Module Name
SR-OS Cryptographic Module
Caveat
When operated in FIPS mode and when installed, initialized and configured as specified in Sections 9.1 and 9.2 of the Security Policy.
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it.
Tested Configuration(s)
- SR-OS 20.10R12 running on 7750 SR-1 with Cavium OCTEON III CN7360
- SR-OS 20.10R12 running on 7750 SR-14s with Cavium OCTEON II CN6645
- SR-OS 20.10R12 running on 7750 SR-1s with Cavium OCTEON III CN7360
- SR-OS 20.10R12 running on 7750 SR-2e with Cavium OCTEON II CN6645
- SR-OS 20.10R12 running on 7750 SR-2s with Cavium OCTEON III CN7360
- SR-OS 20.10R12 running on 7750 SR-7 with Cavium OCTEON II CN6645
- SR-OS 20.10R12 running on 7750 SR-7s with Cavium OCTEON II CN6645 (single-user mode)
- SR-OS 20.10R12 running on 7750 SR-a4 with Cavium OCTEON II CN6635
- SR-OS 20.10R12 running on 7950 XRS-16c with Cavium OCTEON II CN6645
- SR-OS 20.10R12 running on 7950 XRS-20 with Cavium OCTEON II CN6645
Approved Algorithms
| AES |
Certs. #C2074, #C2075 and #C2084 |
| CVL |
Certs. #C2074, #C2075 and #C2084 |
| DRBG |
Certs. #C2074, #C2075 and #C2084 |
| DSA |
Certs. #C2074, #C2075 and #C2084 |
| ECDSA |
Certs. #C2074, #C2075 and #C2084 |
| HMAC |
Certs. #C2074, #C2075 and #C2084 |
| KAS |
KAS-SSC Cert. #A3041, CVL Certs. #C2074, #C2075 and #C2084 |
| KAS-SSC |
Cert. #A3041 |
| KTS |
AES Certs. #C2074, #C2075 and #C2084; key establishment methodology provides 128 or 256 bits of encryption strength |
| RSA |
Certs. #C2074, #C2075 and #C2084 |
| SHS |
Certs. #C2074, #C2075 and #C2084 |
| Triple-DES |
Certs. #C2074, #C2075 and #C2084 |
Firmware Versions
20.10R12
