FastIron ICX 7850 Series Switch/Router

FastIron ICX 7850 Series Switch/RouterFIPS 140-2 Non-Proprietary Security Policy Level 1Document Version 1.4November 9, 2020Copyright Ruckus Wireless, Inc. 2020. May be reproduced only in its original entirety [without revision]1

Table of Contents:1Introduction . 62Overview . 63FastIron Firmware . 64ICX 7850 Series . 75Ports and Interfaces . 95.16ICX 7850 Series . 9Modes of Operation . 96.1Module Validation Level . 106.2Roles . 106.3Cryptographic Functionality . 116.4Roles and Services . 146.5User Role Services . 166.5.1SSHv2. 166.5.2SNMP. 176.5.3Console. 176.5.4NTP . 176.6Port Configuration Administrator Role Services . 176.6.1SSHv2. 176.6.2SNMP. 186.6.3Console. 186.6.4NTP . 186.7Crypto Officer Role Services. 186.7.1SSHv2. 186.7.2SCP. 186.7.3SNMP. 196.7.4Console. 196.7.5NTP . 196.8MACsec Peer Role Services . 196.8.17MACsec . 19Policies . 197.1Security Rules . 197.1.1FIPS Fatal Cryptographic Module Failure . 222

7.289Authentication . 227.2.1Line Password Authentication Method . 237.2.2Enable Password Authentication Method . 237.2.3Local Password Authentication Method . 237.2.4RADIUS Authentication Method . 237.2.5Strength of Authentication . 247.2.5.1MACsec Peer Role (only) . 247.2.5.2All other roles (except MACsec Peer Role) . 247.2.6Pre-shared keys Method . 257.2.7Access Control Policy and CSP & Public Key access . 257.2.8CSP Zeroization . 27Description of FIPS Approved Mode . 278.1FIPS Approved Mode . 288.2Displaying Mode Status . 298.3Invoking FIPS Approved Mode . 30Glossary . 3210 Appendix A: Critical Security Parameters . 3310.1SSHv2 & SCP . 3310.2Random Number Generation . 3410.3Passwords & Related Secrets . 3510.4Miscellaneous . 3611 Public Keys . 3911.1Firmware . 3911.2SSHv2. 393

Table of Tables:Table 1 - Firmware Version . 6Table 2 - ICX 7850 Switch Family Part Numbers of Validated Cryptographic Modules . 7Table 3 - ICX 7850 Port mapping to logical interface. 9Table 4 - Security Requirements and Levels . 10Table 5 – FIPS Approved Cryptographic Algorithms allowed in FIPS Approved mode . 13Table 6 - FIPS non-Approved Cryptographic Algorithms available in FIPS Approved Mode . 13Table 7 - Roles, FIPS non-Approved Cryptographic Functions and Protocols only available in non-FIPSApproved Mode . 16Table 8 - Access Control Policy and CSP & Public Key access . 27Table 9 - Access Control Policy and CSP access for MACsec Peer role . 27Table 10 - Glossary . 324

Table of Figures:Figure 1 - Block diagram. 6Figure 2 - ICX 7850 . 85

1 IntroductionICX7850 switch is targeted to enhance the existing ICX (FastIron) core and aggregation solutions, as wellas to increase ICX market share with 100GE, 10GE LRM and 256b MACSEC support. With the 40/100GElinks, 48 port SFP28 models with the support of 10G LRM optics, 256b MACSEC, ICX7850 caters toemerging markets that require massive bandwidth. The support of 25GE transceivers, as well the breakout 100G link to either a 4*10G or 4*25G enables the future proofing of the campus requirements. Thisenvironment is a multi‐chip standalone cryptographic module.2 OverviewThe FIPS 140-2 validation includes hardware devices running the firmware version presented in Table 1.The module meets an overall FIPS 140-2 compliance of Security Level 1 with Design Assurance Level 1.The cryptographic boundary is represented by the opaque enclosure.Table 2 list the devices included in this evaluation.FastIron FirmwareCPU Control &Management PlanePacketprocessingCryptoEngineCrypto boundary & Physical boundaryFigure 1 - Block diagram3 FastIron FirmwareEach of the ICX series runs a different firmware image which is built from the same source code. Thisfirmware image includes the cryptographic functionality described under Section 6. The firmware can bebuilt as an “S” (switch) or an “R” (router) version. The “R” image has Router functionality in addition tothe functionality in the “S” image. The source code for cryptographic module on both images is identicaland is compiled identically.Firmware VersionsIronWare R08.0.90aIronWare R08.0.95aTable 1 - Firmware Versions6

