NOTICE: The SP800-131A Revision 1 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths goes into effect January 1, 2014. The SP800-131A Transition plan states that, after December 31, 2013,SP 800-56A DH and MQV schemes using finite fields |p| = 1024 bits, and |q| = 160 bits shall not be used in a key agreement scheme. For SP 800-56A DH and MQV schemes using elliptic curves, |n| less than or equal to 223 bits shall not be used in a key agreement scheme. All of the non-compliant features of the Components validation have been moved to a Historical KAS Validation List for reference.
Effective January 1, 2016, SP800-131A Revision 1 disallows the use of the RNGs specified in FIPS 186-2, [X9.31] and the 1998 version of [X9.62]. If RNG was used as a prerequisite for the validation testing, the Validation list will no longer display the RNG validation number. This will be replaced with the message " RNG: non -compliant per the SP800-131A Rev. 1 transition". The prerequisite removal doesn't affect the testing of the algorithm. FAQ GEN.5 states "The algorithm validation test suites for each algorithm are designed to test the algorithm specifications, components, features, and/or functionality of that algorithm. So, for example, the validation tests for DSA Key Generation thoroughly test the Key Generation function. But it doesn't thoroughly test calls to supporting cryptographic algorithms like the random number generator." The prerequisites are only listed to indicate what was used in the testing.
A note and link to the Historical validation list have been added to validations containing non-compliant features that have been moved to the Historical Validation List. This note is displayed in red print. If a complete validation has become non-compliant, the complete validation entry is displayed in red to signify it is now non-compliant and therefore revoked.
This page provides technical information about implementations that have been validated as conforming to the Key Agreement Schemes and/or Key Confirmation using Finite Field Cryptography (FFC) or Elliptic Curve Cryptography (ECC) as specified in SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, using tests described in The KAS Validation System (KASVS) User's Guide. The testing is handled by NVLAP-accredited Cryptographic And Security Testing (CST) Laboratories.
The implementations below consist of software, firmware, hardware, and any combination thereof. The National Institute of Standards and Technology (NIST) has made every attempt to provide complete and accurate information about the implementations described in this document. However, due to the possibility of changes made within individual companies, NIST cannot guarantee that this document reflects the current status of each product. It is the responsibility of the vendor to notify NIST of any necessary changes to its entry in the following list.In addition to a general description of each implementation, this list mentions the features that were tested as conforming to the KAS; these features are listed below for each validation. The following notation is used to describe the implemented features that were successfully tested.
| Functions included in IUT:
DPG - Domain Parameter Generation DPV - Domain Parameter Validation KPG - Key Pair Generation Full Validation - Full Public Key Validation (Sect 5.6.2.4 and/or Sect 5.6.2.5) Partial Validation - Partial Public Key Validation (Sect 5.6.2.6) (ECC Only) Key Regeneration - Public Key Regeneration | A list of functions from other algorithms included in the IUT that are used by the SP800-56A KAS implementation. This information may be used to help obtain information pertaining to the assurances listed in SP800-56A. Actually obtaining these assurances is out of scope of the CAVP. |
| ALG([FFC] [ECC]) | Finite Field Cryptography, Elliptic Curve Cryptography |
| For FFC, SCHEMES([HYBRID1] [MQV2] [EPHEM] [HYBRID1FLOW] [MQV1] [ONEFLOW] [STATIC]) For ECC, SCHEMES ([FULLUNIF] [FULLMQV] [EPHEMUNIF] [ONEPASSUNIF] [ONEPASSMQV] [ONEPASSDH] [STATICUNIF]) |
Key Agreement Schemes. Refer to SP800-56A for details on the specific schemes. |
| KAROLES([INITIATOR] [RESPONDER] | Key Agreement Roles |
| KCROLES([NA] [PROVIDER] [RECIPIENT]) | Key Confirmation Roles. If Key Confirmation is not tested, indicate N/A. |
| KCTYPES([NA] [UNILATERAL] [BILATERAL]) | Key Confirmation Types. If Key Confirmation is not tested, indicate N/A. |
| For FFC,
PARAMSET([FB][FC]) For ECC,
|
Parameter Sets supported by IUT. Refer to Section 5.5.1.1 Table 1 for the FFC Parameter Size Sets and Section 5.5.1.2 Table 2 for the ECC Parameter Size Sets. |
| For ECC,
CURVE(....) |
The NIST-recommended ECDSA curves supported by the IUT. |
| SHA(SHA1) | Hash functions supported by the IUT |
| If KC,
MAC(CMAC, CCM, HMAC) |
Only if Key Confirmation is supported, indicate the MACing algorithms tested. |
| KDF ([ASN.1] [CONCAT]) | KDFs tested in the IUT |
The KAS validation process requires the following prerequisite testing:
1. The underlying DSA and/or ECDSA algorithm's functions determined by the specified functions included in the implementation. See CAVP FAQ GEN.5 for a list of the required functions within the specified underlying algorithm that must be tested.| Validation No. |
Vendor | Implementation | Operational Environment | Val. Date |
Description/Notes |
|---|---|---|---|---|---|
| 122 |
1200 12th Ave S Ste 1200 Seattle, WA 98144 USA |
Version 1.0.0 (Firmware) |
Intel Xeon E5-2640v4 | 6/9/2017 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
MQV2
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
SHA256
SHA384
SHA512
CCM
)
(
FC:
SHA256
SHA384
SHA512
CCM
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ MQV1 ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] [ dhOneFlow ( KARole(s): Initiator -Recipient is tested / Responder -Provider is tested ) ( FB: SHA1 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ dhStatic ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] SHS Val#3708 DSA Val#1206 DRBG Val#1487 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullMQV
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
K-233
SHA224
CCM
)
(
EC:
P-256
SHA256
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The AWS Key Management Service Cryptographic Algorithm Library provides cryptographic functionality for the AWS Key Management Service Hardware Security Module." |
| 121 |
13681 Sunrise Valley Drive, Suite 300 Herndon, VA 20171 USA -Chris Gormont
|
Version 1.0.2.0 (Firmware) |
Altera Cyclone V | 5/12/2017 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
OnePassDH
(
No_KC
<
KARole(s):
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
]
"n/a" |
| 120 |
7035 Ridge Road Hanover, MD 21076 USA |
Version 8.5 |
NXP QorIQ P4080 w/ SAOS 8.5 | 4/21/2017 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The 8700 Packetwave Platform is a multi-terabit programmable Ethernet-overdense wavelength division multiplexing (DWDM) packet switch." |
| 119 |
20 Station Road Cambridge, n/a CB1 2JD UK -Alec Edgington
-Mark Wooding
|
Version 1.0 |
ARM Cortex-A53 without PAA w/ Trustonic Kinibi 400A; ARM Cortex-A53 with PAA w/ Trustonic Kinibi 400A | 4/21/2017 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA256
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA512
