HPE 6125XLG Blade Switches FIPS 140-2 Non-Proprietary Security Policy Security Level 1 Validation Version 1.09 June 2016 Copyright Hewlett Packard Enterprise Development Company,L.P 2014, May be reproduced only in its original entirety [without revision]. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 1 of 43 Revision Record Date Revision Version Change Description Author 2014-03-17 1.00 Initial draft HPE 2014-06-10 1.01 Updates based on ACTT HPE 2014-09-05 1.02 Updates based on ACTT 082814 HPE 2014-12-02 1.03 Updates based on Leidos comments HPE 2015-03-20 1.04 Updates based on CMVP comments HPE Updates based on 5900CP and 12910 2016-01-08 1.05 HPE Switch Series evaluation 2016-03-02 1.06 Changed HMAC MD5 to HMAC-MD5 HPE In table 8, change Triple-DES to DES 2016-03-23 1.07 HPE In Table 9, change the DSA private key size from 2048 to 256 bits. Removed RSA Key Agreement for Table 2016-05-10 1.08 HPE 7 Add NDRNG to Table 7. Remove Triple- 2016-06-02 1.09 HPE DES from table 6. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 2 of 43 Table of Contents 1 Introduction .................................................................................................................................... 8 2 Overview ......................................................................................................................................... 9 2.1 Comware Switch Block Level Diagram ............................................................................... 10 2.2 HPE 6125XLG Switch ......................................................................................................... 12 2.2.1 Product overview ...................................................................................................... 12 2.2.2 Test Modules ............................................................................................................ 13 3 Security Appliance Validation Level .......................................................................................... 14 4 Physical Characteristics and Security Appliance Interfaces .................................................. 15 4.1 HPE 6125XLG Switch ......................................................................................................... 15 4.2 Physical Interfaces Mapping ............................................................................................... 15 5 Roles, Services, and Authentication ......................................................................................... 17 5.1 Roles ................................................................................................................................... 17 5.2 Services .............................................................................................................................. 18 5.2.1 Crypto Officer Services ............................................................................................ 18 5.2.2 User Services ........................................................................................................... 21 5.2.3 Unauthenticated Services ........................................................................................ 24 5.2.4 Non-Approved Services ........................................................................................... 24 5.3 Authentication Mechanisms ................................................................................................ 24 6 Cryptographic Algorithms .......................................................................................................... 27 6.1 FIPS Approved Cryptographic Algorithms .......................................................................... 27 6.2 FIPS Allowed Cryptographic Algorithms ............................................................................. 28 6.3 Non-FIPS Approved Cryptographic Algorithms .................................................................. 28 7 Cryptographic Key Management ............................................................................................... 30 7.1 Cryptographic Security Parameters .................................................................................... 30 7.2 Access Control Policy ......................................................................................................... 33 8 Self-Tests ...................................................................................................................................... 37 8.1 Power-On Self-Tests ........................................................................................................... 37 8.2 Conditional Self-Tests ......................................................................................................... 38 9 Delivery and Operation ............................................................................................................... 39 9.1 Secure Delivery ................................................................................................................... 39 9.2 Secure Operation ................................................................................................................ 39 10 Physical Security ....................................................................................................................... 41 11 Mitigation of Other Attacks ....................................................................................................... 42 12 Documentation References ...................................................................................................... 43 12.1 Obtaining documentation .................................................................................................. 43 12.2 Technical support .............................................................................................................. 43 FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 3 of 43 FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 4 of 43 TABLE OF TABLES Table 1 Validation Level by Section ........................................................................................................ 14 Table 2 Correspondence between Physical and Logical Interfaces ....................................................... 15 Table 3 Roles and Role description ......................................................................................................... 17 Table 4 Crypto officer services ................................................................................................................ 