Module Name
Kasten BoringCrypto
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.
Tested Configuration(s)
- Debian Linux 5.10.40 (Rodete) running on HPE Z620 with Intel Xeon E5-2680 with PAA
- Debian Linux 5.10.40 (Rodete) running on HPE Z620 with Intel Xeon E5-2680 without PAA
- Google prodimage with Linux 4.15.0 running on Ampere Altra SoC with ARM Neoverse N1 with PAA
- Google prodimage with Linux 4.15.0 running on Ampere Altra SoC with ARM Neoverse N1 without PAA (single-user mode)
- Google prodimage with Linux 4.15.0 running on Google Arcadia-Rome with AMD Rome with PAA
- Google prodimage with Linux 4.15.0 running on Google Arcadia-Rome with AMD Rome without PAA
Approved Algorithms
AES |
Cert. #A1657 |
CVL |
Cert. #A1657 |
DRBG |
Cert. #A1657 |
ECDSA |
Cert. #A1657 |
HMAC |
Cert. #A1657 |
KAS |
KAS-SSC Cert. #A1657, CVL Cert. #A1657 |
KAS-SSC |
Cert. #A1657 |
KTS |
AES Cert. #A1657; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Cert. #A1657 |
SHS |
Cert. #A1657 |
Triple-DES |
Cert. #A1657 |
Allowed Algorithms
MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
853ca1ea1168dff08011e5d42d94609cc0ca2e27