Cryptographic Algorithm Validation Program CAVP

Description
This document focuses on the firmware implementation of the Fortinet FortiGate-VM FIPS Cryptographic Library v5.6 running on Intel x86 compatible processors.
Version
5.6
Type
SOFTWARE
Vendor
Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA
Contacts
Alan Kaye
akaye@fortinet.com
613-225-9381 x87416
613-225-9951

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C1034
8/22/2019
  • Intel Xeon E3
    • processor
      • manufacturer: Intel
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: External
    • Key Length: 128, 256
    • Tag Length: 128
    • IV Length: 64
    • Payload Length: 128, 1000, 6400, 8000
    • AAD Length: 0, 96, 128, 776, 2048
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: External
    • Key Length: 128, 256
    • Tag Length: 128
    • IV Length: 64
    • AAD Length: 0, 96, 128, 776, 2048
  • ECDSA SigGen (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • ECDSA SigGen (186-4)
    • Component
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: P-256
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-384
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Curve: P-521
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • HMAC-SHA-1
    • MAC: 160
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 256
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 384
    • Key sizes < block size
    • Key sizes > block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 512
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • KAS-FFC Component
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • Shared Secret Computation:
          • Parameter Set:
            • FB:
              • Hash Algorithm: SHA2-256
            • FC:
              • Hash Algorithm: SHA2-256
    Prerequisites:
  • KDF IKEv1
      • Capabilities:
        • Authentication Method: Digital Signature
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Authentication Method: Digital Signature
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 3072
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Authentication Method: Digital Signature
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 8192
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 3072
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Authentication Method: Public Key Encryption
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Diffie-Hellman Shared Secret Length: 8192
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Preshared Key Length: 128-1016
        • Diffie-Hellman Shared Secret Length: 2048
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Preshared Key Length: 128-1016
        • Diffie-Hellman Shared Secret Length: 3072
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Authentication Method: Pre-shared Key
        • Initiator Nonce Length: 64-2048
        • Responder Nonce Length: 64-2048
        • Preshared Key Length: 128-1016
        • Diffie-Hellman Shared Secret Length: 8192
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • KDF IKEv2
      • Capabilities:
        • Initiator Nonce Length: 128-2048
        • Responder Nonce Length: 128-2048
        • Diffie-Hellman Shared Secret Length: 224
        • Derived Keying Material Length: 1056-3072
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Initiator Nonce Length: 128-2048
        • Responder Nonce Length: 128-2048
        • Diffie-Hellman Shared Secret Length: 8192
        • Derived Keying Material Length: 1056-3072
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • Initiator Nonce Length: 128-2048
        • Responder Nonce Length: 128-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Derived Keying Material Length: 1056-3072
        • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8
Created October 05, 2016, Updated June 22, 2020