Cryptographic Module Validation Program CMVP

Module Name

IBM® Crypto for C

Standard

FIPS 140-2

Status

Historical

 Historical Reason

Moved to historical list due to sunsetting

Overall Level

1

Caveat

When operated in FIPS mode

Security Level Exceptions

• Physical Security: N/A
• Mitigation of Other Attacks: N/A

Module Type

Software

Embodiment

Multi-chip standalone

Description

The IBM Crypto for C v8.4.0.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C, C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group.

Tested Configuration(s)

• AIX® 7.1 64-bit running on an IBM 8286-42A POWER8 with PAA
• AIX® 7.1 64-bit running on an IBM 8286-42A POWER8 without PAA
• Microsoft Windows Server 2008® 64-bit running on S2600CP with PAA
• Microsoft Windows Server 2008® 64-bit running on S2600CP without PAA
• Red Hat Linux Enterprise Server 7.0 64-bit running on S2600CP with PAA
• Red Hat Linux Enterprise Server 7.0 64-bit running on S2600CP without PAA
• Red Hat Linux Enterprise Server 7.0 BE 64-bit running on an IBM 8286-42A POWER8 with PAA
• Red Hat Linux Enterprise Server 7.0 BE 64-bit running on an IBM 8286-42A POWER8 without PAA
• SLES 11 64-bit running on an IBM zSeries z196 type 2817 model M32 with CPACF
• SLES 11 64-bit running on an IBM zSeries z196 type 2817 model M32 without CPACF (single-user mode)
• Solaris® 11 64-bit running on Netra SPARC T4-1 Server with PAA
• Solaris® 11 64-bit running on Netra SPARC T4-1 Server without PAA
• Ubuntu 14.04 LE 64-bit running on IBM 8247-22L POWER8 with PAA
• Ubuntu 14.04 LE 64-bit running on IBM 8247-22L POWER8 without PAA

Approved Algorithms

AES	Certs. #3226, #3227, #3228, #3229, #3230, #3231, #3232, #3233, #3235, #3236, #3237, #3238, #3239, #3240, #3241, #3242, #3243, #3244, #3245, #3246, #3247, #3248, #3249, #3250, #3251 and #3252
CVL	Certs. #441, #442, #443, #444, #445, #446, #447, #448, #449, #450, #451, #452 and #453
DRBG	Certs. #687, #688, #689, #690, #691, #692, #693, #694, #696, #697, #698, #699, #700, #701, #702, #703, #704, #705, #706, #707, #708, #709, #710, #711, #712 and #713
DSA	Certs. #919, #920, #921, #922, #923, #924, #925, #926, #927, #928, #929, #930 and #931
ECDSA	Certs. #596, #597, #598, #599, #600, #601, #602, #603, #604, #605, #606, #607, #608, #609 and #610
HMAC	Certs. #2030, #2031, #2032, #2033, #2034, #2035, #2036, #2037, #2038, #2039, #2040, #2041, #2042, #2043, #2044, #2045, #2046, #2047, #2048, #2049, #2050 and #2051
RSA	Certs. #1640, #1641, #1642, #1643, #1645, #1646, #1647, #1648, #1649, #1650, #1651, #1652, #1653, #1654 and #1655
SHS	Certs. #2666, #2667, #2668, #2669, #2670, #2671, #2672, #2673, #2675, #2676, #2677, #2678, #2679, #2680, #2681, #2682, #2683, #2684, #2685, #2686, #2687 and #2688
Triple-DES	Certs. #1832, #1833, #1834, #1835, #1836, #1837, #1838, #1839, #1840, #1841, #1842, #1843 and #1844

Other Algorithms

RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #441, #442, #443, #444, #445, #446, #447, #448, #449, #450, #451, #452 and #453, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC-MD5; DES; CAST; Camellia; Blowfish; Password based encryption; RC4; RC2; TRNG; KBKDF (non-compliant); DSA (non-compliant)

Software Versions

8.4.1.0