Network Router User's Manual

5 Cryptographic Algorithms

FIPS-approved cryptographic algorithms have been implemented in hardware and firmware.

The firmware supports the following cryptographic implementations.

 ArubaOS OpenSSL AP Module implements the following FIPS-approved algorithms:

o AES (Cert. #1851)

o HMAC (Cert. #1099)

o RNG (Cert. #970)

o RSA (Cert. #934)

o SHS (Cert. #1628)

o Triple-DES (Cert. #1199)

 ArubaOS Module implements the following FIPS-approved algorithms:

o AES (Cert. #1850)

o HMAC (Cert. #1098)

o RNG (Cert. #969)

o RSA (Cert. #933)

o SHS (Cert. #1627)

o Triple-DES (Cert. #1198)

 ArubaOS UBOOT Bootloader implements the following FIPS-approved algorithms:

o RSA (Cert. #935)

o SHS (Cert. #1629)

Hardware encryption acceleration is provided by Cavium Octeon 5010 for bulk cryptographic operations

for the following FIPS-approved algorithms:

 AES (Cert. #861)

 HMAC (Cert. #478)

 SHS (Cert. #856)

 Triple-DES (Cert. #708)

Non-FIPS Approved Algorithms

The cryptographic module implements the following non-approved algorithms that are not permitted for

use in the FIPS 140-2 mode of operations:

 MD5

In addition, within the FIPS Approved mode of operation, the module supports the following allowed key

establishment schemes:

Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)