18 Table 5 user service ................................................................................................................................ 21 Table 6 FIPS-Approved Cryptography Algorithms .................................................................................. 27 Table 7 FIPS-Allowed Cryptography Algorithms ..................................................................................... 28 Table 8 Non-FIPS Approved Cryptography Algorithms........................................................................... 28 Table 9 Cryptographic Security Parameters............................................................................................ 30 Table 10 Access by Service for Crypto Officer ........................................................................................ 33 Table 11 Access by Service for User role ............................................................................................... 34 Table 12 Power-On Self-Tests ................................................................................................................ 37 Table 13 Conditional Self-Tests .............................................................................................................. 38 FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 5 of 43 FIPS 140-2 Non-Proprietary Security Policy for the HPE Networking Switches Keywords: Security Policy, CSP, Roles, Service, Cryptographic Module List of abbreviations: Abbreviation Full spelling AAA Authentication, Authorization, and Accounting AES Advanced Encryption Standard CF Compact Flash CLI Command Line Interface CMVP Cryptographic Module Validation Program CSP Critical Security Parameter DES Data Encryption Standard DOA Dead on arrival FCoE Fibre Channel over Ethernet Federal Information Processing Standard FIPS HMAC Hash-based Message Authentication Code HTTP Hyper Text Transfer Protocol IRF Intelligent Resilient Framework KAT Known Answer Test LED Light Emitting Diode LPU Line Processing Unit MAC Message Authentication Code MAN Metropolitan Area Network MPU Main Processing Unit NIST National Institute of Standards and Technology OAA Open Application Architecture OAP Open Application Platform PSU Power Supply Unit RADIUS Remote Authentication Dial In User Service Random Access Memory RAM RSA Rivest Shamir and Adleman method for asymmetric encryption Small Form-Factor Plugable SFP FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 6 of 43 Abbreviation Full spelling Enhanced Small Form-Factor Pluggable SFP+ Secure Hash Algorithm SHA SRPU Switching and routing processor unit Secure Sockets Layer SSL XFP 10 Gigabit Small Form-Factor Pluggable FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 7 of 43 1 Introduction This document is a non-proprietary Cryptographic Module Security Policy for the HPE 6125XLG blade switch. The policy describes how the HPE 6125XLG switch meets the requirements of FIPS 140-2. This document also describes how to configure the HPE 6125XLG switch in FIPS 140-2 mode. This document was prepared as part of the FIPS 140-2 Security Level 1 validation. FIPS 140-2 standard details the U.S. Government requirements for cryptographic security appliances. More information about the standard and validation program is available on the NIST website at csrc.nist.gov/groups/STM/cmvp/. This document includes the following sections:  Overview  Security Appliance Validation Level  Physical Characteristics and Security Appliance Interfaces  Roles, Services and Authentication  Cryptographic Algorithms  Cryptographic Key Management  Self-Tests  Delivery and Operation  Physical Security Mechanism  Mitigation of Other Attacks  Obtaining Documentation and Technical Assistance FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 8 of 43 2 Overview The HPE 6125XLG blade switch module is suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large- scale industrial networks and campus networks. The switch is based on the Comware Version 7.1.045 platform. The HPE 6125XLG blade switch module is being validated as a multi-chip embedded module at FIPS 140-2 Security Level 1. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 9 of 43 2.1 Comware Switch Block Level Diagram Cryptographic Module Management Service Communication Service M1 M2 C4 C3 Security Function D2 I2 C2 Authorize C1 I1 A2 A3 Authorize A1 Forwarding Function Authorize ACL Firmware Hardware Authorize D1 Network user/IT entity Administrator FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 10 of 43 Figure 1 Security Architecture Block Diagram The cryptographic module provides the following services externally: 1. Management: supports various login methods and configuration interfaces for managing the system. 2. Communication: supports interoperation between the communication protocols at different layers in the protocol stack, such as 802.3, PPP, and IP, and uses the forwarding function to receive/send packets for the local device and forward packets for other devices. To ensure security, the security function provides appropriate access control for the cryptographic module to identify and authenticate the external entities attempting to access them, and authorize the external entities that pass the identification and authentication. The access control function also records the external entities’ accesses to the services, such as the beginning time and end time of a visit. The figure above shows how administrators (crypto officer, user role) and network users access a cryptographic module service. M2: The administrator accesses the management service to configure the security function. M1: The administrator accesses the management service to configure the communication service. C1: The security function issues the forwarding control ACL or other control measures to the forwarding function for security processing like packet filtering. D2: The communication service uses the forwarding function to receive and send packets for the local device. C2: The communication service issues routing entries or MAC address entries to the forwarding function for forwarding packets for other devices. A1: The administrator connects to a physical management interface (the console for example) of the cryptographic module to access the system management access control service of the security function. If the access succeeds, the l1 access to the management service is authorized. The security function uses the C3 authorization action to authorize the administrator administrative roles. I1: The