Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The nShield algorithm library provides cryptographic functionality for Thales's nShield Hardware Security Modules
Version
2.51.10 (Firmware)
Type
SOFTWARE
Vendor
Thales E-Security Ltd
Jupiter House
Station Road
Cambridge CB5 8JJ
UK
Contacts
Thales Certification Team
nshield-certifications@thales-esecurity.com
+44 1223 723600
Fax: +44 1223 723601
Thales Sales
sales@thalesesec.com
888 744 4976

Validations

Number
Date
Operating Environments
Algorithm Capabilities
AES 2122
7/13/2012
  • Freescale PowerPC
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation, Verification
        • Key Length: 128, 192, 256
        • MAC: 128
        • Message Length: 0-524288
        • Block Size: Full, Partial
  • AES-CTR
    • Key Length: 256
    • Counter Source: Internal
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.2
    • Key Length: 128, 192, 256
    • Tag Length: 32, 64, 96, 104, 112, 120, 128
    • IV Length: 96
    • Payload Length: 1024
    • AAD Length: 1024
    Prerequisites:
HMAC 1292
7/13/2012
  • Freescale PowerPC
DSA 664
7/13/2012
  • Freescale PowerPC
TDES 1349
7/13/2012
  • Freescale PowerPC
  • TDES-CBC
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-ECB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
RSA 1092
7/13/2012
  • Freescale PowerPC
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.6
          • Properties:
            • Modulo: 2048
            • Primality Tests: C.3
          • Properties:
            • Modulo: 3072
            • Primality Tests: C.3
    • Public Exponent Mode: Random
    Prerequisites:
  • RSA SigGen (186-2)
      • Capabilities:
        • Signature Type: PKCS 1.5
        • Modulo: 1024, 1536, 2048, 3072, 4096
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512/256
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
    Prerequisites:
  • RSA SigVer (186-2)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 1536
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 4096
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
    Prerequisites:
DRBG 232
7/13/2012
  • Freescale PowerPC
ECDSA 318
7/13/2012
  • Freescale PowerPC
  • ECDSA KeyGen (186-2):
    • Curve: B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521
    Prerequisites:
  • ECDSA KeyGen (186-4)
    • Curve: B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521
    Prerequisites:
  • ECDSA KeyVer (186-2):
    • Curve: B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521
  • ECDSA KeyVer (186-4)
    • Curve: B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521
  • ECDSA SigGen (186-2):
    • Curve: B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521
    Prerequisites:
  • ECDSA SigGen (186-4)
      • Capabilities:
        • Curve: K-233, P-224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: B-283, K-283, P-256, P-384
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: B-571, K-571, P-521
        • Hash Algorithm: SHA2-512
      • Capabilities:
        • Curve: B-409, K-409
        • Hash Algorithm: SHA2-384, SHA2-512
      • Capabilities:
        • Curve: B-233
        • Hash Algorithm: SHA2-224
      • Capabilities:
        • Curve: B-163, K-163, P-192
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • ECDSA SigVer (186-2):
    • Curve: B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521
    Prerequisites:
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: B-163, K-163, P-192
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: B-233, K-233, P-224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: B-283, K-283, P-256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: B-409, P-384
        • Hash Algorithm: SHA2-384, SHA2-512
      • Capabilities:
        • Curve: B-571, K-571, P-521
        • Hash Algorithm: SHA2-512
      • Capabilities:
        • Curve: K-409
        • Hash Algorithm: SHA2-384
    Prerequisites:
SHS 1844
7/13/2012
  • Freescale PowerPC
  • SHA-1
    • Message Length: 8-65536 Increment 8
  • SHA-224
    • Message Length: 8-65536 Increment 8
  • SHA-256
    • Message Length: 8-65536 Increment 8
  • SHA-384
    • Message Length: 8-65536 Increment 8
  • SHA-512
    • Message Length: 8-65536 Increment 8
Component 27
7/13/2012
  • Freescale PowerPC
  • KAS-ECC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EA:
              • Hash Algorithm: SHA2-256
              • Curve: P-192
            • EB:
              • Hash Algorithm: SHA2-256
              • Curve: P-224
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-512
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
      • One Pass DH:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EA:
              • Hash Algorithm: SHA2-256
              • Curve: P-192
            • EB:
              • Hash Algorithm: SHA2-256
              • Curve: P-224
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-512
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
      • Static Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EA:
              • Hash Algorithm: SHA2-256
              • Curve: P-192
            • EB:
              • Hash Algorithm: SHA2-256
              • Curve: P-224
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-512
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
    Prerequisites:
  • KAS-FFC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation
    • Scheme:
      • dhOneFlow:
        • KAS Role: Initiator, Responder
      • dhStatic:
        • KAS Role: Initiator, Responder
    Prerequisites: