Module Name
Microsoft Windows Server 2008 Kernel Mode Security Support Provider Interface (ksecdd.sys)
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode with Windows Server 2008 OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode
Embodiment
Multi-chip standalone
Description
KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet).
Tested Configuration(s)
- Microsoft Windows Server 2008 (IA64 version) (single-user mode)
- Microsoft Windows Server 2008 (x64 version)
- Microsoft Windows Server 2008 (x86 Version)
Approved Algorithms
AES |
Certs. #739 and #757 |
ECDSA |
Cert. #83 |
HMAC |
Cert. #413 |
RNG |
Cert. #435 and SP800-90 AES-CTR, vendor affirmed |
RSA |
Certs. #353 and #358 |
SHS |
Cert. #753 |
Triple-DES |
Cert. #656 |
Other Algorithms
AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Software Versions
6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869