Module Name
Nutanix Cryptographic Module for BoringSSL
Historical Reason
SP 800-56Arev3 transition
Caveat
The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Nutanix Cryptographic Module for BoringSSL is a suite of FIPS Approved algorithms used for TLS and other cryptographic functions.
Tested Configuration(s)
- CentOS 7.5 running on Nutanix NX-3360-G6 with an Intel Xeon 4116 with PAA (clang Compiler Version 6.0.1)
- CentOS 7.5 running on Nutanix NX-3360-G6 with an Intel Xeon 4116 without PAA (clang Compiler Version 6.0.1)
- CentOS 7.9 on Nutanix AHV Hypervisor v7.0 running on Nutanix NX-3060-G7 Appliance with an Intel® Xeon® Gold 6234 with PAA (clang Compiler Version 6.0.1)
- CentOS 7.9 on Nutanix AHV Hypervisor v7.0 running on Nutanix NX-3060-G7 Appliance with an Intel® Xeon® Gold 6234 without PAA (clang Compiler Version 6.0.1)
- Debian Linux 4.9.0 running on Intel Xeon E5-2680 with PAA (clang Compiler Version 6.0.1)
- Debian Linux 4.9.0 running on Intel Xeon E5-2680 without PAA (clang Compiler Version 6.0.1)
- Ubuntu Linux 18.04 running on POWER9 with PAA (clang Compiler Version 6.0.1)
- Ubuntu Linux 18.04 running on POWER9 without PAA (clang Compiler Version 6.0.1) (single-user mode)
Approved Algorithms
AES |
Certs. #5612, #C1256 and #A1229 |
CKG |
vendor affirmed |
CVL |
Certs. #2033, #2034, #2035, #C1256 and #A1229 |
DRBG |
Certs. #2253, #C1256 and #A1229 |
ECDSA |
Certs. #1520, #C1256 and #A1229 |
HMAC |
Certs. #3743, #C1256 and #A1229 |
KTS |
AES Certs. #5612, #C1256 and #A1129; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #3020, #C1256 and #A1229 |
SHS |
Certs. #4509, #C1256 and #A1229 |
Triple-DES |
Certs. #2825, #C1256 and #A1229 |
Allowed Algorithms
EC Diffie-Hellman (CVL Certs. #2033, #2035, #C1256 and #A1229; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
66005f41fbc3529ffe8d007708756720529da20d