| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Software-hybrid |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 1/25/2031 |
| Caveat | When operated in approved mode; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded |
| Vendor | Persistent Systems, LLC |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A4588 |
| AES-CBC-CS3 | A4589 |
| AES-CCM | A4589 |
| AES-CMAC | A4589 |
| AES-CTR | A4588 |
| AES-ECB | A4588 |
| AES-GCM | A4589 |
| AES-GMAC | A4589 |
| AES-XTS Testing Revision 2.0 | A4589 |
| Counter DRBG | A4589 |
| Hash DRBG | A4589 |
| HMAC DRBG | A4589 |
| HMAC-SHA-1 | A4588 |
| HMAC-SHA2-224 | A4588 |
| HMAC-SHA2-256 | A4588 |
| HMAC-SHA2-384 | A4589 |
| HMAC-SHA2-512 | A4589 |
| HMAC-SHA3-224 | A4589 |
| HMAC-SHA3-256 | A4589 |
| HMAC-SHA3-384 | A4589 |
| HMAC-SHA3-512 | A4589 |
| RSA SigVer (FIPS186-4) | A4589 |
| SHA-1 | A4588 |
| SHA2-224 | A4588 |
| SHA2-256 | A4588 |
| SHA2-384 | A4589 |
| SHA2-512 | A4589 |
| SHA3-224 | A4589 |
| SHA3-256 | A4589 |
| SHA3-384 | A4589 |
| SHA3-512 | A4589 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for Wave Relay® Kernel Space Crypto Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>SF2</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IPSEC<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Wave Relay® Kernel Space Crypto Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>SF2</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IPSEC<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Persistent Systems, LLC Wave Relay® Kernel Space Crypto Module Document Version: 1.5 Date: January 14, 2026 Version 1.3 Persistent Systems, LLC Public Material
| # | Section | Page |
|---|---|---|
| 1 | – General | 5 |
| 1.1 | Overview | 5 |
| 1.2 | Security Levels | 5 |
| 2 | – Cryptographic Module Specification | 6 |
| 2.1 | Description | 6 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 8 |
| 2.3 | Excluded Components | 9 |
| 2.4 | Modes of Operation | 9 |
| 2.5 | Algorithms | 10 |
| 2.6 | Security Function Implementations | 14 |
| 2.7 | Algorithm Specific Information | 17 |
| 2.8 | RBG and Entropy | 17 |
| 2.9 | Key Generation | 18 |
| 2.10 | Key Establishment | 18 |
| 2.11 | Industry Protocols | 18 |
| 3 | Cryptographic Module Interfaces | 19 |
| 3.1 | Ports and Interfaces | 19 |
| 4 | Roles, Services, and Authentication | 20 |
| 4.1 | Authentication Methods | 20 |
| 4.2 | Roles | 20 |
| 4.3 | Approved Services | 20 |
| 4.4 | Non-Approved Services | 23 |
| 4.5 | External Software/Firmware Loaded | 24 |
| 5 | Software/Firmware Security | 25 |
| 5.1 | Integrity Techniques | 25 |
| 5.2 | Initiate on Demand | 25 |
| 6 | Operational Environment | 26 |
| 6.1 | Operational Environment Type and Requirements | 26 |
| 6.2 | Configuration Settings and Restrictions | 26 |
| 7 | Physical Security | 27 |
| 7.1 | Mechanisms and Actions Required | 27 |
| 8 | Non-Invasive Security | 28 |
| 9 | Sensitive Security Parameters Management | 29 |
| 9.1 | Storage Areas | 29 |
| 9.2 | SSP Input-Output Methods | 29 |
| 9.3 | SSP Zeroization Methods | 29 |
| 9.4 | SSPs | 30 |
| 10 | Self-Tests | 32 |
| 10.1 | Pre-Operational Self-Tests | 32 |
| 10.2 | Conditional Self-Tests | 32 |
| 10.3 | Periodic Self-Test Information | 36 |
| 10.4 | Error States | 40 |
| 10.5 | Operator Initiation of Self-Tests | 40 |
| 11 | Life-Cycle Assurance | 40 |
| 11.1 | Installation, Initialization, and Startup Procedures | 40 |
| 11.2 | Administrator Guidance | 40 |
| 11.3 | Non-Administrator Guidance | 41 |
| 11.4 | Design and Rules | 41 |
| Rules of Operation | 41 | |
| 11.6 | End of Life | 41 |
| 12 | Mitigation of Other Attacks | 41 |
| References and Definitions | 43 |
Version 1.3 Persistent Systems, LLC Public Material
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) | 8 |
| Table 3: Tested Module Identification – Hybrid Disjoint Hardware | 9 |
| Table 4: Tested Operational Environments - Software, Firmware, Hybrid | 9 |
| Table 5: Modes List and Description | 10 |
| Table 6: Approved Algorithms | 12 |
| Table 7: Non-Approved, Not Allowed Algorithms | 13 |
| Table 8: Security Function Implementations | 16 |
| Table 9: Entropy Certificates | 17 |
| Table 10: Entropy Sources | 17 |
| Table 11: Ports and Interfaces | 19 |
| Table 12: Authentication Methods | 20 |
| Table 13: Roles | 20 |
| Table 14: Approved Services | 23 |
| Table 15: Non-Approved Services | 24 |
| Table 16: Storage Areas | 29 |
| Table 17: SSP Input-Output Methods | 29 |
| Table 18: SSP Zeroization Methods | 29 |
| Table 19: SSP Table 1 | 31 |
| Table 20: SSP Table 2 | 31 |
| Table 21: Pre-Operational Self-Tests | 32 |
| Table 22: Conditional Self-Tests | 36 |
| Table 23: Pre-Operational Periodic Information | 36 |
| Table 24: Conditional Periodic Information | 39 |
| Table 25: Error States | 40 |
| Table 26 – References | 43 |
| Table 27 – Acronyms and Definitions | 44 |
| Figure 1- Cryptographic Boundary | 7 |
| Figure 2 - Physical Perimeter | 8 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic module specification | 2 |
| 3 | 3 | Cryptographic module interfaces | 2 |
| 4 | 4 | Roles, services, and authentication | 2 |
| 5 | 5 | Software/Firmware security | 2 |
| 6 | 6 | Operational environment | 2 |
| 7 | 7 | Physical security | 2 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 2 |
| 10 | 10 | Self-tests | 2 |
| 11 | 11 | Life-cycle assurance | 2 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 2 |
This document is the non-proprietary FIPS 140-3 Security Policy for version 1.1 of the Persistent Systems LLC Wave Relay® Kernel Space Crypto Module. It contains the security rules under which the Module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 2 module.
