All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Wave Relay® Kernel Space Crypto Module

Certificate#5144StandardFIPS 140-3Level2TypeSoftware-hybridEmbodimentSingle ChipStatusActiveVendorPersistent Systems, LLC
Low review priority  ·  no TCB surface named  ·  last validated 6 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeSoftware-hybrid
EmbodimentSingle Chip
StatusActive
Sunset date1/25/2031
CaveatWhen operated in approved mode; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded
VendorPersistent Systems, LLC

Approved Algorithms (31)

AlgorithmACVP Cert
AES-CBCA4588
AES-CBC-CS3A4589
AES-CCMA4589
AES-CMACA4589
AES-CTRA4588
AES-ECBA4588
AES-GCMA4589
AES-GMACA4589
AES-XTS Testing Revision 2.0A4589
Counter DRBGA4589
Hash DRBGA4589
HMAC DRBGA4589
HMAC-SHA-1A4588
HMAC-SHA2-224A4588
HMAC-SHA2-256A4588
HMAC-SHA2-384A4589
HMAC-SHA2-512A4589
HMAC-SHA3-224A4589
HMAC-SHA3-256A4589
HMAC-SHA3-384A4589
HMAC-SHA3-512A4589
RSA SigVer (FIPS186-4)A4589
SHA-1A4588
SHA2-224A4588
SHA2-256A4588
SHA2-384A4589
SHA2-512A4589
SHA3-224A4589
SHA3-256A4589
SHA3-384A4589
SHA3-512A4589

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Life-Cycle Assurance1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Wave Relay® Kernel Space Crypto Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>SF2</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IPSEC<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Wave Relay® Kernel Space Crypto Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>SF2</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IPSEC<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Persistent Systems, LLC Wave Relay® Kernel Space Crypto Module Document Version: 1.5 Date: January 14, 2026 Version 1.3 Persistent Systems, LLC Public Material

Page 2
Table of Contents
#SectionPage
1– General5
1.1Overview5
1.2Security Levels5
2– Cryptographic Module Specification6
2.1Description6
2.2Tested and Vendor Affirmed Module Version and Identification8
2.3Excluded Components9
2.4Modes of Operation9
2.5Algorithms10
2.6Security Function Implementations14
2.7Algorithm Specific Information17
2.8RBG and Entropy17
2.9Key Generation18
2.10Key Establishment18
2.11Industry Protocols18
3Cryptographic Module Interfaces19
3.1Ports and Interfaces19
4Roles, Services, and Authentication20
4.1Authentication Methods20
4.2Roles20
4.3Approved Services20
4.4Non-Approved Services23
4.5External Software/Firmware Loaded24
5Software/Firmware Security25
5.1Integrity Techniques25
5.2Initiate on Demand25
6Operational Environment26
6.1Operational Environment Type and Requirements26
6.2Configuration Settings and Restrictions26
7Physical Security27
7.1Mechanisms and Actions Required27
8Non-Invasive Security28
9Sensitive Security Parameters Management29
9.1Storage Areas29
9.2SSP Input-Output Methods29
9.3SSP Zeroization Methods29
9.4SSPs30
10Self-Tests32
10.1Pre-Operational Self-Tests32
10.2Conditional Self-Tests32
10.3Periodic Self-Test Information36
10.4Error States40
10.5Operator Initiation of Self-Tests40
11Life-Cycle Assurance40
11.1Installation, Initialization, and Startup Procedures40
11.2Administrator Guidance40
11.3Non-Administrator Guidance41
11.4Design and Rules41
Rules of Operation41
11.6End of Life41
12Mitigation of Other Attacks41
References and Definitions43
Page 3

Version 1.3 Persistent Systems, LLC Public Material

Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)8
Table 3: Tested Module Identification – Hybrid Disjoint Hardware9
Table 4: Tested Operational Environments - Software, Firmware, Hybrid9
Table 5: Modes List and Description10
Table 6: Approved Algorithms12
Table 7: Non-Approved, Not Allowed Algorithms13
Table 8: Security Function Implementations16
Table 9: Entropy Certificates17
Table 10: Entropy Sources17
Table 11: Ports and Interfaces19
Table 12: Authentication Methods20
Table 13: Roles20
Table 14: Approved Services23
Table 15: Non-Approved Services24
Table 16: Storage Areas29
Table 17: SSP Input-Output Methods29
Table 18: SSP Zeroization Methods29
Table 19: SSP Table 131
Table 20: SSP Table 231
Table 21: Pre-Operational Self-Tests32
Table 22: Conditional Self-Tests36
Table 23: Pre-Operational Periodic Information36
Table 24: Conditional Periodic Information39
Table 25: Error States40
Table 26 – References43
Table 27 – Acronyms and Definitions44
Figure 1- Cryptographic Boundary7
Figure 2 - Physical Perimeter8
Page 5
Security level
NameISO SectionRequirementLevel
11General2
22Cryptographic module specification2
33Cryptographic module interfaces2
44Roles, services, and authentication2
55Software/Firmware security2
66Operational environment2
77Physical security2
88Non-invasive securityN/A
99Sensitive security parameter management2
1010Self-tests2
1111Life-cycle assurance2
1212Mitigation of other attacksN/A
Overall LevelOverall Level2
1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for version 1.1 of the Persistent Systems LLC Wave Relay® Kernel Space Crypto Module. It contains the security rules under which the Module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 2 module.

1.2 Security Levels

The FIPS 140-3 security levels for the Module are as follows from Table 1: N/A N/A Table 1: Security Levels Version 1.3 Persistent Systems, LLC Public Material

Page 6
2 – Cryptographic Module Specification

FIPS validated connectivity drives mission success. This Persistent Systems LLC Wave Relay® Kernel Space Crypto Module, hereafter denoted as the “module”, is a Software-Hybrid cryptographic module operating on a single-chip device that provides FIPS validated cryptographic algorithms which are used by kernel space system services & protocols (e.g. Wave Relay, IPsec, etc.) The Wave Relay® System is a peer-to-peer wireless MANET networking solution in which there is no master node. If any device fails, the rest of the devices continue to communicate using any remaining connectivity. By eliminating master nodes, gateways, access points, and central coordinators from the design, Wave Relay® delivers high levels of fault tolerance regardless of which nodes might fail.