administrator accesses the management service through the physical management interface. A2: The administrator connects to a network interface (such as an Ethernet interface) of the cryptographic module to access the system management access control service of the security function. If the access succeeds, the I2 access to the management service is authorized. I2: The administrator accesses the management service through the network interface. A3: A network user connects to a network interface of the cryptographic module to access the communication access control service of the security function. If the access succeeds, D1/D2 are authorized. The security function uses the C4 authorization action to authorize the network user the communication service access privilege, namely, the network access privilege. D1: Forwarding packets for the network user. To facilitate cryptographic module management, the administrator is allowed to access the system management service by remote login through a network interface. To prevent the authentication data of the administrator (such as the username and password) from being FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 11 of 43 intercepted and prevent the operation commands from being tampered, the cryptographic module provides the SSH2/HTTPS for secure remote management. For the management service, the cryptographic module defines predefined roles and custom user roles, which service differs as result of different access permissions. Each user can switch to a different user role without reconnecting to the device. To switch to a different user role, a user must provide the role switching authentication information. The authentication is role-based. All users can be authenticated locally, and optionally supports authentication via a RADIUS and TACACS+ server. If needed, IPSec can be configured to protect the network data. No external programs can take control of the cryptographic module, because the cryptographic module does not provide the general-purpose computing service. This ensures the absolute control of the cryptographic module. 2.2 HPE 6125XLG Switch 2.2.1 Product overview The HPE 6125XLG Ethernet Blade Switch is the next generation Ethernet blade switch from HPE Networking. Built with the enterprise data center in mind, the HPE 6125XLG is architected to deliver 880G of switching performance for the most demanding applications. The HPE 6125XLG is based on HPE Comware Version 7.1.045 network operating system, which delivers enterprise grade resiliency The 6125XLG is designed for data center convergence with full support for IEEE Data Center Bridging (DCB) for lossless Ethernet, and Fibre Channel over Ethernet (FCoE) protocols. With support for IETF industry standard TRILL (Transparent Interconnection of Lots of Links), the HPE 6125XLG delivers loop free large Layer 2 networks with multi-path support. With HPE's Intelligent Resilient Framework (IRF) multiple switches can be virtualized and managed as a single entity with HPE's Intelligent Management Center (IMC). The HPE 6125XLG is the industry's first blade switch with VEPA (Virtual Ethernet Port Aggregation) support, enabling customers to unify the management of their physical and virtual networks. Combine these features with Virtual Application Network (VAN) and your data center provides the benefits of versatility of a true Virtualized Network. HPE 6125XLG Ethernet Blade Switch provides flexibility, versatility, and resiliency making it the optimal choice for any blade switching environment. The HPE 6125XLG Ethernet Blade Switch has Four (4) 40 GbE (QSFP+) ports, Eight (8) 10 GbE (SFP+) ports, and 1 Console port to front panel, and 16 10 GbE internal ports to backplane, which connect to each of 16 servers in C7000 Blade System. It also has 4 10GbE cross- connect ports. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 12 of 43 2.2.2 Test Modules Testing included one model in the HPE 6125XLG switch: Part Number Module Name HPE 6125XLG Blade Switch (4 QSFP+ and 8 SFP+ uplink ports, 16 10G 711307-B21 KR2 downlink ports, and 4 10G cross-connect ports) FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 13 of 43 3 Security Appliance Validation Level The following table lists the level of validation for each area in the FIPS PUB 140-2. Table 1 Validation Level by Section No. Area Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 3 4 Finite State Model 1 5 Physical Security 1 6 Operational Environment N/A 7 Cryptographic Key management 1 8 Electromagnetic Interface/Electromagnetic Compatibility 1 9 Self-Tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A 12 Overall Level 1 FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 14 of 43 4 Physical Characteristics and Security Appliance Interfaces 4.1 HPE 6125XLG Switch The HPE 6125XLG Ethernet Blade Switch is the next generation Ethernet blade switch from HPE Networking. Built with the enterprise data center in mind, the HPE 6125XLG is architected to deliver 880G of switching performance for the most demanding applications. The HPE 6125XLG is based on HPE Comware Version 7.1.045 network operating system, which delivers enterprise grade resiliency The 6125XLG is designed for data center convergence with full support for IEEE Data Center Bridging (DCB) for lossless Ethernet, and Fibre Channel over Ethernet (FCoE) protocols. With support for IETF industry standard TRILL (Transparent Interconnection of Lots of Links), the HPE 6125XLG delivers loop free large Layer 2 networks with multi-path support. With HPE's Intelligent Resilient Framework (IRF) multiple switches can be virtualized and managed as a single entity with HPE's Intelligent Management Center (IMC). The HPE 6125XLG is the industry's first blade switch with VEPA (Virtual Ethernet Port Aggregation) support, enabling customers to unify the management of their physical and virtual networks. Combine these features with Virtual Application Network (VAN) and your data center provides the benefits of versatility of a true Virtualized Network. HPE 6125XLG Ethernet Blade Switch provides flexibility, versatility, and resiliency making it the optimal choice for any blade switching environment. The HPE 6125XLG Ethernet Blade Switch has Four (4) 40 GbE (QSFP+) ports, Eight (8) 10 GbE (SFP+) ports, and 1 Console port to front panel, and 16 10 GbE internal ports to backplane, which connect to each of 16 servers in C7000 Blade System. It also has 4 10GbE cross- connect ports. http://h18000.www1.hp.com/products/quickspecs/14612_na/14612_na.pdf describes the ports in detail along with the interpretation of the LEDs. 4.2 Physical Interfaces Mapping The physical interfaces provided by the HPE Networking products map to four FIPS 140-2 defined logical interface: data input, data output, control input and status output. Table 2 presents the mapping. Table 2 Correspondence between Physical and Logical Interfaces Physical Interface FIPS 140-2 Logical Interface Networking ports Data Input Interface Console port Management Ethernet port CF card slot Networking ports Data Output Interface FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 15 of 43 Physical Interface FIPS 140-2 Logical Interface Console port Management Ethernet port CF card slot Networking ports Control Input Interface Console port Management Ethernet port Power switches Reset Switch Port status LED mode switching button Networking ports Status Output Interface Console port Management Ethernet port LEDs Power Slot Power Interface Backplane FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 16 of 43 5 Roles, Services, and Authentication 5.1 Roles The HPE Networking switches provide 18 predefined roles and 64 custom user roles. There are 16 roles (Table 3) in the device that operators may assume: network-admin, level-15 and security-audit which are the FIPS Crypto-Officer Role, network-operator, level 0 ~ level 14 and 64 custom user roles which are defined as the FIPS User Role. Table 3 presents the roles and roles description. The devices allow multiple management users to operate the appliance simultaneously. The HPE Networking switches do not employ a maintenance interface and do not have a maintenance role. Table 3 Roles and Role description FIPS Role Comware Role Role Description Name  Crypto-Officer Accesses all features and resources in the system, except network-admin for the display security-logfile summary, info-center security- logfile directory, and security-logfile save commands. level-15 Has the same rights as network-admin Level-9 Has access to all features and resources except those in the following list.  RBAC non-debugging commands.  Local users.  File management.  Device management.  The display history-command all command.  Security log manager. The user role has the following security-audit access to security log files:  Access to the commands for displaying and maintaining security log files (for example, the dir, display security-logfile summary, and more commands).  Access to the commands for managing security log files and security log file system (for example, the info-center security-logfile directory, mkdir, and security-logfile save commands). Only the security-audit user role has access to security log files.  User Accesses the display commands for all features and network-operator resources in the system, except for commands such as display history-command all and display security-logfile summary.  Enables local authentication login users to change their own password. level-0 Has access to diagnostic commands, including ping, tracert, and ssh2. level-1 Has access to the display commands of all features and resources in the system except display history-command all. The level-1 user role also has all access rights of the user role FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 17 of 43 level-0. custom user Have no access rights by default. Access rights are role; configurable. level-2 to level-8; level-10 to level- 14 5.2 Services HPE Networking switches provide five services:  View device status,  View running status,  Network functions,  Security management,  Configuration function. You can access these services by using any of the following methods:  Console Port  SSH The console port and SSH present a command line interface while the web user interface is a graphical user interface. 5.2.1 Crypto Officer Services The Crypto Officer role is responsible for the configuration and maintenance of the switches. The Crypto Officer services consist of the following: Table 4 Crypto officer services Available Service Description Input Output CSP Access to Role  View currently None running image version; Network-  View installed View device Status of admin, Commands status hardware devices level-15, components level-9 status and version  View memory None status, packet statistics, interface status, current running image Network- version, Status of View running admin, current Commands device status level-15, configuration, functions level-9 routing table, active sessions, temperature and SNMP MIB statistics. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 18 of 43 CSP1-1: RSA private keys (read access); CSP1-2: DSA private keys (read access); CSP1-3: Public keys (read access); CSP2-1: IPsec authentication keys(read/write access); CSP2-2: IPsec encryption keys(read/write access); CSP2-3: IKE pre- shared keys(read  Network access); diagnostic service such CSP2-4: IKE as “ping”; Authentication  Network key(read/write connection access); service such as “SSHv2” CSP2-5: IKE client; Encryption  Provide Key(read/write IKEv1/IPsec access); Status of service to Commands Network- Perform commands protect the and CSP2-6: IKE RSA admin, Network and session configuration Authentication private level-15, functions configuration between the data Key(read access); level-9 data switch and external CSP2-7: IKE DSA server(e.g. Authentication private Radius Key(read access); Server/Log Server) CSP2-8: IKE Diffie-  Initial Hellman Key Configuration Pairs(read access); setup (IP, hostname, CSP3-1: SSH RSA DNS server) Private key(read access); CSP3-2: SSH Diffie- Hellman Key Pairs(read/write access); CSP3-3: SSH Session Key(read/write access); CSP3-4: SSH Session authentication Key(read/write access); CSP4-1: User Passwords(read/write access); FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 19 of 43 CSP4-2: super password(read access); CSP4-3: RADIUS shared secret keys(read access); CSP4-4: TACACS+ shared secret keys(read access); CSP5-1: DRBG entropy input(read/write access); CSP6-1: DRBG seed(read access); CSP6-2: DRBG V(read access); CSP6-3: DRBG Key(read access); CSP7-1: SNMPv3 Authentication Key(read access); CSP7-2: SNMPv3 Encryption Key(read access);  Change the CSP1-1: RSA private role; key(write access);  Reset and change the CSP1-2: DSA private password of key(write access); same/lower privilege user; CSP1-3: Public  Maintenance of keys(write access); the super password; CSP2-3: IKE pre-  Maintenance shared keys(write (create, access); destroy, import, export) CSP4-1: User of public Passwords(write