The FIPS 140-3 security levels for the Module are as follows from Table 1: N/A N/A Table 1: Security Levels Version 1.3 Persistent Systems, LLC Public Material
FIPS validated connectivity drives mission success. This Persistent Systems LLC Wave Relay® Kernel Space Crypto Module, hereafter denoted as the “module”, is a Software-Hybrid cryptographic module operating on a single-chip device that provides FIPS validated cryptographic algorithms which are used by kernel space system services & protocols (e.g. Wave Relay, IPsec, etc.) The Wave Relay® System is a peer-to-peer wireless MANET networking solution in which there is no master node. If any device fails, the rest of the devices continue to communicate using any remaining connectivity. By eliminating master nodes, gateways, access points, and central coordinators from the design, Wave Relay® delivers high levels of fault tolerance regardless of which nodes might fail.
Purpose and Use: The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated cryptography. The module is intended to be used in various products within the vendor’s portfolio of solutions. Built to create powerful, secure networks anywhere, the Module is used to unite all critical data sources in real time giving you and your team the confidence to make difficult decisions in the heart of the moment. Module Type: Software-hybrid Module Embodiment: SingleChip Cryptographic Boundary: The Module is a single-chip embodiment. Figure 1 below shows a block diagram of the cryptographic boundary. The cryptographic boundary is outlined in red and defined as a combination of the software kernel library (FIPS140.ko) and the hardware crypto IP core within the NXP i.MX 6 Series SoC (System on a Chip). The disjoint hardware component is the hardware-only cryptographic algorithms and entropy source depicted on the left side of Figure 1 under “Crypto Accelerator and Assurance Module (CAAM)”. The software component is the “FIPS Kernel Module” on the right side of Figure 1, which includes the SW Crypto Functions (which may utilize PAA), as well as the FIPS Self-Test implementations and CAAM Driver. The Module supports both hardware (Cryptographic Accelerator and Assurance Module (CAAM)) and software based cryptographic operation. The flow of information between the components and the relation between data and the Module’s interfaces are depicted through arrows. Tested Operational Environment’s Physical Perimeter (TOEPP): Version 1.3 Persistent Systems, LLC Public Material
The TOEPP of the Module is depicted in Figure 2 below.The TOEPP is the NXP i.MX6 SOC. Figure 1- Cryptographic Boundary Version 1.3 Persistent Systems, LLC Public Material
| Name | Model | Hardware Version | Firmware Version | Package | Integrity Test |
|---|---|---|---|---|---|
| Wave Relay | 1.1 | Wave Relay | HMAC-SHA2-256 | ||
| MCIMX6Q6AVT10AE | MCIMX6Q6AVT10AE | MCIMX6Q6AVT10AE | |||
| MCIMX6Q6AVT10AD | MCIMX6Q6AVT10AD | MCIMX6Q6AVT10AD | |||
| MSCMMX6QZCK08AB | MSCMMX6QZCK08AB | MSCMMX6QZCK08AB | |||
| MCIMX6Q7CZK08AE | MCIMX6Q7CZK08AE | MCIMX6Q7CZK08AE |
| Name | Model | Hardware Version | Firmware Version | Package | Integrity Test |
|---|---|---|---|---|---|
| Wave Relay | 1.1 | Wave Relay | HMAC-SHA2-256 | ||
| MCIMX6Q6AVT10AE | MCIMX6Q6AVT10AE | MCIMX6Q6AVT10AE | |||
| MCIMX6Q6AVT10AD | MCIMX6Q6AVT10AD | MCIMX6Q6AVT10AD | |||
| MSCMMX6QZCK08AB | MSCMMX6QZCK08AB | MSCMMX6QZCK08AB | |||
| MCIMX6Q7CZK08AE | MCIMX6Q7CZK08AE | MCIMX6Q7CZK08AE |
There are four physical variants of the chip as shown in Figure 2 below. Figure 2 - Physical Perimeter
Tested Module Identification
| Name | Operating System | Hardware Platform | Software Version | Processor | Paa Pai |
|---|---|---|---|---|---|
| Wave Relay® OS 2.2 | Wave Relay® OS 2.2 | MPU (5th Generation) | 1.1 | MCIMX6Q6AVT10AE | Yes |
| Wave Relay® OS 2.2 | Wave Relay® OS 2.2 | MPU (5th Generation) | 1.1 | MCIMX6Q6AVT10AD | Yes |
| Wave Relay® OS 2.2 | Wave Relay® OS 2.2 | Embedded Module | 1.1 | MCIMX6Q7CZK08AE | Yes |
| Wave Relay® OS 2.2 | Wave Relay® OS 2.2 | Embedded Module lite | 1.1 | MCIMX6Q7CZK08AE | Yes |
| Wave Relay® OS 2.2 | Wave Relay® OS 2.2 | Embedded Module | 1.1 | MSCMMX6QZCK08AB | Yes |
| Wave Relay® OS 2.2 | Wave Relay® OS 2.2 | Embedded Module lite | 1.1 | MSCMMX6QZCK08AB | Yes |
| Wave Relay® OS 2.2 | Wave Relay® OS 2.2 | GVR5 | 1.1 | MCIMX6Q7CZK08AE | Yes |
| Wave Relay® OS 2.2 | Wave Relay® OS 2.2 | Integrated Antenna Series | 1.1 | MCIMX6Q7CZK08AE | Yes |
Table 3: Tested Module Identification
No components were excluded from the cryptographic boundary.
