material:Derives (IO1) (S1):Plaintext completes Key Material Input in plaintext System Memory Until use Z1 Passphrase:Derived From (IO1) (S1):Plaintext completes RSA Private Key:Derived Output in plaintext From (IO2) RSA Public Key:Derived Input encapsulated From (IO3) KAS Private Key:Derived Output encapsulated From (IO4) KAS Public Key:Derived Input wrapped From (IO5)
Name Input - Output Storage Storage Zeroization Related SSPs Duration Output wrapped AES Key:Derived From (IO6) MAC Key:Derived From Table 18: SSP Table 2
The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-3 these are categorized as either pre-operational self-tests or conditional self-tests. Pre-operational self–tests are available on demand by power cycling the Module. The operator may invoke periodic self-tests by power cycling the module. It is recommended that periodic self-testing be performed weekly. Please note that HMAC-SHA2-256 is self-tested prior to execution of the Software Integrity Test. The Module performs the following pre-operational self-tests in table below. Algorithm or Test Test Properties Test Test Type Indicator Details Method Software Integrity HMAC SHA2- KAT SW/FW verify_integrity_success or HMAC-SHA2-256 Test 256 Integrity verify_integrity failure Verify Table 19: Pre-Operational Self-Tests
The Module performs the following conditional self-tests in the table below. Algorithm Test Properties Test Test Indicator Details Conditions or Test Method Type AES-GCM Key size: 256 bits KAT CAST SELF_TEST_post success Encrypt Power-On Encrypt SELF_TEST_post failure
Algorithm Test Properties Test Test Indicator Details Conditions or Test Method Type AES-GCM Key size: 256 bits KAT CAST SELF_TEST_post success Decrypt Power-On Decrypt SELF_TEST_post failure AES-ECB Key size: 128 bits KAT CAST SELF_TEST_post success Decrypt Power-On (A5177) SELF_TEST_post failure Counter Key size: 128 KAT CAST SELF_TEST_post success instantiation, Power-On DRBG SELF_TEST_post failure generate, and (A5177) reseed Hash DRBG SHA2-256 KAT CAST SELF_TEST_post success instantiation, Power-On (A5177) SELF_TEST_post failure generate, and reseed HMAC SHA1 KAT CAST SELF_TEST_post success instantiation, Power-On DRBG SELF_TEST_post failure generate, and (A5177) reseed HMAC- SHA2-256 with KAT CAST SELF_TEST_post success Generate/Verify Power-On SHA2-256 256-bit key SELF_TEST_post failure (A5177) KMAC-256 KMAC-256 with KAT CAST SELF_TEST_post success Generate/Verify Power-On (A5177) 384-bit key SELF_TEST_post failure RSA SigGen PKCS#1, SHA2- KAT CAST SELF_TEST_post success Signature Power-On (FIPS186-4) 256 with 2048-bit SELF_TEST_post failure Generation (A5177) key RSA SigVer PKCS#1, SHA2- KAT CAST SELF_TEST_post success Signature Power-On (FIPS186-4) 256 with 2048-bit SELF_TEST_post failure Verification (A5177) key RSA KeyGen Key Generation PCT PCT OSSL_PROV_PARAM_STATUS = 1 Encrypt/Decrypt Upon key (FIPS186-4) (ok) OSSL_PROV_PARAM_STATUS generation (A5177) = 0 (error) SHA-1 SHA-1 KAT CAST SELF_TEST_post success Generate/Verify Power-On (A5177) SELF_TEST_post failure SHA2-512 SHA2-512 KAT CAST SELF_TEST_post success Generate/Verify Power-On (A5177) SELF_TEST_post failure
Algorithm Test Properties Test Test Indicator Details Conditions or Test Method Type SHA3-256 SHA3-256 KAT CAST SELF_TEST_post success Generate/Verify Power-On (A5177) SELF_TEST_post failure ECDSA P-224, B-233 with KAT CAST SELF_TEST_post success Signature Power-On SigGen SHA2-256 SELF_TEST_post failure Generation (FIPS186-4) (A5177) ECDSA P-224, B-233 with KAT CAST SELF_TEST_post success Signature Power-On SigVer SHA2-256 SELF_TEST_post failure Verification (FIPS186-4) (A5177) KAS-ECC- P-256 KAT CAST SELF_TEST_post success Shared Secret Power-On SSC Sp800- SELF_TEST_post failure Calculation 56Ar3 (A5177) KAS-FFC- ffdhe2048 KAT CAST SELF_TEST_post success Shared Secret Power-On SSC Sp800- SELF_TEST_post failure Calculation 56Ar3 (A5177) Safe Primes Key Generation PCT PCT OSSL_PROV_PARAM_STATUS = 1 SP800-56Ar3 Upon key Key (ok) OSSL_PROV_PARAM_STATUS PCT generation Generation = 0 (error) (A5177) ECDSA Key Generation PCT PCT OSSL_PROV_PARAM_STATUS = 1 Sign/Verify Upon key KeyGen (ok) OSSL_PROV_PARAM_STATUS generation (FIPS186-4) = 0 (error) (A5177) TLS v1.2 SHA2-256 with KAT CAST SELF_TEST_post success Key Derivation Power-On KDF 384-bit secret SELF_TEST_post failure RFC7627 (A5177)
Algorithm Test Properties Test Test Indicator Details Conditions or Test Method Type TLS v1.3 SHA2-256 with KAT CAST SELF_TEST_post success Key Derivation Power-On KDF 256-bit Key SELF_TEST_post failure (A5177) PBKDF HMAC SHA2- KAT CAST SELF_TEST_post success Key Derivation Power-On (A5177) 256 with 24 SELF_TEST_post failure character passphrase KTS-IFC 2048-bit Key KAT CAST SELF_TEST_post success Encrypt/Decrypt Power-On (A5177) SELF_TEST_post failure KDF SSH SHA-1 with 1056- KAT CAST SELF_TEST_post success Key Derivation Power-On (A5177) bits SELF_TEST_post failure KDF SP800- HMAC SHA2- KAT CAST SELF_TEST_post success Key Derivation Power-On
Mode, 128-bit. CMAC AES-128, Counter Mode, 128-bit KDF IKEv2 SHA-1, 192-bit KAT CAST SELF_TEST_post success Key Derivation Power-On (A5177) secret, 160-bit SELF_TEST_post failure skeyseed KDF ANS SHA2-256, 192- KAT CAST SELF_TEST_post success Key Derivation Power-On
KDF ANS SHA-1, 160-bit KAT CAST SELF_TEST_post success Key Derivation Power-On
KDA HKDF HMAC SHA2- KAT CAST SELF_TEST_post success Key Derivation Power-On SP800-56Cr2 256 SELF_TEST_post failure (A5177) KDA HMAC SHA2- KAT CAST SELF_TEST_post success Key Derivation Power-On OneStep 224 with 448-bit SELF_TEST_post failure SP800-56Cr2 secret (A5177)
Table 20: Conditional Self-Tests
Algorithm or Test Test Method Test Type Period Periodic Method Software Integrity Test KAT SW/FW Integrity On Demand Manually Table 21: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method AES-GCM Encrypt KAT CAST On Demand Manually AES-GCM Decrypt KAT CAST On Demand Manually AES-ECB (A5177) KAT CAST On Demand Manually Counter DRBG (A5177) KAT CAST On Demand Manually Hash DRBG (A5177) KAT CAST On Demand Manually HMAC DRBG (A5177) KAT CAST On Demand Manually HMAC-SHA2-256 KAT CAST On Demand Manually (A5177) KMAC-256 (A5177) KAT CAST On Demand Manually RSA SigGen (FIPS186- KAT CAST On Demand Manually
Algorithm or Test Test Method Test Type Period Periodic Method SHA3-256 (A5177) KAT CAST On Demand Manually ECDSA SigGen KAT CAST On Demand Manually (FIPS186-4) (A5177) ECDSA SigVer KAT CAST On Demand Manually (FIPS186-4) (A5177) KAS-ECC-SSC Sp800- KAT CAST On Demand Manually 56Ar3 (A5177) KAS-FFC-SSC Sp800- KAT CAST On Demand Manually 56Ar3 (A5177) Safe Primes Key PCT PCT On Demand Manually Generation (A5177) ECDSA KeyGen PCT PCT On Demand Manually (FIPS186-4) (A5177) TLS v1.2 KDF KAT CAST On Demand Manually RFC7627 (A5177) TLS v1.3 KDF (A5177) KAT CAST On Demand Manually PBKDF (A5177) KAT CAST On Demand Manually KTS-IFC (A5177) KAT CAST On Demand Manually KDF SSH (A5177) KAT CAST On Demand Manually KDF SP800-108 KAT CAST On Demand Manually (A5177) KDF IKEv2 (A5177) KAT CAST On Demand Manually KDF ANS 9.63 (A5177) KAT CAST On Demand Manually KDF ANS 9.42 (A5177) KAT CAST On Demand Manually KDA HKDF SP800- KAT CAST On Demand Manually 56Cr2 (A5177) KDA OneStep SP800- KAT CAST On Demand Manually 56Cr2 (A5177) Table 22: Conditional Periodic Information The operator may invoke periodic self-tests by power cycling the module. It is recommended that periodic self-testing be performed weekly.
Name Description Conditions Recovery Indicator Method ES1 The module fails The Module Power OSSL_PROV_PARAM_STATUS pre-operational enters the cycle the =0 self-tests, error state module conditional selftests, or authentication. Table 23: Error States
Self-tests may be initiated on demand by power cycling the module.
No end user action is required to startup the module in an approved mode for operation. The module is built into the Wave Relay® OS and delivered in Persistent Systems’ Wave Relay® Solutions. There is no standalone delivery of the module as a software hybrid module. Persistent Systems’ internal development process guarantees that the correct version of the module is installed within its intended device OS version. Installation and Initialization: The module is pre-installed within the Persistent Systems Solutions, which include the MPU5, Embedded Module, Embedded Module lite, GVR5, or Integrated Antenna Series. No further initialization of the module is required. Upon powering on the hardware platform, the module will automatically perform pre-operational and conditional self-tests in accordance with FIPS 140-3 requirements. Delivery: The module is pre-installed within the Persistent Systems product offerings. The Persistent Systems products are distributed using a trusted courier and packaging must be inspected upon delivery.
There are no specific management activities required of the Crypto Officer Role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Persistent Systems Support should be contacted.
There are no specific management activities required of the Crypto Officer Role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Persistent Systems Support should be contacted.
Rules of Operation
The module must be zeroized and returned to the manufacturer.
The Module does not implement any mitigation method against other attacks.
References and Definitions The following standards are referred to in this Security Policy. Table 24