Module Name
IBM® Crypto for C
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The IBM Crypto for C version 8.6.0.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by
applications written in a language that supports C language linking conventions (e.g. C, C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group.
Tested Configuration(s)
- IBM Modular Extensible Security Architecture (MESA) with Linux kernel 3.10 64-bit under VMware ESXi 6.0, running on Dell PowerEdgeR630 XL with PAA[1]
- IBM Modular Extensible Security Architecture (MESA) with Linux kernel 3.10 64-bit under VMware ESXi 6.0, running on Dell PowerEdgeR630 XL without PAA[1] (single-user mode)
- Microsoft Windows Server 2012R2 64-bit running on Dell PowerEdgeR630 XL with PAA[2]
- Microsoft Windows Server 2012R2 64-bit running on Dell PowerEdgeR630 XL without PAA[2]
- Red Hat Linux Enterprise Server 7.3 64-bit running on Dell PowerEdgeR630 XL with PAA[1]
- Red Hat Linux Enterprise Server 7.3 64-bit running on Dell PowerEdgeR630 XL without PAA[1]
- Solaris 11 64-bit running on Netra SPARC T4-1 Server with PAA[1]
- Solaris 11 64-bit running on Netra SPARC T4-1 Server without PAA[1]
Approved Algorithms
AES |
Certs. #4730, #4731, #4732, #4733, #4734, #4736, #4737 and #4738 |
CVL |
Certs. #1369, #1370, #1371, #1372, #1373, #1375, #1376 and #1377 |
DRBG |
Certs. #1616, #1617, #1618, #1619, #1620, #1622, #1623 and #1624 |
DSA |
Certs. #1262, #1263, #1264, #1265, #1266, #1268, #1269 and #1270 |
ECDSA |
Certs. #1173, #1174, #1175, #1176, #1177, #1178, #1179 and #1180 |
HMAC |
Certs. #3147, #3148, #3149, #3150, #3151, #3153, #3154 and #3155 |
KTS |
AES Certs. #4730, #4731, #4732, #4733, #4734, #4736, #4737 and #4738; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #2579, #2580, #2581, #2582, #2583, #2585, #2586 and #2587 |
SHA-3 |
Certs. #30, #31, #32, #33, #34, #35, #36 and #37 |
SHS |
Certs. #3875, #3876, #3877, #3878, #3879, #3881, #3882 and #3883 |
Triple-DES |
Certs. #2512, #2513, #2514, #2515, #2516, #2517, #2518 and #2519 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1369, #1370, #1371, #1372, #1373, #1375, #1376 and #1377, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
8.6.0.0 [1], 8.6.1.0 [2]