Module Name
EOS MACsec Alpha Hybrid Module
Validation Dates
04/04/2019;04/09/2019
Caveat
When operated in FIPS mode and installed, initialized and configured as specified in Section 8.1 of the Security Policy
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Module Type
Firmware-Hybrid
Embodiment
Multi-Chip Stand Alone
Description
Arista’s crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency.
Tested Configuration(s)
- Arista Networks DCS-7500 Series with Broadcom BCM82391 MACsec chip and EOSv4 Firmware Version 1.0
FIPS Algorithms
| AES |
Certs. #4545 and #5482 |
| CKG |
vendor affirmed |
| CVL |
Certs. #1933, #1934 and #1935 |
| DRBG |
Cert. #2158 |
| ECDSA |
Cert. #1469 |
| HMAC |
Cert. #3636 |
| KAS |
Cert. #183 |
| KBKDF |
Cert. #235 |
| KTS |
AES Cert. #5482 and HMAC Cert. #3636; key establishment methodology provides 128 or 256 bits of encryption strength |
| RSA |
Cert. #2944 |
| SHS |
Cert. #4399 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1933, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1933, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (CVL Cert. #1934, key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength)
Hardware Versions
P/Ns Chassis: DCS-7508N, Version 06.00; DCS-7512N, Version 00.06; DCS-7516N, Version 10.00; {Supervisor with Renesas Security chip (R5H30211 or N313X): DCS-7500E-SUP, Version 01.02; DCS-7500-SUP2, Version 03.03; DCS-7516-SUP2, Version 10.00}; {MACsec Linecard with Broadcom MACsec chip (BCM82391): DCS-7500RM-36CQ-LC, Versions 11.01, 10.02, 10.01; DCS-7500R-8CFPX-LC, Version 11.02}
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
