Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The Microsoft Windows Kernel Mode Cryptographic Primitives Library -- Cryptography Next Generation (CNG) -- is a general purpose, software-based, cryptographic module which provides FIPS 140-2 Level 1 cryptography.
Version
10.0.14393
Type
SOFTWARE
Vendor
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA
Contacts
Tim Myers
FIPS@microsoft.com
800-Microsoft

Validations

Number
Date
Operating Environments
Algorithm Capabilities
KAS 92
8/24/2016
  • Windows 10 Anniversary Update (x64) on Intel Atom x7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface 3
  • Windows 10 Anniversary Update (x64) on Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3
  • Windows 10 Anniversary Update (x86) on Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3
  • Windows 10 Enterprise Anniversary Update (x64) on AMD A4 with AES-NI and PCLMULQDQ and SSSE 3
  • Windows 10 Enterprise Anniversary Update (x64) on Intel Core i5 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Pro 4
  • Windows 10 Enterprise Anniversary Update (x64) on Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Book
  • Windows 10 Enterprise Anniversary Update (x64) on Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Pro 3
  • Windows 10 Enterprise Anniversary Update (x64) on Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3
  • Windows 10 Enterprise Anniversary Update (x86) on Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3
  • Windows 10 Enterprise LTSB Anniversary Update (x64) on Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3
  • Windows 10 Enterprise LTSB Anniversary Update (x64) on Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3
  • Windows 10 Enterprise LTSB Anniversary Update (x86) on Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3
  • Windows 10 Mobile Anniversary Update (ARMv7) on Qualcomm Snapdragon 212 (A7) w/ Microsoft Lumia 650
  • Windows 10 Mobile Anniversary Update (ARMv7) on Qualcomm Snapdragon 808 (A57, A53) w/Microsoft Lumia 950
  • Windows 10 Mobile Anniversary Update (ARMv7) on Qualcomm Snapdragon 820 (Kryo)
  • Windows 10 Pro Anniversary Update (x64) on Intel Core i5 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Pro 4
  • Windows 10 Pro Anniversary Update (x64) on Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Book
  • Windows 10 Pro Anniversary Update (x64) on Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Pro 3
  • Windows 10 Pro Anniversary Update (x64) on Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3
  • Windows 10 Pro Anniversary Update (x86) on Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3
  • Windows Server 2016 Datacenter (x64) on Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3
  • Windows Server 2016 Datacenter with Windows Hyper-V enabled (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ HP ProDesk 600 G2
  • Windows Server 2016 Datacenter with Windows Hyper-V enabled (x64) on Intel Core i7 with AES-NI and without SHA Extensions w/ Microsoft Surface Book
  • Windows Server 2016 Standard (x64) on AMD A4 with AES-NI and PCLMULQDQ and SSSE 3
  • Windows Server 2016 Standard (x64) on Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3
  • Windows Server 2016 with Windows Hyper-V enabled (x64) on Intel Core i5 with AES-NI and without SHA Extensions w/ Dell OptiPlex 3040
  • Windows Server 2016 with Windows Hyper-V enabled (x64) on Intel Core i7 with AES-NI and without SHA Extensions w/ Microsoft Surface Book
  • Windows Storage Server 2016 (x64) on Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3
  • KAS-ECC
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
              • MAC Option:
                • HMAC:
              • ED:
                • Hash Algorithm: SHA2-384
                • Curve: P-384
                • MAC Option:
                  • HMAC:
                • EE:
                  • Hash Algorithm: SHA2-512
                  • Curve: P-521
                  • MAC Option:
                    • HMAC:
            • One Pass DH:
              • KAS Role: Initiator, Responder
              • KDF without Key Confirmation:
                • Parameter Set:
                  • EC:
                    • Hash Algorithm: SHA2-256
                    • Curve: P-256
                    • MAC Option:
                      • HMAC:
                    • ED:
                      • Hash Algorithm: SHA2-384
                      • Curve: P-384
                      • MAC Option:
                        • HMAC:
                      • EE:
                        • Hash Algorithm: SHA2-512
                        • Curve: P-521
                        • MAC Option:
                          • HMAC:
                  • Static Unified:
                    • KAS Role: Initiator, Responder
                    • KDF without Key Confirmation:
                      • Parameter Set:
                        • EC:
                          • Hash Algorithm: SHA2-256
                          • Curve: P-256
                          • MAC Option:
                            • HMAC:
                          • ED:
                            • Hash Algorithm: SHA2-384
                            • Curve: P-384
                            • MAC Option:
                              • HMAC:
                            • EE:
                              • Hash Algorithm: SHA2-512
                              • Curve: P-521
                              • MAC Option:
                                • HMAC:
                      Prerequisites:
                    • KAS-FFC
                      • Function: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
                      • Scheme:
                        • dhEphem:
                          • KAS Role: Initiator, Responder
                          • KDF without Key Confirmation:
                            • Parameter Set:
                              • FB:
                                • Hash Algorithm: SHA2-256
                                • MAC Option:
                                  • HMAC:
                                • FC:
                                  • Hash Algorithm: SHA2-256
                                  • MAC Option:
                                    • HMAC:
                            • dhOneFlow:
                              • KAS Role: Initiator, Responder
                              • KDF without Key Confirmation:
                                • Parameter Set:
                                  • FB:
                                    • Hash Algorithm: SHA2-256
                                    • MAC Option:
                                      • HMAC:
                                    • FC:
                                      • Hash Algorithm: SHA2-256
                                      • MAC Option:
                                        • HMAC:
                                • dhStatic:
                                  • KAS Role: Initiator, Responder
                                  • KDF without Key Confirmation:
                                    • Parameter Set:
                                      • FB:
                                        • Hash Algorithm: SHA2-256
                                        • MAC Option:
                                          • HMAC:
                                        • FC:
                                          • Hash Algorithm: SHA2-256
                                          • MAC Option:
                                            • HMAC:
                                  Prerequisites: