Reference Guide

28|

Aruba 600 Series Controllers FIPS 140-2 Level 2 Security Policy

Table8‐CSPs/KeysUsedinArubaControllers

38 SNMPv3sessionkey

AES-CFB key (128

bits)

Derived from SNMPv3

privacy password using

an approved KDF

Stored in volatile

memory. Zeroized on

reboot.

Secure channel for

SNMPv3 management

Self-Tests

The Aruba Controller performs both power-up and conditional self-tests. In the event any self-test fails,

the controller will enter an error state, log the error, and reboot automatically.

The following self-tests are performed:

ArubaOS OpenSSL Module:

 AES (encrypt/decrypt) KATs

 Triple-DES (encrypt/decrypt) KATs

 DRBG KAT

 RSA KAT

 ECDSA Sign/Verify

 SHS (SHA1, SHA256, SHA384 and SHA512) KATs

 HMAC (HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512) KATs

ArubaOS Crypto Module

 AES (encrypt/decrypt) KATs

 Triple-DES (encrypt/decrypt) KAT

 SHA (SHA1, SHA256, SHA384 and SHA512) KAT

 HMAC (HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512) KAT

 RSA KAT

 ECDSA Sign/Verify

 FIPS 186-2 RNG KAT

ArubaOS Uboot BootLoader Module

 Firmware Integrity Test: RSA PKCS#1 v1.5 (2048 bits) signature verification with SHA-1

Aruba Hardware Known Answer Tests:

 AES (encrypt/decrypt) KATs

 AES-CCM KAT

 AES-GCM KAT

 Triple-DES(encrypt/decrypt) KATs

 HMAC (HMAC-SHA1) KAT

The following Conditional Self-tests are performed in the controller:

ArubaOS OpenSSL Module

 Bypass Tests (Wired Bypass Test and Wireless Bypass Test)