HMAC
)
(
ED:
P-384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"TRICX is a static library providing an extensive suite of FIPS-approved cryptographic algorithms and supporting a range of key sizes and modes." |
| 118 |
230 W Tasman Drive San Jose, CA 95134 USA -Jeff Ebert
|
Version 82136+98519 (Firmware) Part # 130-0117-01.ESM |
ESM instruction manager processor embedded in SSN ARNIE SoC | 4/14/2017 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Key Regeneration
)
SCHEMES
[
dhStatic
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FC:
SHA256
HMAC
)
]
SHS Val#3677 DSA Val#1194 DRBG Val#1448 "Silver Spring Networks Endpoint Security Module provides acceleration and off-load of standard cryptographic algorithms and secure network protocols, key storage and generation, bootloader and firmware verification, and encrypted data storage. It is included in the SoC designed for SSN''s Gen5 endpoint and infrastructure products." |
| 117 |
7585 Irvine Center Driver Suite 250 Irvine, California 91618 USA -David Sequino
-Douglas Kovach
|
Version 3.0 (Firmware) |
iMX53 | 3/31/2017 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Full Validation
Partial Validation
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
SHA256
SHA384
SHA512
HMAC
)
)
FC:
SHA256
SHA384
SHA512
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 HMAC ) ( FC: SHA256 SHA384 SHA512 HMAC ) ] [ dhOneFlow ( FB: SHA1 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 HMAC ) ( FC: SHA256 SHA384 SHA512 HMAC ) ] SHS Val#3658 DRBG Val#1437 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Full Validation
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA224
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Porting of the ISS Embedded Cryptographic Toolkit (ECT) to the Crestron Control Engine." |
| 116 |
1344 Crossman Avenue Sunnyvale, CA 94089 USA -Steve Weingart
|
Version 6.5.1-FIPS (Firmware) |
Broadcom BCM53014 | 3/31/2017 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FC: SHA256 ) ] DSA Val#1190 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
)
]
"The Aruba MOVE Architecture forms the core network infrastructure for supporting mobile and wireless computing devices. The system enables enterprise-scale 802.11 wireless LANs (Wi-Fi), secure remote VPNs, and mobility-optimized wired networks." |
| 115 |
One Microsoft Way Redmond, WA 98052-6399 USA -Gokul Karthik Balaswamy
-Christine Ahonen
|
Version 7.00.2872 |
Texas Instruments EVM3530 w/ Windows Embedded Compact 7 (ARMv7); Samsung S3C6410 w/ Windows Embedded Compact 7 (ARMv6); NXP i.MX27 w/ Windows Embedded Compact 7 (ARMv5); Sigma Designs SMP8654 w/ Windows Embedded Compact 7 (MIPS II); Sigma Designs SMP8654 w/ Windows Embedded Compact 7 (MIPS II w/ FP) | 3/31/2017 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA256 ) ( FC: SHA256 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#3649 DSA Val#1188 DRBG Val#1430 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The cryptographic module BCRYPT.DLL encapuslates several different cryptographic algorithms in an easy-to-use module, accessible via the Microsoft CNG (Cryptography Next Generation) API. It permits the use of general-purpose FIPS 140-2 compliant cryptography in Windows Embedded Compact components and applications, through its documented interfaces." |
| 114 |
One Microsoft Way Redmond, WA 98052-6399 USA -Gokul Karthik Balaswamy
-Christine Ahonen
|
Version 8.00.6246 |
Texas Instruments EVM3730 w/ Windows Embedded Compact 2013 (ARMv7); MSTI PDX-600 w/ Windows Embedded Compact 2013 (x86) | 3/24/2017 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#3648 DSA Val#1187 DRBG Val#1429 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The cryptographic module BCRYPT.DLL encapuslates several different cryptographic algorithms in an easy-to-use module, accessible via the Microsoft CNG (Cryptography Next Generation) API. It permits the use of general-purpose FIPS 140-2 compliant cryptography in Windows Embedded Compact components and applications, through its documented interfaces." |
| 113 |
47697 Westinghouse Drive, Suite 201 Fremont, CA 94539 USA -Satya Das
|
Version 1.0 (Firmware) |
Intel® Xeon® CPU E5-2620 v2 @ 2.10GHz; Intel® Xeon® CPU E5-2630 v3 @ 2.4GHz | 3/6/2017 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
MQV2
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
SHA256
SHA384
SHA512
CCM
)
(
FC:
SHA256
SHA384
SHA512
CCM
)
]
[ dhHybridOneFlow ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] [ MQV1 ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] [ dhStatic ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] SHS Val#3638 DSA Val#1185 DRBG Val#1426 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
FullMQV
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
CCM
)
(
EC:
P-256
SHA256
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Attivo Networks is an award winning provider of inside-the-network threat detection, attack analysis and forensics." |
| 112 |
Heinrichstrasse 155 Düsseldorf, NRW 40239 Germany -Thomas Schetelig
-Markus Hauenstein
|
Version 2.0.12 |
Samsung Exynos 8890 w/ Android 6.0.1; Apple A8 w/ iOS 9.3.5; Qualcomm MSM8960 w/ BlackBerry OS 10.3.3; Qualcomm MSM8974 w/ BlackBerry OS 10.3.3 | 2/3/2017 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
"SecuSUITE Client OpenSSL FIPS Object Module" |
| 111 |
1344 Crossman Avenue Sunnyvale, CA 94089 USA -Steve Weingart
|
Version 6.5.1-FIPS (Firmware) |
Qualcomm Atheros QCA9344 | 1/27/2017 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FC: SHA256 ) ] SHS Val#2246 DSA Val#1167 DRBG Val#433 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
)
]
"The Aruba MOVE Architecture forms the core network infrastructure for supporting mobile and wireless computing devices. The system enables enterprise-scale 802.11 wireless LANs (Wi-Fi), secure remote VPNs, and mobility-optimized wired networks." |
| 110 |
Green Square Building B, Lambroekstraat 5 Diegem/Machelen, n/a B-1831 Belgium -Olivier COLLART
-Fabien ARRIVE
|
Part # ST33HTPH2E28AAF1 |
N/A | 1/13/2017 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
]
"ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 and version 2.0 specifications." |
| 109 |
Green Square Building B, Lambroekstraat 5 Diegem/Machelen, n/a B-1831 Belgium -Olivier COLLART
-Fabien ARRIVE
|
Part # ST33HTPH2E28AHA8 |
N/A | 1/13/2017 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA224
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
]
"ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 and version 2.0 specifications." |
| 108 |
Green Square Building B, Lambroekstraat 5 Diegem/Machelen, n/a B-1831 Belgium -Olivier COLLART
-Fabien ARRIVE
|
Part # ST33HTPH2E28AAF3 |
N/A | 1/13/2017 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
]
"ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 2.0 specification." |
| 107 |
Green Square Building B, Lambroekstraat 5 Diegem/Machelen, n/a B-1831 Belgium -Olivier COLLART
-Fabien ARRIVE
|
Part # ST33HTPH2E28AHA9 |
N/A | 1/13/2017 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
]
"ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 2.0 specification." |
| 106 |
Alter Postweg 101 Augsburg, BY 86159 Germany -Roland Ebrecht
-Thomas Hoffmann
|
Version 7.80 (Firmware) Part # SLB 9670 |