2.1 Description

Purpose and Use: The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated cryptography. The module is intended to be used in various products within the vendor’s portfolio of solutions. Built to create powerful, secure networks anywhere, the Module is used to unite all critical data sources in real time giving you and your team the confidence to make difficult decisions in the heart of the moment. Module Type: Software-hybrid Module Embodiment: SingleChip Cryptographic Boundary: The Module is a single-chip embodiment. Figure 1 below shows a block diagram of the cryptographic boundary. The cryptographic boundary is outlined in red and defined as a combination of the software kernel library (FIPS140.ko) and the hardware crypto IP core within the NXP i.MX 6 Series SoC (System on a Chip). The disjoint hardware component is the hardware-only cryptographic algorithms and entropy source depicted on the left side of Figure 1 under “Crypto Accelerator and Assurance Module (CAAM)”. The software component is the “FIPS Kernel Module” on the right side of Figure 1, which includes the SW Crypto Functions (which may utilize PAA), as well as the FIPS Self-Test implementations and CAAM Driver. The Module supports both hardware (Cryptographic Accelerator and Assurance Module (CAAM)) and software based cryptographic operation. The flow of information between the components and the relation between data and the Module’s interfaces are depicted through arrows. Tested Operational Environment’s Physical Perimeter (TOEPP): Version 1.3 Persistent Systems, LLC Public Material

Page 7

The TOEPP of the Module is depicted in Figure 2 below.The TOEPP is the NXP i.MX6 SOC. Figure 1- Cryptographic Boundary Version 1.3 Persistent Systems, LLC Public Material

Page 8
Module configuration
NameModelHardware VersionFirmware VersionPackageIntegrity Test
Wave Relay1.1Wave RelayHMAC-SHA2-256
MCIMX6Q6AVT10AEMCIMX6Q6AVT10AEMCIMX6Q6AVT10AE
MCIMX6Q6AVT10ADMCIMX6Q6AVT10ADMCIMX6Q6AVT10AD
MSCMMX6QZCK08ABMSCMMX6QZCK08ABMSCMMX6QZCK08AB
MCIMX6Q7CZK08AEMCIMX6Q7CZK08AEMCIMX6Q7CZK08AE
Module configuration
NameModelHardware VersionFirmware VersionPackageIntegrity Test
Wave Relay1.1Wave RelayHMAC-SHA2-256
MCIMX6Q6AVT10AEMCIMX6Q6AVT10AEMCIMX6Q6AVT10AE
MCIMX6Q6AVT10ADMCIMX6Q6AVT10ADMCIMX6Q6AVT10AD
MSCMMX6QZCK08ABMSCMMX6QZCK08ABMSCMMX6QZCK08AB
MCIMX6Q7CZK08AEMCIMX6Q7CZK08AEMCIMX6Q7CZK08AE

There are four physical variants of the chip as shown in Figure 2 below. Figure 2 - Physical Perimeter

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 9
Module configuration
NameOperating SystemHardware PlatformSoftware VersionProcessorPaa Pai
Wave Relay® OS 2.2Wave Relay® OS 2.2MPU (5th Generation)1.1MCIMX6Q6AVT10AEYes
Wave Relay® OS 2.2Wave Relay® OS 2.2MPU (5th Generation)1.1MCIMX6Q6AVT10ADYes
Wave Relay® OS 2.2Wave Relay® OS 2.2Embedded Module1.1MCIMX6Q7CZK08AEYes
Wave Relay® OS 2.2Wave Relay® OS 2.2Embedded Module lite1.1MCIMX6Q7CZK08AEYes
Wave Relay® OS 2.2Wave Relay® OS 2.2Embedded Module1.1MSCMMX6QZCK08ABYes
Wave Relay® OS 2.2Wave Relay® OS 2.2Embedded Module lite1.1MSCMMX6QZCK08ABYes
Wave Relay® OS 2.2Wave Relay® OS 2.2GVR51.1MCIMX6Q7CZK08AEYes
Wave Relay® OS 2.2Wave Relay® OS 2.2Integrated Antenna Series1.1MCIMX6Q7CZK08AEYes

Table 3: Tested Module Identification

2.3 Excluded Components

No components were excluded from the cryptographic boundary.

2.4 Modes of Operation

Persistent Systems, LLC Public Material

Page 10
Service
NameDescriptionIndicatorType
Non- ApprovedThe module is capable of non- approved services in the non-approved mode of operation only.fips140_service_indicator = 0Non- Approved
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA4588Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA4589Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A4589Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA4589Key Length - 128, 192, 256SP 800-38C
AES-CMACA4589Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CTRA4588Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA4589Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA4588Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA4589Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA4589Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 192, 256SP 800-38D
AES-GMACA4589Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-XTS Testing Revision 2.0A4589Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA4589Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA4589Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA4589Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC-SHA-1A4588Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA-1A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA2-224A4588Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA2-224A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA2-256A4588Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA2-256A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA2-384A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA2-512A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA3-224A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA3-256A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA3-384A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
HMAC-SHA3-512A4589Key Length - Key Length: 8-524280 Increment 8FIPS 198-1
RSA SigVer (FIPS186-4)A4589Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096FIPS 186-4
SHA-1A4588Message Length - Message Length: 160, 0-65536 Increment 8FIPS 180-4
SHA-1A4589Message Length - Message Length: 160, 0-65536 Increment 8FIPS 180-4
SHA2-224A4588Message Length - Message Length: 224, 0-65536 Increment 8FIPS 180-4
SHA2-224A4589Message Length - Message Length: 224, 0-65536 Increment 8FIPS 180-4
SHA2-256A4588Message Length - Message Length: 256, 0-65536 Increment 8FIPS 180-4
SHA2-256A4589Message Length - Message Length: 256, 0-65536 Increment 8FIPS 180-4
SHA2-384A4589Message Length - Message Length: 384, 0-65536 Increment 8FIPS 180-4
SHA2-512A4589Message Length - Message Length: 512, 0-65536 Increment 8FIPS 180-4
SHA3-224A4589Message Length - Message Length: 0- 65536 Increment 8FIPS 202
SHA3-256A4589Message Length - Message Length: 0- 65536 Increment 8FIPS 202
SHA3-384A4589Message Length - Message Length: 0- 65536 Increment 8FIPS 202
SHA3-512A4589Message Length - Message Length: 0- 65536 Increment 8FIPS 202

Modes List and Description: support a degraded mode. NonApproved =1 NonApproved =0 Table 5: Modes List and Description Mode Change Instructions and Status: The module provides a service level indicator. All Approved services will indicate they are Approved services and all non-Approved services will indicate they are non-Approved. No additional configuration or initialization is required.

