Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Description
The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols.
Version
Rel5
Type
SOFTWARE
Vendor
Cisco Systems, Inc
170 Tasman Dr
San Jose, CA 95134
USA
Contacts
Dereck Oshin
deoshin@cisco.com
(301) 256-3314

Validations

Number
Date
Operating Environments
Algorithm Capabilities
C1452
12/23/2019
  • IOS-XE 16.12 w/ VMware ESXi v6 on Intel Xeon Platinum 8160M (Skylake)
    • processor
      • manufacturer: Intel
    • software
  • AES-CBC
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CFB128
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-CMAC
      • Capabilities:
        • Direction: Generation
        • Key Length: 128
        • MAC: 8, 64, 128
        • Message Length: 256
      • Capabilities:
        • Direction: Verification
        • Key Length: 128
        • MAC: 8, 64, 128
        • Message Length: 256
  • AES-CTR
    • Direction: Encrypt
    • Key Length: 128, 192, 256
  • AES-ECB
    • Direction: Decrypt, Encrypt
    • Key Length: 128, 192, 256
  • AES-GCM
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • Payload Length: 128, 136, 256, 264
    • AAD Length: 0, 128, 136, 256, 264
  • AES-GMAC
    • Direction: Decrypt, Encrypt
    • IV Generation: Internal
    • IV Generation Mode: 8.2.1
    • Key Length: 128, 192, 256
    • Tag Length: 128
    • IV Length: 96
    • AAD Length: 0, 128, 136, 256, 264
  • HMAC-SHA-1
    • MAC: 160
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-256
    • MAC: 256
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • HMAC-SHA2-384
    • MAC: 384
    • Key sizes < block size
    • Key sizes > block size
    • Key size = block size
    Prerequisites:
  • HMAC-SHA2-512
    • MAC: 512
    • Key sizes < block size
    • Key size = block size
    • Key sizes > block size
    Prerequisites:
  • KDF IKEv2
      • Capabilities:
        • Initiator Nonce Length: 128-2048
        • Responder Nonce Length: 128-2048
        • Diffie-Hellman Shared Secret Length: 2048
        • Derived Keying Material Length: 1056-3072
        • Hash Algorithm: SHA-1, SHA2-256
    Prerequisites:
  • KDF SNMP
    • Password Length: 64-128
    • Engine ID: 000002b87766554433221100, 800002b805123456789abcdef0123456789abcdef0123456789abcdef0123456
    Prerequisites:
  • KDF SSH
    • Cipher: AES-128, AES-192, AES-256, TDES
    • Hash Algorithm: SHA-1, SHA2-256, SHA2-384, SHA2-512
    Prerequisites:
  • KDF TLS
    • TLS Version: v1.0/1.1
    Prerequisites:
  • SHA-1
    • Message Length: 0-51200 Increment 8
  • SHA-256
    • Message Length: 0-51200 Increment 8
  • SHA-384
    • Message Length: 0-102400 Increment 8
  • SHA-512
    • Message Length: 0-102400 Increment 8