Infineon SLB 9670 security controller IC | 12/23/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
Key Regeneration
)
SCHEMES
[
OnePassUnified
(
No_KC
<
KARole(s)
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
]
"Infineon Trusted Platform Module 2.0 SLB9670 is an implementation according to the TPM Main Specification Version 2.0 Revision 01.16 Errata Version 1.4 by Trusted Computing Group." |
| 105 |
Alter Postweg 101 Augsburg, BY 86159 Germany -Roland Ebrecht
-Thomas Hoffmann
|
Version 5.80 (Firmware) Part # SLB 9660/9665 |
Infineon SLB 9660 or SLB 9665 security controller IC | 12/23/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
Key Regeneration
)
SCHEMES
[
OnePassDH
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
]
"Infineon Trusted Platform Module 2.0 SLB 9660/ SLB 9665 is an implementation according to the TPM Main Specification Version 2.0 Revision 01.16 Errata Version 1.4 by Trusted Computing Group." |
| 104 |
4701 Tahoe Blvd, Building A, 5th Floor Missisauga, ON L4W 0B5 Canada -Certicom Sales
-Certicom Support
|
Version 5.6.2 |
Qualcomm Snapdragon 801 w/ BlackBerry 10; Qualcomm Snapdragon S4 w/ BlackBerry 10; Qualcomm Snapdragon S4 Pro w/ BlackBerry 10 | 12/23/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA256
HMAC
)
)
FC:
SHA256
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#3547 DSA Val#1147 DRBG Val#1370 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder® FIPS Core provides application developers with cryptographic tools to easily integrate encryption, digital signatures and other security mechanisms into C-based applications for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec, SSL and DRM modules." |
| 103 |
4205 Place de Java Brossard, QC J4Y 0C4 Canada -Dominic Gagnon
-François Gervais
|
Version 1.0 (Firmware) |
AM335x Cortex-A8 (ARMv7) /w NEON | 12/23/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
Hybrid1
(
FB:
SHA224
SHA256
SHA384
SHA512
CCM/CMAC/HMAC
)
)
FC:
SHA256
SHA384
SHA512
CCM
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ MQV1 ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ] [ dhOneFlow ( KARole(s): Initiator -Recipient is tested / Responder -Provider is tested ) ( FB: SHA1 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ dhStatic ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] SHS Val#3545 DSA Val#1146 DRBG Val#1367 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
FullMQV
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
CCM
)
(
EC:
P-256
SHA256
SHA384
SHA512
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The Distech Java Cryptographic Library is a general purpose cryptographic library used by Distech Controls products including the Eclypse series of controllers." |
| 102 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 3.0.0 (Firmware) |
ARM Cortex A9 | 12/23/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN4010, CN4020, CN6010 and CN6140 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for CN4010, CN4020, CN6010 and CN6140 Series Encryptors. Based upon OpenSSL the Common Crypto Library provides an Application Programming Interface (API) to support security relevant services." |
| 101 |
312 Kings Way South Melbourne, Victoria 3205 Australia -John Weston
|
Version 3.0.0 (Firmware) |
Intel Xeon | 12/23/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN8000 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for CN8000 Series Encryptors. Based upon OpenSSL the Common Crypto Library provides an Application Programming Interface (API) to support security relevant services." |
| 100 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 3.0.0 (Firmware) |
Intel ATOM | 12/23/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
FullMQV
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The CN6000 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for CN6000 Series Encryptors. Based upon OpenSSL the Common Crypto Library provides an Application Programming Interface (API) to support security relevant services." |
| 99 |
4701 Tahoe Blvd, Building A 5th Floor Mississauga, Ontario L4W 0B5 Canada -Certicom Support
-Certicom Sales
|
Version 2.9.0 |
NXP ARM Cortex-A9 w/ Android OS API Level 17 | 12/23/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
CCM
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 CCM ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA1 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 CCM ) ] SHS Val#3538 DSA Val#1143 DRBG Val#1360 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
CCM
)
(
EC:
P-256
SHA256
SHA384
SHA512
CCM
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder GSE-J is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications." |
| 98 |
4701 Tahoe Blvd, Building A 5th Floor Mississauga, Ontario L4W 0B5 Canada -Certicom Support
-Certicom Sales
|
Version 2.9.0 |
Qualcomm 8992 Snapdragon w/ Android OS Version 6.0.1 | 12/23/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
CCM
)
]
[ MQV2 ( FB: SHA224 CCM ) ] [ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA1 ) ] [ dhStatic ( No_KC < KARole(s): Initiator > ) ( FB: SHA224 CCM ) ] SHS Val#3537 DSA Val#1142 DRBG Val#1359 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
CCM
)
(
EC:
P-256
SHA256
SHA384
SHA512
CCM
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder GSE-J is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications." |
| 97 |
3401 Hillview Ave Palo Alto, CA 94303 USA -Eric Betts
-Michael McKay
|
Version BC FIPS 1.0.0 |
Intel Xeon E5 w/ NSX Controller 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0; Intel Xeon E5 w/ NSX Edge 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0; Intel Xeon E5 w/ NSX Manager 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0 | 12/16/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
MQV2
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
SHA256
SHA384
SHA512
CCM/CMAC/HMAC
)
(
FC:
SHA256
SHA384
SHA512
CCM
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ MQV1 ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ] [ dhOneFlow ( KARole(s): Initiator -Recipient is tested / Responder -Provider is tested ) ( FB: SHA1 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ dhStatic ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] SHS Val#3490 DSA Val#1139 DRBG Val#1330 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
FullMQV
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
CCM
)
(
EC:
P-256
SHA256
SHA384
SHA512
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The VMware Java JCE (Java Cryptographic Extension) Module (VMware JCE Module) is a software cryptographic module containing a set of cryptographic functions." |
| 96 |
3401 Hillview Ave Palo Alto, CA 94303 USA -Eric Betts
-Michael McKay
|
Version BC FIPS 1.0.0 |
Intel Xeon E5 w/ NSX Controller 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0; Intel Xeon E5 w/ NSX Edge 6.3.0 OS with Java JRE 1.7 running on VMware vSphere Hypervisor (ESXi) 6.0; Intel Xeon E5 w/ NSX Manager 6.3.0 OS with Java JRE 1.7 running on Vmware vSphere Hypervisor (ESXi) 6.0 | 12/2/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
MQV2
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
SHA256
SHA384
SHA512
CCM/HMAC
)
(
FC:
SHA256
SHA384
SHA512
CCM
