1. FIPS Compliance Guide
  2. FIPS Compliance

1 FIPS Compliance

The Oracle® Enterprise Session Border Controller provides cryptographic capabilities and algorithms that conform to Federal Information Processing Standards (FIPS). Specific standards implemented include those described in Security Requirements For Cryptographic Modules (FIPS PUB 140-2), and others described in NIST Special Publication 800-90A Revision 1, Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised), June 2016.

To validate that your platform/software combination has been certified by NIST, query their Cryptographic Module Validation Program (CMVP) site at https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Validated-Modules/Search.

Note:

Not all platforms and all releases are certified.

FIPS Feature Set Requirements

The ESBC supports cryptographic capabilities and algorithms compliant with FIPS 140-2 standards. The FIPS feature set, provisioned via the Data Integrity entitlement, is required for the following FIPS-compliant capabilities:

  • power-on self tests
  • software integrity test
  • conditional tests
  • ACLI commands and configuration attributes

Platform Support for Enterprise

FIPS-compliant cryptography is available on the following Enterprise platforms:
  • Acme Packet 1100 (140-2 level 1)
  • Acme Packet 3900 (140-2 level 1)
  • Acme Packet 3950 (140-2 level 1)
  • Acme Packet 4900 (140-2 level 1)
  • Acme Packet 4600 (140-2 level 1)
  • Acme Packet 6300 (140-2 level 1)
  • Acme Packet 6350 (140-2 level 1)
  • VME (140-2 level 1)

Note:

All FIPS compliant Acme Packet platforms are shipped with the USB interface intentionally covered and inaccessible. This is to prevent users from unintentionally using the USB interface to boot a non-FIPS compliant image and getting locked out of the system.

Verifying and Changing the Bootfile

The check-boot-file /boot/<filename> command allows you to verify the image running on the ESBC. 
sd225v# check-boot-file /boot/<filename>.bz
Verifying signature of /boot/<filename>.bz
Version: Acme Packet <release#> Beta 4 (WS Build 48) 201705130547
Image integrity verification passed
The set-boot-file /boot/<filename> command allows you to change the image running on the ESBC. 
sd225v# set-boot-file /boot/<filename>.bz
Verifying signature of /boot/<filename>.bz
Version: Acme Packet <release#> Beta 4 (WS Build 48) 201705130547
old boot file /boot/bzImage being replaced with /boot/<filename>.bz

Cryptographic Modules

FIPS compliance requires the clear definition of modules that perform cryptographic functions. The following modules are present on the supported Acme Packet platforms.

  • OpenSSL — This software module provides cryptographic functions to include the following:
    • AES
    • AES_GCM
    • DRBG800-90A
    • ECDSA2
    • HMAC
    • KDF135
    • RSA2
    • SHA
  • OpenSSH — This software module provides cryptographic functions to include the following:
    • AES GCM 128 & 256
    • AES CTR 128 & 192 & 256
    • AES CBC 192 & 256
    • HMAC 20 with SHA-2 32 with SHA-2
  • Mocana — This software module provides cryptographic functions to include the following:
    • AES CBC 128, 192 and 256
    • AES-CTR 128 and 256
    • HMAC-SHA-1 and HMAC-SHA-2
    • KDF (IKEv2 and SSH)
    • RSA2 (KeyGen_RandomProbablyPrime3_3 and SigVer15_186-3)
    • SHA (SHA1, SHA2)
  • Cavium Nitrox PX1620
    • AES-CBC-KAT
    • AES-CTR-KAT
    • AES-ECB-KAT
    • AES-GCM-KAT
    • AES-CCM-KAT
  • Cavium Octeon CN688X and Cavium 78xx 48-Core Octeon III
    • AES-CBC-KAT
    • AES-CTR-KAT
    • AES-ECB-KAT
    • SHA-KAT
    • HMAC-SHA-KAT
    • RSA-SHA1-KAT
    • RSA-SHA2-KAT
    • AES-GCM-KAT
    • AES-CCM-KAT

Note:

Cryptographic modules are described in detail in the relevant Oracle Security Policy documents.

Cryptographic Hardware Accleration

Cryptographic hardware acceleration is supported on the Acme Packet 4600 and Acme Packet 6300 platforms for AES, RSA, SHA, and HMAC-SHA.

Cryptographic Algorithm Validation Program Tests

The Cryptographic Algorithm Validation Program (CAVP) Tests apply to the Acme Packet 4600, Acme Packet 6300, and Acme Packet 6350.

  • AES-ECB tests, including GFSbox, KeySbox, Monte Carlo Test (MCT), MMT, VarKey, and VarTxt.
  • SHA (SHA-1, SHA-256, SHA-384, SHA-512) tests, including variations such as short message, long message, and Monte Carlo test.
  • HMAC-SHA (HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512)
  • SRTP-KDF
  • TLS-KDF
  • AES-CBC tests with all the test variations, including GFSbox, KeySbox, Monte Carlo Test (MCT), MMT, VarKey, and VarTxt for 128-bit and 256-bit key sizes.
  • AES-GCM encryption and decryption tests with different key sizes such as 128 and 256 including external and internal IV support
  • TDES-CBC tests which includes variations such as VarKey, VarTxt, Inverse Permutation (invperm), Permutation Operation (permop), Substitution Table (subtab), Multi-block Message Test (MMT), Monte Carlo Test (MCT).
  • RSA tests which include RSA key generation, signature generation, signature verification, and RSADP
  • DRBG test
  • CRNG test

FIPS States

When you buy a FIPS feature set with the Oracle® Enterprise Session Border Controller, the ESBC comes equipped with the FIPS 140-2 feature installed, which operates in FIPS 140-2 compatible mode (either level 1 or level 2, depending on platform certification). This means that the ESBC has access to the FIPS capabilities listed in this document.

Note:

In the event that any of the power-on or conditional tests fail, the ESBC becomes completely disabled. If this occurs, you must contact your Oracle representative for instructions on how to proceed.
When FIPS is disabled, the following restrictions are placed on the ESBC:
  • Security related ACLI elements are not available.
  • Security related ACLI commands are not allowed.

Self-Tests

Section 4.9 of Security Requirements For Cryptographic Modules mandates that cryptographic modules perform power-on self-tests and conditional self-tests to ensure that the module is functioning properly. Power-on self-tests are performed when the cryptographic module powers up. Conditional self-tests are performed when an RSA or RNG operation is requested.

Power-on Self-Tests

Acme Packet FIPS-compliant platforms perform the following power-up tests when power is enabled on the module. These self-tests require no input from the user.

Firmware Integrity Test

  • RSA 2048 Firmware Integrity Test

Mocana Self-Tests

  • AES (Encrypt/Decrypt) Known Answer Test
  • Triple-DES (Encrypt/Decrypt) Known Answer Test
  • SHA-1 Known Answer Test
  • SHA-256 Known Answer Test
  • SHA-384 Known Answer Test
  • SHA-512 Known Answer Test
  • HMAC-SHA-1 Known Answer Test
  • HMAC-SHA-256 Known Answer Test
  • HMAC-SHA-384 Known Answer Test
  • HMAC-SHA-512 Known Answer Test
  • RSA Verify Known Answer Test
  • IKEv2KDF Known Answer Test

OpenSSL Self-Tests

  • SHA-1 Known Answer Test
  • SHA-256 Known Answer Test
  • SHA-512 Known Answer Test
  • HMAC-SHA-1 Known Answer Test
  • HMAC-SHA-256 Known Answer Test
  • HMAC-SHA-384 Known Answer Test
  • HMAC SHA-512 Known Answer Test
  • AES (Encrypt/Decrypt) Known Answer Test
  • AES CBC Known Answer Test
  • AES GCM (Encrypt/Decrypt) Known Answer Test
  • AES GCM Known Answer Test
  • AES ECB Known Answer Test
  • AES CTR Known Answer Test
  • Triple-DES (Encrypt/Decrypt) Known Answer Test
  • Triple-DES CBC Known Answer Test
  • SP 800-90A DRBG Known Answer Test
  • RSA sign/verify Known Answer Test
  • ECDSA sign/verify Known Answer Test
  • DRBG Known Answer Test
  • DRBG Health Test

Note:

When the module is in a power-up self-test state or error state, the data output interface is inhibited and remains inhibited until the module can transition into an operational state.

Conditional Self-Tests

Conditional self-tests are performed when an RSA or RNG operation is requested.

The following conditional self-tests are supported:
  • RSA Consistency Conditional Test
  • Continuous Random Number Generation Test

ACLI Commands

These ACLI commands and parameters support FIPS compliancy.

show security fips

The show security fips ACLI command displays the FIPS state. The following is an example of Acme Packet platform output. 

ACMEPACKET# show security fips

*************************************************************
***    System is in FIPS 140-2 level-1 compatible mode.   ***
*************************************************************
ACMEPACKET##
The following is an example of VME output: 
ACMEPACKET# show security fips

*************************************************************
***    System is in FIPS 140-2 level-1 compatible mode.   ***
*************************************************************

If the Oracle® Enterprise Session Border Controller transitions from FIPS 140-2 to non-FIPS mode due to a self-test fail, the system is no longer accessible and you must use the Oracle Rescue Account and perform a manufacture reset on the module. For more information on performing a manufacture reset, see Accessing the Oracle Rescue Account. 