2.5 Algorithms

Approved Algorithms: The Module implements cryptographic algorithms in the following providers:

Page 11

Version 1.3 Persistent Systems, LLC Public Material

Page 12

Table 6: Approved Algorithms Vendor-Affirmed Algorithms: The Module does not support any vendor affirmed cryptographic algorithms. N/A for this module. Non-Approved, Allowed Algorithms: The module does not implement any Non-Approved, but Allowed Algorithms in the Approved Mode of Operation. Version 1.3 Persistent Systems, LLC Public Material

Page 13
Service
NameApproved Functions
AES (GCM) - Ext IVGCM with Externally Generated IVs
AES (GCM) - HybridHybrid Authenticated Symmetric Encryption/Decryption using internally generated IV HW: Encrypt, Decrypt SW: Message Authentication
ghashMessage Authentication used independently from AES(GCM)
AES (CCM) - HybridHybrid Authenticated Symmetric Encryption/Decryption HW: Encrypt, Decrypt SW: Message Authentication
AES (cbcmac)Message Authentication used independently from AES(CCM)
AES (CTS)Cipher Text Stealing
AES (XTS) - HybridHybrid Disk Encryption HW: First encryption SW: Second encryption
ENT (SW)Software Entropy Source (Jitterentropy) for DRBG Seeding

N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: The module does not implement any Non-Approved, Algorithms Allowed with No Security Claimed in the Approved Mode of Operation. N/A for this module. Non-Approved, Not Allowed Algorithms: The Module implements the Non-Approved, Not Allowed cryptographic algorithms listed in the table below. Table 7: Non-Approved, Not Allowed Algorithms Version 1.3 Persistent Systems, LLC Public Material

Page 14
Service
NameDescriptionApproved FunctionsTypeProperties
SF1Symmetric Key Data EncryptionAES-CBC: (A4588, A4589) Size: 128, 192, 256 AES-CTR: (A4588, A4589) Size: 128, 192, 256 AES-ECB: (A4588, A4589) Size: 128, 192, 256 AES-CBC-CS3: (A4589) Size: 128, 192, 256 AES-CCM: (A4589) Size: 128, 192, 256 AES-GCM: (A4589) Size: 128, 192, 256 AES-XTS Testing Revision 2.0: (A4589) Size: 128, 256BC-AuthPublication:FIPS 197
SF2Symmetric Key Data DecryptionAES-CBC: (A4588, A4589) Size: 128, 192, 256 AES-CTR: (A4588, A4589) Size: 128, 192, 256 AES-ECB: (A4588, A4589) Size: 128, 192, 256BC-UnAuthPublication:197
SF3Message Authentication Generation/VerificationAES-CMAC: (A4589) AES-GMAC: (A4589) HMAC-SHA-1: (A4588, A4589) HMAC-SHA2-224: (A4588, A4589) HMAC-SHA2-256: (A4588, A4589) HMAC-SHA2-384: (A4589) HMAC-SHA2-512: (A4589) HMAC-SHA3-224: (A4589) HMAC-SHA3-256: (A4589) HMAC-SHA3-384: (A4589) HMAC-SHA3-512: (A4589)MACPublication:FIPS 198, SP800-38B, SP800-38D
SF4Message DigestSHA-1: (A4588, A4589)SHAPublication:FIPS 180-4, FIPS 202
SF5Random Number GenerationHash DRBG: (A4589) HMAC DRBG: (A4589) Counter DRBG: (A4589)DRBGPublication:SP800-90A
SF6Signature VerificationRSA SigVer (FIPS186- 4): (A4589) Size: 2048, 3072, 4096DigSig-SigVerPublication:186-4
SF7Entropy GenerationHash DRBG: (A4589) HMAC DRBG: (A4589) Counter DRBG: (A4589)ENT-ESVPublication:SP800-90B
2.6 Security Function Implementations

The table below shows the Security Function Implementations that the module implements: Version 1.3 Persistent Systems, LLC Public Material

Page 15

Version 1.3 Persistent Systems, LLC Public Material

Page 16

Table 8: Security Function Implementations Version 1.3 Persistent Systems, LLC Public Material

Page 17
Sensitive security parameter
NameTypeStrengthOperational Environment
Wave Relay Physical Entropy SourcePhysical384 bitsNXP i.MX 6316 bits
CertVendor Name
Number
E82persistent systems
2.7 Algorithm Specific Information

Below are the documentation requirements for specific algorithms and conditions, as mandated by Implementation Guidance. AES GCM IV Uniqueness FIPS140-3 IG C.H, Option 2 The IV is generated internally at its entirety randomly. The generation uses an Approved DRBG (Cert. #A4589) that is internal to the module’s boundary. The IV length is fixed at 96 bits (per SP 800-38D). FIPS140-3 IG C.I The XTS algorithm implementation includes a check prior to use to ensure Key_1 ≠ Key_2. SHA-1 The use of SHA-1 by the “Hash” service is only approved for integrity checks and is not approved for use as part of a digital signature.

2.8 RBG and Entropy

Table 9: Entropy Certificates The Module uses the following entropy sources: Table 10: Entropy Sources Version 1.3 Persistent Systems, LLC Public Material

Page 18

Persistent Systems is using a physical free running ring oscillator to generate entropy input for instantiation and reseed of SP 800-90A compliant DRBGs. The entropy source is the True Random Number Generator (TRNG) sub-component of an NXP i.MX 6 SoC chip. The entropy source performs all required health tests of SP 800-90B, which includes continuous, start-up and on-demand health tests. There are no configurations needed by the operator to use the entropy source in accordance with the Public Use Document for ESV Cert. #E82. Whenever a failure is detected during the health testing, entropy data is not returned to the caller; instead, a failure code is returned to enable the caller to determine the reason for the failure. The entropy source then halts and will refuse new requests for entropy. Upon return of the failure, the operator shall reset or reboot the entropy source. The entropy source will continue to operate after being reset and passing all start-up and continuous health tests. The default Approved DRBG used for random number generation is the HMAC_DRBG (Cert A4589) using SHA2-512. In addition, the module also provides HMAC_DRBG, CTR_DRBG and HASH_DRBG using different mechanisms and key sizes. The DRBGs are all internally seeded by using the entropy source (ESV Cert. #E82). The security strength of the DRBG is determined by the internal mechanism selected (i.e., 256-bits security strength for a CTR_DRBG using AES-256). The operator shall select the appropriate DRBG mechanism for the security strength required when using the “Random Bit Generation” service.