Network- key/private Status of access); Commands admin, Perform key/shared commands and level-15, Security key; and CSP4-2: super configuration level-9,  Maintenance of management configuration password(write data security- IPsec/IKE. data access); audit  Maintenance of SNMPv3 CSP4-3: RADIUS  Management shared secret (create, delete, keys(write access); modify) of the user roles; CSP4-4: TACACS+  Management shared secret of the access keys(write access); control rules for each role; CSP5-1: DRBG  Management entropy input(read (create, delete, access); modify) of the user account; CSP6-1: DRBG  Management seed(read access); FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 20 of 43 of the time;  Maintenance CSP6-2: DRBG (delete, V(read access); modify) system start-up CSP6-3: DRBG parameters; Key(read access);  File operation (e.g. dir, copy, CSP7-1: SNMPv3 del); Authentication  Shut down or Key(write access); Reboot the security CSP7-2: SNMPv3 appliance; Encryption Key(write  Perform self- access); test CSP8-1: System KEK CSP1-1: RSA private key(write access); CSP1-2: DSA private key(write access); CSP1-3: Public  Save keys(write access); configuration;  Management CSP2-3: IKE pre- of information shared keys(write center; access);  Define network interfaces and CSP4-1: User settings; Passwords(write  Set the access); protocols the Network- switches will Status of Commands CSP4-2: super admin, Perform support(e.g. commands and password(write level-15, Configuration SFTP server, and configuration access); level-9, functions SSHv2 server); configuration data security-  Enable data CSP4-3: RADIUS audit interfaces and shared secret network keys(write access); services;  Management CSP4-4: TACACS+ of access shared secret control scheme keys(write access);  Shut down or Reboot the CSP7-1: SNMPv3 security Authentication appliance; Key(write access); CSP7-2: SNMPv3 Encryption Key(write access); CSP8-1: System KEK 5.2.2 User Services The following table describes the services available to user service. Table 5 user service CSP Available to Service Description Input Output Access Role FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 21 of 43  View currently View Commands Status of None network- device running image devices operator status version;  View installed hardware components status and version  View memory View Commands Status of None network- running status, packet device operator status statistics, interface functions status, current running image version, current configuration, routing table, active sessions, temperature and SNMP MIB statistics.  Network diagnostic Perform Commands Status of CSP1-1: RSA Level-0, Network service such as and commands private Level-1 “ping”; functions configuration and key(read/write  Network connection data configuration access); service such as data “SSHv2” client; CSP1-2: DSA private key(read access); CSP1-3: Public keys(read access); CSP2-1: IPsec authentication keys(read/writ e access); CSP2-2: IPsec encryption keys(read/writ e access); CSP2-3: IKE pre-shared keys(read access); CSP2-4: IKE Authenticatio n key(read/write access); CSP2-5: IKE Encryption Key(read/writ e access); CSP2-6: IKE RSA Authenticatio n private Key(read access); FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 22 of 43 CSP2-7: IKE DSA Authenticatio n private Key(read access); CSP2-8: IKE Diffie-Hellman Key Pairs(read access); CSP3-1: SSH RSA Private key(read access); CSP3-2: SSH Diffie-Hellman Key Pairs(read/wri te access); CSP3-3: SSH Session Key(read/writ e access); CSP3-4: SSH Session authentication Key(read/writ e access); CSP4-1: User Passwords(re ad/write access); CSP4-2: super password(rea d access); CSP4-3: RADIUS shared secret keys(read access); CSP4-4: TACACS+ shared secret keys(read access); CSP5-1: DRBG entropy input(read/wri te access); CSP6-1: DRBG seed(read access); FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 23 of 43 CSP6-2: DRBG V(read access); CSP6-3: DRBG Key(read access); CSP7-1: SNMPv3 Authenticatio n Key(read access); CSP7-2: SNMPv3 Encryption Key(read access); CSP8-1: System KEK 5.2.3 Unauthenticated Services  Cycle the power on the switch  View currently running image version;  View installed hardware components status and version  View memory status, packet statistics, interface status, current running image version, current configuration, routing table, active sessions, temperature and SNMP MIB statistics 5.2.4 Non-Approved Services The HPE network switches supports the following non-approved services:  Internet Key Exchange (IKE) with DES, MD5, HMAC-MD5, Diffie-Hellman (<2048-bits), RSA (< 2048-bits), DSA (< 2048-bits).  Perform Network Time Protocol (NTP) service.  Perform Secure Socket Layer (SSL) version 3.0.  Perform TLS 1.0 with DES, RC4, MD5, HMAC-MD5, RSA (< 2048-bits).  Perform Secure Shell version 1.x.  Perform Secure Shell version 2.0 with DES, MD5, HMAC-MD5, DSA (<2048-bits)  Perform Telnet 5.3 Authentication Mechanisms HPE networking devices support identity-based authentication, and role-based access control.  Identity-based authentication FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 24 of 43 Each user is authenticated upon initial access to the device. The authentication is identity-based. All users can be authenticated locally, and optionally supports authentication via a RADIUS and TACACS+ server. To logon to the appliances, an operator must connect to it through one of the management interfaces (console port, SSH, HTTPS) and provide a password. A user must be authenticated using usernames and passwords. The minimum password length is 15 characters, and the maximum is 63. The passwords must contain at least one lower case letter (26), one upper case letter (26), one special character (32) and one numeric character (10). The remaining eleven characters can be a lower case letter (26), an upper case letter (26), a special character (32) and/or a numeric character (10) equaling 94 possibilities per character. An alpha, numeric or special character cannot appear three or more times consecutively. Therefore, for a 15 characters password, the probability of randomly guessing the correct sequence is 1 in 64,847,834,440,785 (this calculation is based on the use of the typical standard American QWERTY computer keyboard. The calculation is 26 x 26 x 32 x 10 x 94 x 93 x 94 x 94 x 93 x 94 x 94 x 93 x 94 x 94 x 93 = 64,847,834,440,785. Assuming the first four digits are one from each character set [26 x 26 x 32 x 10] the fifth digit can be from the complete set