Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program CAVP

Description
The Cisco FIPS Object Module is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products.
Version
6.2
Type
FIRMWARE
Vendor
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA
Contacts
Clint Winebrenner
cwinebre@cisco.com
(919) 392-6520

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C8
12/17/2018
  • CentOS 7.4 on Intel Xeon
    • software
    • processor
      • manufacturer: Intel
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CCM
    • Key Length: 128, 192, 256
    • Tag Length: 32, 48, 64, 80, 96, 112, 128
    • IV Length: 56, 64, 72, 80, 88, 96, 104
    • Payload Length: 0-256
    • AAD Length: 0-524288
    Prerequisites:
  • AES-CFB1
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB8
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation
        • Key Length: 128
        • MAC: 16, 64, 128
        • Message Length: 0, 128, 184, 1608, 2048, 524288
      • Capabilities:
        • Direction: Generation
        • Key Length: 192
        • MAC: 16, 64, 128
        • Message Length: 0, 128, 184, 1608, 2048, 524288
      • Capabilities:
        • Direction: Generation
        • Key Length: 256
        • MAC: 16, 64, 128
        • Message Length: 0, 128, 184, 1608, 2048, 524288
      • Capabilities:
        • Direction: Verification
        • Key Length: 128
        • MAC: 16, 64, 128
        • Message Length: 0, 128, 184, 1608, 2048, 524288
      • Capabilities:
        • Direction: Verification
        • Key Length: 192
        • MAC: 16, 64, 128
        • Message Length: 0, 128, 184, 1608, 2048, 524288
      • Capabilities:
        • Direction: Verification
        • Key Length: 256
        • MAC: 16, 64, 128
        • Message Length: 0, 128, 184, 1608, 2048, 524288
  • AES-CTR
    • Direction: Encrypt
    • Key Length: 128, 192, 256
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 32, 64, 96, 104, 112, 120, 128
    • IV Length: 96, 1024
    • Payload Length: 504, 512, 1016, 1024
    • AAD Length: 0, 504, 512, 1016, 1024
    Prerequisites:
  • AES-OFB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 128
    • Payload Length: 128, 136, 200, 256, 65536
    • Tweak Mode: Hex
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 256
    • Payload Length: 128, 136, 200, 256, 65536
    • Tweak Mode: Hex
  • Counter DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
        • Additional Input: 0-128
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Returned Bits: 128
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 192
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 128
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 128
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 0
        • Personalization String Length: 0-256
        • Returned Bits: 128
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
        • Additional Input: 0-320
        • Entropy Input: 320
        • Nonce: 0
        • Personalization String Length: 0-320
        • Returned Bits: 128
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
        • Additional Input: 0-384
        • Entropy Input: 384
        • Nonce: 0
        • Personalization String Length: 0-384
        • Returned Bits: 128
    Prerequisites:
  • DSA KeyGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
      • Capabilities:
        • L: 2048
        • N: 256
      • Capabilities:
        • L: 3072
        • N: 256
    Prerequisites:
  • DSA PQGGen (186-4)
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical, Unverifiable
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical, Unverifiable
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical, Unverifiable
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA PQGVer (186-4)
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical, Unverifiable
        • L: 1024
        • N: 160
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical, Unverifiable
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical, Unverifiable
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical, Unverifiable
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA SigGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA SigVer (186-4)
      • Capabilities:
        • L: 1024
        • N: 160
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • ECDSA KeyGen (186-4)
    • Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521
    • Secret Generation Mode: Extra Bits, Testing Candidates
    Prerequisites:
  • ECDSA KeyVer (186-4)
    • Curve: P-224, P-256, P-384, P-521
  • ECDSA SigGen (186-4)
      • Capabilities:
        • Curve: P-224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: P-224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes, No
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 160
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 224
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 256
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 384
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 512
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes, No
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 160
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 224
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 256
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 384
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 512
    Prerequisites:
  • HMAC-SHA-1
    • MAC: 80, 96, 128, 160
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-224
    • MAC: 112, 128, 160, 192, 224
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 128, 192, 256
    • Key sizes < block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 192, 256, 320, 384
    • Key sizes < block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 256, 320, 384, 448, 512
    • Key sizes < block size
    • Key sizes > block size
    Prerequisites:
  • KAS-ECC CDH-Component
    • Function: Partial Public Key Validation
    • Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.4
          • Properties:
            • Modulo: 2048
            • Hash Algorithm: SHA2-256
          • Properties:
            • Modulo: 3072
            • Hash Algorithm: SHA2-256
    • Info Generated By Server
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    • Private Key Format: Standard
    Prerequisites:
  • RSA SigGen (186-2)
      • Capabilities:
        • Signature Type: ANSI X9.31
        • Modulo: 4096
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
        • Modulo: 4096
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
        • Modulo: 4096
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    Prerequisites:
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-224
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8
  • TDES-CBC
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB1
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB64
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB8
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-ECB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-OFB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
Created October 05, 2016, Updated June 22, 2020