ORACLE# show security fips  

************************************************************
*** System is NOT in FIPS 140-2 level-1 compatible mode. 
*** FIPS Error - Software image integrity check failed 
************************************************************ 
ORACLE#

The following example displays some of the error messages you may see: 

AES CBC with 128 bit key test failed.
AES CBC with 192 bit key test failed.
AES CBC with 256 bit key test failed.
AES CTR with 128 bit key test failed.
AES CTR with 192 bit key test failed.
AES CTR with 256 bit key test failed.
3DES CBC test failed.
SHA1 test failed.
SHA256 test failed.
HMAC-SHA1 test failed.
HMAC-SHA256 test failed.
Continuous DRBG failed.
DRBG with known entropy failed.
DRBG instantiate health test failed.
DRBG reseed health test failed.
DRBG generate health test failed.
DRBG conditional test failed.
BCM RNG test failed.
RSA crypto failed.
RSA pairwise consistency test failed.
RSA pairwise consistency Conditional test failed.
Software image integrity check failed.
BCM security processor not present.
HiFN not present on media phy card.
HiFN not present on wancom.

show security ssm-accelerator

The show security ssm-accelerator command displays the SSM status on the ESBC, allowing you to verify offloading to Nitrox. The following is an example of Acme Packet platform output: 

ACMEPACKET# show security ssm-accelerator
SSM (Signaling Security Module) V3 present.

Driver Version: 5.3.1

Driver Compile time defines
----------------------------
MAIN LINE PROTOCOL used : SSL
MICROCODE used : MC2

------------------------------------------------------------------------
                             SSL Record Processing
------------------------------------------------------------------------
                      Record Encrypt           Record Decrypt
Packet Requests:                0                       0
Packet Aborts:                  0                       0
Bytes In:                       0                       0
Bytes Out:                      0                       0
------------------------------------------------------------------------

                       Crypto Processing
------------------------------------------------------------------------
                           Encrypt                 Decrypt
Packet Requests:                0                       0
Packet Aborts:                  0                       0
Bytes In:                       0                       0
Bytes Out:                      0                       0
------------------------------------------------------------------------
                              HMAC
Packet Requests:                0
Packet Aborts:                  0
Bytes In:                       0
Bytes Out:                      0

ACMEPACKET#

Factory Reset for the Oracle® Enterprise Session Border Controller

If you attempt to remove the FIPS feature, some irrevocable changes and information remain on the system. You can return your platforms to their initial factory settings (zeroization) to truly remove all traces of the previous implementation. Depending on if you are performing this on an Acme Packet hardware platform or a Virtual platform, the process is different.

Caution:

Factory reset erases all system data, including licenses and configuration, and reboots the supported Acme Packet platforms using the factory default /boot/bzImage file. If the factory image file has been removed, the system will NOT be recoverable without manual intervention, and you may have to return the system to Oracle for factory re-initialization.

Using the Oracle Rescue Account for PNF Zeroization

To enable the Oracle Rescue Account:
  1. Connect to the ESBC's serial console.
  2. Reboot the ESBC and press the spacebar to interrupt the 5 second bootloader countdown.
  3. Select o to access the Oracle Rescue Account.
    A challenge string displays in the console.
  4. Contact Oracle Support and provide the challenge string and the system serial number.
    Oracle Support verifies the challenge string and provides a response string.
  5. Enter the response string.
    If it is validated, access is granted to the Oracle Rescue Account and a sub-menu appears providing three menu options:
    • f—Factory default
    • !—Start debug shell
    • x—Exit to main menu
The following is an example of the console log: 
Starting acmeboot...

ACME bootloader Acme Packet SCZ<build#> RTM (Build 59) 201706021530

Press the space bar to stop auto-boot...
28
Please contact Oracle Product Support to obtain a Response Key
You will need to provide the following information:
   1. Serial number of the system
   2. This Challenge Key: 069-033-231-180

Note: Keys are valid for a limited period only, typically 1 day

Enter response key:     006-163-164-054


Oracle Rescue Access Menu

PROCEED WITH CAUTION: You are now in privileged access mode.
Use of these commands is permitted by authorised personnel only.
f                     - factory default
!                     - start debug shell

x                     - exit to main menu


[Oracle Rescue Access]: f

WARNING WARNING WARNING
This command will permanently erase the hard disk, nvram and flash,
returning the system to a factory-default state.

Type: "ERASE_ALL" to confirm factory default, anything else will abort.
[Confirm Factory Default]: ERASE_ALL

Proceeding with factory default. DO NOT INTERRUPT
Removing hard disk user data partitions...
Wiping /code filesystem...
Zeroizing /code filesystem...
Wiping /boot filesystem...
Zeroizing /boot filesystem...
Zeroizing NVRAM...
Checking for NVRAM zeroization...
Setting default boot params...

Completed factory default. Reboot or power off now

Rebooting...

Reinstalling the VM for VNF Installation

To perform zeroization on a VM, you must perform a complete image reinstallation.