Table of Contents
Advertisement
Key
Key Type
TLS_PM
48 bytes random
data
TLS_MS
48 bytes pseudo-
random data
TLS_EMK
HMAC SHA-1 (112-
bits)
TLS_DMK
HMAC SHA-1 (112-
bits)
TLS_ECK
AES CBC 256-bit
TLS_DCK
AES CBC 256-bit
SSH_HOST_PRIV
RSA 2048-bit
Private Key
ECDSA P256 Curve
Private Key
51
PRF (Pseudo Random Function) is based on a hash on the TLS_PM and nonces; Utilizes SHA-1 and MD5 (Message Digest 5)
Generation / Input
Generated internally
Output encapsulated
via Approved DRBG
via CA_Cert
Generated internally
Output encrypted via
via TLS 1.0/1.1
DEKey
51
PRF
Generated internally
Output encrypted via
via TLS 1.0/1.1 PRF
DEKey
Generated internally
Output encrypted via
via TLS 1.0/1.1 PRF
DEKey
Generated internally
Output encrypted via
via TLS 1.0/1.1 PRF
DEKey
Generated internally
Output encrypted via
via TLS 1.0/1.1 PRF
DEKey
Generated internally
Output encrypted
via Approved DRBG
via DEKey
© Copyright 2017 Oracle Corporation
This document may be freely reproduced and distributed whole and intact including this Copyright notice.
Output
Storage
Plaintext in RAM
Plaintext in RAM
Plaintext in RAM
Plaintext in RAM
Plaintext in RAM
Plaintext in RAM
Plaintext in
EEPROM
Page 34 of 51
Zeroization
Use
"Reset" service;
Premaster secret for
Power cycle;
TLS 1.0/1.1 session
Switch Approved
Mode
"Reset" service;
Master secret for TLS
Power cycle;
1.0/1.1 session
Switch Approved
Mode
"Reset" service;
Authentication key for
Power cycle;
data leaving the module
Switch Approved
(per TLS 1.0/1.1)
Mode
"Reset" service;
Authentication key for
Power cycle;
data entering the
Switch Approved
module (per TLS
Mode
1.0/1.1)
"Reset" service;
Encryption key for data
Power cycle;
leaving the module (per
Switch Approved
TLS 1.0/1.1)
Mode
"Reset" service;
Decryption key for data
Power cycle;
entering the module
Switch Approved
(per TLS 1.0/1.1)
Mode
"Reset" service;
SSH Authentication
Power cycle;
Switch Approved
Mode
Advertisement
Table of Contents