2.9 Key Generation

The module does not support Key Generation Functions.

2.10 Key Establishment

Key Agreement Information The module does not support Key Agreement Functions. Key Transport Information The module does not support Key Transport Functions.

2.11 Industry Protocols

The module does not implement any Industry Protocols. Version 1.3 Persistent Systems, LLC Public Material

Page 19
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
N/AN/AControl Inputo API input arguments that are used to initialize and control the operation of the module o API Commands invoking cryptographic services
N/AN/AData Inputo API input arguments that provide input data for processing o Data to be encrypted, decrypted, verified, or hashed o Keys to be used in cryptographic services
N/AN/AData Outputo API output arguments that return generated or processed data back to the caller o Data that has been encrypted, decrypted or verified o Hashes o Random Values generated by the module's DRBG o Random seed material for other module DRBGs
N/AN/AStatus Outputo API call return values o Status information regarding the module
N/AN/APowerN/A
3.1 Ports and Interfaces

The Module’s ports and associated FIPS defined logical interface categories are listed below. N/A N/A N/A N/A N/A N/A Table 11: Ports and Interfaces Note: The module does not support Control Output. Version 1.3 Persistent Systems, LLC Public Material

Page 20
Sensitive security parameter
NameDescriptionStrengthStrength per Minute
Role Based AuthenticationSignature VerificationRSA 3072-bit has a security strength of 128 bits. The probability of successfully guessing the private key is 1/(2^128).SF6Each authentication attempt takes approximately 8.4 seconds, which results in a maximum of seven authentication attempts per minute. The probably of a brute force attack being successful within a given minute is 7/(2^128).
Service
NameRole AccessType
Cryptographic OfficerCORoleRole Based Authentication
4 Roles, Services, and Authentication
4.2 Roles

The Module supports one distinct operator role, Crypto Officer (CO). One authentication is allowed per Module reset. The Module does not support concurrent operators. The Cryptographic Officer’s authentication public key is protected by the physical and logical design of the Module; it is stored as part of the Module binary itself. The Roles Table below lists all operator roles supported by the Module. Table 13: Roles

4.3 Approved Services

All approved services implemented by the Module are listed in the table below: The SSPs modes of access shown in the table below are defined as:

Page 21
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Module Self- TestPerform module initializat ion, pre- operation al, and condition al cryptogra phic algorith m self- tests.Cryptogra phic Officer - Software Integrity Key: ENonefips_get_tests_pass ed()PowerPass/Fail Status
LoginAuthenti cate to the module.Cryptogra phic Officer - CO Authentic ation Key: ESF6fips140_get_error()Authenti cation SignatureAuthenti cation Status
Module StatusShows module's statusCryptogra phic OfficerNonefips140_get_error()NoneStatus
HashCompute a Message DigestCryptogra phic OfficerSF4fips140_service_in dicator()=1MessageHash Value
Show Module InfoShows module's versionin g informati onCryptogra phic OfficerNonefips140_module_v ersion()NoneModule Base Name + Module Version Number
Symmetric Encryption/De cryptionEncrypti on and decryptio n of data.Cryptogra phic Officer - AES Key: W,ESF1 SF2fips140_service_in dicator()=1AES Key, Plaintext or Cipherte xtPlaintext or Cipherte xt
Keyed MACCompute a Message Authenti cation codeCryptogra phic Officer - AES Key: W,E - HMAC Key: W,ESF3fips140_service_in dicator()=1Message, HMAC or AES KeyMessage Authenti cation Code
Random Bit GenerationGenerate s random values. Operator must select the appropria te DRBG mechanis m for the security- strength desired.Cryptogra phic Officer - CTR_DR BG-State: W,E - HMAC_D RBG- State: W,E - HASH_D RBG- State: W,ESF5fips140_service_in dicator()=1DRBG SelectionRandom Values
RSA Signature VerificationSignature Verificati onCryptogra phic Officer - RSA Public Key: R,ESF6fips140_service_in dicator()=1RSA Public Key, Signature MessageBoolean indicatin g validity of signature
Entropy GenerationGenerate entropy for internal or external DRBGsCryptogra phic Officer - DRBG- EI: G,RSF7fips140_service_in dicator()=1N/AEntropy
ZeroisationDestroys all securityCryptogra phic Officer - DRBG-Nonefips140_get_error() =1N/AN/A

Module SelfTest ion, preoperation m selftests. a g E Persistent Systems, LLC Public Material

Page 22

a securitystrength W,E RBGState: W,E RBGState: W,E N/A - DRBGEI: G,R =1 N/A Version 1.3 Persistent Systems, LLC Public Material

Page 23
Service
NameDescriptionRolesCsps AccessedApproved Functions
paramete rsparamete rsEI: Z - CTR_DR BG-State: Z - AES Key: Z - HMAC Key: Z - RSA Public Key: Z - HMAC_D RBG- State: Z - HASH_D RBG- State: Z
Authenticated Symmetric Encryption/DecryptionGCM using externally generated IVsCOAES (GCM) - Ext IV
Hybrid Authenticated Symmetric Encryption/DecryptionGCM or CCM encryption/decryption using a hybrid implementation in Hardware and SoftwareCOAES (GCM) - Hybrid AES (CCM) - Hybrid
Hybrid Symmetric Encryption/Decryptionencryption/decryption using a hybrid implementation in Hardware and SoftwareCOAES (XTS) - Hybrid
Authentication CodesMessage Authentication used independent of CCM or GCMCOghash AES (cbcmac)
Entropy (SW)Software entropy sourceCOENT (SW)
Service
NameDescriptionRolesCsps AccessedApproved Functions
paramete rsparamete rsEI: Z - CTR_DR BG-State: Z - AES Key: Z - HMAC Key: Z - RSA Public Key: Z - HMAC_D RBG- State: Z - HASH_D RBG- State: Z
Authenticated Symmetric Encryption/DecryptionGCM using externally generated IVsCOAES (GCM) - Ext IV
Hybrid Authenticated Symmetric Encryption/DecryptionGCM or CCM encryption/decryption using a hybrid implementation in Hardware and SoftwareCOAES (GCM) - Hybrid AES (CCM) - Hybrid
Hybrid Symmetric Encryption/Decryptionencryption/decryption using a hybrid implementation in Hardware and SoftwareCOAES (XTS) - Hybrid
Authentication CodesMessage Authentication used independent of CCM or GCMCOghash AES (cbcmac)
Entropy (SW)Software entropy sourceCOENT (SW)
Ciphertext StealingAES encryption/decryption using ciphertext/stealingCOAES (CTS)