Persistent Systems, LLC Public Material
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- Approved | The module is capable of non- approved services in the non-approved mode of operation only. | fips140_service_indicator = 0 | Non- Approved |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A4588 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4589 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A4589 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A4589 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CMAC | A4589 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A4588 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A4589 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4588 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4589 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-GCM | A4589 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A4589 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-XTS Testing Revision 2.0 | A4589 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A4589 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Hash DRBG | A4589 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A4589 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A4588 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A4588 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A4588 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-224 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-256 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-384 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-512 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1 |
| RSA SigVer (FIPS186-4) | A4589 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A4588 | Message Length - Message Length: 160, 0-65536 Increment 8 | FIPS 180-4 |
| SHA-1 | A4589 | Message Length - Message Length: 160, 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4588 | Message Length - Message Length: 224, 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4589 | Message Length - Message Length: 224, 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4588 | Message Length - Message Length: 256, 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4589 | Message Length - Message Length: 256, 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A4589 | Message Length - Message Length: 384, 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A4589 | Message Length - Message Length: 512, 0-65536 Increment 8 | FIPS 180-4 |
| SHA3-224 | A4589 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 202 |
| SHA3-256 | A4589 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 202 |
| SHA3-384 | A4589 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 202 |
| SHA3-512 | A4589 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 202 |
Modes List and Description: support a degraded mode. NonApproved =1 NonApproved =0 Table 5: Modes List and Description Mode Change Instructions and Status: The module provides a service level indicator. All Approved services will indicate they are Approved services and all non-Approved services will indicate they are non-Approved. No additional configuration or initialization is required.
Approved Algorithms: The Module implements cryptographic algorithms in the following providers:
Version 1.3 Persistent Systems, LLC Public Material
Table 6: Approved Algorithms Vendor-Affirmed Algorithms: The Module does not support any vendor affirmed cryptographic algorithms. N/A for this module. Non-Approved, Allowed Algorithms: The module does not implement any Non-Approved, but Allowed Algorithms in the Approved Mode of Operation. Version 1.3 Persistent Systems, LLC Public Material
| Name | Approved Functions |
|---|---|
| AES (GCM) - Ext IV | GCM with Externally Generated IVs |
| AES (GCM) - Hybrid | Hybrid Authenticated Symmetric Encryption/Decryption using internally generated IV HW: Encrypt, Decrypt SW: Message Authentication |
| ghash | Message Authentication used independently from AES(GCM) |
| AES (CCM) - Hybrid | Hybrid Authenticated Symmetric Encryption/Decryption HW: Encrypt, Decrypt SW: Message Authentication |
| AES (cbcmac) | Message Authentication used independently from AES(CCM) |
| AES (CTS) | Cipher Text Stealing |
| AES (XTS) - Hybrid | Hybrid Disk Encryption HW: First encryption SW: Second encryption |
| ENT (SW) | Software Entropy Source (Jitterentropy) for DRBG Seeding |
N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: The module does not implement any Non-Approved, Algorithms Allowed with No Security Claimed in the Approved Mode of Operation. N/A for this module. Non-Approved, Not Allowed Algorithms: The Module implements the Non-Approved, Not Allowed cryptographic algorithms listed in the table below. Table 7: Non-Approved, Not Allowed Algorithms Version 1.3 Persistent Systems, LLC Public Material
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| SF1 | Symmetric Key Data Encryption | AES-CBC: (A4588, A4589) Size: 128, 192, 256 AES-CTR: (A4588, A4589) Size: 128, 192, 256 AES-ECB: (A4588, A4589) Size: 128, 192, 256 AES-CBC-CS3: (A4589) Size: 128, 192, 256 AES-CCM: (A4589) Size: 128, 192, 256 AES-GCM: (A4589) Size: 128, 192, 256 AES-XTS Testing Revision 2.0: (A4589) Size: 128, 256 | BC-Auth | Publication:FIPS 197 |
| SF2 | Symmetric Key Data Decryption | AES-CBC: (A4588, A4589) Size: 128, 192, 256 AES-CTR: (A4588, A4589) Size: 128, 192, 256 AES-ECB: (A4588, A4589) Size: 128, 192, 256 | BC-UnAuth | Publication:197 |
| SF3 | Message Authentication Generation/Verification | AES-CMAC: (A4589) AES-GMAC: (A4589) HMAC-SHA-1: (A4588, A4589) HMAC-SHA2-224: (A4588, A4589) HMAC-SHA2-256: (A4588, A4589) HMAC-SHA2-384: (A4589) HMAC-SHA2-512: (A4589) HMAC-SHA3-224: (A4589) HMAC-SHA3-256: (A4589) HMAC-SHA3-384: (A4589) HMAC-SHA3-512: (A4589) | MAC | Publication:FIPS 198, SP800-38B, SP800-38D |
| SF4 | Message Digest | SHA-1: (A4588, A4589) | SHA | Publication:FIPS 180-4, FIPS 202 |
| SF5 | Random Number Generation | Hash DRBG: (A4589) HMAC DRBG: (A4589) Counter DRBG: (A4589) | DRBG | Publication:SP800-90A |
| SF6 | Signature Verification | RSA SigVer (FIPS186- 4): (A4589) Size: 2048, 3072, 4096 | DigSig-SigVer | Publication:186-4 |
| SF7 | Entropy Generation | Hash DRBG: (A4589) HMAC DRBG: (A4589) Counter DRBG: (A4589) | ENT-ESV | Publication:SP800-90B |
The table below shows the Security Function Implementations that the module implements: Version 1.3 Persistent Systems, LLC Public Material
Version 1.3 Persistent Systems, LLC Public Material
Table 8: Security Function Implementations Version 1.3 Persistent Systems, LLC Public Material
| Name | Type | Strength | Operational Environment | |
|---|---|---|---|---|
| Wave Relay Physical Entropy Source | Physical | 384 bits | NXP i.MX 6 | 316 bits |
| Cert | Vendor Name | |
|---|---|---|
| Number | ||
| E82 | persistent systems |
Below are the documentation requirements for specific algorithms and conditions, as mandated by Implementation Guidance. AES GCM IV Uniqueness FIPS140-3 IG C.H, Option 2 The IV is generated internally at its entirety randomly. The generation uses an Approved DRBG (Cert. #A4589) that is internal to the module’s boundary. The IV length is fixed at 96 bits (per SP 800-38D). FIPS140-3 IG C.I The XTS algorithm implementation includes a check prior to use to ensure Key_1 ≠ Key_2. SHA-1 The use of SHA-1 by the “Hash” service is only approved for integrity checks and is not approved for use as part of a digital signature.