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ MQV1 ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ] [ dhOneFlow ( KARole(s): Initiator -Recipient is tested / Responder -Provider is tested ) ( FB: SHA1 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ dhStatic ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] SHS Val#3417 DSA Val#1127 DRBG Val#1261 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
FullMQV
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
CCM
)
(
EC:
P-256
SHA256
SHA384
SHA512
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The VMware Java JCE (Java Cryptographic Extension) Module (VMware JCE Module) is a software cryptographic module containing a set of cryptographic functions." |
| 95 |
150 Rustcraft Road Dedham, MA 02026 USA -Certification Director
|
Version 2.0 (Firmware) |
Broadcom XLS Processor; RMI Alchemy MIPS Processor | 10/28/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Full Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FC: SHA256 ) ] SHS Val#1357 DRBG Val#66 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
)
]
"The Fortress KAS Implementation suite works in unison to provide security to your wireless and wired networks." 12/13/16: Updated implementation information; |
| 94 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 3.0.0 (Firmware) |
ARM Cortex A9 | 10/14/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN9000 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for CN9000 Series Encryptors. Based upon OpenSSL the Common Crypto Library provides an Application Programming Interface (API) to support security relevant services." |
| 93 |
One Microsoft Way Redmond, WA 98052-6399 USA -Tim Myers
|
Version 10.0.14393 |
Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Pro 3 w/ Windows 10 Enterprise Anniversary Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Pro 3 w/ Windows 10 Pro Anniversary Update (x64); Intel Core i5 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Pro 4 w/ Windows 10 Enterprise Anniversary Update (x64); Intel Core i5 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Pro 4 w/ Windows 10 Pro Anniversary Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Book w/ Windows 10 Enterprise Anniversary Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Book w/ Windows 10 Pro Anniversary Update (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise Anniversary Update (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Pro Anniversary Update (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise Anniversary Update (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows Server 2016 Standard (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows Server 2016 Standard (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows Server 2016 Datacenter (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows Storage Server 2016 (x64) ; Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise LTSB Anniversary Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise LTSB Anniversary Update (x64) | 9/9/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
]
"The Microsoft Windows Virtual TPM implementations provide cryptography algorithms to support the Virtual TPM functionality for Hyper-V" To comply with the TPM 2.0 specification, the “OtherInfo” field was modified in the test vectors applied to this implementation to include a NULL-terminated “Use” string; |
| 92 |
One Microsoft Way Redmond, WA 98052-6399 USA -Tim Myers
|
Version 10.0.14393 |
Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Pro 3 w/ Windows 10 Enterprise Anniversary Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Pro 3 w/ Windows 10 Pro Anniversary Update (x64); Intel Core i5 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Pro 4 w/ Windows 10 Enterprise Anniversary Update (x64); Intel Core i5 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Pro 4 w/ Windows 10 Pro Anniversary Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Book w/ Windows 10 Enterprise Anniversary Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface Book w/ Windows 10 Pro Anniversary Update (x64); Intel Atom x7 with AES-NI and PCLMULQDQ and SSSE 3 w/Microsoft Surface 3 w/ Windows 10 Anniversary Update (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise Anniversary Update (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Pro Anniversary Update (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise Anniversary Update (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows Server 2016 Standard (x64); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Enterprise Anniversary Update (x86); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Pro Anniversary Update (x86); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Anniversary Update (x86); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Anniversary Update (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows Server 2016 Standard (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows Server 2016 Datacenter (x64); Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows Storage Server 2016 (x64); Qualcomm Snapdragon 808 (A57, A53) w/Microsoft Lumia 950 w/ Windows 10 Mobile Anniversary Update (ARMv7) ; Intel Xeon with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise LTSB Anniversary Update (x64); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Enterprise LTSB Anniversary Update (x86); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise LTSB Anniversary Update (x64); Qualcomm Snapdragon 820 (Kryo) w/ Windows 10 Mobile Anniversary Update (ARMv7); Qualcomm Snapdragon 212 (A7) w/ Microsoft Lumia 650 w/ Windows 10 Mobile Anniversary Update (ARMv7) | 8/24/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA256 ) ( FC: SHA256 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#3347 DSA Val#1098 DRBG Val#1217 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Microsoft Windows Kernel Mode Cryptographic Primitives Library -- Cryptography Next Generation (CNG) -- is a general purpose, software-based, cryptographic module which provides FIPS 140-2 Level 1 cryptography." 09/22/16: Added new tested information; |
| 91 |
6623 Dumbarton Circle Fremont, CA 94555 USA -Jean-Luc Azou
-Béatrice SALAUN
|
Version 2.7.4.12 (Firmware) |
Oberthur: Hardware version 'OF', Firmware version '5601';Giesecke & Devrient: Infineon SLE 78CLFXxxxxP Dual-Interface/Contactless Security Controller;Gemalto: NXP SmartMX2 P60 chip family | 8/24/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Full Validation
)
SCHEMES
[
OnePassDH
(
KC
<
KARole(s):
Responder
>
)
(
EC:
P-256
SHA256
CMAC
)
]
"KAS ECC OnePassDH component implements ECC OnePassDH Key Agreement with Key Confirmation (Key Agreement Role Responder - Key Confirmation Role Provider and Type Unilateral). Supported cryptographic suite: EC: P-256 / SHA256 / CMAC" Prerequisites are different for each OE: Oberthur: Hardware version 'OF', Firmware version '5601': ECDSA#526 SHA#2449 DRBG#537 CMAC#2911; Giesecke & Devrient: Infineon SLE 78CLFXxxxxP Dual-Interface/Contactless Security Controller: ECDSA#476 SHA#2288 DRBG#455 CMAC2720; Gemalto: NXP SmartMX2 P60 chip family: ECDSA#363 SHA#1946 DRBG#1045 CMAC#2261 |
| 90 |
47697 Westinghouse Drive, Suite 201 Fremont, CA 94539 USA -Satya Das
|
Version 1.0 |
