Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
Firmware FIPS Object Module
Version
7.0j
Type
FIRMWARE
Vendor
Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA
Contacts
Certifications Team
certteam@cisco.com

Validations

Number
Date
Operating Environments
Algorithm Capabilities
A4
9/27/2019
  • Cisco FOM Cryptographic Algorithm Implementation on Intel(R) Xeon(R) CPU E5
    • firmware
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CCM
    • Key Length: 128, 192, 256
    • Tag Length: 32, 128
    • IV Length: 56, 104
    • Payload Length: 0, 192
    • AAD Length: 0, 128
  • AES-CFB1
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB8
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation, Verification
        • Key Length: 128, 192, 256
        • MAC: 128
        • Message Length: 0-65536 Increment 8
  • AES-CTR
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
    • Payload Length: 128
    • Supports Counter larger than maximum value
    • Incremental Counter
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 96, 128
    • IV Length: 96
    • Payload Length: 16, 128, 136, 256, 264
    • AAD Length: 0, 128, 136, 256
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 96, 128
    • IV Length: 96
    • AAD Length: 0, 128, 136, 256
  • AES-KW
    • Direction: Decrypt, Encrypt
    • Cipher: Cipher
    • Key Length: 128, 192, 256
    • Payload Length: 128, 192, 256, 320, 1280
  • AES-OFB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-XTS
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 256
    • Payload Length: 65536
    • Tweak Mode: Hex
  • Counter DRBG
    • Prediction Resistance: Yes
    • Supports Reseed
      • Capabilities:
        • Mode: AES-128
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256 Increment 256
        • Entropy Input: 128-256 Increment 128
        • Nonce: 128
        • Personalization String Length: 0-256 Increment 256
        • Returned Bits: 256
      • Capabilities:
        • Mode: AES-192
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256 Increment 256
        • Entropy Input: 256-512 Increment 128
        • Nonce: 128
        • Personalization String Length: 0-256 Increment 256
        • Returned Bits: 256
      • Capabilities:
        • Mode: AES-256
        • Derivation Function Enabled: Yes
        • Additional Input: 0-256 Increment 256
        • Entropy Input: 256-512 Increment 128
        • Nonce: 128
        • Personalization String Length: 0-256 Increment 256
        • Returned Bits: 256
  • DSA KeyGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
      • Capabilities:
        • L: 2048
        • N: 256
      • Capabilities:
        • L: 3072
        • N: 256
  • DSA PQGGen (186-4)
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
  • DSA PQGVer (186-4)
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • P/Q Generation Methods: Probable
        • G Generation Methods: Canonical
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
  • DSA SigGen (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
  • DSA SigVer (186-4)
      • Capabilities:
        • L: 2048
        • N: 224
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 2048
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
      • Capabilities:
        • L: 3072
        • N: 256
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
  • ECDSA KeyGen (186-4)
    • Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521
    • Secret Generation Mode: Testing Candidates
  • ECDSA KeyVer (186-4)
    • Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521
  • ECDSA SigGen (186-4)
      • Capabilities:
        • Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
  • ECDSA SigVer (186-4)
      • Capabilities:
        • Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521
        • Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512
  • Hash DRBG
    • Prediction Resistance: Yes
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 128-256 Increment 64
        • Nonce: 96-128 Increment 32
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 160
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192-256 Increment 64
        • Nonce: 128-160 Increment 32
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 224
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256-320 Increment 64
        • Nonce: 128-160 Increment 32
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 256
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 256-320 Increment 64
        • Nonce: 128-160 Increment 32
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 384
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 256-320 Increment 64
        • Nonce: 128-160 Increment 32
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 512
  • HMAC DRBG
    • Prediction Resistance: Yes
    • Supports Reseed
      • Capabilities:
        • Mode: SHA-1
        • Entropy Input: 160-256 Increment 32
        • Nonce: 64
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 160
      • Capabilities:
        • Mode: SHA2-224
        • Entropy Input: 192-256 Increment 64
        • Nonce: 96
        • Personalization String Length: 0-192 Increment 64
        • Additional Input: 192
        • Returned Bits: 224
      • Capabilities:
        • Mode: SHA2-256
        • Entropy Input: 256-512 Increment 64
        • Nonce: 128
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 256
      • Capabilities:
        • Mode: SHA2-384
        • Entropy Input: 384-512 Increment 64
