Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
This document focuses on the firmware implementation of the Fortinet FortiManager SSL Cryptographic Library v5.6 running on Intel x86 compatible processors.
Version
5.6
Type
FIRMWARE
Vendor
Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA
Contacts
Alan Kaye
akaye@fortinet.com
613-225-9381 x87416
Fax: 613-225-9951
Kerrie Newton
knewton@fortinet.com
613-225-9381 x87643

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C780
5/28/2019
  • Intel Xeon E5
    • processor
      • manufacturer: Intel
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: External
    • Key Length: 128, 256
    • Tag Length: 128
    • IV Length: 64
    • Payload Length: 128, 1000, 6400, 8000
    • AAD Length: 0, 96, 128, 776, 2048
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: External
    • Key Length: 128, 256
    • Tag Length: 128
    • IV Length: 64
    • AAD Length: 0, 96, 128, 776, 2048
  • HMAC-SHA-1
    • MAC: 160
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 256
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 384
    • Key sizes < block size
    • Key sizes > block size
    • Key size = block size
    Prerequisites:
  • KAS-ECC Component
    • Function: Partial Public Key Validation
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
    Prerequisites:
  • KAS-FFC Component
    • Function: Full Public Key Validation
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • KDF without Key Confirmation:
          • Parameter Set:
            • FC:
              • Hash Algorithm: SHA2-256
    Prerequisites:
  • KDF SSH
    • Cipher: AES-128, AES-256
    • Hash Algorithm: SHA-1, SHA2-256
  • KDF TLS
    • TLS Version: v1.0/1.1, v1.2
    • Hash Algorithm: SHA2-256, SHA2-384
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.3
          • Properties:
            • Modulo: 2048
            • Primality Tests: C.2
          • Properties:
            • Modulo: 3072
            • Primality Tests: C.2
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    • Private Key Format: Standard
    Prerequisites:
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
    Prerequisites:
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 1024
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 10001
    Prerequisites:
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8