Module Name
CryptoComply 140-3 FIPS Provider
Caveat
Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs
Security Level Exceptions
- Physical security: N/A
- Non-invasive security: N/A
- Documentation requirements: N/A
- Cryptographic module security policy: N/A
Embodiment
Multi-Chip Stand Alone
Description
CryptoComply 140-3 FIPS Provider is a standards-based “Drop-in Compliance™” cryptographic engine. The module delivers core cryptographic functions to applications such as servers, personal computers, mobile devices, and appliances. The module features robust algorithm support, including CNSA algorithms.
The module delivers cryptographic services to host applications through a C language Application Programming Interface (API).
Tested Configuration(s)
- AlmaLinux 9 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- AlmaLinux 9 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- Android 13 running on a Google Pixel 7 with a Google Tensor G2
- Debian 11 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Debian 11 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- FreeBSD 13 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- FreeBSD 13 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- iOS 16 running on an iPhone 13 Mini with an Apple A15 Bionic without PAA
- iPadOS 16 running on an iPad Air (2022) with an Apple M1 without No
- macOS 13 (Ventura) running on a Mac Mini M2 with an Apple M2
- Oracle Solaris 11.4 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Oracle Solaris 11.4 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- Red Hat Enterprise Linux 9 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Red Hat Enterprise Linux 9 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- Rocky Linux 9 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Rocky Linux 9 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- SUSE Linux Enterprise Server 15 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- SUSE Linux Enterprise Server 15 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- Ubuntu 22.04 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Ubuntu 22.04 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- Windows 10 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Windows 10 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- Windows 11 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Windows 11 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- Windows Server 2019 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Windows Server 2019 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
- Windows Server 2022 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 with PAA
- Windows Server 2022 running on a Dell PowerEdge R830 with an Intel Xeon E5-4667v4 without PAA
Approved Algorithms
AES-XTS Testing Revision 2.0
AES-XTS Testing Revision 2.0
Safe Primes Key Generation
Safe Primes Key Generation
Safe Primes Key Verification
Safe Primes Key Verification
Allowed Algorithms
EC Diffie-Hellman with non-NIST recommended curves (Provides 112, 128, 160, 192, or 256 bits of encryption strength. Per IGs D.F and C.A.; Shared secret computation using non-NIST curves: brainpoolP224r1, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1, with strengths 112 bits, 128 bits, 160 bits, 192 bits, and 256 bits);ECDSA with non-NIST recommended curves (Provides 112, 128, 160, 192, or 256 bits of encryption strength. Per IG C.A.; Key pair generation, digital signature generation, digital signature verification using non-NIST curves: brainpoolP224r1, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1, with strengths 112 bits, 128 bits, 160 bits, 192 bits, and 256 bits)
Software Versions
3.0.0-FIPS 140-3, 3.0.1-FIPS 140-3