Table 9: Entropy Certificates The Module uses the following entropy sources: Table 10: Entropy Sources Version 1.3 Persistent Systems, LLC Public Material
Persistent Systems is using a physical free running ring oscillator to generate entropy input for instantiation and reseed of SP 800-90A compliant DRBGs. The entropy source is the True Random Number Generator (TRNG) sub-component of an NXP i.MX 6 SoC chip. The entropy source performs all required health tests of SP 800-90B, which includes continuous, start-up and on-demand health tests. There are no configurations needed by the operator to use the entropy source in accordance with the Public Use Document for ESV Cert. #E82. Whenever a failure is detected during the health testing, entropy data is not returned to the caller; instead, a failure code is returned to enable the caller to determine the reason for the failure. The entropy source then halts and will refuse new requests for entropy. Upon return of the failure, the operator shall reset or reboot the entropy source. The entropy source will continue to operate after being reset and passing all start-up and continuous health tests. The default Approved DRBG used for random number generation is the HMAC_DRBG (Cert A4589) using SHA2-512. In addition, the module also provides HMAC_DRBG, CTR_DRBG and HASH_DRBG using different mechanisms and key sizes. The DRBGs are all internally seeded by using the entropy source (ESV Cert. #E82). The security strength of the DRBG is determined by the internal mechanism selected (i.e., 256-bits security strength for a CTR_DRBG using AES-256). The operator shall select the appropriate DRBG mechanism for the security strength required when using the “Random Bit Generation” service.
The module does not support Key Generation Functions.
Key Agreement Information The module does not support Key Agreement Functions. Key Transport Information The module does not support Key Transport Functions.
The module does not implement any Industry Protocols. Version 1.3 Persistent Systems, LLC Public Material
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Control Input | o API input arguments that are used to initialize and control the operation of the module o API Commands invoking cryptographic services |
| N/A | N/A | Data Input | o API input arguments that provide input data for processing o Data to be encrypted, decrypted, verified, or hashed o Keys to be used in cryptographic services |
| N/A | N/A | Data Output | o API output arguments that return generated or processed data back to the caller o Data that has been encrypted, decrypted or verified o Hashes o Random Values generated by the module's DRBG o Random seed material for other module DRBGs |
| N/A | N/A | Status Output | o API call return values o Status information regarding the module |
| N/A | N/A | Power | N/A |
The Module’s ports and associated FIPS defined logical interface categories are listed below. N/A N/A N/A N/A N/A N/A Table 11: Ports and Interfaces Note: The module does not support Control Output. Version 1.3 Persistent Systems, LLC Public Material
| Name | Description | Strength | Strength per Minute | |
|---|---|---|---|---|
| Role Based Authentication | Signature Verification | RSA 3072-bit has a security strength of 128 bits. The probability of successfully guessing the private key is 1/(2^128). | SF6 | Each authentication attempt takes approximately 8.4 seconds, which results in a maximum of seven authentication attempts per minute. The probably of a brute force attack being successful within a given minute is 7/(2^128). |
| Name | Role Access | Type | |
|---|---|---|---|
| Cryptographic Officer | CO | Role | Role Based Authentication |
The Module supports one distinct operator role, Crypto Officer (CO). One authentication is allowed per Module reset. The Module does not support concurrent operators. The Cryptographic Officer’s authentication public key is protected by the physical and logical design of the Module; it is stored as part of the Module binary itself. The Roles Table below lists all operator roles supported by the Module. Table 13: Roles
All approved services implemented by the Module are listed in the table below: The SSPs modes of access shown in the table below are defined as:
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Module Self- Test | Perform module initializat ion, pre- operation al, and condition al cryptogra phic algorith m self- tests. | Cryptogra phic Officer - Software Integrity Key: E | None | fips_get_tests_pass ed() | Power | Pass/Fail Status |
| Login | Authenti cate to the module. | Cryptogra phic Officer - CO Authentic ation Key: E | SF6 | fips140_get_error() | Authenti cation Signature | Authenti cation Status |
| Module Status | Shows module's status | Cryptogra phic Officer | None | fips140_get_error() | None | Status |
| Hash | Compute a Message Digest | Cryptogra phic Officer | SF4 | fips140_service_in dicator()=1 | Message | Hash Value |
| Show Module Info | Shows module's versionin g informati on | Cryptogra phic Officer | None | fips140_module_v ersion() | None | Module Base Name + Module Version Number |
| Symmetric Encryption/De cryption | Encrypti on and decryptio n of data. | Cryptogra phic Officer - AES Key: W,E | SF1 SF2 | fips140_service_in dicator()=1 | AES Key, Plaintext or Cipherte xt | Plaintext or Cipherte xt |
| Keyed MAC | Compute a Message Authenti cation code | Cryptogra phic Officer - AES Key: W,E - HMAC Key: W,E | SF3 | fips140_service_in dicator()=1 | Message, HMAC or AES Key | Message Authenti cation Code |
| Random Bit Generation | Generate s random values. Operator must select the appropria te DRBG mechanis m for the security- strength desired. | Cryptogra phic Officer - CTR_DR BG-State: W,E - HMAC_D RBG- State: W,E - HASH_D RBG- State: W,E | SF5 | fips140_service_in dicator()=1 | DRBG Selection | Random Values |
| RSA Signature Verification | Signature Verificati on | Cryptogra phic Officer - RSA Public Key: R,E | SF6 | fips140_service_in dicator()=1 | RSA Public Key, Signature Message | Boolean indicatin g validity of signature |
| Entropy Generation | Generate entropy for internal or external DRBGs | Cryptogra phic Officer - DRBG- EI: G,R | SF7 | fips140_service_in dicator()=1 | N/A | Entropy |
| Zeroisation | Destroys all security | Cryptogra phic Officer - DRBG- | None | fips140_get_error() =1 | N/A | N/A |
