7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 1/29
SR-OS Cryptographic Module (SRCM)
FIPS 140-2 Non-Proprietary Security
Policy
FIPS Security Level:1
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 2/29
Document Version: 2.12
November 3, 2016
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 3/29
TABLE OF CONTENTS
GLOSSARY ................................................................................................................................................................5
1. INTRODUCTION............................................................................................................................................7
1.1 PURPOSE ...................................................................................................................................................7
1.2 VERSIONS AVAILABLE FOR FIPS..........................................................................................................8
2. SR-OS CRYPTOGRAPHIC MODULE OVERVIEW.............................................................................10
2.1 SRCM CHARACTERISTICS....................................................................................................................10
2.2 SRCM APPROVED ALGORITHMS.........................................................................................................12
2.3 SRCM NON-APPROVED BUT ALLOWED ALGORITHMS....................................................................14
2.4 SRCM INTERFACES ...............................................................................................................................14
3. SRCM ROLES AND SERVICES................................................................................................................16
4. PHYSICAL SECURITY ...............................................................................................................................18
5. OPERATIONAL ENVIRONMENT............................................................................................................19
6. KEY TABLE ....................................................................................................................................................20
6.1 KEYS/CSPS ALGORITHMS IN FIPS-140-2 MODE ...........................................................................20
7. EMC/EMI (FCC COMPLIANCE)..............................................................................................................23
8. SELF TESTS...................................................................................................................................................24
8.1 SELF TESTS ON THE CPM....................................................................................................................24
8.1.1 Cryptographic DRBG Startup Test.............................................................................................24
8.1.2 RSA Startup test .............................................................................................................................25
8.2 CONDITIONAL TEST ON THE CPM .....................................................................................................25
9. FIPS-140 USER GUIDANCE ...................................................................................................................26
9.1 FIPS-140-2 MODE CONFIGURATION................................................................................................26
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 4/29
9.2 CONFIGURATIONS NOT ALLOWED WHEN RUNNING IN FIPS-140-2 MODE..............................27
9.3 NON-FIPS-140-2 MODE......................................................................................................................28
10. REFERENCES................................................................................................................................................29
LIST OF FIGURES
Figure 2-1: SRCM Diagram of Logical and Physical Boundaries .................10
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 5/29
GLOSSARY
AES-128, AES-
256
Advanced Encryption Standard
BGP Border Gateway Protocol
CBC Cipher Block Chaining
CFM Control / Forwarding Module
CLI Command Line Interface
CMVP Cryptographic Module Validation Program
CPM Control Processor Module
CSP Critical Security Parameter
CVL Component Validation List
ESP Encapsulating Security Payload
FIPS Federal Information Processing Standard
GRE Generic Routing Encapsulation
HMAC Hashed Message Authentication Code
ICMP Internet Control Message Protocol
ICV Integrity Check Value
IGMP Internet Group Management Protocol
IP Internet Protocol
IPSec IP Security
LDP Label Distribution Protocol
LSP Label Switched Path
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 6/29
MPLS Multi-protocol label switching
NDRNG Non-Deterministic RNG
NIST National Institute of Standards and Technology
OSPF Open Shortest Path First
PFS Perfect Forward Secrecy
RNG Random Number Generator
SA Security Association
SAM Service Aware Manager
SFM Switch Fabric Module
SHA Secure Hash Algorithm
SSH Secure Shell
SPI Security Parameter Index
TLS Transport Layer Security
TM Traffic Management
VPLS Virtual Private LAN Service
Table 1 - Glossary
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 7/29
1. INTRODUCTION
1.1 Purpose
This document describes the non-proprietary SR-OS (Service Router Operating
System) Cryptographic Module (SRCM) Security Policy for the 7950 XRS, 7750
SR and the 7450 ESS product families. These are referenced in the document
as either 7x50 or XRS/SR/ESS.
This security policy provides the details for configuring and running the 7x50
products in a FIPS-140-2 mode of operation and describes how the module
meet the requirements of FIPS 140-2. Please see the references section for a
full list of FIPS 140-2 requirements.
