Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
User space library providing general cryptographic services which can be linked to from any program. The module was tested with 32bit word size.
Version
4.0
Type
SOFTWARE
Vendor
Red Hat, Inc.
100 East Davie Street
Raleigh, NC 27601
USA
Contacts
Jaroslav Reznik
jreznik@redhat.com

Validations

Number
Date
Operating Environments
Algorithm Capabilities
DRBG 962
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
  • Counter DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
      • Capabilities:
        • Mode: SHA2-224
      • Capabilities:
        • Mode: SHA2-256
      • Capabilities:
        • Mode: SHA2-384
      • Capabilities:
        • Mode: SHA2-512
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
      • Capabilities:
        • Mode: SHA2-224
      • Capabilities:
        • Mode: SHA2-256
      • Capabilities:
        • Mode: SHA2-384
      • Capabilities:
        • Mode: SHA2-512
    Prerequisites:
Component 651
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
  • KAS-ECC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
    Prerequisites:
  • KAS-FFC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • FB:
              • Hash Algorithm: SHA2-224
            • FC:
              • Hash Algorithm: SHA2-256
    Prerequisites:
ECDSA 754
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
Component 652
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
SHS 3054
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-224
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8
RNG 1400
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
TDES 2026
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
  • TDES-CBC
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB1
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB64
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB8
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CMAC
      • Capabilities:
        • Direction: Generation
        • Keying Option: 2
        • MAC: 0-64
        • Message Length: 0-524288
        • Block Size: Full, Partial
      • Capabilities:
        • Direction: Generation
        • Keying Option: 1
        • MAC: 0-64
        • Message Length: 0-524288
        • Block Size: Full, Partial
      • Capabilities:
        • Direction: Verification
        • Keying Option: 1, 2
        • MAC: 0-64
        • Message Length: 0-524288
        • Block Size: Full, Partial
  • TDES-CTR
    • Counter Source: Internal
  • TDES-ECB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-OFB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
RSA 1875
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.3
          • Properties:
            • Modulo: 2048
            • Primality Tests: C.2
          • Properties:
            • Modulo: 3072
            • Primality Tests: C.2
    • Public Exponent Mode: Random
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
    Prerequisites:
DSA 1013
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
HMAC 2387
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
AES 3637
11/27/2015
  • Red Hat Enterprise Linux 7.1 on IBM/S390
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CCM
    • Key Length: 128, 192, 256
    • Tag Length: 32, 48, 64, 80, 96, 112, 128
    • IV Length: 56, 64, 72, 80, 88, 96, 104
    • Payload Length: 0-256
    • AAD Length: 0-524288
  • AES-CFB1
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB8
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation, Verification
        • Key Length: 128, 192, 256
        • MAC: 0-128
        • Message Length: 0-524288
        • Block Size: Full, Partial
  • AES-CTR
    • Key Length: 128, 192, 256
    • Counter Source: Internal
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 32, 64, 96, 104, 112, 120, 128
    • IV Length: 96
    • Payload Length: 120, 128, 248, 1024
    • AAD Length: 120, 128, 248, 1024
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 32, 64, 96, 104, 112, 120, 128
    • IV Length: 96
    • AAD Length: 120, 128, 248, 1024
  • AES-KW
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 128, 192, 256, 320, 4096
  • AES-KWP
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 8, 32, 72, 96, 808
  • AES-OFB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 128
    • Block Size: Full, Partial
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 256
    • Block Size: Full, Partial