        • Nonce: 128
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 384
      • Capabilities:
        • Mode: SHA2-512
        • Entropy Input: 512-1024 Increment 64
        • Nonce: 128
        • Personalization String Length: 0-256 Increment 128
        • Additional Input: 0-256 Increment 128
        • Returned Bits: 512
  • HMAC-SHA-1
    • MAC: 32-160 Increment 8
    • Key Length: 256-448 Increment 8
  • HMAC-SHA2-224
    • MAC: 32-224 Increment 8
    • Key Length: 256-448 Increment 8
  • HMAC-SHA2-256
    • MAC: 32-256 Increment 8
    • Key Length: 256-448 Increment 8
  • HMAC-SHA2-384
    • MAC: 32-384 Increment 8
    • Key Length: 256-448 Increment 8
  • HMAC-SHA2-512
    • MAC: 32-512 Increment 8
    • Key Length: 256-448 Increment 8
  • KAS-ECC CDH-Component
    • Function: Partial Public Key Validation
    • Curve: B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521
  • KAS-ECC Component
    • Function: Partial Public Key Validation
    • Scheme:
      • Ephemeral Unified:
        • KAS Role: Initiator, Responder
        • Shared Secret Computation:
          • Parameter Set:
            • EB:
              • Hash Algorithm: SHA2-224
              • Curve: P-224
            • EC:
              • Hash Algorithm: SHA2-256
              • Curve: P-256
            • ED:
              • Hash Algorithm: SHA2-384
              • Curve: P-384
            • EE:
              • Hash Algorithm: SHA2-512
              • Curve: P-521
  • KAS-FFC Component
    • Function: Domain Parameter Generation, Domain Parameter Validation
    • Scheme:
      • dhEphem:
        • KAS Role: Initiator, Responder
        • Shared Secret Computation:
          • Parameter Set:
            • FB:
              • Hash Algorithm: SHA2-224, SHA2-256
            • FC:
              • Hash Algorithm: SHA2-256
  • KDF IKEv2
      • Capabilities:
        • Initiator Nonce Length: 2048
        • Responder Nonce Length: 2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Derived Keying Material Length: 3072
        • Hash Algorithm: SHA-1
  • KDF SNMP
    • Password Length: 64, 128
    • Engine ID: 000002b87766554433221100, 800002B805123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456
  • KDF SP800-108
      • Capabilities:
        • KDF Mode: Counter
        • MAC Mode: HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512
        • Supported Lengths: 8-384 Increment 8
        • Fixed Data Order: After Fixed Data
        • Counter Length: 8
  • KDF SRTP
    • AES Key Length: 128, 192, 256
    • KDR Exponents: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24
  • KDF SSH
    • Cipher: AES-128, AES-192, AES-256, TDES
    • Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512
  • KDF TLS
    • TLS Version: v1.2
    • Hash Algorithm: SHA2-256, SHA2-384, SHA2-512
  • RSA KeyGen (186-4)
      • Capabilities:
        • Key Generation Mode: B.3.4
          • Properties:
            • Modulo: 2048
            • Hash Algorithm: SHA2-256
          • Properties:
            • Modulo: 3072
            • Hash Algorithm: SHA2-256
    • Info Generated By Server
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 010001
    • Private Key Format: Standard
  • RSA SigGen (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
  • RSA SigVer (186-4)
      • Capabilities:
        • Signature Type: ANSI X9.31
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCS 1.5
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
              • Hash Pair:
                • Hash Algorithm: SHA2-224
              • Hash Pair:
                • Hash Algorithm: SHA2-256
              • Hash Pair:
                • Hash Algorithm: SHA2-384
              • Hash Pair:
                • Hash Algorithm: SHA2-512
      • Capabilities:
        • Signature Type: PKCSPSS
          • Properties:
            • Modulo: 2048
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
          • Properties:
            • Modulo: 3072
              • Hash Pair:
                • Hash Algorithm: SHA-1
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-224
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-256
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-384
                • Salt Length: 0
              • Hash Pair:
                • Hash Algorithm: SHA2-512
                • Salt Length: 0
    • Public Exponent Mode: Fixed
    • Fixed Public Exponent: 010001
  • SHA-1
    • Digest Size: 160
    • Message Length: 0-65528 Increment 8
  • SHA-224
    • Digest Size: 224
    • Message Length: 0-65528 Increment 8
  • SHA-256
    • Digest Size: 256
    • Message Length: 0-65528 Increment 8
  • SHA-384
    • Digest Size: 384
    • Message Length: 0-65528 Increment 8
  • SHA-512
    • Digest Size: 512
    • Message Length: 0-65528 Increment 8
  • TDES-CBC
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB1
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB64
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB8
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CMAC
      • Capabilities:
        • Direction: Generation, Verification
        • Keying Option: 1
        • MAC: 64
        • Message Length: 0-65536 Increment 8
  • TDES-CTR
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
    • Payload Length: 64
    • Supports Counter larger than maximum value
    • Incremental Counter
  • TDES-ECB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-OFB
    • Direction: Decrypt, Encrypt
    • Keying Option: 1