Module SelfTest ion, preoperation m selftests. a g E Persistent Systems, LLC Public Material
a securitystrength W,E RBGState: W,E RBGState: W,E N/A - DRBGEI: G,R =1 N/A Version 1.3 Persistent Systems, LLC Public Material
| Name | Description | Roles | Csps Accessed | Approved Functions |
|---|---|---|---|---|
| paramete rs | paramete rs | EI: Z - CTR_DR BG-State: Z - AES Key: Z - HMAC Key: Z - RSA Public Key: Z - HMAC_D RBG- State: Z - HASH_D RBG- State: Z | ||
| Authenticated Symmetric Encryption/Decryption | GCM using externally generated IVs | CO | AES (GCM) - Ext IV | |
| Hybrid Authenticated Symmetric Encryption/Decryption | GCM or CCM encryption/decryption using a hybrid implementation in Hardware and Software | CO | AES (GCM) - Hybrid AES (CCM) - Hybrid | |
| Hybrid Symmetric Encryption/Decryption | encryption/decryption using a hybrid implementation in Hardware and Software | CO | AES (XTS) - Hybrid | |
| Authentication Codes | Message Authentication used independent of CCM or GCM | CO | ghash AES (cbcmac) | |
| Entropy (SW) | Software entropy source | CO | ENT (SW) |
| Name | Description | Roles | Csps Accessed | Approved Functions |
|---|---|---|---|---|
| paramete rs | paramete rs | EI: Z - CTR_DR BG-State: Z - AES Key: Z - HMAC Key: Z - RSA Public Key: Z - HMAC_D RBG- State: Z - HASH_D RBG- State: Z | ||
| Authenticated Symmetric Encryption/Decryption | GCM using externally generated IVs | CO | AES (GCM) - Ext IV | |
| Hybrid Authenticated Symmetric Encryption/Decryption | GCM or CCM encryption/decryption using a hybrid implementation in Hardware and Software | CO | AES (GCM) - Hybrid AES (CCM) - Hybrid | |
| Hybrid Symmetric Encryption/Decryption | encryption/decryption using a hybrid implementation in Hardware and Software | CO | AES (XTS) - Hybrid | |
| Authentication Codes | Message Authentication used independent of CCM or GCM | CO | ghash AES (cbcmac) | |
| Entropy (SW) | Software entropy source | CO | ENT (SW) | |
| Ciphertext Stealing | AES encryption/decryption using ciphertext/stealing | CO | AES (CTS) |
Z RBGState: Z RBGState: Z Table 14: Approved Services
All approved services implemented by the Module are listed in the table below: Version 1.3 Persistent Systems, LLC Public Material
Table 15: Non-Approved Services
The module does not support an External Software/Firmware Load capability. Version 1.3 Persistent Systems, LLC Public Material
The Module is composed of the following component(s):
The operator can initiate the integrity test on demand by power cycling the hardware. Version 1.3 Persistent Systems, LLC Public Material
Type of Operational Environment: Modifiable The Module has a modifiable operational environment under the FIPS 140-3 definitions. The tested operational environments are listed in Section 2.1. The Operating Environment is modifiable and allows the operator to load and execute software. How Requirements are Satisfied: The Module supports a modifiable operational environment. The operator may load and execute software that was not included in the original evaluation as the underlying Wave Relay OS 2.2 operational environment is modifiable. Each instance of a cryptographic module controls its own SSPs and are not owned or controlled by external processes/operators. This requirement is not enforced by administrative documentation and procedures but by the cryptographic module itself. The operational environment provides the capability to separate individual application processes from each other in order to prevent uncontrolled access to CSPs and uncontrolled modification of SSPs
All cryptographic software, SPPs and control/status information is under the control of an operating system that implements mandatory access control. The Operating system protects against unauthorized execution, unauthorized modification and unauthorized reading of SSPs and status data. Processes that are spawned by the cryptographic module are owned by the module and are not owned by external processes/operators. The Operating System provides an audit mechanism with the date and time of each audited event. Version 1.3 Persistent Systems, LLC Public Material
The design and physical security characteristics of the Wave Relay Kernel Space Crypto module meet the intent of the FIPS 140-3 Level 2 Physical Security Requirements, based on the test results described in the physical security test report. The embodiment of the Module is a single chip, which is opaque and also provides tamper evidence. The module has been subjected to FIPS140-3 Level 2 physical security analysis.
The module has: o o o
The Module does not implement any mitigation method against non-invasive attack. Version 1.3 Persistent Systems, LLC Public Material
| Name | Type | Description |
|---|---|---|
| System Memory (S1) | Dynamic | Stored in plaintext in volatile memory (RAM). |
| Binary (S2) | Static | Stored in plaintext as part of the module binary itself. |
| Name | Type | From | To | ||
|---|---|---|---|---|---|
| Input in plaintext (IO1) | Plaintext | Application Software (outside) | System Memory (S1) | Manual | Electronic |
| Output in plaintext (IO2) | Plaintext | System Memory (S1) | Application Software (outside) | Manual | Electronic |
| Zeroization | Description | Rationale | Operator | ||
|---|---|---|---|---|---|
| Method | Initiation | ||||
| Z1 | Zeroisation service | Active overwriting of SSP values with 0s in volatile memory | Zeroisation service | ||
| Z2 | Zeroisation upon use | Active overwriting of SSP values with 0s immediately after SSP is no longer needed. | N/A |
Table 16: Storage Areas Table 17: SSP Input-Output Methods N/A Table 18: SSP Zeroization Methods Version 1.3 Persistent Systems, LLC Public Material
| Name | Type | Description | Strength | Generation | Establishment | Size - Strengt h | Establishe d By |
|---|---|---|---|---|---|---|---|
| DRBG-EI | ENT - CSP | Entropy Input | 387-771 - 128 to 256 | SF7 | SF5 | ||
| CTR_DRBG- State | DRBG - CSP | CTR_DRBG internal state (V and Key) | V is 128, Key is 128 to 256 - 128 to 256 | SF5 | SF5 | ||
| HMAC_DRB G-State | DRBG - CSP | HMAC_DRBG internal state (V and Key) | V is 160 to 512, Key is 160 to 512 - 128 to 256 | SF5 | SF5 | ||
| HASH_DRBG -State | DRBG - CSP | HASH_DRBG internal state (V and C) | V is 440 to 888, C is 440 to 888 - 128 to 256 | SF5 | SF5 | ||
| HMAC Key | MAC - CSP | Used for Message Authentication | 128 to 512 - 128 to 256 | SF3 | |||
