![6.1.2 Cryptographic Support](/images/new-backgrounds/158236/15823689x1.webp)
Security Target, Version 3.9 | March 18, 2008 |
|
|
6.1.2 Cryptographic Support
The TOE’s cryptographic functionality is provided by a FIPS
Table 8 - FIPS Validated Modules
| Validation |
| Modules |
| FIPS |
|
|
| |||
|
|
|
|
|
|
|
|
| VPN Router 1750, 2700, 2750 and 5000 with Hardware | 1068 | |
|
|
| Accelerator | ||
| Hardware modules |
|
|
| |
|
|
|
|
| |
|
|
|
|
| |
| FIPS |
| VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security | 1073 | |
| at level 2 |
| Accelerator | ||
|
|
|
| ||
|
|
|
|
| |
|
|
| Nortel VPN Router 600, 1750, 2700, 2750 and 5000 | 1066 | |
|
|
|
|
|
|
| Hardware modules |
|
|
|
|
| FIPS |
| Nortel VPN Router 1010, 1050 and 1100 | 1067 | |
| at level 1 |
|
|
|
|
|
|
|
|
|
|
| Software module |
|
|
|
|
| being validated at |
| VPN Client Software | 1032 | |
| level 1 of FIPS |
|
|
|
|
|
|
|
|
|
|
The TOE’s cryptographic module implements and utilizes the following
Table 9 - FIPS-Validated Cryptographic Algorithms
| Algorithm |
| Key Size(s) (bits) |
| Validated Against |
| FIPS Certificate # | |
|
|
|
| |||||
|
|
|
| |||||
|
|
|
|
|
| |||
| 3DES | 168 |
| FIPS | 641, 642, 644 | |||
|
|
|
|
|
|
| ||
| AES | 128, | 256 |
| FIPS 197 | 718, 719, 721 | ||
|
|
|
|
|
|
| ||
| RSA5 | 1024, | 2048 |
| FIPS | 338, 339 | ||
|
|
|
|
|
|
| ||
|
| N/A |
| FIPS | 738, 739, 740 | |||
|
|
|
|
|
| |||
| 160 |
| FIPS 1986 | 387, 388, 389 | ||||
|
|
|
|
|
|
|
|
|
The TOE generates RSA keys for signature generation and verification. During the key generation process, all weak keys are discarded. The resultant strong RSA keys are used to perform key agreement and authentication in accordance with the
The TOE performs encryption and decryption using the 3DES and AES algorithms. The TOE implements the
The TOE destroys keys when they are no longer needed by “zeroizing” them. Zeroization is performed by overwriting the memory location containing the keys with zeros before marking the memory location as being free
5 | Via the RSA BSAFE library. |
|
6 | FIPS 198 is equivalent to RFC 2104. |
|
|
| |
Nortel VPN Router v7.05 and Client Workstation v7.11 | Page 45 of 67 | |
| © 2008 Nortel Networks |
|