Intel(R) Xeon(R) CPU ES-2620 v2 @2.10GHz w/ Open JDK 1.8 on CentOS 6.5 Intel 64-bit on ESXi 5.5.0 | 8/12/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
MQV2
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
SHA256
SHA384
SHA512
CCM
)
(
FC:
SHA256
SHA384
SHA512
CCM
)
]
[ MQV1 ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] [ dhStatic ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] SHS Val#3339 DSA Val#1095 DRBG Val#1213 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
FullMQV
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
CCM
)
(
EC:
P-256
SHA256
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Attivo Networks is an award winning provider of inside-the-network threat detection, attack analysis and forensics." 09/30/16: Added new tested information; |
| 89 |
85 The Crescent Ascot Vale, Victoria 3032 Australia -David Hook
-Jon Eaves
|
Version 1.0.1 |
Intel Core i7 (6th Gen) w/ Windows 10 Enterprise (64 bit); Intel Core i5 (5th Gen) w/ Windows 8.1 Professional 32 bit; Intel Core i5 (5th Gen) w/ Windows 7 SP1 32 bit; Intel Atom w/ Windows 10 Professional 64 bit; | 8/4/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
CCM
)
(
EC:
P-256
SHA256
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well." 08/16/16: Adding OE |
| 86 |
12191 Kirkham Rd Poway, CA 92064 United States -Robert Davidson
|
Version 7.0 (Firmware) Part # Configurator |
n/a | 7/31/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
EC:
P-256
SHA256
HMAC
)
)
]
"Secure communication for Aegis device setup" 08/11/16: Updated implementation information; |
| 85 |
1011 Lake St. Suite 425 Oak Park, IL 60118 USA -Jonathan Schulze-Hewett
-Michael Markowitz
|
Version 8.0 |
AMD A8-3850 without AES-NI w/ Windows 10 (64-bit); Intel Core i7 with AES-NI w/ CentOS 6.7 (64-bit);Intel Core i7 with AES-NI w/ Windows 10 (64-bit); | 7/31/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA224 SHA256 SHA384 SHA512 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA1 SHA256 SHA384 SHA512 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 HMAC ) ] SHS Val#3307 DSA Val#1090 DRBG Val#1192 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
Partial Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The ISC Cryptographic Development Kit (CDK) is a software development toolkit providing a comprehensive set of cryptographic primitives for use in any application. It includes RSA, DSA/Diffie-Hellman and elliptic curve algorithms, as well as a wide range of symmetric ciphers and hash functions." |
| 83 |
4701 Tahoe Blvd, Building A 5th Floor Mississauga, Ontario L4W 0B5 Canada -Certicom Support
-Certicom Sales
|
Version 2.9.0 Part # Intel Xeon |
n/a w/ CentOS Linux 7.0 64 bit with Oracle JRE 1.8.0 | 6/10/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
CCM
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 CCM ) ] [ MQV1 ( (No_KC ) < KARole(s): Initiator / Responder > ) ( FB: SHA224 CCM ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 CCM ) ] SHS Val#3292 DSA Val#1084 DRBG Val#1180 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
CCM
)
(
EC:
K-283
SHA256
SHA384
SHA512
CCM
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder GSE-J is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications." |
| 82 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 2.7.1 (Firmware) |
Intel ATOM | 5/27/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN6000 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for CN6000 Series Encryptors. Based upon OpenSSL the Common Crypto Library provides an Application Programming Interface (API) to support security relevant services." 07/07/16: Updated vendor information; |
| 81 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 2.7.1 (Firmware) |
ARM Cortex A9 | 5/27/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN4010, CN4020 and CN6010 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for the CN4010, CN4020 and CN6010 Series Encryptors. Based upon OpenSSL the Library provides an Application Programming Interface (API) to support security relevant services." 07/06/16: Updated vendor information; |
| 80 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 2.7.1 (Firmware) |
Intel Xeon | 5/27/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN8000 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for CN8000 Series Encryptors. Based upon OpenSSL the Common Crypto Library provides an Application Programming Interface (API) to support security relevant services." 07/07/16: Updated vendor information; |
| 79 |
4701 Tahoe Blvd, Building A 5th Floor Mississauga, Ontario L4W 0B5 Canada -Certicom Support
-Certicom Sales
|
Version 6.0.3 |
Intel Core i7-3615QM w/ Mac OS X El Captian 10.11.4 | 4/22/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA256
HMAC
)
)
FC:
SHA256
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#3256 DSA Val#1076 DRBG Val#1151 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder® FIPS Core provides application developers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec and SSL modules." |
| 78 |
Postboks 6 Folldal, N-2581 Norway -Dag Arne Osvik
|
Version 2 |
Arm Cortex-A9 w/ Linux | 4/15/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
Partial Validation
Key Regeneration
)
SCHEMES
[
FullUnified
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"AlpCode™ Cryptographic Library (ACCL) features side-channel resistance through its use of constant-time algorithms, data-independent memory access patterns and fault detection. Its unique side-channel resistance even extends to normally-public elliptic-curve parameters, making it suitable for use with classified elliptic curves." |
| 77 |
85 The Crescent Ascot Vale, Victoria 3032 Australia -David Hook
-Jon Eaves
|
Version 1.0.0 |
Intel Core i7 (6th Gen) w/ Windows 10 Enterprise 64 bit; Intel Atom w/ Windows 10 Professional 64 bit; Intel Core i5 (5th Gen) w/ Windows 8.1 Professional 32 bit; Intel Core i5 (5th Gen) w/ Windows 7 SP1 32 bit | 3/25/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
CCM
)
(
EC:
P-256
SHA256
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well." |
| 76 |
6155 El Camino Real Carlsbad, CA 92009 USA -David Suksumrit
-Savitha Naik
|
Version Version 12 (Firmware) |
IBM PowerPC | 2/26/2016 |
ECC:
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"Implements key establishment, random number generation, certificate and private key management, and wrap/unwrap of key material, and controls the FPGA implementation of traffic encryption in ViaSat''s Enhanced Bandwidth Efficient Modem (EBEM)." |
| 75 |
1860 Hartog Drive San Jose, CA 95131-2203 USA -William Sandberg-Maitland
-Jack Young
|
Version 03.00.0D (Firmware) |
ARM9 Vendor NXP Part No. LPC3131 | 2/19/2016 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"AES Library implements all keys sizes in the firmware and supports ECB, CBC and XTS. SHA2 Library implements SHA224, 256, 384 and 512 in the firmware. ECCLib implements ECDSA and ECDH for P256, P384 and P521. HRNG implements the hash DRBG using SHA512." 05/05/16: Updated implementation information; |
| 74 |
4701 Tahoe Blvd, Building A 5th Floor Mississauga, Ontario L4W 0B5 Canada -Certicom Support
-Certicom Sales
|
Version 6.0.3 |
Intel Core i7-3615QM w/ Mac OSX Yosemite 10.10.4 | 1/22/2016 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA256
HMAC
)
)
FC:
SHA256
