Module Name
SR-OS Cryptographic Module
Historical Reason
Diffie-Hellman was included on the allowed line per D.8 after the cut off date of June 2022.
Caveat
When operated in FIPS mode
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it.
Tested Configuration(s)
- SR-OS 20.10R4 running on 7750 SR-1 with Cavium OCTEON II CN7360
- SR-OS 20.10R4 running on 7750 SR-14s with Cavium OCTEON II CN6645
- SR-OS 20.10R4 running on 7750 SR-1s with Cavium OCTEON II CN7360
- SR-OS 20.10R4 running on 7750 SR-2e with Cavium OCTEON II CN6645
- SR-OS 20.10R4 running on 7750 SR-2s with Cavium OCTEON II CN7360
- SR-OS 20.10R4 running on 7750 SR-7s with Cavium OCTEON II CN6645 (single-user mode)
- SR-OS 20.10R4 running on 7750 SR-a4 with Cavium OCTEON II CN6635
- SR-OS 20.10R4 running on 7950 SR-7 with Cavium OCTEON II CN6645
- SR-OS 20.10R4 running on 7950 XRS-16c with Cavium OCTEON II CN6645
- SR-OS 20.10R4 running on 7950 XRS-20 with Cavium OCTEON II CN6645
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); NDRNG
Firmware Versions
20.10R4