Section Section Title Level
1 Cryptographic Module Specification 1
2 Cryptographic Module Ports and Interfaces 1
3 Roles, Services, and Authentication 1
4 Finite State Model 1
5 Physical Security 1
6 Operational Environment N/A
7 Cryptographic Key Management 1
8 EMI/EMC 1
9 Self-Tests 1
10 Design Assurance 1
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 8/29
11 Mitigation of Other Attacks N/A
Table 2 - Security Level per FIPS 140-2 Section
1.2 Versions Available for FIPS
The following platforms of the 7x50 products that implement the module are
either tested or compatible for running SRCM in a FIPS approved mode:
Platform Model(s)
7950 Extensible Routing System
(XRS)
XRS-40*, XRS-20, XRS-16c
7750 Service Router (SR) SR-12e, SR-12*, SR-7*, SR-c12,
SR-c4*, SR-1e*, SR-2e*, SR-
3e*, SR-a8* and SR-a4
7450 Ethernet Services Switch
(ESS)
ESS-12*, ESS-7*
Table 3 - FIPS Capable Platforms and Models
Note: the following platforms are FIPS tested and validated:
CPM-7950 XRS-20 CPM;
CPM-7950 XRS-16 CPM;
CPM-7750 SR CPM5;
* Nokia affirmed for FIPS compliance
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 9/29
CFM-7750 SR-c12 CFM-XP-B;
CPM-7750 SR-a
CPM-7750 SR-e
All other platforms are vendor affirmed for FIPS compatibility.
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 10/29
2. SR-OS CRYPTOGRAPHIC MODULE OVERVIEW
The section provides an overview of the SR-OS Cryptographic Module (SRCM)
and the FIPS validated cryptographic algorithms used by services requiring
those algorithms. The SRCM does implement any services or protocols
directly. Instead, it provides the cryptographic algorithm functions needed to
allow SR-OS to implement cryptography for those services and protocols that
require it.
2.1 SRCM Characteristics
SR-OS
Cryptographic
Module
SR-OS Operating System
SR-OS Services and
Protocol Applications
SRCM
API
Physical Boundary
Figure 2-1: SRCM Diagram of Logical and Physical Boundaries
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 11/29
The SRCM logical and physical properties and boundary considerations is
illustrated in Figure 2-1. The solid blue line represents the physical boundary
of the cryptographic module that represents the hardware system on which
SR-OS is running and hence where SRCM is also running. The dashed blue line
indicates the logical cryptographic boundary of the SRCM within SR-OS. The
SRCM is available as a cryptographic service for any SR-OS services or
protocols that require cryptographic operations.
The SRCM is part of a single SR-OS binary file (cpm.tim) that is used to run the
full SR-OS application. SRCM is classified as a multi-chip standalone firmware
module and SRCM is included within the SR-OS application code. SRCM has
been validated on each CPM used by the hardware platforms listed in the
following table:
Hardware Running SRCM Platforms
1.5Ghz 10 core CPU on CPM-7950 XRS-20 CPM 7950 XRS-40, XRS-20
1.5Ghz 10 core CPU on CPM-7950 XRS-16 CPM 7950 XRS-16c
1.5Ghz 10 core CPU on CPM-7750 SR CPM5 7750 SR-12e, SR-12, SR-7,
ESS-12, ESS-7
750Mhz 10 core CPU on CFP-7750 SR-c12 CFM-
XP-B
7750 SR-c12, SR-c4
800Mhz 6 core CPU on CPM-7750 SR-a 7750 SR-a8, SR-a4
1.3Ghz 10 core CPU on CPM-7750 SR-e 7750 SR-1e, SR-2e, SR-3e
Table 4 – Validated Hardware (CPMs and CFP) and FIPS Compatible
Platforms (tested or Nokia affirmed)
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 12/29
The firmware version used to validate the SRCM was SR-0S 14.0R4.
