Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #2357

Details

Module Name
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2
Standard
FIPS 140-2
Status
Historical
 Historical Reason
Moved to historical list due to dependency on certificate #2356
Validation Dates
4/30/2015
5/29/2015
5/2/2017
Overall Level
1
Caveat
When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2356 operating in FIPS mode, and Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2355 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-chip standalone
Description
The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.
Tested Configuration(s)
  • Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA
  • Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode)
  • Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
  • Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
  • Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
  • Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
  • Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
  • Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3
  • Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
  • Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
  • Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1
  • Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1
  • Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1
  • Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2
  • Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT
  • Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet
  • Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
  • Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
  • Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
  • Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
FIPS Algorithms
AES Cert. #2832
CVL Cert. #323
DRBG Cert. #489
DSA Cert. #855
ECDSA Cert. #505
HMAC Cert. #1773
KAS Cert. #47
KBKDF Cert. #30
PBKDF vendor affirmed
RSA Certs. #1487, #1493 and #1519
SHS Cert. #2373
Triple-DES Cert. #1692
Other Algorithms
AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; Dual-EC DRBG (non-compliant); HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Software Versions
6.3.9600 and 6.3.9600.17031

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-642-7676

Lab

Leidos
NVLAP Code: 200427-0