of available characters [94]. Since a character or number cannot appear three or more times consecutively, for the sixth character the set of available characters is decreased by 1 [93]. The seventh and eighth character again can draw from the complete set of available characters [94 x 94]. Since a character or number cannot appear three or more times consecutively, for the ninth character the set of available characters is decreased by 1 [93]. This pattern continues for the remaining characters in the password.) In order to guess the password in 1 minute with close to probability 1 requires 64,847,834,440,785 trials, which is stronger than the one in a million chance required by FIPS 140-2. By default, the maximum number of consecutive failed login attempts is three and a user failing to log in after the specified number of attempts must wait for one minute before trying again. Using Anderson’s formula to calculate the probability of guessing a password in 1 minute: • P probability of guessing a password in specified period of time • G number of guesses tested in 1 time unit • T number of time units • N number of possible passwords Then P >= T x G / N (4.6262E-14 = 1 x 3 / 64,847,834,440,785) The probability of guessing a password in 1 minute is 4.6262E-14. To provide additional password security, Comware 7.1 provides additional limits to the number of consecutive failed login attempts. If an FTP or VTY user fails authentication, the system adds the user to a password control blacklist. If a user fails to provide the correct password after the specified number of consecutive attempts, the system can take one of the following actions, based on the administrator’s choice: Blocks the user's login attempts until the user is manually removed from the password control blacklist. Blocks the user's login attempts within a configurable period of time, and allows the user to log in again after the period of time elapses or the user is removed from the password control blacklist. HPE Networking devices can also use certificate credentials using 2048 bit RSA keys and SHA- 256; in such a case the security strength is 112 bits, so an attacker would have a 1 in 2^112 FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 25 of 43 chance of a successful authentication which is much stronger than the one in a million chance required by FIPS 140-2. The users who try to log in or switch to a different user privilege level can be authenticated by RADIUS and TACACS+ Server. The minimum password length is 15 characters, and the maximum is 63. Therefore, for a 15 characters password, the probability of randomly guessing the correct sequence is one in 64,847,834,440,785. The device (RADIUS client) and the RADIUS server use a shared key to authenticate RADIUS packets and encrypt user passwords exchanged between them. For more details, see RFC 2865: 3 Packet Format Authenticator field and 5.2 User-password.  Role-based access control In Comware Version 7.1.045, the command and resource access permissions are assigned to roles. Users are given permission to access a set of commands and resources based on the users' user roles. Each user can have one or more roles. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 26 of 43 6 Cryptographic Algorithms 6.1 FIPS Approved Cryptographic Algorithms The following table lists the FIPS-Approved algorithms HPE Networking devices provide. Table 6 FIPS-Approved Cryptography Algorithms Algorithm Bits of Security Application Certificate AES-128 128 Kernel – #2990 AES-192 192 Encryption/decryption AES-256 256 AES-128 128 Encryption/decryption #2943 AES-192 192 AES-256 256 SHA-1 80 Kernel – #2511 Hashing SHA-1 80 Hashing #2479 SHA-224 112 SHA-256 128 SHA-384 192 SHA-512 256 HMAC SHA-1 160 Kernel - #1896 Message Authentication HMAC SHA-1 160 Message Authentication #1866 HMAC SHA-224 224 HMAC SHA-256 256 HMAC SHA-384 384 HMAC SHA-512 512 RSA-SHA1 80 Digital Signature Verification #1546 RSA-SHA224 112 (RSA-2048) Key Pair Generation, #1546 RSA-SHA256 Digital Signature Generation RSA-SHA384 Digital Signature Verification RSA-SHA512 DSA-SHA1 80 Digital Signature Verification #875 DSA-SHA224 112 (DSA-2048) Key Pair Generation, #875 DSA-SHA256 Digital Signature Generation DSA-SHA384 Digital Signature Verification DSA-SHA512 FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 27 of 43 Algorithm Bits of Security Application Certificate CTR DRBG Random bits generation #546 1 3 Component SP800-135 KDF (IKEv1, #341 2 Validation List SSH, SNMP ) (CVL) 6.2 FIPS Allowed Cryptographic Algorithms The following table contains the set of FIPS Allowed cryptographic algorithms that can also be used in FIPS mode. Table 7 FIPS-Allowed Cryptography Algorithms Algorithm Bits of Security Application DH 2048 112 Key Agreement RSA 2048 112 Key Wrapping NDRNG entropy gatherer for the DRBG 6.3 Non-FIPS Approved Cryptographic Algorithms The following table contains the set of non-FIPS Approved algorithms that are implemented but may not be used when operating in FIPS mode. These algorithms are used in non-FIPS mode. Table 8 Non-FIPS Approved Cryptography Algorithms Algorithm Application DES Encryption/decryption Diffie-Hellman (< Key Agreement 2048-bits) RC4 Encryption/decryption MD5 Hashing HMAC-MD5 Message Authentication RSA Key Pair Generation, (<2048 ) Digital Signature Generation Digital Signature Verification Key Agreement 1 The KDF (key derivation function) used in each of IKEv1, SSH and SNMP protocols was certified by CAVP with CVL Cert. #341. 2 These protocols have not been reviewed or tested by the CAVP and CMVP 3 Although the certification contains TLS, it is not used in this version of Comware. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 28 of 43 Algorithm Application Key Wrapping DSA Key Pair Generation, (<2048 ) Digital Signature Generation Digital Signature Verification FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 29 of 43 7 Cryptographic Key Management 7.1 Cryptographic Security Parameters The security appliances use a variety of Critical Security Parameters (CSP) during operation. The following table lists the CSP including cryptographic keys used by the HPE Networking devices. It summarizes generation, storage, and zeroization methods for the CSP. Table 9 Cryptographic Security Parameters Key/ # Algorithm Key Size Description Storage Zeroization CSP Name Public key management Identity certificates for FLASH Using CLI RSA private CSP1-1 RSA 2048 bits the security appliance (cipher text / command to key itself. AES256) zeroize. Identity certificates for FLASH Using CLI DSA private CSP1-2 DSA 256 bits the security appliance (cipher text / command to key itself. AES256) zeroize Delete public keys of peers 1024 bits Public keys of peers FLASH(plain from CSP1-3 Public keys DSA/ RSA ~ 2048 to validate the digital text) configuration, bits signature write to startup config IPsec IPsec Automatically Used to authenticate RAM (plain CSP2-1 authentication HMAC-SHA1 160 bits when session the IPsec traffic text) keys expires. 