| AES Key | Symmetric - CSP | Used for encryption/decrypti on operations | 128, 192, 256 - 128, 192, 256 | SF1 SF2 | |||
| RSA Public Key | Asymmetri c - PSP | Used for signature verification | 2048, 3072, 4096 - 112, | SF6 | |||
| CO Authentication Key | Asymmetri c - PSP | Used for authenticating the CO | 3072 - 128 | SF6 | |||
| Software Integrity Key | Self-Test - Neither | Used for module integrity | 256 - 256 | SF3 | |||
| DRBG-EI | Until use completes | Output in plaintext (IO2) | DRBG- State:Used to derive | System Memory (S1):Plaintext | Z1 Z2 | ||
| CTR_DRBG- State | Until use completes | DRBG- EI:Derived From | System Memory (S1):Plaintext | Z1 Z2 | |||
| HMAC_DRBG- State | Until use completes | DRBG- EI:Derived From | System Memory (S1):Plaintext | Z1 Z2 | |||
| HASH_DRBG- State | Until use completes | DRBG- EI:Derived From | System Memory (S1):Plaintext | Z1 Z2 | |||
| HMAC Key | Until use completes | Input in plaintext (IO1) | System Memory (S1):Plaintext | Z1 Z2 | |||
| AES Key | Until use completes | Input in plaintext (IO1) | System Memory (S1):Plaintext | Z1 Z2 | |||
| RSA Public Key | Until use completes | Input in plaintext (IO1) | System Memory (S1):Plaintext | Z1 Z2 | |||
| CO Authentication Key | Until use completes | Binary (S2):Plaintext | N/A | ||||
| Software Integrity Key | Until use completes | Binary (S2):Plaintext | N/A |
All usage of these SSPs by the Module are described in the services detailed in Section 4.3 CTR_DRBGState h d Version 1.3 Persistent Systems, LLC Public Material
h d Table 19: SSP Table 1 CTR_DRBGState HMAC_DRBGState HASH_DRBGState N/A N/A DRBGEI:Derived DRBGEI:Derived DRBGEI:Derived Table 20: SSP Table 2 Version 1.3 Persistent Systems, LLC Public Material
| Name | Algorithm Or Test | Test Method | Test Type | Details | Test Properties | Indicator | Conditions |
|---|---|---|---|---|---|---|---|
| Software Integrity Test | Software Integrity Test | KAT | SW/FW Integrity | Executed on the kernel module. | HMAC SHA2- 256 | fips_get_tests_passed() | |
| AES-CBC- Encrypt (4588) | AES-CBC- Encrypt (4588) | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On |
| AES-CBC- Decrypt (4588) | AES-CBC- Decrypt (4588) | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Test Properties | Indicator | Conditions |
|---|---|---|---|---|---|---|---|---|---|
| Software Integrity Test | Software Integrity Test | KAT | SW/FW Integrity | Executed on the kernel module. | HMAC SHA2- 256 | fips_get_tests_passed() | |||
| AES-CBC- Encrypt (4588) | AES-CBC- Encrypt (4588) | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CBC- Decrypt (4588) | AES-CBC- Decrypt (4588) | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CTR Encrypt (4588) | AES-CTR Encrypt (4588) | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CTR Decrypt (4588) | AES-CTR Decrypt (4588) | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-ECB Encrypt (4588) | AES-ECB Encrypt (4588) | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-ECB Decrypt (4588) | AES-ECB Decrypt (4588) | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CBC Encrypt (4589) | AES-CBC Encrypt (4589) | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CBC Decrypt (4589) | AES-CBC Decrypt (4589) | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CBC-CS3 Encrypt | AES-CBC-CS3 Encrypt | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CBC-CS3 Decrypt | AES-CBC-CS3 Decrypt | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CCM Encrypt | AES-CCM Encrypt | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CCM Decrypt | AES-CCM Decrypt | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CMAC (A4589) | AES-CMAC (A4589) | KAT | CAST | Generate | Key sizes: 128, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CTR Encrypt (4589) | AES-CTR Encrypt (4589) | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-CTR Decrypt (4589) | AES-CTR Decrypt (4589) | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-ECB Encrypt (4589) | AES-ECB Encrypt (4589) | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-ECB Decrypt (4589) | AES-ECB Decrypt (4589) | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-GCM Encrypt | AES-GCM Encrypt | KAT | CAST | Encrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-GCM Decrypt | AES-GCM Decrypt | KAT | CAST | Decrypt | Key sizes: 128, 192, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-XTS Encrypt | AES-XTS Encrypt | KAT | CAST | Encrypt | Key sizes: 128, 256 bits | fips_get_tests_passed() | Power-On | ||
| AES-XTS Decryt | AES-XTS Decryt | KAT | CAST | Decrypt | Key sizes: 128, 256 bits | fips_get_tests_passed() | Power-On | ||
| Counter DRBG (A4589) | Counter DRBG (A4589) | KAT | CAST | instantiation, generate, and reseed KATs | Key size: 128, 192, 256 | fips_get_tests_passed() | Power-On | ||
| Hash DRBG (A4589) | Hash DRBG (A4589) | KAT | CAST | instantiation, generate, and reseed KATs | SHA2-256 | fips_get_tests_passed() | Power-On | ||
| HMAC DRBG (A4589) | HMAC DRBG (A4589) | KAT | CAST | instantiation, generate, and reseed KATs | SHA2-256, SHA2-512 | fips_get_tests_passed() | Power-On | ||
| Entropy | Entropy | RCT, APT | CAST | Startup and Continuous RCT and APT per [90B] Section 4.2 and 4.4 | SP800-90B Health Tests | fips140_get_error() | Entropy Generation | ||
| HMAC-SHA-1 (A4588) | HMAC-SHA-1 (A4588) | KAT | CAST | Generate | SHA-1 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA2- 224 (A4588) | HMAC-SHA2- 224 (A4588) | KAT | CAST | Generate | SHA2-224 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA2- 256 (A4588) | HMAC-SHA2- 256 (A4588) | KAT | CAST | Generate | SHA2-256 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA-1 (A4589) | HMAC-SHA-1 (A4589) | KAT | CAST | Generate | SHA-1 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA2- 224 (A4589) | HMAC-SHA2- 224 (A4589) | KAT | CAST | Generate | SHA2-224 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA2- 256 (A4589) | HMAC-SHA2- 256 (A4589) | KAT | CAST | Generate | SHA2-256 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA2- 384 (A4589) | HMAC-SHA2- 384 (A4589) | KAT | CAST | Generate | SHA2-384 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA2- 512 (A4589) | HMAC-SHA2- 512 (A4589) | KAT | CAST | Generate | SHA2-512 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA3- 224 (A4589) | HMAC-SHA3- 224 (A4589) | KAT | CAST | Generate | SHA3-224 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA3- 256 (A4589) | HMAC-SHA3- 256 (A4589) | KAT | CAST | Generate | SHA3-256 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA3- 384 (A4589) | HMAC-SHA3- 384 (A4589) | KAT | CAST | Generate | SHA3-384 | fips_get_tests_passed() | Power-On | ||