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#3164 DSA Val#1049 DRBG Val#1085 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder® FIPS Core provides application developers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec and SSL modules" |
| 73 |
85 The Crescent Ascot Vale, Victoria 3032 Australia -David Hook
-Jon Eaves
|
Version 1.0.0 |
Intel Xeon E5 v3 w/ Java SE Runtime Env 7 on Solaris 11 on vSphere 6; Intel Xeon E5 v3 w/ Java SE Runtime Env 8 on Centos 6.4 on vSphere 6 | 12/18/2015 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
MQV2
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
SHA256
SHA384
SHA512
CCM
)
(
FC:
SHA256
SHA384
SHA512
CCM
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ dhHybridOneFlow ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] [ MQV1 ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] [ dhStatic ( KC < KCRole(s): Provider / Recipient > < KCType(s): Unilateral / Bilateral > < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 CCM ) ( FC: SHA256 SHA384 SHA512 CCM ) ] ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
FullMQV
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Unilateral
/
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
CCM
)
(
EC:
P-256
SHA256
CCM
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well." |
| 72 |
One Microsoft Way Redmond, WA 98052-6399 USA -Tim Myers
|
Version 10.0.10586 |
Intel x64 Processor with AES-NI w/ Microsoft Surface Pro w/ Windows 10 Enterprise November 2015 Update (x64); Intel Core i5 with AES-NI w/ Microsoft Surface Pro 2 w/ Windows 10 Enterprise November 2015 Update (x64); Intel Core i7 with AES-NI w/ Microsoft Surface Pro 3 w/ Windows 10 Enterprise November 2015 Update (x64); Intel x64 Processor with AES-NI w/ Microsoft Surface Pro w/ Windows 10 Pro November 2015 Update (x64); Intel Core i5 with AES-NI w/ Microsoft Surface Pro 2 w/ Windows 10 Pro November 2015 Update (x64); Intel Core i7 with AES-NI w/ Microsoft Surface Pro 3 w/ Windows 10 Pro November 2015 Update (x64); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Enterprise November 2015 Update (x86); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Pro November 2015 Update (x86); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 November 2015 Update (x86); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise November 2015 Update (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Pro November 2015 Update (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 November 2015 Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 November 2015 Update (x64); Intel Atom x7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface 3 w/ Windows 10 Enterprise November 2015 Update (x64) ; Qualcomm Snapdragon 808 (A57, A53) w/ Microsoft Lumia 950 w/ Windows 10 Mobile; Qualcomm Snapdragon 400 (A7) w/ Microsoft Lumia 635 w/ Windows 10 Mobile; ; Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Hub 84" w/ Windows 10 for Surface Hub (x64); Intel Core i5 with AES-NI w/ Microsoft Surface Hub 55" w/ Windows 10 for Surface Hub (x64); Intel Core i5 with AES-NI w/ Microsoft Surface Pro 4 w/ Windows 10 Enterprise November 2015 Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Book w/ Windows 10 Enterprise November 2015 Update (x64); Intel Core i5 with AES-NI w/ Microsoft Surface Pro 4 w/ Windows 10 Pro November 2015 Update (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Book w/ Windows 10 Pro November 2015 Update (x64) | 12/4/2015 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA256 ) ( FC: SHA256 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#3047 DSA Val#1024 DRBG Val#955 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Microsoft Windows Kernel Mode Cryptographic Primitives Library -- Cryptography Next Generation (CNG) -- is a general purpose, software-based, cryptographic module which provides FIPS 140-2 Level 1 cryptography." 02/17/16: Added new tested information and updated implementation information; |
| 71 |
Arteparc Bachasson, Bât A Rue de la carrière de Bachasson, CS70025 Meyreuil, Bouches-du-Rhône 13590 France -Euan Macdonald
-Jean Fioretti
|
Version 1.2.1 (Firmware) Part # VaultIC405M Rev B |
Intel Core i5 | 11/6/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
OnePassDH
(
No_KC
<
KARole(s):
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"VaultIC (R) are security modules designed to secure applications such as anti-cloning, physical access control, personal access control for multimedia and web applications, hardware authentication, user strong authentication, SSL support, PKCS#11 to Microsoft (R) CSP applications, PKI, DRM, trusted computing and IP protection." |
| 70 |
3rd Floor, Gongkong Building No. 1 Wangzhuang Rd Haidian District Beijing, N/A 100083 China -Lemon Yang
|
Part # SCC-X |
N/A | 11/6/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"mToken CryptoID is designed based on a secure smartcard chip that utilizes the in-built mCOS to communicate with computer device via USB interface in a "plug and play" manner. It can realize various Public Key Infrastructure (PKI) applications including digital signature, online authentications, online transactions, software security, etc." |
| 69 |
1680 University Avenue Rochester, NY 14610 USA -Steven Ruggieri
-Suzanne Kwak
|
Version 4.10a (Firmware) |
Broadcom XLS108 | 11/6/2015 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FC: SHA256 ) ] SHS Val#2943 DSA Val#994 DRBG Val#920 "This is a firmware library which executes on a general purpose processor to provide cryptographic functions for Harris'' industry leading reliable, secure, and high performance Broadband Ethernet Radio (BER) products: RF-7800-OU50x/-OU47x/-OU49x." |
| 68 |
10F-1, No.306, Sec. 1, Wenxin Rd., Nantun Dist. Taichung City, 408 Taiwan -Jerry Lin
|
Version 2.0 (Firmware) |
ARM SecurCore SC300 | 10/16/2015 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
)
SCHEMES
[
dhOneFlow
(
KARole(s):
Initiator
/
Responder
)
(
FC:
SHA256
)
]
SHS Val#1672 DSA Val#996 DRBG Val#902 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
)
SCHEMES
[
OnePassDH
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
]
"The GO-Trust Cipher Library is designed to provide FIPS140-2 algorithm support for the GO-Trust SDencrypter Cryptographic Module. This module supports GO-Trust applications (for example: KingCall and KingText) by providing validated Cryptographic Services. The incorporation of these algorithms makes these products ideal for enterprise and governmen" 11/05/15: Added new tested information; |
| 67 |
No. 4, Creation Rd. III Hsinchu Science Park, n/a 300 Taiwan, R.O.C. -Yossi Talmi
-Oren Tanami
|
Part # FB5C85E |
N/A | 10/9/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EC:
P-256
SHA256
CCM/HMAC
)
]
"Nuvoton TPM (Trusted Platform Module), a TCG 2.0 compliant security processor with embedded firmware" |
| 66 |
No. 4, Creation Rd. III Hsinchu Science Park, n/a 300 Taiwan, R.O.C. -Yossi Talmi
-Oren Tanami
|
Part # FB5C85D |
N/A | 10/9/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EC:
P-256
SHA256
CCM
)
]
"Nuvoton TPM (Trusted Platform Module), a TCG 2.0 compliant security processor with embedded firmware" |
| 65 |
1680 University Avenue Rochester, NY 14610 USA -Steven Ruggieri
-Suzanne Kwak
|
Version 4.10 (Firmware) |
