Reference Guide

Aruba 3000, 6000/M3 Mobility Controller FIPS 140-2 Level 2 Security Policy|19

Cryptographic Key Management

Implemented Algorithms

FIPS-approved cryptographic algorithms have been implemented in firmware and hardware.

 Hardware encryption acceleration is provided for bulk cryptographic operations for the following

FIPS approved algorithms:

o AES (Cert. #762)

o Triple-DES (Cert. #667)

o SHS (Cert. #769)

o HMAC (Cert. #417)

The firmware supports the following cryptographic implementations.

 ArubaOS OpenSSL Module implements the following FIPS-approved algorithms:

o AES (Cert. #2680)

o CVL (Cert. #152)

o DRBG (Cert. #433)

o ECDSA (Cert. #469)

o HMAC (Cert. #1666)

o KBKDF (Cert. #16)

o RSA (Cert. #1379)

o SHS (Cert. #2249)

o Triple-DES (Cert. #1607)

Note:

o RSA (Cert. #1379; non-compliant with the functions from the CAVP Historical RSA List)

 FIPS186-2:

ALG[ANSIX9.31]: Key(gen)(MOD: 1024 PubKey Values: 65537)

ALG[RSASSA-PKCS1_V1_5]: SIG(gen): 1024, SHS: SHA-1/SHA-256/SHA-384/SHA-

512, 2048, SHS: SHA-1

o ECDSA (Cert. #469; non-compliant with the functions from the CAVP Historical ECDSA List)

 FIPS186-2:

SIG(gen): CURVES(P-256 P-384), SHS: SHA-1

 ArubaOS Crypto Module implementation supports the following FIPS Approved Algorithms:

o AES (Cert. #2677)

o CVL (Cert. #150)

o ECDSA (Cert. #466)

o HMAC (Cert. #1663)

o RNG (Cert. #1250)

o RSA (Cert. #1376)

o SHS (Cert. #2246)

o Triple-DES (Cert. #1605)