4 ICX 7850 SeriesSKUMFG Part NumberBrief DescriptionICX7850‐32QHW P/N 84-1003423-01,Version 0300ICX7850-48FHW P/N 84-1003425-01,Version 0300ICX7850-48FSHW P/N 84-1003424-01,Version 020032x100G (fiber) Each 100G QSFP28 port supports 40G operation Each 100G QSFP28 port supports 4x25G break-out Use 12 of 32 ports for uplink/stacking48x25G (fiber) 4x100G (fiber uplink) 4x100G(stacking) Each 25G SFP28 port supports 10G and 1G operation Each 100G QSFP28 port supports 4x25G break-outmodular slot. bundle includes one 1000W AC powersupply and one fan, front to back airflow, port modulessold separately.48x10G (fiber, MACSec, LRM) 4x100G (fiber uplink) 4x100G (stacking) Each 10G SFP port supports 10G and 1G operation Each 100G QSFP28 port supports 4x25G break-out PHY-less design for QSFP28 ports Each 10G client port support 256-bit MACSec and LRMup to 220 metersmodular slot bundle includes one 1000W AC powersupply and one fan, front to back airflow, port modulessold separatelyTable 2 - ICX 7850 Switch Family Part Numbers of Validated Cryptographic Modules7

Figure 2 illustrates the ICX7850‐32Q, ICX7850-48F, ICX7850-48FS.Figure 2 - ICX 7850 (Front)8

5 Ports and Interfaces5.1 ICX 7850 SeriesAn ICX 7850 device provides network ports, management connectors, and status LED. This sectiondescribes the physical ports and the interfaces that provide for Data Input, Data Output, Control Input,and Status Output.The ICX 7850 devices provide a range of physical network ports. The series supports both copper andfiber connectors. The ICX 7850 device has one RJ-45 network management port, one mini USB serialmanagement port, and one USB storage port on the front panelTable 3 shows the correspondence between the physical interfaces of an ICX 7850 device and the logicalinterfaces defined in FIPS 140-2.Physical PortSFP portsQSFP ports10/100/1000 Mbps RJ-45 portsAC socketDC socketConsole PortOut of band management portResetLEDUSB type-A portLogical InterfaceData input/Data output, Status outputData input/Data output, Status outputData input/Data output, Status outputPowerPowerData input, Control input, Status outputData input, Status outputControl inputStatus outputThis port is permanently disabledTable 3 - ICX 7850 Port Mapping to Logical Interface6 Modes of OperationICX 7850 devices have two (2) modes of operation: FIPS Approved mode and non-Approved mode.Section 6.3 describes services and cryptographic algorithms available in FIPS-Approved mode. In nonFIPS Approved mode, the module runs without these FIPS policy rules applied. Section 8.3 FIPSApproved Mode describes how to invoke FIPS Approved mode. Before the module has been invokedinto the FIPS Approved mode for the first time, the module is in an initial non-compliant state. Poweron Self-Tests (POSTs), other than the Firmware Integrity Test, do not run in this initial state. Once theFIPS Approved mode is invoked, self-tests will continue to run in both the FIPS Approved mode and nonFIPS Approved mode.9

