Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The Microsoft Windows Next Generation Cryptographic algorithm implementation provides enhanced support for AES, DRBG, DSA, ECDSA, RSA, HMAC, KAS, KDF, SHS (SHA), and Triple-DES. All implementations are packaged into a library used by Microsoft and other third-party applications.
Version
10.0.15063.674
Type
SOFTWARE
Vendor
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA
Contacts
Mike Grimm
FIPS@microsoft.com
800-Microsoft

Validations

Number
Date
Operating Environments
Algorithm Capabilities
RSA 2671
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.3
          • Properties:
            • Modulo: 2048
            • Primality Tests: C.2
          • Properties:
            • Modulo: 3072
            • Primality Tests: C.2
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 496
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
    Prerequisites:
Component 1511
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
  • KDF IKEv1
      • Capabilities:
        • Authentication Method: Digital Signature
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Authentication Method: Digital Signature
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Authentication Method: Digital Signature
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 384
        • Hash Algorithm: SHA2-384
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 384
        • Hash Algorithm: SHA2-384
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Preshared Key Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 384
        • Hash Algorithm: SHA2-384
    Prerequisites:
  • KDF IKEv2
      • Capabilities:
        • Responder Nonce Length: 192-1792
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Responder Nonce Length: 192-1792
        • Diffie-Hellman Shared Secret Length: 256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Responder Nonce Length: 192-1792
        • Diffie-Hellman Shared Secret Length: 384
        • Hash Algorithm: SHA2-384
    Prerequisites:
  • KDF TLS
    • TLS Version: v1.0/1.1, v1.2
    • Hash Algorithm: SHA2-256, SHA2-384
    Prerequisites:
DRBG 1732
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
SHS 4011
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8
ECDSA 1250
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
HMAC 3269
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
Component 1514
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
Component 1513
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
KAS 148
11/17/2017
  • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
  • KAS-ECC
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • KDF Option:
            • Concatenation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
              • MAC Option:
                • HMAC:
              • ED:
                • Hash Algorithm: SHA2-384
                • Curve: P-384
                • MAC Option:
                  • HMAC:
                • EE:
                  • Hash Algorithm: SHA2-512
                  • Curve: P-521
                  • MAC Option:
                    • HMAC:
            • One Pass DH:
              • KAS Role: Initiator, Responder
              • KDF without Key Confirmation:
                • Parameter Set:
                  • EC:
                    • Hash Algorithm: SHA2-256
                    • Curve: P-256
                    • MAC Option:
                      • HMAC:
                    • ED:
                      • Hash Algorithm: SHA2-384
                      • Curve: P-384
                      • MAC Option:
                        • HMAC:
                      • EE:
                        • Hash Algorithm: SHA2-512
                        • Curve: P-521
                        • MAC Option:
                          • HMAC:
                  • Static Unified:
                    • KAS Role: Initiator, Responder
                    • KDF without Key Confirmation:
                      • Parameter Set:
                        • EC:
                          • Hash Algorithm: SHA2-256
                          • Curve: P-256
                          • MAC Option:
                            • HMAC:
                          • ED:
                            • Hash Algorithm: SHA2-384
                            • Curve: P-384
                            • MAC Option:
                              • HMAC:
                            • EE:
                              • Hash Algorithm: SHA2-512
                              • Curve: P-521
                              • MAC Option:
                                • HMAC:
                      Prerequisites:
                    • KAS-FFC
                      • Function: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
                      • Scheme:
                        • dhEphem:
                          • KAS Role: Initiator, Responder
                          • KDF without Key Confirmation:
                            • Parameter Set:
                              • FB:
                                • Hash Algorithm: SHA2-256
                                • MAC Option:
                                  • HMAC:
                                • FC:
                                  • Hash Algorithm: SHA2-256
                                  • MAC Option:
                                    • HMAC:
                            • dhOneFlow:
                              • KAS Role: Initiator, Responder
                              • KDF without Key Confirmation:
                                • Parameter Set:
                                  • FB:
                                    • Hash Algorithm: SHA2-256
                                    • MAC Option:
                                      • HMAC:
                                    • FC:
                                      • Hash Algorithm: SHA2-256
                                      • MAC Option:
                                        • HMAC:
                                • dhStatic:
                                  • KAS Role: Initiator, Responder
                                  • KDF without Key Confirmation:
                                    • Parameter Set:
                                      • FB:
                                        • Hash Algorithm: SHA2-256
                                        • MAC Option:
                                          • HMAC:
                                        • FC:
                                          • Hash Algorithm: SHA2-256
                                          • MAC Option:
                                            • HMAC:
                                  Prerequisites:
                                TDES 2558
                                11/17/2017
                                • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
                                • TDES-CBC
                                  • Direction: Decrypt, Encrypt
                                  • Keying Option: 1
                                • TDES-CFB64
                                  • Direction: Decrypt, Encrypt
                                  • Keying Option: 1
                                • TDES-CFB8
                                  • Direction: Decrypt, Encrypt
                                  • Keying Option: 1
                                • TDES-ECB
                                  • Direction: Decrypt, Encrypt
                                  • Keying Option: 1
                                Component 1512
                                11/17/2017
                                • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
                                DSA 1303
                                11/17/2017
                                • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
                                AES 4902
                                11/17/2017
                                • Windows 10 (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Microsoft Surface Hub
                                • AES-CBC
                                  • Direction: Decrypt, Encrypt
                                  • Key Length: 128, 192, 256
                                • AES-CCM
                                  • Key Length: 128, 192, 256
                                  • Tag Length: 32, 48, 64, 80, 96, 112, 128
                                  • IV Length: 56, 64, 72, 80, 88, 96, 104
                                  • Payload Length: 0-256
                                  • AAD Length: 0-524288
                                • AES-CFB128
                                  • Direction: Decrypt, Encrypt
                                  • Key Length: 128, 192, 256
                                • AES-CFB8
                                  • Direction: Decrypt, Encrypt
                                  • Key Length: 128, 192, 256
                                • AES-CMAC
                                    • Capabilities:
                                      • Direction: Generation, Verification
                                      • Key Length: 128, 192, 256
                                      • MAC: 128
                                      • Message Length: 0-524288
                                      • Block Size: Full, Partial
                                • AES-CTR
                                  • Key Length: 128, 192, 256
                                  • Counter Source: Internal
                                • AES-ECB
                                  • Direction: Decrypt, Encrypt
                                  • Key Length: 128, 192, 256
                                • AES-GCM
                                  • Direction: Decrypt, Encrypt
                                  • Key Length: 128, 192, 256
                                  • Tag Length: 96, 104, 112, 120, 128
                                  • IV Length: 96
                                  • Payload Length: 8, 1016, 1024
                                  • AAD Length: 0, 8, 1016, 1024
                                • AES-GMAC
                                  • Direction: Decrypt, Encrypt
                                  • Key Length: 128, 192, 256
                                  • Tag Length: 96, 104, 112, 120, 128
                                  • IV Length: 96
                                  • AAD Length: 0, 8, 1016, 1024
                                • AES-XTS
                                  • Direction: Decrypt, Encrypt
                                  • Key Length: 128
                                  • Block Size: Full
                                • AES-XTS
                                  • Direction: Decrypt, Encrypt
                                  • Key Length: 256
                                  • Block Size: Full