This page provides technical information pertaining to the testing of individual components of FIPS approved and NIST recommended cryptographic algorithms. These components are validated as conforming to the specifications in the associated publication. The testing that is performed on the component is described in the associated validation system (VS) document. The testing is handled by NVLAP- accredited Cryptographic And Security Testing (CST) Laboratories.
The implementations below consist of software, firmware, hardware, and any combination thereof. The National Institute of Standards and Technology (NIST) has made every attempt to provide complete and accurate information about the components described in this document. However, due to the possibility of changes made within individual companies, NIST cannot guarantee that this document reflects the current status of each component. It is the responsibility of the vendor to notify NIST of any necessary changes to its entry in the following list.
In addition to a general description of each component implementation, this list mentions the features that were tested as conforming to the appropriate publication. These features are described in the specific legend for each individual component and are listed below for each validation. Select the legend below for detail on the testing of that component.
This list is ordered in reverse numerical order, by validation number. Thus, the more recent validations are located closer to the top of the list. The column after the Validation Date column contains information indicating what modes and features for these modes has been successfully tested.
| Validation No. |
Component Validated |
Associated Publication |
Vendor | Implementation | Operational Environment | Val. Date |
Description/Notes |
|---|---|---|---|---|---|---|---|
| 20 | Pitney Bowes, Inc. 37 Executive Drive Danbury, CT 06810 USA -Dave Riley
|
Version 02000007 (Firmware) |
ARM 7 TDMI | 4/9/2012 |
Curves tested:
P-256
"The Pitney Bowes Cygnus X-3 Hardware Security Module (HSM) employs strong cryptographic and physical security techniques for the protection of funds in Pitney Bowes Postage systems." |
||
| 19 | Certicom Corp. 4701 Tahoe Blvd. Building A Missisauga, ON L4W 0B5 Canada -Certicom Sales
-Kris Orr
|
Version 6.0.2 |
64-bit Intel Core i5-2300 w/ Red Hat Linux 5.6; 64-bit Intel Core i5-2300 w/ Windows 7 | 3/26/2012 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
K-163
K-233
K-283
K-409
K-571
"Security Builder FIPS Core provides application developers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and DRM modules." |
||
| 18 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat, 13705 France -Arnaud Lotigier
|
Version Version #11-M1005011+Softmask V04 (Firmware) (Firmware) |
Infineon SLE66CLX1280PE | 3/21/2012 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory available. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved." |
||
| 17 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat, 13705 France -Michael Bruyere
-Anthony Vella
|
Version 1.2 (Firmware) Part # NXP P5Cx081 Family |
NXP P5Cx081 Family | 2/29/2012 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
"MultiApp V2.1 is a highly secured smartcard platform conformant to the Javacard 2.2.2 and GP 2.1.1 standards, designed to operate on the NXP P5Cx081 family, inclusive of NXP P5CC081 and P5CC145 integrated circuits. Its cryptographic library implements TDEA, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms." |
||
| 16 | Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA -Entrust Sales
|
Version 8.0 |
Intel Core 2 Duo E8400 w/ Microsoft Windows Server 2008 R2 with Oracle J2RE 6; Intel Core 2 Duo E8400 w/ Microsoft Windows Server 2008 R2 with Oracle J2RE 7 | 2/21/2012 |