2.2 SRCM Approved Algorithms
The SRCM uses the following FIPS approved algorithms:
Algorithm Certificate
# 14.0R4
AES CBC (e/d; 128, 192, 256); CFB128 (e/d;128); CTR (ext only; 128,
192, 256) CMAC†
#4011
Triple-DES‡ (TCBC) #2198
RSA
FIPS186-2: RSASSA PKCS v1.5 1024-bit Signature Verification
FIPS186-4: ANSI X9.31 2048-bit & 3072-bit Signature Generation
FIPS186-4: 2048-bit Key Pair Generation [FIPS186-4_Fixed_e
(10001); PGM(ProbRandom: (2048) PPTT:(C.2)]
ANSI X9.31 1024-bit, 2048-bit & 3072-bit Signature Verification
RSASSA-PKCS#1-v1.5: 2048-bit & 3072-bit Signature Generation
RSASSA-PSS: 2048-bit & 3072-bit Signature Generation
RSASSA-PKCS#1-v1.5: 1024-bit, 2048-bit & 3072-bit Signature
Verification
RSASSA-PSS: 1024-bit, 2048-bit & 3072-bit Signature Verification
#2058
† The CMAC function was CAVP tested but is not used in Approved mode
‡ As of December 31st
, 2015 two-key Triple-DES is Disallowed
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 13/29
HMAC (HMAC-SHA 1, HMAC-SHA-224, HMAC-SHA 256, HMAC-SHA-
384, HMAC-SHA-512)
#2616
SHA (SHA-1, SHA-224, SHA-256, SHA-224, SHA-512) #3309
DRBG CTR_DRBG #1193
DSA
FIPS186-4: 2048-bit & 3072-bit PQG Generation & Verification
FIPS186-4: 2048-bit & 3072-bit Key Pair Generation [(2048,256) ;
(3072,256)]
2048-bit & 3072-bit Signature Generation
1024-bit, 2048-bit & 3072-bit Signature Verification
#1086
ECDSA FIPS186-4:
Public Key Validation CURVES( ALL-P ALL-K ALL-B )
Signature Generation CURVES( P-224: (SHA-224, 256, 384, 512) P-
256: (SHA-224, 256, 384, 512) P-384: (SHA-224, 256, 384, 512) P-
521: (SHA-224, 256, 384, 512) K-233: (SHA-224, 256, 384, 512) K-
283: (SHA-224, 256, 384, 512) K-409: (SHA-224, 256, 384, 512) K-
571: (SHA-224, 256, 384, 512) B-233: (SHA-224, 256, 384, 512) B-
283: (SHA-224, 256, 384, 512) B-409: (SHA-224, 256, 384, 512) B-
571: (SHA-224, 256, 384, 512) )
Signature Verification CURVES( P-192: (SHA-1, 224, 256, 384, 512) P-
224: (SHA-1, 224, 256, 384, 512) P-256: (SHA-1, 224, 256, 384, 512)
P-384: (SHA-1, 224, 256, 384, 512) P-521: (SHA-1, 224, 256, 384,
512) K-163: (SHA-1, 224, 256, 384, 512) K-233: (SHA-1, 224, 256,
384, 512) K-283: (SHA-1, 224, 256, 384, 512) K-409: (SHA-1, 224,
256, 384, 512) K-571: (SHA-1, 224, 256, 384, 512) B-163: (SHA-1,
224, 256, 384, 512) B-233: (SHA-1, 224, 256, 384, 512) B-283:
#893
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 14/29
(SHA-1, 224, 256, 384, 512) B-409: (SHA-1, 224, 256, 384, 512) B-
571: (SHA-1, 224, 256, 384, 512) )
Application-Specific Key Derivation Functions (ASKDF) SP800-135
SSH: (SHA 1) SHA
TLS: (TLS1.2 (SHA 256)) SHA HMAC
#835
Table 5 – Approved Algorithm Implementations
2.3 SRCM non-Approved but Allowed Algorithms
The module supports the following non-FIPS approved algorithms which are:
 Diffie-Hellman (key agreement; key establishment methodology provides
between 112 and 150 bits of encryption strength; non-compliant less
than 112 bits of encryption strength)
 NDRNG
2.4 SRCM Interfaces
The physical ports used by SRCM within SR-OS are the same as those available
on the system which is running SR-OS per the platforms specified in the
previous section. The logical interface is a C-language application program
interface (API).
The Data Input interface consists of the input parameters of the API
procedures and includes plaintext and/or cipher text data.
The Data Output interface consists of the output parameters of the API
procedures and includes plaintext and/or cipher text data.
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 15/29
The Control Input interface consists of API functions that specify commands
and control data used to control the operation of the module. The API may
specify other functions or procedures as control input data.
The Status Output includes the return status, data and values associated with
the status of the module.