| HMAC-SHA3- 512 (A4589) | HMAC-SHA3- 512 (A4589) | KAT | CAST | Generate | SHA3-512 | fips_get_tests_passed() | Power-On | ||
| RSA SigVer (FIPS186-4) (A4589) | RSA SigVer (FIPS186-4) (A4589) | KAT | CAST | Signature Verification | Key Size: 3072- bit with SHA2- 384 | fips_get_tests_passed() | Power-On | ||
| SHA-1 (A4588) | SHA-1 (A4588) | KAT | CAST | Message Digest | SHA-1 | fips_get_tests_passed() | Power-On | ||
| SHA2-224 (A4588) | SHA2-224 (A4588) | KAT | CAST | Message Digest | SHA2-224 | fips_get_tests_passed() | Power-On | ||
| SHA2-256 (A4588) | SHA2-256 (A4588) | KAT | CAST | Message Digest | SHA2-256 | fips_get_tests_passed() | Power-On | ||
| SHA-1 (A4589) | SHA-1 (A4589) | KAT | CAST | Message Digest | SHA-1 | fips_get_tests_passed() | Power-On | ||
| SHA2-224 (A4589) | SHA2-224 (A4589) | KAT | CAST | Message Digest | SHA2-224 | fips_get_tests_passed() | Power-On | ||
| SHA2-256 (A4589) | SHA2-256 (A4589) | KAT | CAST | Message Digest | SHA2-256 | fips_get_tests_passed() | Power-On | ||
| SHA2-384 (A4589) | SHA2-384 (A4589) | KAT | CAST | Message Digest | SHA2-384 | fips_get_tests_passed() | Power-On | ||
| SHA2-512 (A4589) | SHA2-512 (A4589) | KAT | CAST | Message Digest | SHA2-512 | fips_get_tests_passed() | Power-On | ||
| SHA3-224 (A4589) | SHA3-224 (A4589) | KAT | CAST | Message Digest | SHA3-224 | fips_get_tests_passed() | Power-On | ||
| SHA3-256 (A4589) | SHA3-256 (A4589) | KAT | CAST | Message Digest | SHA3-256 | fips_get_tests_passed() | Power-On | ||
| SHA3-384 (A4589) | SHA3-384 (A4589) | KAT | CAST | Message Digest | SHA3-384 | fips_get_tests_passed() | Power-On | ||
| SHA3-512 (A4589) | SHA3-512 (A4589) | KAT | CAST | Message Digest | SHA3-512 | fips_get_tests_passed() | Power-On | ||
| Software Integrity Test | Software Integrity Test | KAT | SW/FW Integrity | On Demand | Manually | ||||
| AES-CBC-Encrypt (4588) | AES-CBC-Encrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-CBC-Decrypt (4588) | AES-CBC-Decrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-CTR Encrypt (4588) | AES-CTR Encrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-CTR Decrypt (4588) | AES-CTR Decrypt (4588) | KAT | CAST | On Demand | Manually |
The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-3 these are categorized as either preoperational self-tests or conditional self-tests. Pre-operational self–tests are available on demand by power cycling the Module. The operator may invoke periodic self-tests by power cycling the module. It is recommended that periodic self-testing be performed weekly. Please note that HMAC-SHA2-256 is self-tested prior to execution of the Software Integrity Test. The Module performs the following pre-operational self-tests in table below HMAC SHA2256 Table 21: Pre-Operational Self-Tests
The Module performs the following conditional self-tests in the table below: Version 1.3 Persistent Systems, LLC Public Material
Version 1.3 Persistent Systems, LLC Public Material
Version 1.3 Persistent Systems, LLC Public Material
Version 1.3 Persistent Systems, LLC Public Material
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Test Properties | Indicator | Conditions |
|---|---|---|---|---|---|---|---|---|---|
| SHA3-224 (A4589) | SHA3-224 (A4589) | KAT | CAST | Message Digest | SHA3-224 | fips_get_tests_passed() | Power-On | ||
| SHA3-256 (A4589) | SHA3-256 (A4589) | KAT | CAST | Message Digest | SHA3-256 | fips_get_tests_passed() | Power-On | ||
| SHA3-384 (A4589) | SHA3-384 (A4589) | KAT | CAST | Message Digest | SHA3-384 | fips_get_tests_passed() | Power-On | ||
| SHA3-512 (A4589) | SHA3-512 (A4589) | KAT | CAST | Message Digest | SHA3-512 | fips_get_tests_passed() | Power-On | ||
| Software Integrity Test | Software Integrity Test | KAT | SW/FW Integrity | On Demand | Manually | ||||
| AES-CBC-Encrypt (4588) | AES-CBC-Encrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-CBC-Decrypt (4588) | AES-CBC-Decrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-CTR Encrypt (4588) | AES-CTR Encrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-CTR Decrypt (4588) | AES-CTR Decrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB Encrypt (4588) | AES-ECB Encrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB Decrypt (4588) | AES-ECB Decrypt (4588) | KAT | CAST | On Demand | Manually | ||||
| AES-CBC Encrypt (4589) | AES-CBC Encrypt (4589) | KAT | CAST | On Demand | Manually | ||||
| AES-CBC Decrypt (4589) | AES-CBC Decrypt (4589) | KAT | CAST | On Demand | Manually | ||||
| AES-CBC-CS3 Encrypt | AES-CBC-CS3 Encrypt | KAT | CAST | On Demand | Manually | ||||
| AES-CBC-CS3 Decrypt | AES-CBC-CS3 Decrypt | KAT | CAST | On Demand | Manually | ||||
| AES-CCM Encrypt | AES-CCM Encrypt | KAT | CAST | On Demand | Manually | ||||
| AES-CCM Decrypt | AES-CCM Decrypt | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A4589) | AES-CMAC (A4589) | KAT | CAST | On Demand | Manually | ||||
| AES-CTR Encrypt (4589) | AES-CTR Encrypt (4589) | KAT | CAST | On Demand | Manually | ||||
| AES-CTR Decrypt (4589) | AES-CTR Decrypt (4589) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB Encrypt (4589) | AES-ECB Encrypt (4589) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB Decrypt (4589) | AES-ECB Decrypt (4589) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM Encrypt | AES-GCM Encrypt | KAT | CAST | On Demand | Manually | ||||
| AES-GCM Decrypt | AES-GCM Decrypt | KAT | CAST | On Demand | Manually | ||||
| AES-XTS Encrypt | AES-XTS Encrypt | KAT | CAST | On Demand | Manually | ||||
| AES-XTS Decryt | AES-XTS Decryt | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A4589) | Counter DRBG (A4589) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A4589) | Hash DRBG (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A4589) | HMAC DRBG (A4589) | KAT | CAST | On Demand | Manually | ||||
