Module Name
SR-OS Cryptographic Module
Caveat
When operated in FIPS mode and when installed, initialized and configured as specified in Sections 9.1 and 9.2 of the Security Policy.
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it.
Tested Configuration(s)
- SR-OS 20.10R12 running on 7750 SR-1 with Cavium OCTEON III CN7360
- SR-OS 20.10R12 running on 7750 SR-14s with Cavium OCTEON II CN6645
- SR-OS 20.10R12 running on 7750 SR-1s with Cavium OCTEON III CN7360
- SR-OS 20.10R12 running on 7750 SR-2e with Cavium OCTEON II CN6645
- SR-OS 20.10R12 running on 7750 SR-2s with Cavium OCTEON III CN7360
- SR-OS 20.10R12 running on 7750 SR-7 with Cavium OCTEON II CN6645
- SR-OS 20.10R12 running on 7750 SR-7s with Cavium OCTEON II CN6645 (single-user mode)
- SR-OS 20.10R12 running on 7750 SR-a4 with Cavium OCTEON II CN6635
- SR-OS 20.10R12 running on 7950 XRS-16c with Cavium OCTEON II CN6645
- SR-OS 20.10R12 running on 7950 XRS-20 with Cavium OCTEON II CN6645
Approved Algorithms
AES |
Certs. #C2074, #C2075 and #C2084 |
CVL |
Certs. #C2074, #C2075 and #C2084 |
DRBG |
Certs. #C2074, #C2075 and #C2084 |
DSA |
Certs. #C2074, #C2075 and #C2084 |
ECDSA |
Certs. #C2074, #C2075 and #C2084 |
HMAC |
Certs. #C2074, #C2075 and #C2084 |
KAS |
KAS-SSC Cert. #A3041, CVL Certs. #C2074, #C2075 and #C2084 |
KAS-SSC |
Cert. #A3041 |
KTS |
AES Certs. #C2074, #C2075 and #C2084; key establishment methodology provides 128 or 256 bits of encryption strength |
RSA |
Certs. #C2074, #C2075 and #C2084 |
SHS |
Certs. #C2074, #C2075 and #C2084 |
Triple-DES |
Certs. #C2074, #C2075 and #C2084 |
Firmware Versions
20.10R12