The module provides logical interfaces to the other services within SR-OS and
those other SR-OS services use the following logical interfaces for
cryptographic functions: data input, data output, control input, and status
output.
Interface Description
Data Input API input parameters including plaintext and/or cipher text
data
Data Output API output parameters including plaintext and/or cipher text
data
Control Input API procedure calls that may include other function calls as
input, or input arguments that specify commands and
control data used to control the operation of the module.
Status Output API return code describing the status of SRCM
Table 6 – FIPS 140-2 Logical Interface Mappings
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 16/29
3. SRCM ROLES AND SERVICES
The SRCM meets all FIPS 140-2 level 1 requirements for Roles and Services,
implementing support for both the Crypto Officer and User roles within the
SRCM. The support for both Crypto Officer and User roles within the SRCM is
classed as a process. As allowed by FIPS 140-2, the SRCM does not support
user authentication for these roles, which is handled by the SR-OS system
implementing SRCM. Only one role may be using the SRCM at a time and the
module does not allow concurrent operators to access the SRCM.
The User and Crypto Officer roles are implicitly assumed by the entity
accessing the services implemented by the SRCM:
 Installation and initialization of the SRCM which is embedded in the SR-
OS image and installed on the SR-OS platforms is assumed implicitly as
the Crypto Officer when installation and initialization occurs.
The services available by the SRC in FIPS mode to the Crypto Officer and User
roles consist of the following:
Services Access Critical Security Parameters Crypt
o
Office
r
User
Encryption Execute Symmetric keys AES, Triple-DES X X
Decryption Execute Symmetric keys AES, Triple-DES X X
Hash (HMAC) Execute HMAC SHA keys X X
Key generation Write/execute Symmetric key AES, Triple-DES,
Asymmetric RSA, DSA, Diffie-
X X
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 17/29
Hellman public and private keys
Key agreement Execute DH public/private key X X
Perform Self-Tests Execute/read NA X X
DRBG Execute Seed input X X
Show Status Execute NA X X
Signature signing Execute Asymmetric private key DSA, RSA X X
Signature
verification
Execute Asymmetric public key DSA, RSA,
ECDSA
X X
Zeroization Execute Symmetric key, asymmetric key,
HMAC-SHA keys, seed key, seed
X X
Module
Initialization
Execute All CSPs X
Table 7 – Module Services
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 18/29
4. PHYSICAL SECURITY
The module obtains its physical security from any platform running SR-OS with
production grade components and standard passivation as allowed by FIPS
140-2 level 1.
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 19/29
5. OPERATIONAL ENVIRONMENT
The SRCM was tested on the following platforms that represent the required
HW components that runs SR-OS and the SRCM.
Hardware Running SRCM Platform used
for testing and
validation
1.5Ghz 10 core CPU on CPM-7950 XRS-20 CPM 7950 XRS-20
1.5Ghz 10 core CPU on CPM-7950 XRS-16 CPM 7950 XRS-16c
1.5Ghz 10 core CPU on CPM-7750 SR CPM5 7750 SR-12e
750Mhz 10 core CPU on CFP-7750 SR-c12 CFM-
XP-B
7750 SR-c12
800Mhz 6 core CPU on CPM-7750 SR-a 7750 SR-a4
1.3Ghz 10 core CPU on CPM-7750 SR-e 7750 SR-e
Table 8 – Hardware and Platforms Used to Test Module
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 20/29
6. KEY TABLE
6.1 Keys/CSPs Algorithms In FIPS-140-2 Mode
The following keys and CSPs are available when running in FIPS-140-2 mode
for the SRCM:
Key or
CSP
Usage
(Service)
Storage Generation/Input Zeroization Access
Role
(R,W,X)
Triple DES SSHv1 DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
Triple
DES-CBC
SSHv2, TLS,
AA Local List
File
DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
AES-256-
CTR
SSHv2, TLS,
Secure Copy
DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
AES-192-
CTR
SSHv2, TLS,
Secure Copy
DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
AES-128-
CTR
SSHv2, TLS
Secure Copy
DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
AES-128-
CBC
SSHv2, TLS,
Secure Copy
DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
