Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The Cisco FIPS Object Module is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products.
Version
6.2
Type
SOFTWARE
Vendor
Cisco Systems, Inc
170 Tasman Dr
San Jose, CA 95134
USA
Contacts
Clint Winebrenner
cwinebre@cisco.com
(919) 392-6520

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C905
7/12/2019
  • VMware ESXi 6.0 on Intel® Xeon® Scalable Platinum 8160M Series processor
    • processor
      • manufacturer: Intel
    • software
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CCM
    • Key Length: 128, 192, 256
    • Tag Length: 32, 48, 64, 80, 96, 112, 128
    • IV Length: 56, 64, 72, 80, 88, 96, 104
    • Payload Length: 0-192
    • AAD Length: 0-524288
    Prerequisites:
  • AES-CFB1
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB8
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation
        • Key Length: 128
        • MAC: 128
        • Message Length: 0, 504, 512, 1608
      • Capabilities:
        • Direction: Generation
        • Key Length: 192
        • MAC: 128
        • Message Length: 0, 504, 512, 1608
      • Capabilities:
        • Direction: Generation
        • Key Length: 256
        • MAC: 128
        • Message Length: 0, 504, 512, 1608
      • Capabilities:
        • Direction: Verification
        • Key Length: 128
        • MAC: 128
        • Message Length: 0, 8, 512
      • Capabilities:
        • Direction: Verification
        • Key Length: 192
        • MAC: 128
        • Message Length: 0, 8, 512
      • Capabilities:
        • Direction: Verification
        • Key Length: 256
        • MAC: 128
        • Message Length: 0, 8, 512
  • AES-CTR
    • Direction: Encrypt
    • Key Length: 128, 192, 256
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • Payload Length: 128, 136, 256, 264
    • AAD Length: 0, 128, 136, 256, 264
    Prerequisites:
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • AAD Length: 0, 128, 136, 256, 264
  • AES-KW
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 128, 192, 256, 320, 4096
    Prerequisites:
  • AES-KWP
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 808
    Prerequisites:
  • AES-OFB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 128
    • Payload Length: 65536
    • Tweak Mode: Hex
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 256
    • Payload Length: 65536
    • Tweak Mode: Hex
  • Counter DRBG
    • Prediction Resistance: Yes
    • Supports Reseed
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
        • Additional Input: 0-128
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 192
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: No
        • Additional Input: 0-256
        • Entropy Input: 256
        • Nonce: 64
        • Personalization String Length: 0-256
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: No
        • Additional Input: 0-320
        • Entropy Input: 320
        • Nonce: 128
        • Personalization String Length: 0-320
        • Returned Bits: 512
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: No
        • Additional Input: 0-384
        • Entropy Input: 384
        • Nonce: 128
        • Personalization String Length: 0-384
        • Returned Bits: 512
    Prerequisites:
  • DSA KeyGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
      • Capabilities:
        • L: 2048
        • N: 256
      • Capabilities:
        • L: 3072
        • N: 256
  • DSA PQGGen (186-4)
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA PQGVer (186-4)
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 1024
        • N: 160
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA SigGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • DSA SigVer (186-4)
      • Capabilities:
        • L: 1024
        • N: 160
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • ECDSA KeyGen (186-4)
    • Curve: P-256, P-384, P-521
    • Secret Generation Mode: Testing Candidates
    Prerequisites:
  • ECDSA KeyVer (186-4)
    • Curve: P-256, P-384, P-521
  • ECDSA SigGen (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA2-512
    Prerequisites:
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA2-512
    Prerequisites:
  • Hash DRBG
    • Prediction Resistance: Yes
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 640
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 896
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1024
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1536
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 2048
    Prerequisites:
  • HMAC DRBG
    • Prediction Resistance: Yes
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128
        • Nonce: 64
        • Personalization String Length: 0-128
        • Additional Input: 0-128
        • Returned Bits: 640
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192
        • Nonce: 96
        • Personalization String Length: 0-192
        • Additional Input: 0-192
        • Returned Bits: 896
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1024
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 1536
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256
        • Nonce: 128
        • Personalization String Length: 0-256
        • Additional Input: 0-256
        • Returned Bits: 2048
    Prerequisites:
  • HMAC-SHA-1
    • MAC: 160
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-224
    • MAC: 224
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 256
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 384
    • Key sizes < block size
    • Key sizes > block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 512
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • KAS-ECC
    • Function: Key Pair Generation
    • Scheme:
      Prerequisites:
    • KAS-ECC CDH-Component
      • Function: Key Pair Generation
      • Curve: P-256, P-384, P-521
    • KAS-ECC Component
      • Function: Key Pair Generation
      • Scheme:
        • Ephemeral Unified:
          • KAS Role: Initiator, Responder
          • KDF without Key Confirmation:
            • Parameter Set:
