Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. This compact and portable module provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to DAR, DRM, TLS, and VPN.
Version
n 1.1
Type
FIRMWARE
Vendor
INSIDE Secure
Eerikinkatu 28
Helsinki 00180
Finland
Contacts
Serge Haumont
shaumont@insidesecure.com
+358 40 5808548
Marko Nippula
mnippula@insidesecure.com
+358 40 7629394

Validations

Number
Date
Operating Environments
Algorithm Capabilities
DRBG 634
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
DSA 905
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
  • DSA KeyGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
      • Capabilities:
        • L: 2048
        • N: 256
      • Capabilities:
        • L: 3072
        • N: 256
    Prerequisites:
  • DSA PQGGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256
    Prerequisites:
  • DSA PQGVer (186-4)
      • Capabilities:
        • L: 1024
        • N: 160
        • Hash Algorithm: SHA-1
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256
    Prerequisites:
  • DSA SigGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA SigVer (186-4)
      • Capabilities:
        • L: 1024
        • N: 160
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
SHS 2599
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
  • SHA-1
    • Message Length: 0-65536 Increment 8
  • SHA-224
    • Message Length: 0-65536 Increment 8
  • SHA-256
    • Message Length: 0-65536 Increment 8
  • SHA-384
    • Message Length: 0-65536 Increment 8
  • SHA-512
    • Message Length: 0-65536 Increment 8
HMAC 1980
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
RSA 1593
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.6
          • Properties:
            • Modulo: 2048
            • Primality Tests: C.3
          • Properties:
            • Modulo: 3072
            • Primality Tests: C.3
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 496
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 160
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 512
    Prerequisites:
KDF 37
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
  • KDF SP800-108
      • Capabilities:
        • KDF Mode: Counter
        • SPs used to generate K: N/A
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Fixed Data Order: Before Fixed Data
        • Counter Length: 8, 16, 24, 32
      • Capabilities:
        • KDF Mode: Feedback
        • SPs used to generate K: N/A
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Fixed Data Order: Before Fixed Data
        • Counter Length: 8, 16, 24, 32
        • Supports Empty IV
      • Capabilities:
        • KDF Mode: Double Pipeline Iteration
        • SPs used to generate K: N/A
        • MAC Mode: CMAC-AES128, CMAC-AES192, CMAC-AES256, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Fixed Data Order: Before Fixed Data
        • Counter Length: 8, 16, 24, 32
    Prerequisites:
Component 384
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
  • KAS-ECC Component
    • Function: Key Pair Generation, Partial Public Key Validation
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EB:
              • Hash Algorithm: SHA2-224
              • Curve: P-224
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
      • Static Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EB:
              • Hash Algorithm: SHA2-224
              • Curve: P-224
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
    Prerequisites:
  • KAS-FFC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • FB:
              • Hash Algorithm: SHA2-224
            • FC:
              • Hash Algorithm: SHA2-256
      • dhStatic:
        • KAS Role: Initiator, Responder
    Prerequisites:
Component 385
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
  • KDF IKEv1
      • Capabilities:
        • Authentication Method: Digital Signature
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 256
        • Hash Algorithm: SHA2-224
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 256
        • Hash Algorithm: SHA2-224
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 256
        • Hash Algorithm: SHA2-224
      • Capabilities:
        • Authentication Method: Digital Signature
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 384
        • Hash Algorithm: SHA2-384
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 384
        • Hash Algorithm: SHA2-384
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 384
        • Hash Algorithm: SHA2-384
      • Capabilities:
        • Authentication Method: Digital Signature
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Preshared Key Length: 8-256
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1
    Prerequisites:
  • KDF IKEv2
      • Capabilities:
        • Responder Nonce Length: 800-3072
        • Diffie-Hellman Shared Secret Length: 256
        • Hash Algorithm: SHA2-224
      • Capabilities:
        • Responder Nonce Length: 800-3072
        • Diffie-Hellman Shared Secret Length: 384
        • Hash Algorithm: SHA2-384
      • Capabilities:
        • Responder Nonce Length: 800-3072
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1
    Prerequisites:
  • KDF TLS
    • TLS Version: v1.0/1.1, v1.2
    • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
AES 3123
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CCM
    • Key Length: 128, 192, 256
    • Tag Length: 64, 80, 96, 112, 128
    • IV Length: 88, 104
    • Payload Length: 0-256
    • AAD Length: 0-524288
  • AES-CMAC
      • Capabilities:
        • Direction: Generation, Verification
        • Key Length: 128, 192, 256
        • MAC: 64-128
        • Message Length: 0-524288
        • Block Size: Full, Partial
  • AES-CTR
    • Key Length: 128, 192, 256
    • Counter Source: External
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 64, 96, 104, 112, 120, 128
    • IV Length: 96
    • Payload Length: 0, 8, 1016, 65536
    • AAD Length: 0, 8, 1016, 65534
    Prerequisites:
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.2
    • Key Length: 128, 192, 256
    • Tag Length: 64, 96, 104, 112, 120, 128
    • IV Length: 96
    • Payload Length: 0, 8, 1016, 65536
    • AAD Length: 0, 8, 1016, 65534
    Prerequisites:
  • AES-KW
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 128, 192, 256, 320, 4096
  • AES-KWP
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 8, 32, 72, 96, 4096
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 128
    • Block Size: Full, Partial
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 256
    • Block Size: Full, Partial
TDES 1793
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library
  • TDES-CBC
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-ECB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
ECDSA 567
11/21/2014
  • Android 4.2 on Intel Atom Z2560 w/ 32 bit library
  • iOS 7.1 on ARM64 with ARMv8 Crypto Extensions
  • iOS 7.1 on ARMv7
  • iOS 7.1 on iOS 7.1
  • Raspbian Linux (kernel 3.10) on ARMv6
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 32 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 with AES-NI w/ 64 bit library
  • Ubuntu Linux (kernel 3.13) on Intel Atom Z3740 without AES-NI w/ 64 bit library