Triple
DES-CBC
SSHv2, TLS,
Secure Copy
DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
AES-192- SSHv2, TLS, DRAM Approved DRBG, Reboot, R, W, X
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 21/29
CBC Secure Copy
(plaintext)
API parameter Command
AES-256-
CBC
SSHv2, TLS,
Secure Copy
DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
HMAC-
SHA-1
OSPF, IS-IS,
RSVP, SSHv2,
TLS, Software
Integrity
Non-Volatile
memory
(Obfuscated)
Operator –
Manually
Command R, W
HMAC-
SHA-256
OSPF, IS-IS,
Python Script
Authentication
Non-Volatile
memory
(Obfuscated)
Operator –
Manually
Command R, W
AES-128-
CFB
SNMP Non-Volatile
memory
(Obfuscated)
Operator –
Manually
Command R, W
RSA Public
Key
SSHv2, TLS,
IPv6 Neighbor
Discovery
Protocol
Non-Volatile
memory
(Obfuscated)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
RSA
Private
Key
SSHv2,TLS,
IPv6 Neighbor
Discovery
Protocol
Non-Volatile
memory
(Obfuscated)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
DSA Public
Key
SSHv2, TLS Non-Volatile
memory
(Obfuscated)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
DSA
Private
Key
SSHv2, TLS Non-Volatile
memory
(Obfuscated)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
ECDSA SSHv2 Non-Volatile Operator - Reboot, R, W, X
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 22/29
Public Key memory
(Obfuscated)
Manually Command
Diffie-
Hellman
Private
Key
SSHv2, TLS DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
Diffie-
Hellman
Public Key
SSHv2, TLS DRAM
(plaintext)
Approved DRBG,
API parameter
Reboot,
Command
R, W, X
DRBG
Seed
Key
generation
DRAM
(plaintext)
Internally
Generated
Reboot R, W
DRBG
Entropy
Key
generation
DRAM
(plaintext)
Internally
Generated
Reboot R, W
DRBG ‘V’
Value
Key
generation
DRAM
(plaintext)
Internally
Generated
Reboot R, W
DRBG
‘Key’
Value
Key
generation
DRAM
(plaintext)
Internally
Generated
Reboot R, W
Table 9 – Cryptographic Keys and CSPs
Access roles include “R”- Read, “W” – Write, and “X” – Execute.
The SSH, TLS, IPv6 and SNMP protocols have not been reviewed or tested by
the CAVP or CMVP.
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 23/29
7. EMC/EMI (FCC COMPLIANCE)
The XRS/SR/ESS chassis where the CPM, SR-OS and SRCM runs were tested
and found conformant to the EMI/EMC requirements specified by 47 Code of
Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital
Devices, Class A (business use).
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 24/29
8. SELF TESTS
8.1 Self Tests on the CPM
When FIPS-140-2 mode is enabled the node performs the following startup
tests:
 Firmware integrity check on startup using HMAC-SHA-1
 Triple-DES encrypt KAT
 Triple-DES decrypt KAT
 AES encrypt KAT
 AES decrypt KAT
 HMAC SHA-1 KAT, HMAC SHA-224 KAT, HMAC-SHA-256 KAT, HMAC
SHA-384 KAT, HMAC SHA-512 KAT
 SHA-1 KAT, SHA-224 KAT, SHA-256 KAT, SHA-384 KAT, SHA-512 KAT
 RSA sign and verify
 ECDSA verify test
 A DSA pairwise consistency test
Should any of these tests fail, the SRCM does not allow the node to continue
booting the image. An error is displayed on the console port that indicates the
failed test and the SRCM forces a reboot to attempt the self-tests again.
8.1.1 Cryptographic DRBG Startup Test
A known answer test is used by the DRBG on startup (by using a known seed).
If the startup test fails then an error message is printed on the console and the
node will attempt the boot sequence again.
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 25/29
8.1.2 RSA Startup test
SRCM performs an initial startup test with a known public key, a known digital
signature and a test that verifies it can perform a proper verification of the
known signature with the known public key. If the SRCM fails to successfully
perform this startup test, then a message is printed on the console, the SRCM
causes the node to reboot and tries to perform all the startup tests successfully
again from the beginning.
8.2 Conditional Test on the CPM
When FIPS-140-2 mode is enabled the node performs the following conditional
self tests during normal operation of the node:
 Manual Key Entry Tests
 Pairwise Consistency Test for RSA / DSA
 Continuous Random Number Generator Test (CRNGT)
Descriptions of the tests are described in the following sections.