Broadcom XLS108 | 9/30/2015 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FC: SHA256 ) ] SHS Val#2911 DSA Val#989 DRBG Val#887 "This is a firmware library which executes on a general purpose processor to provide cryptographic functions for Harris'' industry leading reliable, secure, and high performance Broadband Ethernet Radio (BER) products: RF-7800-OU50x/-OU47x/-OU49x." |
| 64 |
One Microsoft Way Redmond, WA 98052-6399 USA -Tim Myers
|
Version 10.0.10240 |
Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 (x64); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 (x86); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise (x64); Intel x64 Processor with AES-NI w/ Microsoft Surface Pro w/ Windows 10 Enterprise (x64); Intel Core i5 with AES-NI w/ Microsoft Surface Pro 2 w/ Windows 10 Enterprise (x64); Intel Core i7 with AES-NI w/ Microsoft Surface Pro 3 w/ Windows 10 Enterprise (x64); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Enterprise (x86); AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Pro (x64); Intel x64 Processor with AES-NI w/ Microsoft Surface Pro w/ Windows 10 Pro (x64); Intel Core i5 with AES-NI w/ Microsoft Surface Pro 2 w/ Windows 10 Pro (x64); Intel Core i7 with AES-NI w/ Microsoft Surface Pro 3 w/ Windows 10 Pro (x64); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Pro (x86); Intel Atom x7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface 3 w/ Windows 10 Enterprise (x64) ; Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3; AMD A4 with AES-NI and PCLMULQDQ and SSSE 3 w/ Windows 10 Enterprise LTSB (x64); Intel Core i3 without AES-NI or PCLMULQDQ or SSSE 3 w/ Windows 10 Enterprise LTSB (x86) | 8/29/2015 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA256 ) ( FC: SHA256 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#2886 DSA Val#983 DRBG Val#868 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Microsoft Windows Kernel Mode Cryptographic Primitives Library -- Cryptography Next Generation (CNG) -- is a general purpose, software-based, cryptographic module which provides FIPS 140-2 Level 1 cryptography." 09/17/15: Updated implementation information; |
| 63 |
302 Town Centre Blvd., 4th Floor Markham, Ontario L3R OE8 Canada -Andrew Spurgeon
-Weixiong Lin
|
Version 3.1 (Firmware) |
Cavium ECONA CNS3411 SoC | 7/17/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
)
SCHEMES
[
FullMQV
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KARole(s):
Initiator
/
Responder
>
)
(
ED:
P-384
SHA384
)
]
"Implements ECC-based certificate device authentication, used by RDL-3000 systems to validate the identities of the devices at either end of a wireless connection." |
| 62 |
4701 Tahoe Blvd, Building A 5th Floor Mississauga, Ontario L4W 0B5 Canada -Certicom Support
-Certicom Sales
|
Version 2.8.8 |
Intel Xeon w/ CentoOS Linux 7.0 64 bit with Oracle JRE 1.8.0 | 7/17/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
CCM
)
(
EC:
P-256
SHA256
SHA384
SHA512
CCM
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder GSE-J is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications." |
| 61 |
4701 Tahoe Blvd, Building A 5th Floor Mississauga, Ontario L4W 0B5 Canada -Certicom Support
-Certicom Sales
|
Version 2.8.8 |
Intel Xeon w/ CentoOS Linux 7.0 64 bit with Oracle JRE 1.8.0 | 7/17/2015 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
CCM
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 CCM ) ] [ MQV1 ( FB: SHA224 CCM ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 CCM ) ] SHS Val#2860 DSA Val#978 DRBG Val#852 "Security Builder GSE-J is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications." |
| 60 |
6155 El Camino Real Carlsbad, CA 92009 USA -David Suksumrit
-Savitha Naik
|
Version 11 (Firmware) |
IBM PowerPC | 7/2/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
)
SCHEMES
[
EphemeralUnified
(
KC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"Implements key establishment, random number generation, certificate and private key management, and wrap/unwrap of key material, and controls the FPGA implementation of traffic encryption in ViaSat''s Enhanced Bandwidth Efficient Modem (EBEM-500)." |
| 59 |
5455 Great America Parkway Santa Clara, CA 95051 USA -Usha Sanagala
|
Version 6.2.1 (Firmware) |
Cavium Octeon II CN 6640-8core | 5/22/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The Dell(tm) SonicWALL(tm) SuperMassive(tm) Series is Dell''s next-generation firewall (NGFW) platform designed for large networks to deliver scalability, reliability and deep security at multi-gigabit speeds with near zero latency." |
| 58 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 2.6.1 (Firmware) |
Intel ATOM | 4/17/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN6000 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for CN6000 Series Encryptors. Based upon OpenSSL the Common Crypto Library provides an Application Programming Interface (API) to support security relevant services." 06/08/15: Updated implementation information; |
| 57 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 4.6.1 (Firmware) |
Freescale MPC8280 | 4/17/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN1000 and CN3000 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for the CN1000 and CN3000 Series Encryptors. Based upon OpenSSL the Library provides an Application Programming Interface (API) to support security relevant services." 06/08/15: Updated implementation information; |
| 56 |
312 Kings Way South Melbourne, Victoria 3025 Australia -John Weston
|
Version 2.6.1 (Firmware) |
ARM Cortex A9 | 4/17/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The CN4010 and CN6010 Series Common Crypto Library Module provides FIPS 140-2 approved cryptographic algorithms for the CN4010 and CN6010 Series Encryptors. Based upon OpenSSL the Library provides an Application Programming Interface (API) to support security relevant services." 06/08/15: Updated implementation information; |
| 55 |
7701 Tampa Point Boulevard MacDill Air Force Base, Florida 33621-5323 USA -William W. Burnham
|
Version 2.0 |
Qualcomm Snapdragon S2 w/ BlackBerry OS v7.1; Qualcomm Snapdragon S4 w/ BlackBerry OS v10.3; Intel Xeon w/ Microsoft Windows Server 2008 R2 (64-bit); Intel Xeon w/ Microsoft Windows Server 2012 R2 (64-bit); Qualcomm Snapdragon 801 w/ BlackBerry OS v10.3 | 4/10/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Full Validation
Key Regeneration
)
SCHEMES
[
FullUnified
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA224
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Federal Information Processing Standard (FIPS) 140-2 certified, standards-based Suite B Cryptographic Algorithms library that provides an advanced layer of encrypted data-in-transit communications and data-at-rest encryption for the BlackBerry ecosystem." 07/20/15: Updated implementation information; |
| 54 |
6155 El Camino Real Carlsbad, CA 92009 USA -David Suksumrit
-Savitha Naik
|
Version EbemCrypto Version 10 (Firmware) |
IBM Power PC | 3/6/2015 |
ECC:
SCHEMES
[
EphemeralUnified
(
KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"Implements authentication, key negotiation/generation, and controls FPGA implementation of traffic encryption in ViaSat''s Enhanced Bandwidth Efficient Modem (EBEM-500)." |
| 53 |
2315 N. First Street San Jose, CA 95131 USA -Tejinder Singh