| Entropy | Entropy | RCT, APT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A4588) | HMAC-SHA-1 (A4588) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2-224 (A4588) | HMAC-SHA2-224 (A4588) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2-256 (A4588) | HMAC-SHA2-256 (A4588) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A4589) | HMAC-SHA-1 (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2-224 (A4589) | HMAC-SHA2-224 (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2-256 (A4589) | HMAC-SHA2-256 (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2-384 (A4589) | HMAC-SHA2-384 (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2-512 (A4589) | HMAC-SHA2-512 (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3-224 (A4589) | HMAC-SHA3-224 (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3-256 (A4589) | HMAC-SHA3-256 (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3-384 (A4589) | HMAC-SHA3-384 (A4589) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3-512 (A4589) | HMAC-SHA3-512 (A4589) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186- 4) (A4589) | RSA SigVer (FIPS186- 4) (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4588) | SHA-1 (A4588) | KAT | CAST | On Demand | Manually | ||||
| SHA2-224 (A4588) | SHA2-224 (A4588) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A4588) | SHA2-256 (A4588) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A4589) | SHA-1 (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA2-224 (A4589) | SHA2-224 (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A4589) | SHA2-256 (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA2-384 (A4589) | SHA2-384 (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4589) | SHA2-512 (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA3-224 (A4589) | SHA3-224 (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA3-256 (A4589) | SHA3-256 (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA3-384 (A4589) | SHA3-384 (A4589) | KAT | CAST | On Demand | Manually | ||||
| SHA3-512 (A4589) | SHA3-512 (A4589) | KAT | CAST | On Demand | Manually |
Table 22: Conditional Self-Tests
Table 23: Pre-Operational Periodic Information Version 1.3 Persistent Systems, LLC Public Material
Version 1.3 Persistent Systems, LLC Public Material
Version 1.3 Persistent Systems, LLC Public Material
Table 24: Conditional Periodic Information The operator may invoke periodic self-tests by power cycling the module. It is recommended that periodic self-testing be performed weekly. Version 1.3 Persistent Systems, LLC Public Material
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| ES1 | The module fails pre- operational self-tests, conditional self- tests, or authentication. | The Module enters the FIPS_error state | fips140_get_error() | Power cycle the module |
Self-tests may be initiated on demand by power cycling the module.
No end user action is required to startup the module in an approved mode for operation. The module is built into the Wave Relay® OS and delivered in Persistent Systems’ Wave Relay® Solutions. There is no standalone delivery of the module as a software hybrid module. Persistent Systems’ internal development process guarantees that the correct version of the module is installed within its intended device OS version. Installation and Initialization: The module is pre-installed within the Persistent Systems Solutions, which include the MPU5, Embedded Module, Embedded Module lite, GVR5, or Integrated Antenna Series. No further initialization of the module is required. Upon powering on the hardware platform, the module will automatically perform pre-operational and conditional self-tests in accordance with FIPS 140-3 requirements. Delivery: The module is pre-installed within the Persistent Systems product offerings. The Persistent Systems products are distributed using a trusted courier and packaging must be inspected upon delivery.
Version 1.3 Persistent Systems, LLC Public Material
There are no specific management activities required of the Crypto Officer Role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Persistent Systems Support should be contacted.
There are no specific management activities required of the Crypto Officer Role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Persistent Systems Support should be contacted.
Rules of Operation 1. 2. 3. 4. 5. 6.
The module must be zeroised and returned to the manufacturer.
The Module does not implement any mitigation method against other attacks. Version 1.3 Persistent Systems, LLC Public Material
Version 1.3 Persistent Systems, LLC Public Material
| Name | Term | Definition | Abbreviation | Full Specification Name |
|---|---|---|---|---|
| [FIPS140-3] | [FIPS140-3] | Security Requirements for Cryptographic Modules, March 22, 2019 | ||
| [ISO19790] | [ISO19790] | International Standard, ISO/IEC 19790, Information technology — Security techniques — Test requirements for cryptographic modules, Third edition, March 2017 | ||
| [ISO24759] | [ISO24759] | International Standard, ISO/IEC 24759, Information technology — Security techniques — Test requirements for cryptographic modules, Second and Corrected version, 15 December 2015 | ||
| [IG] | [IG] | Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program, <date> | ||
| [131A] | [131A] | Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, Revision 2, March 2019 | ||
| [197] | [197] | National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 26, 2001 | ||
| [198] | [198] | National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, July, 2008 | ||
| [180] | [180] | National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August, 2015 | ||
| [202] | [202] | FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS PUB 202, August 2015 | ||
| [38A] | [38A] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001 | ||
| [38B] | [38B] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, Special Publication 800-38B, May 2005 | ||
| [38C] | [38C] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, Special Publication 800- 38C, May 2004 | ||
| [38D] | [38D] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Special Publication 800-38D, November 2007 | ||
| [38E] | [38E] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, Special Publication 800-38E, January 2010 | ||
| [90A] | [90A] | National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015. | ||
| [90B] | [90B] | National Institute of Standards and Technology, Recommendation for the Entropy Sources Used for Random Bit Generation, Special Publication 800-90B, January 2018. | ||
| Acronym | Acronym | Definition | ||
| APT | APT | Adaptative Proportion Test | ||
| KAT | KAT | Know Answer Test | ||
| RCT | RCT | Repetition Count Test |
References and Definitions The following standards are referred to in this Security Policy. Table 26
Table 27