Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols.
Version
Rel5
Type
FIRMWARE
Vendor
Cisco Systems, Inc
170 Tasman Dr
San Jose, CA 95134
USA
Contacts
Dereck Oshin
deoshin@cisco.com
(301) 256-3314

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C972
7/30/2019
  • Intel Xeon D-1548, Broadwell
    • processor
      • manufacturer: Intel
  • Intel Xeon Silver 4116T, Skylake
    • processor
      • manufacturer: Intel
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation
        • Key Length: 128
        • MAC: 8, 64, 128
        • Message Length: 256
      • Capabilities:
        • Direction: Verification
        • Key Length: 128
        • MAC: 8, 64, 128
        • Message Length: 256
  • AES-CTR
    • Direction: Encrypt
    • Key Length: 128, 192, 256
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • Payload Length: 128, 136, 256, 264
    • AAD Length: 0, 128, 136, 256, 264
    Prerequisites:
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • AAD Length: 0, 128, 136, 256, 264
  • AES-KW
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 256
    • Payload Length: 128, 192, 256, 320, 4096
    Prerequisites:
  • Counter DRBG
    • Prediction Resistance: No
    • Supports Reseed
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
    Prerequisites:
  • ECDSA KeyGen (186-4)
    • Curve: P-256, P-384
    • Secret Generation Mode: Extra Bits
    Prerequisites:
  • ECDSA KeyVer (186-4)
    • Curve: P-256, P-384
  • ECDSA SigGen (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-256
    Prerequisites:
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-256
    Prerequisites:
  • HMAC-SHA-1
    • MAC: 160
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 256
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 384
    • Key sizes < block size
    • Key sizes > block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 512
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • KAS-ECC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
    Prerequisites:
  • KAS-FFC Component
    • Function: Full Public Key Validation
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • FC:
              • Hash Algorithm: SHA2-256
    Prerequisites:
  • KDF IKEv2
      • Capabilities:
        • Initiator Nonce Length: 128-2048
        • Responder Nonce Length: 128-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Derived Keying Material Length: 1056-3072
        • Hash Algorithm: SHA-1, SHA2-256
    Prerequisites:
  • KDF SNMP
    • Password Length: 64-128
    • Engine ID: 000002b87766554433221100, 800002b805123456789abcdef0123456789abcdef0123456789abcdef0123456
    Prerequisites:
  • KDF SP800-108
      • Capabilities:
        • KDF Mode: Counter
        • MAC Mode: HMAC-SHA-1
        • Supported Lengths: 8, 192, 384
        • Fixed Data Order: After Fixed Data
        • Counter Length: 8
    Prerequisites:
  • KDF SSH
    • Cipher: AES-128, AES-192, AES-256, TDES
    • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • KDF TLS
    • TLS Version: v1.0/1.1
    Prerequisites:
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.4
          • Properties:
            • Modulo: 2048
            • Hash Algorithm: SHA2-256
          • Properties:
            • Modulo: 3072
            • Hash Algorithm: SHA2-256
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    • Private Key Format: Standard
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    Prerequisites:
  • RSA SigVer (186-2)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 1536
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 4096
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    Prerequisites:
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8
  • TDES-CBC
    • Direction: Decrypt, Encrypt
    • Keying Option: 1