Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #3197

Details

Module Name
Cryptographic Primitives Library
Standard
FIPS 140-2
Status
Active
Sunset Date
10/21/2023
Validation Dates
10/22/2018
Overall Level
1
Caveat
When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #3196 operating in FIPS mode and Code Integrity validated to FIPS 140-2 under Cert. #3195 operating in FIPS mode or Secure Kernel Code Integrity validated to FIPS 140-2 under Cert. #3096 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.
Tested Configuration(s)
  • Surface Hub (x64) running on a Microsoft Surface Hub with PAA [1]
  • Windows 10 Education Fall Creators Update (x64) running on a Microsoft Surface Pro with PAA [3]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Book 2 with PAA [3]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Book with PAA [3]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Laptop with PAA [3]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Pro 4 with PAA [3]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Pro with PAA [3]
  • Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Studio with PAA [3]
  • Windows 10 Enterprise Fall Creators Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE with PAA [3]
  • Windows 10 Home Fall Creators Update (x86) running on a Dell Inspiron 660s without PAA [3]
  • Windows 10 Mobile Fall Creators Update (ARMv7) running on a Microsoft Lumia 650 [2]
  • Windows 10 Mobile Fall Creators Update (ARMv7) running on a Microsoft Lumia 950 [2]
  • Windows 10 Mobile Fall Creators Update (ARMv7) running on a Microsoft Lumia 950 XL [2]
  • Windows 10 Mobile Fall Creators Update (ARMv7) running on an HP Elite x3 [2]
  • Windows 10 Pro Fall Creators Update (x64) on Hyper-V on Windows Server 2016 running on a Surface Pro 4 with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Latitude 5285 with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Latitude 5290 with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell PowerEdge R630 Server with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Dell Precision Tower 5810MT with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface 3 with LTE with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Laptop with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Pro 3 with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Pro with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on a Panasonic Toughbook with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on an HP Compaq Pro 6305 with PAA [3]
  • Windows 10 Pro Fall Creators Update (x64) running on an HP Slimline Desktop with PAA [3]
  • Windows 10 S Fall Creators Update (x64) running on a Microsoft Surface Laptop with PAA [3]
  • Windows Server Datacenter Core (x64) on Hyper-V on Windows Server running on a Dell Precision Tower 5810MT with PAA [3]
  • Windows Server Datacenter Core (x64) running on a Dell PowerEdge R630 Server with PAA [3]
  • Windows Server Datacenter Core (x64) running on a Dell PowerEdge R740 Server with PAA [3] (single-user mode)
  • Windows Server Datacenter Core (x64) running on a Dell Precision Tower 5810MT with PAA [3]
  • Windows Server Standard Core (x64) on Hyper-V on Windows Server running on a Dell Precision Tower 5810MT with PAA [3]
  • Windows Server Standard Core (x64) running on a Dell PowerEdge R630 Server with PAA [3]
  • Windows Server Standard Core (x64) running on a Dell PowerEdge R740 Server with PAA [3]
  • Windows Server Standard Core (x64) running on a Dell Precision Tower 5810MT with PAA [3]
FIPS Algorithms
AES Certs. #4897, #4898, #4899, #4900, #4901 and #4902
CKG vendor affirmed
CVL Certs. #1496, #1498, #1507, #1509, #1511 and #1513
DRBG Certs. #1730, #1731 and #1732
DSA Certs. #1301, #1302 and #1303
ECDSA Certs. #1246, #1249 and #1250
HMAC Certs. #3267, #3268 and #3269
KAS Certs. #146, #147 and #148
KBKDF Certs. #157, #158 and #159
KTS AES Certs. #4898, #4899 and #4900; key establishment methodology provides between 128 and 256 bits of encryption strength
PBKDF vendor affirmed
RSA Certs. #2667, #2668, #2669, #2670, #2671 and #2672
SHS Certs. #4009, #4010 and #4011
Triple-DES Certs. #2556, #2557 and #2558
Allowed Algorithms
HMAC-MD5; MD5; NDRNG
Software Versions
10.0.15063.674 [1], 10.0.15254 [2] and 10.0.16299 [3]

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-Microsoft

Lab

LEIDOS CSTL
NVLAP Code: 200427-0