ECC: ( FUNCTIONS INCLUDED IN IMPLEMENTATION: DPV KPG Partial Validation ) SCHEMES: EphemUnified: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 OnePassDH: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 StaticUnified: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 "The Java toolkit is an implementation of cryptographic functions accessible by an object-oriented API. Depending on configuration, the algorithms may be implemented in software, hardware, or both. The industry standard Cryptopki API from PKCS #11, is used as the interface to hardware-based cryptographic modules." |
||
| 15 | Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA -Entrust Sales
|
Version 8.1sp1 |
Intel Core 2 Duo E8400 w/ Windows Server 2008 R2 Enterprise Edition | 1/19/2012 |
ECC: ( FUNCTIONS INCLUDED IN IMPLEMENTATION: DPV KPG Partial Validation ) SCHEMES: EphemUnified: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 OnePassDH: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 StaticUnified: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 "The Security Kernel is a C++ implementation of cryptographic functions accessible by an object-oriented API. Depending on configuration, the algorithms may be implemented in software, hardware or both. The industry standard Cryptoki API from PKCS #11, is used as the interface to hardware-based cryptographic modules." |
||
| 14 | Catbird Networks, Inc. 1800 Green Hills Road, Suite 113 Scotts Valley, CA 95066 USA -Michael Berman
|
Version v1.0 |
Intel Core i5 with AES-NI w/ CentOS 6.0 | 1/19/2012 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
K-163
K-233
K-283
K-409
K-571
B-163
B-233
B-283
B-409
B-571
"The cryptographic module used by Catbird''s comprehensive security and compliance solutions for virtualized data centers." 01/25/12: Updated implementation information; |
||
| 13 | Cummings Engineering Consultants, Inc. 145 S. 79th St., Suite 26 Chandler, AZ 85226 USA -Darren Cummings
|
Version v1.0 |
TI OMAP 3 w/ Linux 3.0.4; Intel Pentium T4200 w/ Android 2.2; Qualcomm QSD 8250 w/ Android 2.2; Intel Pentium T4200 w/ Ubuntu 10.04; Intel Celeron (64 bit mode) w/ Microsoft Windows 7; Intel Core i5 (with AES-NI) w/ Android 2.2; Intel Core i5 (with AES-NI) (64 bit mode) w/ Microsoft Windows 7; Intel Core i5 (with AES-NI) w/ Fedora 14 | 1/26/2012 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
K-163
K-233
K-283
K-409
K-571
B-163
B-233
B-283
B-409
B-571
"The cryptographic module used by the Cummings Engineering suite of products which allow for efficient and effective deployment of robust secure communications capability on commercial off the shelf (COTS) devices, such as Smartphones and Tablets, as well as speciality communications devices." 02/01/12: Added new tested information; |
||
| 12 | OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 27101 USA -Steve Marquess
|
Version 2.0 |
Intel Itanium 2 (64 bit mode) w/ HP-UX 11i; Intel Itanium 2 (32 bit mode) w/ HP-UX 11i; Freescale PowerPC32-e300 w/ Linux 2.6.33; TI OMAP 3530 (ARMv7) w/ Android 2.2; Intel Pentium (R) T4200 w/ Ubuntu 10.04; ARM Limited ARM922T (ARMv4) w/ uCLinux 0.9.29; Intel Core i5 with AES-NI (64 bit mode) w/ Fedora 14; Intel Core i5 with AES-NI (32 bit mode) w/ Ubuntu 10.04; Intel Celeron (32 bit mode) w/ Microsoft Windows 7; TI TNETV1050 w/ VxWorks 6.8; PowerPC e300c3 w/ Linux 2.6.27; Intel Pentium T4200 (64 bit mode) w/ Cascade Server 6.10; Intel Pentium T4200 (32 bit mode) w/ Cascade Server 6.10; Intel Pentium 4 (64 bit mode) w/ Microsoft Windows 7; TI AM3703CBP w/ Linux 2.6.32; Broadcom BCM11107 (ARMv6) w/ Linux 2.6; TI TMS320DM6446 (ARMv7) w/ Linux 2.6; Intel Xeon 5675 (x86) with AES-NI (32 bit mode) w/ Oracle Solaris 11; Intel Xeon 5675 (x86) (64 bit mode) w/ Oracle Solaris 11; Intel Pentium T4200 (x86) (32 bit mode) w/ Ubuntu 10.04; Intel Xeon 5675 (x86) (32 bit mode) w/ Oracle Solaris 11; Intel Xeon 5675 (x86) with AES-NI (64 bit mode) w/ Oracle Solaris 11; Intel Pentium T4200 (x86) (64 bit mode) w/ Ubuntu 10.04; SPARC-T3 (SPARCv9) (32 bit mode) w/ Oracle Solaris 10; SPARC-T3 (SPARCv9) (64 bit mode) w/ Oracle Solaris 10; Intel Xeon 5675 (x86) (64 bit mode) w/ Oracle Linux 5; Intel Xeon 5675 with AES-NI (64 bit mode) w/ Oracle Linux 5; Intel Xeon 5675 (64-bit mode) w/ Oracle Linux 6; Intel Xeon 5675 with AES-NI (64-bit mode) w/ Oracle Linux 6; SPARC-T3 (SPARCv9) (32-bit mode) w/ Oracle Solaris 11; SPARC-T3 (SPARCv9) (64-bit mode) w/ Oracle Solaris 11 | 12/29/2011 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
K-163
K-233
K-283
K-409
K-571
B-163
B-233
B-283
B-409
B-571
"The OpenSSL FIPS Object Module is a full featured general purpose cryptographic library that is distributed in source code form under an open source license. It can be downloaded from www.openssl.org/source/." 01/26/12: Added new tested information; |
||
| 11 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych
-Laurie Smith
|
Version 4.8.7 (Firmware) |
StrongARM II 80219 | 12/16/2011 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
K-163
K-233
K-283
K-409
K-571
B-163
B-233
B-283
B-409
B-571
"The Luna K5 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware and associated co-processor." |
||
| 10 | OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 27101 USA -Steve Marquess
|
Version 2.0 |
ARMv7 (HTC Desire) w/ Android 2.2; Qualcomm QSD 8250 (Dell Streak; ARMv7) w/ Android 2.2; NVIDIA Tegra 250 T20 (Motorola Xoom, ARMv7) w/ Android 2.2; NVIDIA Tegra 250 T20 (ARMv7) w/ Android 4.0 | 11/29/2011 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
"The OpenSSL FIPS Object Module is a full featured general purpose cryptographic library that is distributed in source code form under an open source license. It can be downloaded from www.openssl.org/source/." 12/14/11: Updated implementation information; |
||
| 9 | IBM Corporation 2455 South Road Poughkeepsie, New York 12601-5400 USA -William Penny
-Jim Sweeny
|
Version OA36882 Part # 5694-A01 |
IBM zEnterprise 196 (z196) w/ IBM z/OS® V1.13 | 11/9/2011 |
FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG ) SCHEMES: Ephem: (KARole: Initiator / Responder ) FA FB FC OneFlow: (KARole: Initiator / Responder ) FA FB FC Static: (KARole: Initiator / Responder ) FA FB FC ECC: ( FUNCTIONS INCLUDED IN IMPLEMENTATION: ) SCHEMES: OnePassDH: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 StaticUnified: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 "ICSF is a software element of z/OS that works with hardware cryptographic features and the Security Server (RACF) to provide secure, high-speed cryptographic services in the z/OS environment. ICSF, which runs as a started task, provides the application programming interfaces by which applications request the cryptographic services." 11/15/11: Update implementation information; |
||
| 8 | Athena Smartcard Inc. 20380 Town Center Lane, Suite 240 Cupertino, CA 95014 USA -Ian Simmons
|
Version S1.0 (Firmware) Part # STMicroelectronics ST23 |
STMicroelectronics ST23 | 10/13/2011 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
"Athena OS755 is a GlobalPlatform Java Card smart card operating system implementing AES, TDES, DRBG, SHA-1/SHA-2, RSA, SP 800-56A KAS (ECC CDH Primitive only) and ECDSA2." |
||
| 7 | Certicom Corp. 4701 Tahoe Blvd. Building A Missisauga, ON L4W 0B5 Canada -Certicom Sales
-Kris Orr
|
Version 6.0 |
64-bit Intel Core i5-2300 w/ RedHat Linux 5.6; 32-bit Intel Core i7 w/ RedHat Linux 5.6; 32-bit Intel Pentium III w/ QNX 6.5; ARM Cortex A9 MPCore w/ QNX 6.6; Intel Core 2 Duo w/ Mac OS X 10.5; 32-bit Intel Core i5-2300 w/ Windows 7 | 9/20/2011 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
K-163
K-233
K-283