6.1 Module Validation LevelThe module meets an overall FIPS 140-2 compliance of Security Level 1 with Design Assurance Level 1Security Requirements SectionCryptographic Module SpecificationCryptographic Module Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key ManagementElectromagnetic Interference/Electromagnetic Compatibility(EMI/EMC)Self-TestsDesign AssuranceMitigation of Other AttacksLevel11111N/A1111N/ATable 4 - Security Requirements and Levels6.2 RolesIn FIPS Approved mode, the cryptographic modules support four (4) roles: Crypto Officer, PortConfiguration Administrator, User Role, MACsec Peer:1. Crypto Officer Role (Super User): The Crypto Officer Role on the device in FIPS Approved mode isequivalent to the administrator role super-user in non-FIPS mode. The Crypto Officer Role hascomplete access to the system. The Crypto Officer is the only role that can perform firmwareloading.2. Port Configuration Administrator Role (Port Configuration): The Port ConfigurationAdministrator Role on the device in FIPS Approved mode is equivalent to a port configurationuser in non- FIPS Approved mode. Hence, the Port Configuration Administrator Role has readand-write access for configuring specific ports but not for global (system-wide) parameters.3. User Role (Read-Only): The User Role on the device in FIPS Approved mode has read-onlyprivileges and no configuration mode access (user).4. MACsec Peer - A peer device which establishes a MACsec connection with the cryptographicmodule using AES GCM 128-bit pre-shared key.The User role has read-only access to the cryptographic module while the Crypto Officer Role has accessto all device commands. The cryptographic modules do not have a maintenance interface ormaintenance role.Section 7.2 describes the authentication policy for user roles.10

6.3 Cryptographic FunctionalityTable 5 summarizes the available FIPS Approved cryptographic functions.Table 6 lists cryptographic functions that while not FIPS Approved are allowed in FIPS Approved mode ofoperation.LabelAESCryptographic AlgorithmsCert.[FIPS 197] Advanced Encryption AlgorithmEncryption, Decryption, MAC Generate & VerifyModes: ECB(128,192,256 bits)*, CBC(128,192,256 bits), CMAC(128bits), CFB (128 bits), and CTR (128,192,256 bits)5023*Tested only as a prerequisite for other algorithms.Please note that AES-KW has been tested for AES #5023, but it is not used.AES implemented forMacSec in BCM82756[FIPS 197] Advanced Encryption AlgorithmEncryption, Decryption, MAC Generate & VerifyModes: ECB(128,256 bits)*, GCM(128,256 bits)4550*Tested only as a prerequisite for other algorithms.Please note that other operations have been tested for AES #4550 but are notused.CVL[SP 800-135] Application Specific Key Derivation FunctionsSNMPv3 KDF, SSHv2 KDF, *TLSv1.0/1.1 KDF, *TLSv1.2 KDFPlease note that the CAVP and CMVP do not examine this module’simplementations of the above protocols.1568*Tested but not used in the approved mode of operation.DRBG[SP 800-90A] Deterministic Random Bit GeneratorsVariants:CTR DRBG with AES-256 (with PR and DF)1838Please note that HASH DRBG was tested but is not used.DSA[FIPS 186-4] Digital Signature AlgorithmKey Generation*Size: DSA-2048*DSA-2048 Key Generation was tested only as a prerequisite to Diffie Hellman keyexchange (see “DH KA” in the table below).1319Please note that other operations have been tested but are not used. (Pleaserefer to DSA Cert. #1319 for details.)11

HMAC[FIPS 198-1] Keyed-Hash Message Authentication codeMAC Generate & VerifyVariants:3337HMAC-SHA-1 (96, 160-bit tag)HMAC-SHA-256 (128, 192, 256-bit tags)HMAC-SHA-384 (192-bit tag)KBKDF[SP800-108] Key-Based KDFVariant: KDF in Counter Mode, using AES-128-CMAC as PRFKTS167[SP800-38F §3.1]Functions: Key Wrap, Key UnwrapVariants:AES#5023;AES-128-CTR and HMAC-SHA-1AES-256-CTR and HMAC-SHA-1HMAC#3337AES-128-CBC and HMAC-SHA-1AES-128-CBC and HMAC-SHA-256AES-256-CBC and HMAC-SHA-1AES-256-CBC and HMAC-SHA-256RSA[FIPS 186-4]Rivest ShamirAdlemanSignatureAlgorithmKeyGenerationSize: RSA-2048* SHA-1 is usedfor protocolspecificsignaturegeneration andlegacy Size: RSA-2048Hashes: *SHA1, SHA-256,SignatureVerificationSizes: RSA1024, RSA2048Hashes: *SHA1, SHA-256,SHA-384, SHA512SignatureGenerationSize: RSA-2048Hashes: *SHA1, SHA-224,SHA-256, SHA384, SHA-512PKCS 1.5270812