Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Product Name
Description
The Cisco Appliances deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. They provide comprehensive security, performance, and reliability for network environment.
Version
F6.2
Type
FIRMWARE
Vendor
Cisco Systems, Inc
170 W Tasman Dr
San Jose, CA 95134
USA
Contacts
Global Certification Team
certteam@cisco.com

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C864
6/27/2019
  • Intel Atom D25XX
    • processor
      • manufacturer: Intel
  • Intel Pentium B915
    • processor
      • manufacturer: Intel
  • Intel Xeon E56XX
    • processor
      • manufacturer: Intel
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • Payload Length: 8, 104, 128, 256
    • AAD Length: 0, 104, 128
    Prerequisites:
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • AAD Length: 0, 104, 128
  • AES-KW
    • Direction: Decrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 128, 192, 256, 320, 4096
    Prerequisites:
  • AES-KWP
    • Direction: Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 808
    Prerequisites:
  • Counter DRBG
    • Prediction Resistance: No
    • Supports Reseed
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
        • Additional Input: 0-384
        • Entropy Input: 384
        • Nonce: 128
        • Personalization String Length: 384
        • Returned Bits: 512
    Prerequisites:
  • DSA KeyGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
      • Capabilities:
        • L: 2048
        • N: 256
      • Capabilities:
        • L: 3072
        • N: 256
  • DSA PQGGen (186-4)
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA PQGVer (186-4)
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA SigGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA SigVer (186-4)
      • Capabilities:
        • L: 1024
        • N: 160
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • ECDSA KeyGen (186-4)
    • Curve: P-256, P-384, P-521
    • Secret Generation Mode: Testing Candidates
    Prerequisites:
  • ECDSA SigGen (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-384
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA2-512
    Prerequisites:
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-384
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA2-512
    Prerequisites:
  • HMAC-SHA-1
    • MAC: 160
    • Key sizes < block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 256
    • Key sizes < block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 384
    • Key sizes < block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 512
    • Key sizes < block size
    • Key size = block size
    Prerequisites:
  • KAS-ECC Component
    • Function: Key Pair Generation
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
    Prerequisites:
  • KAS-FFC Component
    • Function: Key Pair Generation
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • FC:
              • Hash Algorithm: SHA2-256
    Prerequisites:
  • KDF IKEv2
      • Capabilities:
        • Initiator Nonce Length: 256-512
        • Responder Nonce Length: 256-512
        • Diffie-Hellman Shared Secret Length: 2048
        • Derived Keying Material Length: 800-3072
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • KDF SNMP
    • Password Length: 64-128
    • Engine ID: 000002b87766554433221100, 800002b805123456789abcdef0123456789abcdef0123456789abcdef0123456
    Prerequisites:
  • KDF SSH
    • Cipher: AES-128
    • Hash Algorithm: SHA-1
    Prerequisites:
  • KDF TLS
    • TLS Version: v1.2
    • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.4
          • Properties:
            • Modulo: 2048
            • Hash Algorithm: SHA2-256
          • Properties:
            • Modulo: 3072
            • Hash Algorithm: SHA2-256
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    • Private Key Format: Standard
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    Prerequisites:
  • SHA-1
    • Message Length: 8-51200 Increment 8
  • SHA-256
    • Message Length: 8-51200 Increment 8
  • SHA-384
    • Message Length: 8-102400 Increment 8
  • SHA-512
    • Message Length: 8-102400 Increment 8
  • TDES-CBC
    • Direction: Decrypt, Encrypt
    • Keying Option: 1