Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program CMVP

Certificate #2076

Details

Module Name
Oracle Solaris Userland Cryptographic Framework with SPARC T4 and SPARC T5
Standard
FIPS 140-2
Status
Historical
 Historical Reason
RNG SP800-131A Revision 1 Transition
Validation Dates
02/06/2014
Overall Level
1
Caveat
When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Software-Hybrid
Embodiment
Multi-chip standalone
Description
The Oracle Solaris OS utilizes two cryptographic modules; one in the Userland space and the second in the Kernel space. The OS uses the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them. The module includes the SPARC T4 and SPARC T5 processor special instruction sets for hardware-accelerated cryptography.
Tested Configuration(s)
  • Oracle Solaris 11.1 running on a SPARC T4-1 Server
  • Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode)
FIPS Algorithms
AES Certs. #2310 and #2572
DSA Certs. #727 and #787
ECDSA Certs. #375 and #444
HMAC Certs. #1424 and #1594
RNG Certs. #1153 and #1224
RSA Certs. #1193 and #1319
SHS Cert. #1994
Triple-DES Certs. #1457 and #1558
Other Algorithms
AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Hardware Versions
527-1437-01 and 7043165
Software Versions
1.0 and 1.1

Vendor

Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Security Evaluations Manager
seceval_us@oracle.com
Phone: 781-442-0451

Lab

CGI
NVLAP Code: 200928-0