128 bits Automatically IPsec Used to encrypt the RAM (plain CSP2-2 AES 192 bits, when session encryption keys IPsec traffic text) 256 bits expires. FLASH(ciph Entered by the er text/ AES- Crypto-Officer in plain CTR-256) Using CLI IKE pre-shared Shared 6 ~ 128 CSP2-3 text form and used for and RAM command to keys Secret bytes authentication during (cipher text/ zeroize IKE AES-CTR- 256) IKE Used to authenticate Automatically RAM (plain CSP2-4 Authentication HMAC-SHA1 160 bits IKE negotiations when session text) key expires. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 30 of 43 Key/ # Algorithm Key Size Description Storage Zeroization CSP Name 128 bits Automatically IKE Encryption Used to encrypt IKE RAM (plain CSP2-5 AES 192 bits, when session Key negotiations text) 256 bits expires. Automatically IKE RSA private key used for RAM(plain when CSP2-6 Authentication RSA 2048 bits IKE protocol during text) handshake private Key the handshake finishing Automatically IKE DSA private key used for RAM(plain when CSP2-7 Authentication DSA 2048 bits IKE protocol during text) handshake private Key the handshake finishing Automatically IKE Diffie- Diffie- Key agreement for RAM (plain when CSP2-8 Hellman Key 2048 bits Hellman IKE text) handshake Pairs finishing SSH Automatically private key used for SSH RSA RAM(plain when CSP3-1 RSA 2048 bits SSH protocol Private key text) handshake finishing Automatically SSH Diffie- Diffie- Key agreement for RAM (plain when CSP3-2 Hellman Key 2048 bits Hellman SSH sessions. text) handshake Pairs finishing Automatically SSH session SSH Session 128 bits, RAM (plain when SSH CSP3-3 AES Key 256 bits symmetric key text) session terminated Automatically SSH Session SSH session RAM (plain when SSH CSP3-4 authentication HMAC-SHA1 160 bits authentication key text) session Key terminated AAA FLASH Using CLI Crypto-Officer 15 ~ 63 Used to authenticate CSP4-1 Secret (cipher text / command to Password bytes the administrator role. AES256) zeroize FLASH Using CLI 15 ~ 63 Used to authenticate CSP4-2 User Password Secret (cipher text / command to bytes the user role. AES256) zeroize FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 31 of 43 Key/ # Algorithm Key Size Description Storage Zeroization CSP Name Used for RADIUS authenticating the FLASH Using CLI Shared 15 ~ 64 CSP4-3 shared secret RADIUS server to the (cipher text / command to Secret bytes keys security appliance AES256) zeroize and vice versa. Used for TACACS+ authenticating the FLASH Using CLI Shared 15~255 CSP4-4 shared secret TACACS+ server to (cipher text / command to Secret bytes keys the security appliance AES256) zeroize and vice versa. Entropy Resetting or Entropy DRBG entropy SP 800‐90 RAM rebooting the CSP5-1 256 bits source used to input (plaintext) security CTR_DRBG construct seed appliance Random Bits Generation Input to the DRBG Resetting or SP 800‐90 that determines the RAM rebooting the CSP6-1 DRBG seed 384 bits internal state of the (plaintext) security CTR_DRBG DRBG appliance Generated by entropy source via the Resetting or SP 800‐90 CTR_DRBG RAM rebooting the CSP6-2 DRBG V 128 bits derivation function. It (plaintext) security CTR_DRBG is stored in DRAM appliance with plaintext form Resetting or DRBG key used for SP 800‐90 RAM rebooting the CSP6-3 DRBG Key 256 bits SP 800-90 (plaintext) security CTR_DRBG CTR_DRBG appliance SNMPv3 FLASH (cipher text / SNMPv3 Using CLI Used to verify AES256) CSP7-1 SHA1 160 bits command to Authentication SNMPv3 packet. zeroize Key RAM (plain text) FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 32 of 43 Key/ # Algorithm Key Size Description Storage Zeroization CSP Name FLASH (cipher text / Using CLI SNMPv3 Used to encrypt AES256) CSP7-2 AES 128 bits command to SNMPv3 packet. Encryption Key zeroize RAM (plain text) System KEK Used to encrypt all private key, user Zeroized when password, and pre- Key Resetting or shared key stored on RAM(plain CSP8-1 AES 256 bits rebooting the encrypting internal storage. text) security key appliance The KEK is generated using random bytes 7.2 Access Control Policy The services accessing the CSPs, the type of access and which role accesses the CSPs are listed below. The types of access are: read (r), write (w), and delete (d). Table 10 Access by Service for Crypto Officer Service Access Security Network functions Configuration functions /CSP management PKI CSP1-1 r wd wd CSP1-2 r wd wd CSP1-3 r wd wd IPsec CSP2-1 rwd d CSP2-2 rwd d CSP2-3 r wd wd CSP2-4 rwd d CSP2-5 rwd d CSP2-6 rd d CSP2-7 rd d CSP2-8 rd d FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 33 of 43 Service Access Security Network functions Configuration functions /CSP management SSH CSP3-1 rd d CSP3-2 rwd d CSP3-3 rwd d CSP3-4 rwd d AAA CSP4-1 rwd wd wd CSP4-2 r wd wd CSP4-3 r wd wd CSP4-4 r wd wd Entropy CSP5-1 rw r Random Bits Generation CSP6-1 r r CSP6-2 r r CSP6-3 r r SNMPv3 CSP7-1 r wd wd CSP7-2 r wd Wd System KEK CSP8-1 r r r Table 11 Access by Service for User role Service Access Network functions Configuration functions /CSP Public key management CSP1-1 r CSP1-2 r CSP1-3 r FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 34 of 43 Service Access Network functions Configuration functions /CSP IPsec CSP2-1 rwd CSP2-2 rwd CSP2-3 r CSP2-4 rwd CSP2-5 rwd CSP2-6 rd CSP2-7 rd CSP2-8 rd SSH CSP3-1 rd CSP3-2 rwd CSP3-3 rwd CSP3-4 rwd AAA CSP4-1 rwd CSP4-2 r CSP4-3 r CSP4-4 r Entropy CSP5-1 rw Random Bits Generation CSP6-1 r CSP6-2 r CSP6-3 r SNMPv3 CSP7-1 r CSP7-2 r System KEK FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 35 of 43 Service Access Network functions Configuration functions /CSP CSP8-1 r r FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 36 of 43 8 Self-Tests HPE Networking devices include an array of self-tests that are run during startup and during operations to prevent any secure data from being released and to insure all components are functioning correctly. 8.1 Power-On Self-Tests The following table lists the power-on self-tests implemented by the switches. The switches perform all power-on self-tests automatically at boot. All power-on self-tests must be passed before any role can perform services. The power-on self-tests are performed prior to the initialization of the forwarding function, which prevents the security appliance from passing any data during a power-on self-test failure. Table 12 Power-On Self-Tests Implementation Tests Performed Security Appliance Software Firmware Test (non-Approved RSA 2048 with SHA- 256 which acts as a 256 bit EDC) DSA signature and DSA verification PWCT RSA signature and RSA verification KAT RSA signature and RSA verification PWCT RSA encryption and RSA decryption PWCT Kernel AES encryption and AES decryption KAT AES encryption and AES decryption KAT Kernel SHA-1 KAT SHA-1 KAT SHA224 KAT SHA256 KAT SHA384 KAT SHA 512 KAT Kernel HMAC SHA-1 KAT HMAC SHA-1 KAT HMAC SHA224 KAT HMAC SHA256 KAT HMAC SHA384 KAT HMAC SHA 512 KAT FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 37 of 43 Implementation Tests Performed SP800-90a CTR_DRBG KATs (Instantiate KAT, Generate KAT and Reseed KAT) 8.2 Conditional Self-Tests The following table lists the conditional self-tests implemented by the switches. Conditional self- tests run when a switch generates a DSA or RSA key pair and when it generates a random number. Table 13 Conditional Self-Tests Implementation Tests Performed Pairwise consistency test for RSA Pairwise consistency test for DSA Continuous Random Number Generator Test for the FIPS- approved SP800-90a CTR_DRBG Security Appliance Software Continuous Random Number Generator Test for entropy source (NDRNG) Firmware Load Test (RSA PKCS#1 v1.5 2048 bits with SHA-256) FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 38 of 43 9 Delivery and Operation 9.1 Secure Delivery To ensure no one has tampered with the goods during delivery, inspect the Networking switch physical package and check as follows: 1. Outer Package Inspection 1) Check that the outer carton is in good condition. 2) Check the package for a HPE Quality Seal or IPQC Seal, and ensure that it is intact. 3) Check that the IPQC seal on the plastic bag inside the carton is intact. 4) If any check failed, the goods shall be treated as dead-on-arrival (DOA) goods. 2. Packing List Verification Check against the packing list for discrepancy in material type and quantity. If any discrepancy found, the goods shall be treated as DOA goods. 3. External Visual Inspection Inspect the cabinet or chassis for any defects, loose connections, damages, and illegible marks. If any surface defect or material shortage found, the goods shall be treated as DOA goods. 4. Confirm Software/firmware 1) Version verification To verify the software version, start the appliance, view the self-test result during startup, and use the display version command to check that the software version is “HPE Comware Software, Version 7.1.045, Release 2406” indicates it is a FIPS 140-2 and CC certification version. If software loading failed or the version information is incorrect, please contact HPE for support. 2) RSA w/ SHA-256 verification To verify that software/firmware has not been tampered, run SHA Hash command on the appliance. If the hash value is different from release notes of this software, contact HPE for support. To get release notes, please access HPE website. 5. DOA (Dead on Arrival) If the package is damaged, any label/seal is incorrect or tampered, stop unpacking the goods, retain the package, and report to HPE for further investigation. The damaged goods will be replaced if necessary. 9.2 Secure Operation The rules for securely operating an HPE Networking switch in FIPS mode are: 1. Install and connect the device according to the installation and configuration guides. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 39 of 43 2. Start the device, and enter the configuration interface. 3. Check and configure the clock. 4. By default, the device does not run in FIPS mode. Enable the device to work in FIPS mode using the fips mode enable command in system view. This will allow the switch to internally enforce FIPS-compliance behavior, such as run power-up self-test and conditional self-test. 5. Set up username/password for crypto officer role. The password must comprise no less than 15 characters and must contain uppercase and lowercase letters, digits, and special characters. By default, the maximum number of consecutive failed login attempts is three and a user failing to log in after the specified number of attempts must wait for one minute before trying again. Verify this is the minimum setting. 6. Save the configurations and re-start the device. The device works in FIPS mode after restarting: 1. Configure the security appliance to use SSHv2. An operator can determine whether a switch is in FIPS mode with the command display fips status. When in FIPS mode: The FTP/TFTP server is disabled. 1. The Telnet server is disabled. 2. The HTTP server is disabled. 3. SNMP v1 and SNMP v2c are disabled. Only SNMP v3 is available. 4. The SSH server does not support SSHv1 clients 5. Generated RSA/DSA key pairs have a modulus length 2048 bits. 6. SSH, SNMPv3, IPsec and SSL do not support Non-FIPS approved cryptographic 7. algorithms. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 40 of 43 10 Physical Security The HPE 6125XLG Blade Module conforms to the Level 1 requirements for physical security. The hardware portion of the cryptographic module is a production grade component. All internal hardware, firmware, and cryptographic data are protected by the enclosure of the module, which makes up its physical cryptographic boundary. The cryptographic module must be used in a production grade enclosure. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 41 of 43 11 Mitigation of Other Attacks The Security appliances do not claim to mitigate any attacks in a FIPS approved mode of operation. FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 42 of 43 12 Documentation References 12.1 Obtaining documentation You can access the HPE Networking products page: http://h17007.www1.hp.com/us/en/ , where you can obtain the up-to-date documents of HPE Routers and Switches, such as datasheet, installation manual, configuration guide, command reference, and so on. 12.2 Technical support For technical or sales related question please refer to the contacts list on the HPE website: http://www.HPE.com. The actual support website is: http://www8.hp.com/us/en/support-drivers.html FIPS 140-2 Non-Proprietary Security Policy for HP 6125XLG series Switches Page 43 of 43