Aruba Networks FIPS 140-2 manual Cryptographic Algorithms, Non-FIPS Approved Algorithms

Page 30

5 Cryptographic Algorithms

FIPS-approved cryptographic algorithms have been implemented in hardware and firmware. The firmware supports the following cryptographic implementations.

ArubaOS OpenSSL AP Module implements the following FIPS-approved algorithms: o AES (Cert. #1851)

o HMAC (Cert. #1099) o RNG (Cert. #970)

o RSA (Cert. #934) o SHS (Cert. #1628)

o Triple-DES (Cert. #1199)

ArubaOS Module implements the following FIPS-approved algorithms:

oAES (Cert. #1850)

oHMAC (Cert. #1098)

oRNG (Cert. #969)

oRSA (Cert. #933)

oSHS (Cert. #1627)

oTriple-DES (Cert. #1198)

ArubaOS UBOOT Bootloader implements the following FIPS-approved algorithms:

oRSA (Cert. #935)

oSHS (Cert. #1629)

Hardware encryption acceleration is provided by Cavium Octeon 5010 for bulk cryptographic operations for the following FIPS-approved algorithms:

AES (Cert. #861)

HMAC (Cert. #478)

SHS (Cert. #856)

Triple-DES (Cert. #708)

Non-FIPS Approved Algorithms

The cryptographic module implements the following non-approved algorithms that are not permitted for use in the FIPS 140-2 mode of operations:

MD5

In addition, within the FIPS Approved mode of operation, the module supports the following allowed key establishment schemes:

Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

30

Page 29 Page 31
Image 30
Page 29 Page 31
Contents Fips 140-2 Non-Proprietary Security Policy Page Aruba AP-120 Series ServicesAruba Dell Relationship Acronyms and Abbreviations Security Levels Physical SecurityPage Acronyms and Abbreviations IntroductionAruba Dell Relationship GHzLAN Physical Description Product OverviewAruba AP-120 Series Aruba Part Number Dell Corresponding Part NumberIndicator LEDs Label Function Action Status PWREnet Label Function Action Status Physical Security Module ObjectivesSecurity Levels Applying TELsAruba AP-124 TEL Placement AP-124 Front viewAP-124 Back view Aruba AP-125 TEL Placement AP-124 Bottom viewAP-125 Front view AP-125 Right view Inspection/Testing of Physical Security Mechanisms AP-125 Bottom viewConfiguring Remote AP Fips Mode Modes of OperationEnable Fips mode on the AP. This accomplished by going to Configuring Remote Mesh Portal Fips Mode Configuring Remote Mesh Point Fips Mode Verify that the module is in Fips mode Operational EnvironmentLogical Interfaces Fips 140-2 Logical Interfaces Module Physical InterfaceRoles, Authentication and Services Crypto Officer AuthenticationRoles Strength of Authentication Mechanisms User AuthenticationWireless Client Authentication Authentication Mechanism StrengthWPA2-PSK Service Description CSPs Accessed see section ServicesCrypto Officer Services WPA2 PSKUser Services Service Description CSPsService Wireless Client Services Unauthenticated Services ∙ FTP ∙ Tftp ∙ NTPCryptographic Algorithms Non-FIPS Approved AlgorithmsCritical Security Parameters HmacRNG PSK PTKAES-CCM GMK GTKSelf Tests For an AES Cavium hardware Post failure
Top Page Image Contents