30|
Aruba AP-5XX Wireless Access Points with ArubaOS FIPS Firmware FIPS 140-2 Level 2 Security Policy
8. Cryptographic Key Management
8.1. FIPS Approved Algorithms
The firmware in each module contains the following cryptographic algorithm implementations/crypto libraries to
implement the different FIPS approved cryptographic algorithms that will be used for the corresponding security
services supported by the module in FIPS mode:
ArubaOS OpenSSL Module algorithm implementation
ArubaOS Crypto Module algorithm implementation
ArubaOS UBOOT Bootloader library algorithm implementation
Below are the detailed lists for the FIPS approved algorithms and the associated certificates implemented by each
algorithm implementation.
Note
that not all algorithm modes that appear on the module’s CAVP certificates are utilized by the module, and the
tables below list only the algorithm modes that are utilized by the module.
The firmware supports the following cryptographic implementations.
Table 9 - ArubaOS OpenSSL Module CAVP Certificates
ArubaOS OpenSSL Module
CAVP
Certificate #
Algorithm
Standard
Mode/Method
Key Lengths,
Curves, Moduli
Use
C1253
AES
FIPS 197,
SP 800-38A
ECB, CTR (256,
ext only)
128, 256
Data Encryption/Decryption
C1253
DRBG
SP 800-90A
AES CTR
256
Deterministic Random
Number Generation
C1253
ECDSA
186-4
PKG, SigGen,
SigVer
P256, P384
Digital Key Generation,
Signature Generation and
Verification
C1253
HMAC
FIPS 198-1
HMAC-SHA1,
HMAC-SHA2-256,
HMAC-SHA2-384,
HMAC-SHA2-512
Key Size < Block
Size
Message Authentication
C1253
KBKDF
SP 800-108
CTR
HMAC-SHA1,
HMAC-SHA2-256,
HMAC-SHA2-384
Deriving Keys
C1253
RSA
FIPS 186-2
SHA-1 PKCS1
v1.5
2048
Digital Signature Verification
C1253
RSA
FIPS 186-4
SHA-1 PKCS1
v1.5
2048
Key Generation, Digital
Signature Generation and
Verification
C1253
SHS
FIPS 180-4
SHA-1, SHA-256,
SHA-384, SHA-
512 Byte Only
160, 256, 384,
512
Message Digest
C1253
Triple-DES
SP 800-67
Rev2
TECB, TCBC
168
Data Encryption/Decryption