              • EC:
                • Hash Algorithm: SHA2-256
                • Curve: P-256
              • ED:
                • Hash Algorithm: SHA2-384
                • Curve: P-384
              • EE:
                • Hash Algorithm: SHA2-512
                • Curve: P-521
      Prerequisites:
    • KAS-FFC Component
      • Function: Key Pair Generation
      • Scheme:
        • dhEphem:
          • KAS Role: Initiator, Responder
          • KDF without Key Confirmation:
            • Parameter Set:
              • FC:
                • Hash Algorithm: SHA2-256
      Prerequisites:
    • KDF IKEv2
        • Capabilities:
          • Initiator Nonce Length: 128-2048
          • Responder Nonce Length: 128-2048
          • Diffie-Hellman Shared Secret Length: 2048
          • Derived Keying Material Length: 1056-3072
          • Hash Algorithm: SHA-1
      Prerequisites:
    • KDF SNMP
      • Password Length: 64-128
      • Engine ID: 000002b87766554433221100, 800002b805123456789abcdef0123456789abcdef0123456789abcdef0123456
      Prerequisites:
    • KDF SP800-108
        • Capabilities:
          • KDF Mode: Counter
          • MAC Mode: HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
          • Supported Lengths: 384
          • Fixed Data Order: After Fixed Data
          • Counter Length: 8
      Prerequisites:
    • KDF SRTP
      • AES Key Length: 128, 192, 256
      • KDR Exponents: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24
      Prerequisites:
    • KDF SSH
      • Cipher: AES-128, AES-192, AES-256, TDES
      • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
      Prerequisites:
    • KDF TLS
      • TLS Version: v1.2
      • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      Prerequisites:
    • RSA KeyGen (186-4)
        • Capabilities:
          • Key Generation Mode: B.3.4
            • Properties:
              • Modulo: 2048
              • Hash Algorithm: SHA2-256
            • Properties:
              • Modulo: 3072
              • Hash Algorithm: SHA2-256
      • Public Exponent Mode: Fixed
      • Fixed Public Exponent: 10001
      • Private Key Format: Standard
      Prerequisites:
    • RSA SigGen (186-4)
        • Capabilities:
          • Signature Type: ANSI X9.31
            • Properties:
              • Modulo: 2048
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
            • Properties:
              • Modulo: 3072
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
        • Capabilities:
          • Signature Type: PKCS 1.5
            • Properties:
              • Modulo: 2048
                • Hash Pair:
                  • Hash Algorithm: SHA2-224
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
            • Properties:
              • Modulo: 3072
                • Hash Pair:
                  • Hash Algorithm: SHA2-224
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
        • Capabilities:
          • Signature Type: PKCSPSS
            • Properties:
              • Modulo: 2048
                • Hash Pair:
                  • Hash Algorithm: SHA2-224
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
                  • Salt Length: 0
            • Properties:
              • Modulo: 3072
                • Hash Pair:
                  • Hash Algorithm: SHA2-224
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
                  • Salt Length: 0
      Prerequisites:
    • RSA SigVer (186-4)
        • Capabilities:
          • Signature Type: ANSI X9.31
            • Properties:
              • Modulo: 2048
                • Hash Pair:
                  • Hash Algorithm: SHA-1
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
            • Properties:
              • Modulo: 3072
                • Hash Pair:
                  • Hash Algorithm: SHA-1
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
        • Capabilities:
          • Signature Type: PKCS 1.5
            • Properties:
              • Modulo: 2048
                • Hash Pair:
                  • Hash Algorithm: SHA-1
                • Hash Pair:
                  • Hash Algorithm: SHA2-224
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
            • Properties:
              • Modulo: 3072
                • Hash Pair:
                  • Hash Algorithm: SHA-1
                • Hash Pair:
                  • Hash Algorithm: SHA2-224
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
        • Capabilities:
          • Signature Type: PKCSPSS
            • Properties:
              • Modulo: 2048
                • Hash Pair:
                  • Hash Algorithm: SHA-1
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-224
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
                  • Salt Length: 0
            • Properties:
              • Modulo: 3072
                • Hash Pair:
                  • Hash Algorithm: SHA-1
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-224
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-256
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-384
                  • Salt Length: 0
                • Hash Pair:
                  • Hash Algorithm: SHA2-512
                  • Salt Length: 0
      • Public Exponent Mode: Fixed
      • Fixed Public Exponent: 10001
      Prerequisites:
    • SHA-1
      • Message Length: 0-51200 Increment 8
    • SHA-224
      • Message Length: 0-51200 Increment 8
    • SHA-256
      • Message Length: 0-51200 Increment 8
    • SHA-384
      • Message Length: 0-102400 Increment 8
    • SHA-512
      • Message Length: 0-102400 Increment 8
    • TDES-CBC
      • Direction: Decrypt, Encrypt
      • Keying Option: 1
    • TDES-CFB1
      • Direction: Decrypt, Encrypt
      • Keying Option: 1
    • TDES-CFB64
      • Direction: Decrypt, Encrypt
      • Keying Option: 1
    • TDES-CFB8
      • Direction: Decrypt, Encrypt
      • Keying Option: 1
    • TDES-CTR
      • Direction: Encrypt
    • TDES-ECB
      • Direction: Decrypt, Encrypt
      • Keying Option: 1
    • TDES-OFB
      • Direction: Decrypt, Encrypt
      • Keying Option: 1