Table of Contents
Advertisement
Key
Key Type
Firmware Signature
RSA 2048-bit public
Public Key
key
(FSPubKey)
Firmware Signature
RSA 2048-bit public
Root Certificate Key
key
(FSRootCert)
SSH_HOST_PRIV
RSA 2048-bit
Private Key
ECDSA P256 Curve
Private Key
SSH_HOST_PUB
RSA 2048-bit Public
Key
ECDSA P256 Curve
Public Key
SSH_SK
AES CTR 128-bit
AES CBC 128-bit
SSH_SA
HMAC SHA-1 (112-
bits)
SSH_KEX_PRI
ECDH P-256 Curve
(128-bits) or FFC
DH Group 14 (112-
bits)
SSH_KEX_PUB
ECDH P-256 Curve
(128-bits) or FFC
DH Group 14 (112-
bits)
Generation / Input
Generated externally;
Does not exit the
Hardcoded into
module
module
Generated externally;
Output encrypted
Hardcoded into
via SSH_SK
module
Generated internally
Output encrypted
via Approved DRBG
via SSH_SK
Generated internally
Output plaintext
via Approved DRBG
Generated internally
Output encrypted
via SSH PRF
via SSH_SK
Generated internally
Output encrypted
via SSH PRF
via SSH_SK
Generated internally
Output encrypted
via ECDH or FFC
via SSH_SK
DH
Generated internally
Output encrypted
via ECDH or FFC
via SSH_SK
DH
© Copyright 2017 Oracle Corporation
This document may be freely reproduced and distributed whole and intact including this Copyright notice.
Output
Storage
Plaintext in
EEPROM
Plaintext in
EEPROM and RAM
Plaintext in
EEPROM
Plaintext in
EEPROM
Plaintext in RAM
Plaintext in RAM
Plaintext in RAM
Plaintext in RAM
Page 37 of 51
Zeroization
Use
Not Applicable
Validate a new
firmware image loaded
onto module
Not Applicable
Verify the chain of
certificates provided by
the new firmware
image
"Reset" service;
SSH Authentication
Power cycle;
Switch Approved
Mode
"Reset" service;
SSH Authentication
Power cycle;
Switch Approved
Mode
SSH Session Keys
Power cycle;
(per SSH 2.0)
Switch Approved
Mode
SSH Session Integrity
Power cycle;
Keys
Switch Approved
(per SSH 2.0)
Mode
SSH Key Exchange
Power cycle;
Private Key (per SSH
Switch Approved
2.0)
Mode
Power cycle;
SSH Key Exchange
Switch Approved
Public Key (per SSH
Mode
2.0)
Advertisement
Table of Contents