Z RBGState: Z RBGState: Z Table 14: Approved Services

4.4 Non-Approved Services

All approved services implemented by the Module are listed in the table below: Version 1.3 Persistent Systems, LLC Public Material

Page 24

Table 15: Non-Approved Services

4.5 External Software/Firmware Loaded

The module does not support an External Software/Firmware Load capability. Version 1.3 Persistent Systems, LLC Public Material

Page 25
5 Software/Firmware Security
5.1 Integrity Techniques

The Module is composed of the following component(s):

5.2 Initiate on Demand

The operator can initiate the integrity test on demand by power cycling the hardware. Version 1.3 Persistent Systems, LLC Public Material

Page 26
6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Modifiable The Module has a modifiable operational environment under the FIPS 140-3 definitions. The tested operational environments are listed in Section 2.1. The Operating Environment is modifiable and allows the operator to load and execute software. How Requirements are Satisfied: The Module supports a modifiable operational environment. The operator may load and execute software that was not included in the original evaluation as the underlying Wave Relay OS 2.2 operational environment is modifiable. Each instance of a cryptographic module controls its own SSPs and are not owned or controlled by external processes/operators. This requirement is not enforced by administrative documentation and procedures but by the cryptographic module itself. The operational environment provides the capability to separate individual application processes from each other in order to prevent uncontrolled access to CSPs and uncontrolled modification of SSPs

6.2 Configuration Settings and Restrictions

All cryptographic software, SPPs and control/status information is under the control of an operating system that implements mandatory access control. The Operating system protects against unauthorized execution, unauthorized modification and unauthorized reading of SSPs and status data. Processes that are spawned by the cryptographic module are owned by the module and are not owned by external processes/operators. The Operating System provides an audit mechanism with the date and time of each audited event. Version 1.3 Persistent Systems, LLC Public Material

Page 27
7 Physical Security

The design and physical security characteristics of the Wave Relay Kernel Space Crypto module meet the intent of the FIPS 140-3 Level 2 Physical Security Requirements, based on the test results described in the physical security test report. The embodiment of the Module is a single chip, which is opaque and also provides tamper evidence. The module has been subjected to FIPS140-3 Level 2 physical security analysis.

7.1 Mechanisms and Actions Required

The module has: o o o

Page 28
8 Non-Invasive Security

The Module does not implement any mitigation method against non-invasive attack. Version 1.3 Persistent Systems, LLC Public Material

Page 29
Sensitive security parameter
NameTypeDescription
System Memory (S1)DynamicStored in plaintext in volatile memory (RAM).
Binary (S2)StaticStored in plaintext as part of the module binary itself.
Service
NameTypeFromTo
Input in plaintext (IO1)PlaintextApplication Software (outside)System Memory (S1)ManualElectronic
Output in plaintext (IO2)PlaintextSystem Memory (S1)Application Software (outside)ManualElectronic
ZeroizationDescriptionRationaleOperator
MethodInitiation
Z1Zeroisation serviceActive overwriting of SSP values with 0s in volatile memoryZeroisation service
Z2Zeroisation upon useActive overwriting of SSP values with 0s immediately after SSP is no longer needed.N/A
9 Sensitive Security Parameters Management
9.1 Storage Areas

Table 16: Storage Areas Table 17: SSP Input-Output Methods N/A Table 18: SSP Zeroization Methods Version 1.3 Persistent Systems, LLC Public Material

Page 30
Sensitive security parameter
NameTypeDescriptionStrengthGenerationEstablishmentSize - Strengt hEstablishe d By
DRBG-EIENT - CSPEntropy Input387-771 - 128 to 256SF7SF5
CTR_DRBG- StateDRBG - CSPCTR_DRBG internal state (V and Key)V is 128, Key is 128 to 256 - 128 to 256SF5SF5
HMAC_DRB G-StateDRBG - CSPHMAC_DRBG internal state (V and Key)V is 160 to 512, Key is 160 to 512 - 128 to 256SF5SF5
HASH_DRBG -StateDRBG - CSPHASH_DRBG internal state (V and C)V is 440 to 888, C is 440 to 888 - 128 to 256SF5SF5
HMAC KeyMAC - CSPUsed for Message Authentication128 to 512 - 128 to 256SF3
AES KeySymmetric - CSPUsed for encryption/decrypti on operations128, 192, 256 - 128, 192, 256SF1 SF2
RSA Public KeyAsymmetri c - PSPUsed for signature verification2048, 3072, 4096 - 112,SF6
CO Authentication KeyAsymmetri c - PSPUsed for authenticating the CO3072 - 128SF6
Software Integrity KeySelf-Test - NeitherUsed for module integrity256 - 256SF3
DRBG-EIUntil use completesOutput in plaintext (IO2)DRBG- State:Used to deriveSystem Memory (S1):PlaintextZ1 Z2
CTR_DRBG- StateUntil use completesDRBG- EI:Derived FromSystem Memory (S1):PlaintextZ1 Z2
HMAC_DRBG- StateUntil use completesDRBG- EI:Derived FromSystem Memory (S1):PlaintextZ1 Z2
HASH_DRBG- StateUntil use completesDRBG- EI:Derived FromSystem Memory (S1):PlaintextZ1 Z2
HMAC KeyUntil use completesInput in plaintext (IO1)System Memory (S1):PlaintextZ1 Z2
AES KeyUntil use completesInput in plaintext (IO1)System Memory (S1):PlaintextZ1 Z2
RSA Public KeyUntil use completesInput in plaintext (IO1)System Memory (S1):PlaintextZ1 Z2
CO Authentication KeyUntil use completesBinary (S2):PlaintextN/A
Software Integrity KeyUntil use completesBinary (S2):PlaintextN/A
9.4 SSPs

All usage of these SSPs by the Module are described in the services detailed in Section 4.3 CTR_DRBGState h d Version 1.3 Persistent Systems, LLC Public Material

Page 31

h d Table 19: SSP Table 1 CTR_DRBGState HMAC_DRBGState HASH_DRBGState N/A N/A DRBGEI:Derived DRBGEI:Derived DRBGEI:Derived Table 20: SSP Table 2 Version 1.3 Persistent Systems, LLC Public Material

