Specifications

ManualsBrandsBrocade Communications Systems ManualsSwitch800

Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.8.00

Security Target Version 0.4, March 31, 2015

Page 41 of 49

6.2 Cryptographic support

The TOE includes a FIPS 140 certified crypto module providing supporting cryptographic functions. The evaluated

configuration requires that the TOE be configured in Common Criteria mode to ensure FIPS certified functions are

used.

The following functions have been FIPS certified in accordance with the identified standards.

Functions

Standards

Cert

MLXe MR2

CER 2000

CES 2000

Encryption/Decryption

 AES CBC (128 and 256 bits)

FIPS Pub 197

NIST SP 800-38A

2717

2715

Cryptographic signature services

 RSA Digital Signature Algorithm

(rDSA) (modulus 2048)

FIPS Pub 186-2

1413

1411

Cryptographic hashing

 SHA-1, SHA-256, SHA-384, and

SHA-512 (digest sizes 160, 256,

384, and 512 bits)

FIPS Pub 180-3

2282

2280

Keyed-hash message authentication

 HMAC-SHA-1(digest size 160)

FIPS Pub 198-1

FIPS Pub 180-3

1696

1694

Random bit generation

 CTR_DRBG with sw based noise

sources with a minimum of 256

bits of non-determinism

NIST SP 800-90

454

452

Key Derivation Functions

 TLS and SSH

NIST SP 800-135

175

173

Table 5 Cryptographic Functions

While the TOE generally fulfills all of the NIST SP 800-56B requirements without extensions, the following table

specifically identifies the “should”, “should not”, and “shall not” conditions from the publication along with an

indication of how the TOE conforms to those conditions.

NIST SP800-56B

Section Reference

“should”, “should not”, or

“shall not”

Implemented?

Rationale for deviation

5.6

Should

Yes

Not applicable

5.8

shall not

Not applicable

5.9

shall not (first occurrence)

Not applicable

5.9

shall not (second occurrence)

Not applicable

6.1

should not

Not applicable

6.1

should (first occurrence)

Yes

Not applicable

6.1

should (second occurrence)

Yes

Not applicable

6.1

should (third occurrence)

Yes

Not applicable

6.1

should (fourth occurrence)

Yes

Not applicable

6.1

shall not (first occurrence)

Not applicable

6.1

shall not (second occurrence)

Not applicable

6.2.3

Should

Yes

Not applicable

6.5.1

Should

Yes

Not applicable