K-409
K-571
"Security Builder FIPS Core provides application developers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and DRM modules." 10/01/11: Update implementation information; |
||
| 6 | Thales E-Security Ltd Jupiter House Station Road Cambridge, n/a CB5 8JJ UK -Marcus Streets
-Mark Wooding
|
Version 2.50.17 (Firmware) |
Freescale DragonBall MXL | 8/30/2011 |
FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPV KPG Full Validation Partial Validation ) SCHEMES: Ephem: (KARole: Initiator / Responder ) FA FB FC OneFlow: (KARole: Initiator / Responder ) FA FB FC Static: (KARole: Initiator / Responder ) FA FB FC ECC: ( FUNCTIONS INCLUDED IN IMPLEMENTATION: DPV KPG Full Validation Partial Validation ) SCHEMES: EphemUnified: (KARole: Initiator / Responder ) EB: P-224 EC: P-256 EE: P-521 OnePassDH: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 StaticUnified: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 "The MiniHSM Algorithm Library provides cryptographic functionality for the MiniHSM series of Thales hardware security modules." |
||
| 5 | NXP Semiconductors Mikronweg 1 Gratkorn, n/a 8101 Austria -Markus Moesenbacher
|
Version ECDH_CL_V2.7 (Firmware) Part # NXP P5CD081 Family |
NXP P5CD081 Family | 8/18/2011 |
Curves tested:
P-256
"Single Chip Module with NXP Secure Smart Card Controller of P5CD081 Family and NXP Java Card and GlobalPlatform OS JCOP 2.4.2 R0. P5CD081 Family comprises: P5CD145 V0A, P5CC145 V0A, P5CN145 V0A, P5CD128 V0A, P5CC128 V0A, P5CD081 V1A, P5CC081 V1A, P5CN081 V1A, P5CD051 V1A, P5CD041 V1A, P5CD021 V1A and P5CD016 V1A." |
||
| 4 | Oberthur Technologies 4250 Pleasant Valley Rd. Chantilly, VA 21051 USA -Christophe Goyet
|
Version 0801 (Firmware) Part # BF |
ID-One PIV (Type B) with op codes 071621 & 071891 | 6/22/2011 |
Curves tested:
P-224
P-256
P-384
"This algorithm is implemented in the new ID-One Cosmo v7 smart card platform and used to provide ECDH Key Management services to the FIPS 201 validated ID-One PIV cards from Oberthur." |
||
| 3 | Oberthur Technologies 4250 Pleasant Valley Rd. Chantilly, VA 21051 USA -Christophe Goyet
|
Version FC10 (Firmware) Part # B0 |
ID-One PIV (Type A) with op code 071964 | 6/22/2011 |
Curves tested:
P-224
P-256
P-384
"This algorithm is implemented in the new ID-One Cosmo v7 smart card platform and used to provide ECDH Key Management services to the FIPS 201 validated ID-One PIV cards from Oberthur." |
||
| 2 | Athena Smartcard Inc. 20380 Town Center Lane, Suite 240 Cupertino, CA 95014 USA -Ian Simmons
|
Version A1.0 (Firmware) Part # Inside Secure AT90SC |
Inside Secure AT90SC w/ OS755 | 6/16/2011 |
Curves tested:
P-192
P-224
P-256
P-384
P-521
"Athena OS755 is a GlobalPlatform Java Card smart card operating system implementing AES, TDES, DRBG, SHA-1/SHA-2, RSA, SP 800-56A KAS (ECC CDH Primitive only) and ECDSA2." |
||
| 1 | Thales E-Security Ltd Jupiter House Station Road Cambridge, n/a CB5 8JJ UK -Marcus Streets
-Mark Wooding
|
Version 2.50.16 (Firmware) |
Motorola PowerPC | 5/12/2011 |
FFC: (ASSURANCES < 5.5.2: #1 , #2 , #3 > < 5.6.2.1: #1 , #3 > < 5.6.2.2: #1 > < 5.6.2.3: #1 > < 5.6.3.1: #1 , #2 > ) SCHEMES: Ephem: (KARole: Initiator / Responder ) FA FB FC OneFlow: (KARole: Initiator / Responder ) FA FB FC Static: (KARole: Initiator / Responder ) FA FB FC ECC: ( ASSURANCES < 5.5.2: #1 , #2 , #3 > < 5.6.2.1: #1 , #3 > < 5.6.2.1: #1 > < 5.6.2.3: #1 #3 > ) SCHEMES: EphemUnified: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 OnePassDH: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 StaticUnified: (KARole: Initiator / Responder ) EA: P-192 EB: P-224 EC: P-256 ED: P-384 EE: P-521 "The nShield algorithm library provides cryptographic functionality for Thales''s nShield Hardware Security Modules" |
Computer Security Division
National Institute of Standards and Technology