Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.
Version
1.0.1
Type
SOFTWARE
Vendor
Legion of the Bouncy Castle Inc.
85 The Crescent
Ascot Vale, Victoria 3032
Australia
Contacts
David Hook
dgh@bouncycastle.org
+61438170390
Jon Eaves
jon@bouncycastle.org
+61417502969

Validations

Number
Date
Operating Environments
Algorithm Capabilities
KDF 153
9/1/2017
  • Java SE Runtime Environment 7 on Red Hat Enterprise Linux 7.3 on VMware ESXi 5.5 on Intel Xeon Processor X5670
  • Java SE Runtime Environment 8 on Red Hat Enterprise Linux 7.3 on VMware ESXi 5.5 on Intel Xeon Processor X5670
  • KDF
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, In the Middle of Fixed Data
        • KDF Mode: Counter
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • SPs used to generate K: SP 800-56A, SP 800-56B, SP 800-90A
        • Counter Length: 8, 16, 24, 32
      • Capabilities:
        • Supports Empty IV
        • Fixed Data Order: After Fixed Data, Before Fixed Data, Before Iteration Data
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • SPs used to generate K: SP 800-56A, SP 800-56B, SP 800-90A
        • KDF Mode: Feedback
        • Counter Length: 8, 16, 24, 32
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, Before Iteration Data
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • KDF Mode: Double Pipeline Iteration
        • SPs used to generate K: SP 800-56A, SP 800-56B, SP 800-90A
        • Counter Length: 8, 16, 24, 32
    Prerequisites:
  • PhotonOS 2.0 running on ESXi 6.7 with JRE 1.8 on Intel Xeon 6126
    • processor
      • manufacturer: Intel
    • software
  • Ubuntu 16.04 running on ESXi 6.7 with JRE 1.8 on Intel Xeon 6126
    • processor
      • manufacturer: Intel
    • software
  • Windows Server 2016 running on ESXi 6.7 with JRE 1.8 on Intel Xeon 6126
    • processor
      • manufacturer: Intel
    • software
  • KDF
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, In the Middle of Fixed Data
        • KDF Mode: Counter
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Counter Length: 8, 16, 24, 32
        • Supported Lengths: 64, 80, 504, 1024
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, before iterator
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • KDF Mode: Double Pipeline Iteration
        • Counter Length: 8, 16, 24, 32
        • Supported Lengths: 64, 80, 504, 1024
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, before iterator
        • Supports Empty IV
        • KDF Mode: Feedback
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Counter Length: 8, 16, 24, 32
        • Supported Lengths: 64, 80, 504, 1024
    Prerequisites:
  • Linux 3.10 on Intel Xeon E5-2697 v3
    • processor
      • manufacturer: Intel
    • software
  • Linux 3.10 on Intel Xeon Silver 4110
    • processor
      • manufacturer: Intel
    • software
  • KDF
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, In the Middle of Fixed Data
        • KDF Mode: Counter
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Counter Length: 8, 16, 24, 32
        • Supported Lengths: 64, 80, 504, 1024
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, before iterator
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Counter Length: 8, 16, 24, 32
        • KDF Mode: Double Pipeline Iteration
        • Supported Lengths: 64, 80, 504, 1024
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, before iterator
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Counter Length: 8, 16, 24, 32
        • Supports Empty IV
        • KDF Mode: Feedback
        • Supported Lengths: 64, 80, 504, 1024
    Prerequisites:
  • Android Lollipop 5.1 on Qualcomm MSM8960 Pro
    • software
    • processor
      • manufacturer: Qualcomm
  • Android Marshmallow 6.0 on Qualcomm MSM8956
    • software
    • processor
      • manufacturer: Qualcomm
  • Android Oreo 8.1 on Qualcomm SDM660
    • software
    • processor
      • manufacturer: Qualcomm
  • KDF
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, In the Middle of Fixed Data
        • KDF Mode: Counter
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Supported Lengths: 64, 80, 504, 1024
        • Counter Length: 8, 16, 24, 32
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, before iterator
        • KDF Mode: Double Pipeline Iteration
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Supported Lengths: 64, 80, 504, 1024
        • Counter Length: 8, 16, 24, 32
      • Capabilities:
        • Fixed Data Order: After Fixed Data, Before Fixed Data, before iterator
        • Supports Empty IV
        • KDF Mode: Feedback
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, CMAC-TDES, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Supported Lengths: 64, 80, 504, 1024
        • Counter Length: 8, 16, 24, 32
    Prerequisites: