Cryptographic Module Validation Program CMVP

Certificate #2356

Details

Module Name
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2
Standard
FIPS 140-2
Status
Historical
 Historical Reason
Moved to historical list in accordance with SP800-131A Revision 1 Transition (AES/TDES key wrapping)
Validation Dates
05/19/2015;05/29/2015;05/02/2017
Overall Level
1
Caveat
When operated in FIPS mode with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, and BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-chip standalone
Description
Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).
Tested Configuration(s)
  • Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA
  • Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode)
  • Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
  • Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
  • Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
  • Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
  • Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
  • Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3
  • Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
  • Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
  • Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1
  • Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1
  • Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1
  • Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2
  • Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT
  • Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet
  • Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
  • Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
  • Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
  • Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
  • Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
  • Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
  • Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
FIPS Algorithms
AES Cert. #2832
CVL Cert. #323
DRBG Cert. #489
ECDSA Cert. #505
HMAC Cert. #1773
KAS Cert. #47
KBKDF Cert. #30
PBKDF vendor affirmed
RSA Certs. #1487, #1493 and #1519
SHS Cert. #2373
Triple-DES Cert. #1692
Other Algorithms
AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; Dual-EC DRBG (non-compliant); HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Software Versions
6.3.9600 and 6.3.9600.17042

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Mike Grimm
FIPS@microsoft.com
Phone: 800-642-7676

Lab

Leidos
NVLAP Code: 200427-0