SRCM Failure
When a Conditional Test (e.g. the pairwise consistency tests or the CRNGT
test) fails, then the SRCM is considered as failed. The node will print a
message on the console that indicates that the SRCM has failed.
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 26/29
9. FIPS-140 USER GUIDANCE
The following sections described the SR-OS user guidance for configuring the
XRS/SR/ESS systems where the SRCM is embedded and accessed by SR-OS.
9.1 FIPS-140-2 Mode Configuration
To enable FIPS-140-2 on the XRS/SR/ESS a configurable parameter is available
in the bof.cfg file. When configured in the bof.cfg, the node boots in FIPS-140-
2 mode and the following behaviors are enabled on the node:
 Only FIPS-140-2 approved algorithms (except for two-key Triple-DES
and Diffie-Hellman with key sizes less than 2048 bits) are available for
encryption and authentication for any cryptographic function on the CPM
where SR-OS and the SRCM reside
 Two-key Triple-DES and Diffie-Hellman with non-compliant key sizes
must not be used in FIPS mode; otherwise the module will enter a non-
FIPS mode.
 Startup tests are executed on the CPM when the node boots
 Conditional tests are executed when required during normal operation
(e.g. manual key entry test, pairwise consistency checks and RNG tests)
The current state of the bof and the parameters used for booting can be
verified with the following CLI commands:
*A:bkvm12>show bof
*A:bkvm12>show bof booted
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 27/29
Note the FIPS-140-2 parameter in the bof.cfg does not take effect until the
node has been rebooted. When running in FIPS mode the system will display a
value in the system command that indicates this is the case.
9.2 Configurations Not Allowed when running in FIPS-140-2 Mode
When the node is configured in FIPS-140-2 mode the following disallowed
algorithms are visible in CLI but not available. The User must not configure
the following algorithms and functions when running in FIPS-140-2 mode or
reverse the configuration steps in Section 9.1:
 MD5
o SNMP, OSPF, BGP, LDP, NTP authentication, multi-chassis
redundancy
 HMAC-MD5
SNMP, IS-IS, RSVP
 HMAC-MD5-96
o SNMP
 HMAC-SHA-1-96
o SNMP, OSPF, BGP, LDP
 AES-128-CMAC-96
o BGP, LDP
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 28/29
9.3 Non-FIPS-140-2 Mode
During operation, the module can switch modes on a service-by-service basis
between an Approved mode of operation and a non-Approved mode of
operation. The module will transition to the non-Approved mode of operation
when the “Key agreement” service is invoked using non-compliant Diffie-
Hellman key sizes (less than 2048 bits). This includes key sizes of 512 and
1024 bits. The module will also transition to the non-Approved mode of
operation when the “Encryption” service is invoked using Two-key Triple DES.
This is the same implementation that received CAVP certificate #2198. The
module transitions back to the Approved mode of operation upon the utilization
of an Approved security function.
The module supports the Crypto Officer and User roles while in the non-
Approved mode of operation.
Table 10 below lists the service(s) available in the non-Approved mode of
operation.
Services Access Critical Security Parameters Crypto
Officer
User
Encryption
(non-compliant
when using Two-
key Triple DES)
Execute Triple-DES X X
Key agreement
(non-compliant)
Execute DH public/private key X X
Table 10 – Non-Approved Services
7x50 Series FIPS-140-2 Security Policy
Version 2.12 Copyright 2016 © Nokia
Nov. 3, 2016 This document may be freely reproduced and distributed whole and intact including this copyright
notice.
Page 29/29
10. REFERENCES
[FIPS 140-2] FIPS PUB 140-2, Security Requirements for Cryptographic Modules, May
25, 2001, CHANGE NOTICES (12-03-2002).
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
[FIPS 140-2 DTR] Derived Test Requirements for FIPS PUB 140-2, Security Requirements
for Cryptographic Modules, January 4, 2011 Draft.
http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-
2/FIPS1402DTR.pdf
[FIPS 140-2 IG] Implementation Guidance for FIPS PUB 140-2 and the Cryptographic
Module Validation Program, May 2, 2012.
http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-
2/FIPS1402IG.pdf