User guide
Aruba Networks Security Target
Page 24 of 67
FCS_COP.1(1) Cryptographic Operation (for data encryption/decryption)
FCS_COP.1.1(1) Refinement: The TSF shall perform encryption and decryption in
accordance with a specified cryptographic algorithm AES operating in
AES-CBC, AES-CCM, AES-GCM and cryptographic key sizes 128-bits,
256-bits, and 192 bits that meet the following:
FIPS PUB 197, “Advanced Encryption Standard (AES)”
NIST SP 800-38A, NIST SP 800-38C, NIST SP 800-38D
FCS_COP.1(2) Cryptographic Operation (for cryptographic signature – RSA)
FCS_COP.1.1(2) Refinement: The TSF shall perform cryptographic signature services
in accordance with a:
RSA Digital Signature Algorithm (rDSA) with a key size (modulus) of
2048 bits or greater
that meets the following:
FIPS PUB 186-2 or FIPS PUB 186-3, “Digital Signature Standard”
FCS_COP.1(3) Cryptographic Operation (for cryptographic hashing)
FCS_COP.1.1(3) Refinement: The TSF shall perform cryptographic hashing services in
accordance with a specified cryptographic algorithm SHA-1, SHA-256,
SHA-384] and message digest sizes 160, 256, 384 bits that meet the
following: FIPS Pub 180-3, “Secure Hash Standard.”
FCS_COP.1(4) Cryptographic Operation (for keyed-hash message
authentication)
FCS_COP.1.1(4) Refinement: The TSF shall perform keyed-hash message authentication
in accordance with a specified cryptographic algorithm HMAC-SHA-1,
SHA-256, SHA-384, key size 160-bit, 256-bit, 384-bit and message
digest sizes 160, 256, 384 bits that meet the following: FIPS Pub 198-1,
"The Keyed Hash Message Authentication Code, and FIPS Pub 180-3,
“Secure Hash Standard.”
FCS_COP.1(5) Cryptographic Operation (for cryptographic signature –
ECDSA)
FCS_COP.1.1(5) Refinement:The TSF shall perform cryptographic signature services
in accordance with a:
Elliptic Curve Digital Signature Algorithm (ECDSA) with a key size
of 256 bits or greater
that meets the following:
FIPS PUB 186-3, “Digital Signature Standard”