Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The firmware implementation of the Fortinet FortiProxy SSL Cryptographic Library.
Version
1.0
Type
FIRMWARE
Vendor
Fortinet, Inc.
899 Kifer Road
Sunnyvale, CA 94086
USA
Contacts
Alan Kaye
akaye@fortinet.com
613-225-9381 x87416
Kerrie Newton
knewton@fortinet.com
613-225-9381 x87643

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C806
6/12/2019
  • Intel® Core™ i7-4790S
    • processor
      • manufacturer: Intel
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: External
    • Key Length: 128, 256
    • Tag Length: 128
    • IV Length: 64
    • Payload Length: 128, 1000, 6400, 8000
    • AAD Length: 0, 96, 128, 776, 2048
    Prerequisites:
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: External
    • Key Length: 128, 256
    • Tag Length: 128
    • IV Length: 64
    • AAD Length: 0, 96, 128, 776, 2048
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • HMAC-SHA-1
    • MAC: 160
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 256
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 384
    • Key sizes < block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 512
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • KAS-ECC Component
    • Function: Partial Public Key Validation
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
    Prerequisites:
  • KAS-FFC Component
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • FB:
              • Hash Algorithm: SHA2-256
            • FC:
              • Hash Algorithm: SHA2-256
    Prerequisites:
  • KDF SSH
    • Cipher: AES-128, AES-256
    • Hash Algorithm: SHA-1, SHA2-256
    Prerequisites:
  • KDF TLS
    • TLS Version: v1.0/1.1, v1.2
    • Hash Algorithm: SHA2-256, SHA2-384
    Prerequisites:
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.3
          • Properties:
            • Modulo: 2048
            • Primality Tests: C.2
          • Properties:
            • Modulo: 3072
            • Primality Tests: C.2
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    • Private Key Format: Standard
    Prerequisites:
  • RSA SigGen (186-2)
      • Capabilities:
        • Signature Type: PKCS 1.5
        • Modulo: 4096
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    Prerequisites:
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8