Page 32
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTest PropertiesIndicatorConditions
Software Integrity TestSoftware Integrity TestKATSW/FW IntegrityExecuted on the kernel module.HMAC SHA2- 256fips_get_tests_passed()
AES-CBC- Encrypt (4588)AES-CBC- Encrypt (4588)KATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CBC- Decrypt (4588)AES-CBC- Decrypt (4588)KATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsTest PropertiesIndicatorConditions
Software Integrity TestSoftware Integrity TestKATSW/FW IntegrityExecuted on the kernel module.HMAC SHA2- 256fips_get_tests_passed()
AES-CBC- Encrypt (4588)AES-CBC- Encrypt (4588)KATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CBC- Decrypt (4588)AES-CBC- Decrypt (4588)KATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CTR Encrypt (4588)AES-CTR Encrypt (4588)KATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CTR Decrypt (4588)AES-CTR Decrypt (4588)KATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-ECB Encrypt (4588)AES-ECB Encrypt (4588)KATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-ECB Decrypt (4588)AES-ECB Decrypt (4588)KATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CBC Encrypt (4589)AES-CBC Encrypt (4589)KATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CBC Decrypt (4589)AES-CBC Decrypt (4589)KATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CBC-CS3 EncryptAES-CBC-CS3 EncryptKATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CBC-CS3 DecryptAES-CBC-CS3 DecryptKATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CCM EncryptAES-CCM EncryptKATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CCM DecryptAES-CCM DecryptKATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CMAC (A4589)AES-CMAC (A4589)KATCASTGenerateKey sizes: 128, 256 bitsfips_get_tests_passed()Power-On
AES-CTR Encrypt (4589)AES-CTR Encrypt (4589)KATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-CTR Decrypt (4589)AES-CTR Decrypt (4589)KATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-ECB Encrypt (4589)AES-ECB Encrypt (4589)KATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-ECB Decrypt (4589)AES-ECB Decrypt (4589)KATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-GCM EncryptAES-GCM EncryptKATCASTEncryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-GCM DecryptAES-GCM DecryptKATCASTDecryptKey sizes: 128, 192, 256 bitsfips_get_tests_passed()Power-On
AES-XTS EncryptAES-XTS EncryptKATCASTEncryptKey sizes: 128, 256 bitsfips_get_tests_passed()Power-On
AES-XTS DecrytAES-XTS DecrytKATCASTDecryptKey sizes: 128, 256 bitsfips_get_tests_passed()Power-On
Counter DRBG (A4589)Counter DRBG (A4589)KATCASTinstantiation, generate, and reseed KATsKey size: 128, 192, 256fips_get_tests_passed()Power-On
Hash DRBG (A4589)Hash DRBG (A4589)KATCASTinstantiation, generate, and reseed KATsSHA2-256fips_get_tests_passed()Power-On
HMAC DRBG (A4589)HMAC DRBG (A4589)KATCASTinstantiation, generate, and reseed KATsSHA2-256, SHA2-512fips_get_tests_passed()Power-On
EntropyEntropyRCT, APTCASTStartup and Continuous RCT and APT per [90B] Section 4.2 and 4.4SP800-90B Health Testsfips140_get_error()Entropy Generation
HMAC-SHA-1 (A4588)HMAC-SHA-1 (A4588)KATCASTGenerateSHA-1fips_get_tests_passed()Power-On
HMAC-SHA2- 224 (A4588)HMAC-SHA2- 224 (A4588)KATCASTGenerateSHA2-224fips_get_tests_passed()Power-On
HMAC-SHA2- 256 (A4588)HMAC-SHA2- 256 (A4588)KATCASTGenerateSHA2-256fips_get_tests_passed()Power-On
HMAC-SHA-1 (A4589)HMAC-SHA-1 (A4589)KATCASTGenerateSHA-1fips_get_tests_passed()Power-On
HMAC-SHA2- 224 (A4589)HMAC-SHA2- 224 (A4589)KATCASTGenerateSHA2-224fips_get_tests_passed()Power-On
HMAC-SHA2- 256 (A4589)HMAC-SHA2- 256 (A4589)KATCASTGenerateSHA2-256fips_get_tests_passed()Power-On
HMAC-SHA2- 384 (A4589)HMAC-SHA2- 384 (A4589)KATCASTGenerateSHA2-384fips_get_tests_passed()Power-On
HMAC-SHA2- 512 (A4589)HMAC-SHA2- 512 (A4589)KATCASTGenerateSHA2-512fips_get_tests_passed()Power-On
HMAC-SHA3- 224 (A4589)HMAC-SHA3- 224 (A4589)KATCASTGenerateSHA3-224fips_get_tests_passed()Power-On
HMAC-SHA3- 256 (A4589)HMAC-SHA3- 256 (A4589)KATCASTGenerateSHA3-256fips_get_tests_passed()Power-On
HMAC-SHA3- 384 (A4589)HMAC-SHA3- 384 (A4589)KATCASTGenerateSHA3-384fips_get_tests_passed()Power-On
HMAC-SHA3- 512 (A4589)HMAC-SHA3- 512 (A4589)KATCASTGenerateSHA3-512fips_get_tests_passed()Power-On
RSA SigVer (FIPS186-4) (A4589)RSA SigVer (FIPS186-4) (A4589)KATCASTSignature VerificationKey Size: 3072- bit with SHA2- 384fips_get_tests_passed()Power-On
SHA-1 (A4588)SHA-1 (A4588)KATCASTMessage DigestSHA-1fips_get_tests_passed()Power-On
SHA2-224 (A4588)SHA2-224 (A4588)KATCASTMessage DigestSHA2-224fips_get_tests_passed()Power-On
SHA2-256 (A4588)SHA2-256 (A4588)KATCASTMessage DigestSHA2-256fips_get_tests_passed()Power-On
SHA-1 (A4589)SHA-1 (A4589)KATCASTMessage DigestSHA-1fips_get_tests_passed()Power-On
SHA2-224 (A4589)SHA2-224 (A4589)KATCASTMessage DigestSHA2-224fips_get_tests_passed()Power-On
SHA2-256 (A4589)SHA2-256 (A4589)KATCASTMessage DigestSHA2-256fips_get_tests_passed()Power-On
SHA2-384 (A4589)SHA2-384 (A4589)KATCASTMessage DigestSHA2-384fips_get_tests_passed()Power-On
SHA2-512 (A4589)SHA2-512 (A4589)KATCASTMessage DigestSHA2-512fips_get_tests_passed()Power-On
SHA3-224 (A4589)SHA3-224 (A4589)KATCASTMessage DigestSHA3-224fips_get_tests_passed()Power-On
SHA3-256 (A4589)SHA3-256 (A4589)KATCASTMessage DigestSHA3-256fips_get_tests_passed()Power-On
SHA3-384 (A4589)SHA3-384 (A4589)KATCASTMessage DigestSHA3-384fips_get_tests_passed()Power-On
SHA3-512 (A4589)SHA3-512 (A4589)KATCASTMessage DigestSHA3-512fips_get_tests_passed()Power-On
Software Integrity TestSoftware Integrity TestKATSW/FW IntegrityOn DemandManually
AES-CBC-Encrypt (4588)AES-CBC-Encrypt (4588)KATCASTOn DemandManually
AES-CBC-Decrypt (4588)AES-CBC-Decrypt (4588)KATCASTOn DemandManually
AES-CTR Encrypt (4588)AES-CTR Encrypt (4588)KATCASTOn DemandManually
AES-CTR Decrypt (4588)AES-CTR Decrypt (4588)KATCASTOn DemandManually
10 Self-Tests
10.1 Pre-Operational Self-Tests

The Module performs self-tests to ensure the proper operation of the Module. Per FIPS 140-3 these are categorized as either preoperational self-tests or conditional self-tests. Pre-operational self–tests are available on demand by power cycling the Module. The operator may invoke periodic self-tests by power cycling the module. It is recommended that periodic self-testing be performed weekly. Please note that HMAC-SHA2-256 is self-tested prior to execution of the Software Integrity Test. The Module performs the following pre-operational self-tests in table below HMAC SHA2256 Table 21: Pre-Operational Self-Tests

10.2 Conditional Self-Tests

The Module performs the following conditional self-tests in the table below: Version 1.3 Persistent Systems, LLC Public Material

Page 33

Version 1.3 Persistent Systems, LLC Public Material

Page 34

Version 1.3 Persistent Systems, LLC Public Material

Page 35

Version 1.3 Persistent Systems, LLC Public Material

Page 36
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsTest PropertiesIndicatorConditions
SHA3-224 (A4589)SHA3-224 (A4589)KATCASTMessage DigestSHA3-224fips_get_tests_passed()Power-On
SHA3-256 (A4589)SHA3-256 (A4589)KATCASTMessage DigestSHA3-256fips_get_tests_passed()Power-On
SHA3-384 (A4589)SHA3-384 (A4589)KATCASTMessage DigestSHA3-384fips_get_tests_passed()Power-On
SHA3-512 (A4589)SHA3-512 (A4589)KATCASTMessage DigestSHA3-512fips_get_tests_passed()Power-On
Software Integrity TestSoftware Integrity TestKATSW/FW IntegrityOn DemandManually
AES-CBC-Encrypt (4588)AES-CBC-Encrypt (4588)KATCASTOn DemandManually
AES-CBC-Decrypt (4588)AES-CBC-Decrypt (4588)KATCASTOn DemandManually
AES-CTR Encrypt (4588)AES-CTR Encrypt (4588)KATCASTOn DemandManually
AES-CTR Decrypt (4588)AES-CTR Decrypt (4588)KATCASTOn DemandManually
AES-ECB Encrypt (4588)AES-ECB Encrypt (4588)KATCASTOn DemandManually
AES-ECB Decrypt (4588)AES-ECB Decrypt (4588)KATCASTOn DemandManually
AES-CBC Encrypt (4589)AES-CBC Encrypt (4589)KATCASTOn DemandManually
AES-CBC Decrypt (4589)AES-CBC Decrypt (4589)KATCASTOn DemandManually
AES-CBC-CS3 EncryptAES-CBC-CS3 EncryptKATCASTOn DemandManually
AES-CBC-CS3 DecryptAES-CBC-CS3 DecryptKATCASTOn DemandManually
AES-CCM EncryptAES-CCM EncryptKATCASTOn DemandManually
AES-CCM DecryptAES-CCM DecryptKATCASTOn DemandManually
AES-CMAC (A4589)AES-CMAC (A4589)KATCASTOn DemandManually
AES-CTR Encrypt (4589)AES-CTR Encrypt (4589)KATCASTOn DemandManually
AES-CTR Decrypt (4589)AES-CTR Decrypt (4589)KATCASTOn DemandManually
AES-ECB Encrypt (4589)AES-ECB Encrypt (4589)KATCASTOn DemandManually
AES-ECB Decrypt (4589)AES-ECB Decrypt (4589)KATCASTOn DemandManually
AES-GCM EncryptAES-GCM EncryptKATCASTOn DemandManually
AES-GCM DecryptAES-GCM DecryptKATCASTOn DemandManually
AES-XTS EncryptAES-XTS EncryptKATCASTOn DemandManually
AES-XTS DecrytAES-XTS DecrytKATCASTOn DemandManually
Counter DRBG (A4589)Counter DRBG (A4589)KATCASTOn DemandManually
Hash DRBG (A4589)Hash DRBG (A4589)KATCASTOn DemandManually
HMAC DRBG (A4589)HMAC DRBG (A4589)KATCASTOn DemandManually
EntropyEntropyRCT, APTCASTOn DemandManually
HMAC-SHA-1 (A4588)HMAC-SHA-1 (A4588)KATCASTOn DemandManually
HMAC-SHA2-224 (A4588)HMAC-SHA2-224 (A4588)KATCASTOn DemandManually
HMAC-SHA2-256 (A4588)HMAC-SHA2-256 (A4588)KATCASTOn DemandManually
HMAC-SHA-1 (A4589)HMAC-SHA-1 (A4589)KATCASTOn DemandManually
HMAC-SHA2-224 (A4589)HMAC-SHA2-224 (A4589)KATCASTOn DemandManually
HMAC-SHA2-256 (A4589)HMAC-SHA2-256 (A4589)KATCASTOn DemandManually
HMAC-SHA2-384 (A4589)HMAC-SHA2-384 (A4589)KATCASTOn DemandManually
HMAC-SHA2-512 (A4589)HMAC-SHA2-512 (A4589)KATCASTOn DemandManually
HMAC-SHA3-224 (A4589)HMAC-SHA3-224 (A4589)KATCASTOn DemandManually
HMAC-SHA3-256 (A4589)HMAC-SHA3-256 (A4589)KATCASTOn DemandManually
HMAC-SHA3-384 (A4589)HMAC-SHA3-384 (A4589)KATCASTOn DemandManually
HMAC-SHA3-512 (A4589)HMAC-SHA3-512 (A4589)KATCASTOn DemandManually
RSA SigVer (FIPS186- 4) (A4589)RSA SigVer (FIPS186- 4) (A4589)KATCASTOn DemandManually
SHA-1 (A4588)SHA-1 (A4588)KATCASTOn DemandManually
SHA2-224 (A4588)SHA2-224 (A4588)KATCASTOn DemandManually
SHA2-256 (A4588)SHA2-256 (A4588)KATCASTOn DemandManually
SHA-1 (A4589)SHA-1 (A4589)KATCASTOn DemandManually
SHA2-224 (A4589)SHA2-224 (A4589)KATCASTOn DemandManually
SHA2-256 (A4589)SHA2-256 (A4589)KATCASTOn DemandManually
SHA2-384 (A4589)SHA2-384 (A4589)KATCASTOn DemandManually
SHA2-512 (A4589)SHA2-512 (A4589)KATCASTOn DemandManually
SHA3-224 (A4589)SHA3-224 (A4589)KATCASTOn DemandManually
SHA3-256 (A4589)SHA3-256 (A4589)KATCASTOn DemandManually
SHA3-384 (A4589)SHA3-384 (A4589)KATCASTOn DemandManually
SHA3-512 (A4589)SHA3-512 (A4589)KATCASTOn DemandManually

Table 22: Conditional Self-Tests

10.3 Periodic Self-Test Information

Table 23: Pre-Operational Periodic Information Version 1.3 Persistent Systems, LLC Public Material

Page 37

Version 1.3 Persistent Systems, LLC Public Material

Page 38

Version 1.3 Persistent Systems, LLC Public Material

Page 39

Table 24: Conditional Periodic Information The operator may invoke periodic self-tests by power cycling the module. It is recommended that periodic self-testing be performed weekly. Version 1.3 Persistent Systems, LLC Public Material

Page 40
Service
NameDescriptionRole AccessIndicator
ES1The module fails pre- operational self-tests, conditional self- tests, or authentication.The Module enters the FIPS_error statefips140_get_error()Power cycle the module
10.4 Error States
10.5 Operator Initiation of Self-Tests

Self-tests may be initiated on demand by power cycling the module.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

No end user action is required to startup the module in an approved mode for operation. The module is built into the Wave Relay® OS and delivered in Persistent Systems’ Wave Relay® Solutions. There is no standalone delivery of the module as a software hybrid module. Persistent Systems’ internal development process guarantees that the correct version of the module is installed within its intended device OS version. Installation and Initialization: The module is pre-installed within the Persistent Systems Solutions, which include the MPU5, Embedded Module, Embedded Module lite, GVR5, or Integrated Antenna Series. No further initialization of the module is required. Upon powering on the hardware platform, the module will automatically perform pre-operational and conditional self-tests in accordance with FIPS 140-3 requirements. Delivery: The module is pre-installed within the Persistent Systems product offerings. The Persistent Systems products are distributed using a trusted courier and packaging must be inspected upon delivery.

11.2 Administrator Guidance

Version 1.3 Persistent Systems, LLC Public Material

Page 41

There are no specific management activities required of the Crypto Officer Role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Persistent Systems Support should be contacted.

11.3 Non-Administrator Guidance

There are no specific management activities required of the Crypto Officer Role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Persistent Systems Support should be contacted.

11.4 Design and Rules

Rules of Operation 1. 2. 3. 4. 5. 6.

  1. The Module provides one distinct operator roles: Cryptographic Officer. The Module clears previous authentications on power cycle. An operator does not have access to any cryptographic services prior to assuming an authorized role. The Module allows the operator to initiate power-up self-tests by power cycling the Module. All self-tests do not require any operator action. Data output is inhibited during self-tests, zeroisation, and error states. Status information does not contain CSPs or sensitive data that if misused could lead to a compromise of the Module.
  2. There are no restrictions on which keys or SSPs are zeroised by the zeroisation service.
  3. The Module does not support concurrent operators.
  4. The Module does not support a maintenance interface or role.
  5. The Module does not support manual SSP establishment method.
  6. The Module does not have any proprietary external input/output devices used for entry/output of data.
  7. The Module does not store any plaintext CSPs
  8. The Module does not output intermediate key values.
  9. The Module does not provide bypass services or ports/interfaces.
11.6 End of Life

The module must be zeroised and returned to the manufacturer.

12 Mitigation of Other Attacks

The Module does not implement any mitigation method against other attacks. Version 1.3 Persistent Systems, LLC Public Material

Page 42

Version 1.3 Persistent Systems, LLC Public Material

Page 43
Acronyms
NameTermDefinitionAbbreviationFull Specification Name
[FIPS140-3][FIPS140-3]Security Requirements for Cryptographic Modules, March 22, 2019
[ISO19790][ISO19790]International Standard, ISO/IEC 19790, Information technology — Security techniques — Test requirements for cryptographic modules, Third edition, March 2017
[ISO24759][ISO24759]International Standard, ISO/IEC 24759, Information technology — Security techniques — Test requirements for cryptographic modules, Second and Corrected version, 15 December 2015
[IG][IG]Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program, <date>
[131A][131A]Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, Revision 2, March 2019
[197][197]National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 26, 2001
[198][198]National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, July, 2008
[180][180]National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August, 2015
[202][202]FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS PUB 202, August 2015
[38A][38A]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001
[38B][38B]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, Special Publication 800-38B, May 2005
[38C][38C]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, Special Publication 800- 38C, May 2004
[38D][38D]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Special Publication 800-38D, November 2007
[38E][38E]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, Special Publication 800-38E, January 2010
[90A][90A]National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015.
[90B][90B]National Institute of Standards and Technology, Recommendation for the Entropy Sources Used for Random Bit Generation, Special Publication 800-90B, January 2018.
AcronymAcronymDefinition
APTAPTAdaptative Proportion Test
KATKATKnow Answer Test
RCTRCTRepetition Count Test

References and Definitions The following standards are referred to in this Security Policy. Table 26

Page 44

Table 27