Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program CAVP

Product Name
Description
The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols
Version
Rel5
Type
FIRMWARE
Vendor
Cisco Systems, Inc
170 W Tasman Dr
San Jose, CA 95134
USA
Contacts
Global Certifications Team
certteam@cisco.com

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C1802
6/5/2020
  • Intel Atom C3558
    • processor
      • manufacturer: Intel
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CTR
    • Direction: Encrypt
    • Key Length: 128, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • Payload Length: 40, 48, 128, 512
    • AAD Length: 0, 40, 48, 128
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • AAD Length: 0, 40, 48, 128
  • Counter DRBG
    • Prediction Resistance: No
    • Supports Reseed
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
    Prerequisites:
  • ECDSA KeyGen (186-4)
    • Curve: P-256, P-384
    • Secret Generation Mode: Extra Bits
    Prerequisites:
  • ECDSA KeyVer (186-4)
    • Curve: P-256, P-384
  • ECDSA SigGen (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-256
    Prerequisites:
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-256
    Prerequisites:
  • HMAC-SHA-1
    • MAC: 160
    • Key sizes < block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 256
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 512
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • KAS-ECC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • Shared Secret Computation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
    Prerequisites:
  • KAS-FFC Component
    • Function: Full Public Key Validation
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • Shared Secret Computation:
          • Parameter Set:
            • FC:
              • Hash Algorithm: SHA2-256
    Prerequisites:
  • KDF IKEv1
      • Capabilities:
        • Authentication Method: Digital Signature
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1, SHA2-256
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Preshared Key Length: 8-224
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1, SHA2-256
    Prerequisites:
  • KDF IKEv2
      • Capabilities:
        • Initiator Nonce Length: 128-2048
        • Responder Nonce Length: 128-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Derived Keying Material Length: 1056-3072
        • Hash Algorithm: SHA-1, SHA2-256
    Prerequisites:
  • KDF SP800-108
      • Capabilities:
        • KDF Mode: Counter
        • MAC Mode: HMAC-SHA-1
        • Supported Lengths: 8, 192, 384
        • Fixed Data Order: After Fixed Data
        • Counter Length: 8
    Prerequisites:
  • KDF SSH
    • Cipher: AES-128, AES-256
    • Hash Algorithm: SHA-1
    Prerequisites:
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.4
          • Properties:
            • Modulo: 2048
            • Hash Algorithm: SHA2-256
          • Properties:
            • Modulo: 3072
            • Hash Algorithm: SHA2-256
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    • Private Key Format: Standard
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    Prerequisites:
  • RSA SigVer (186-2)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 1536
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 4096
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-512
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    Prerequisites:
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8
Created October 05, 2016, Updated June 22, 2020