Administration of the Avaya G350 Media Gateway - Avaya Support

FIPSSupported algorithmsThe cryptographic module supports the following algorithms in FIPS mode:Approved Algorithms:● RSA digital signature verification during firmware upgrades, and license file authentication.Support for RSA defined in PKCS#1 standard. RSA implementation, as defined byANSI X9.31, is not supported.●●●●●Triple-DES CBC (three key) for IKE encryption and IPSecAES (128bit) CBC for IPSec and IKE encryptionSHA-1 for hashing download image digest, license file digestHMAC SHA-1 for message authentication codes for IKE and IPSECDES CBC for encryption of IPSec, and IKE (only supported for communication with legacysystems)● TDES CBC Encryption of the serial number date for Voice feature activation controlled bythe ICC CM server/external blade serverNon-Approved Algorithms:● Diffie-Hellman for IKE key exchanges● MD5 for Radius Client role and peer OSPF router authenticationThe cryptographic module relies on the implemented deterministic random number generator(DRNG) that is compliant with X9.31 with 128-bit Key, 64bit Seed for generation of allcryptographic keys. The non-deterministic random seed generator is used for the periodicre-seeding of the PRNG.The cryptographic module may be configured for FIPS mode via execution of the configurationprocedure specified in Administration procedures on page 307.The user can determine if the cryptographic module is running in FIPS vs. non-FIPS mode via:● Execution of the show running-config command.●●Verification that the configuration meets the requirements specified in Administrationprocedures on page 307.Verification that the HW version and the firmware version of the module firmware code inbanks A and B are FIPS-approved versions.292 Administration of the Avaya G350 Media Gateway