-Phanikumar Kancharla
|
Version 1.0.0 (Firmware) |
Cavium Octeon Family, CN61XX | 2/13/2015 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
)
SCHEMES
[
StaticUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"This module uses ECC based key agreement scheme to generate a shared key on two Cavium HSMs. Uses Nonces and mac based key confirmation." |
| 52 |
1860 Hartog Drive San Jose, CA 95131-2203 USA -William Sandberg-Maitland
|
Version 3.0 (Firmware) Part # 742100004F |
SPYCOS 3.0 | 12/24/2014 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"SPYCOS 3.0 is a hardware cryptographic module that enables security critical capabilities such as user authentication, message privacy, integrity and secure storage in rugged, tamper-evident QFN and microSD form factors. The SPYCOS 3.0 Module communicates with a host computer via the standard USB interface." |
| 51 |
4690 Millennium Drive Belcamp, MD 21017 USA -Langley Rock
-Laurie Mack
|
Version 5 (Firmware) |
AMCC 440EPx Power PC (PPC440EPx) Embedded Processor | 11/7/2014 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA224 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA1 SHA256 SHA384 SHA512 ) ( FC: SHA256 SHA384 SHA512 ) ] SHS Val#2576 DSA Val#902 "The SafeNet PSI-E cryptographic library provides a wide range of cryptographic functions." |
| 50 |
4701 Tahoe Blvd, Building A 5th Floor Mississauga, Ontario L4W 0B5 Canada -Certicom Support
-Certicom Sales
|
Version 6.0.2.1 |
Intel Core i7-2720QM w/ AES-NI w/ Windows 7 Enterprise 64-bit; ARMv7 w/ Windows Phone 8.0; ARMv7 w/ Android 4.4.2; Intel Atom CPU Z2460 w/ Android 4.0.4; ARMv7 w/ iOS version 6.1.4 ; ARMv8 w/ Android 5.0.1; ARMv7S w/ iOS 6.1.4; ARMv8 w/ iOS 8.0; Intel Xeon with AES-NI w/ Windows 7; Intel Xeon E5620 with AES-NI w/ CentOS Linux Release 7.1 64-bit; Intel Core i7-3615QM w/ Mac OS X Yosemite 10.10.4 | 10/16/2014 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA256
HMAC
)
)
FC:
SHA256
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#2530 DSA Val#891 RNG: non-compliant per the SP800-131A Rev. 1 transition DRBG Val#579 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder® FIPS Core provides application developers with cryptographic tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and IPSec and SSL modules." 04/13/15: Updated vendor and implementation information; |
| 49 |
37 Executive Drive Danbury, CT 06810 USA -Dave Riley
|
Version 01.01.000A (Firmware) Part # MAX32590 Rev B4 |
n/a | 8/11/2014 |
ECC:
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
)
]
"Pitney Bowes X4 HSM Cryptographic Module" |
| 48 |
402 rue d'Estienne d'Orves Colombes, N/A 92700 France -GOYET Christophe
-BOUKYOUD Saïd
|
Version 07837.9 (Firmware) Part # 0F |
ID-One PIV-C on Cosmo V8 ; N/A | 7/31/2014 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPV
KPG
Full Validation
)
SCHEMES
[
OnePassDH
(
KC
<
KARole(s):
Responder
>
)
(
EB:
P-224
SHA256
CMAC
)
(
EC:
P-256
SHA256
CMAC
)
]
"ID-One Cosmo V8 is a dual interface (ISO 7816 & ISO 14443) smartcard hardware platform compliant with Javacard 3.0.1 and GlobalPlatform 2.2.1 chip which support ECC CDH both for in module key establishment and for primitive only as required by PIV." 08/07/14: Updated implementation information; |
| 47 |
One Microsoft Way Redmond, WA 98052-6399 USA -Mike Grimm
|
Version 6.3.9600 |
NVIDIA Tegra 4 Quad-Core w/ Microsoft Surface 2 w/ Windows RT 8.1 (ARMv7 Thumb-2); NVIDIA Tegra 3 Quad-Core w/ Windows RT 8.1 (ARMv7 Thumb-2); Qualcomm Snapdragon S4 w/ Windows Phone 8.1 (ARMv7 Thumb-2); Qualcomm Snapdragon 400 w/ Windows Phone 8.1 (ARMv7 Thumb-2); Windows Phone 8.1 (ARMv7 Thumb-2) w/ Windows Phone 8.1 (ARMv7 Thumb-2); Qualcomm Snapdragon S4 w/ Windows RT 8.1 (ARMv7 Thumb-2); NVIDIA Tegra 3 Quad-Core w/ Microsoft Surface w/ Windows RT 8.1 (ARMv7 Thumb-2); AMD A4 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Windows 8.1 Enterprise (x64); Intel Core i3 without AES-NI and with PCLMULQDQ and SSSE3 w/ Microsoft Windows 8.1 Enterprise (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Windows 8.1 Enterprise (x64); AMD A4 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows 8.1 Enterprise (x86); AMD Athlon 64 X2 without AES-NI w/ Microsoft Windows 8.1 Enterprise (x86); Intel Core i7 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows 8.1 Enterprise (x86); Intel Pentium without AES-NI w/ Microsoft Windows 8.1 Enterprise (x86); Intel Core i3 without AES-NI and with PCLMULQDQ and SSSE3 w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x64); AMD A4 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x86); AMD A4 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x64); AMD Athlon 64 X2 without AES-NI w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x86); Intel Core i7 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x86); Intel Pentium without AES-NI w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x86); AMD A4 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows 8.1 Enterprise (x64); AMD Athlon 64 X2 without AES-NI w/ Microsoft Windows 8.1 Enterprise (x64); Intel Pentium without AES-NI w/ Microsoft Windows 8.1 Enterprise (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Windows Server 2012 R2 (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Windows Server 2012 R2 (x64); Intel Core i3 without AES-NI and with PCLMULQDQ and SSSE3 w/ Microsoft Windows Server 2012 R2 (x64); Intel Pentium without AES-NI w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x64); AMD A4 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x64); AMD Athlon 64 X2 without AES-NI w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x64); Intel Core i7 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows Embedded 8.1 Industry Enterprise (x64); Intel Core i3 without AES-NI and with PCLMULQDQ and SSSE3 w/ Microsoft Windows Storage Server 2012 R2 (x64); AMD A4 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Windows Storage Server 2012 R2 (x64); Intel Core i7 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Windows Storage Server 2012 R2 (x64); AMD A4 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows Server 2012 R2 (x64); AMD Athlon 64 X2 without AES-NI w/ Microsoft Windows Server 2012 R2 (x64); Intel Core i7 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows Server 2012 R2 (x64); Intel Pentium without AES-NI w/ Microsoft Windows Server 2012 R2 (x64); AMD A4 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows Storage Server 2012 R2 (x64); AMD Athlon 64 X2 without AES-NI w/ Microsoft Windows Storage Server 2012 R2 (x64); Intel Core i7 without AES-NI or PCLMULQDQ or SSSE3 w/ Microsoft Windows Storage Server 2012 R2 (x64); Intel Pentium without AES-NI w/ Microsoft Windows Storage Server 2012 R2 (x64); Intel Core i5 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Surface Pro 2 w/ Microsoft Windows 8.1 Enterprise (x64); Intel Core i5 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Surface Pro w/ Windows 8.1 Pro (x64); Intel Core i5 with AES-NI and PCLMULQDQ and SSSE3 w/ Microsoft Surface Pro 2 w/ Windows 8.1 Pro (x64) ; Intel Xeon E5-2648L without AES-NI w/ Microsoft StorSimple 8100 w/ Microsoft Windows Server 2012 R2; Intel Xeon E5-2648L with AES-NI w/ Microsoft StorSimple 8100 w/ Microsoft Windows Server 2012 R2; Intel Core i7 with AES-NI and PCLMULQDQ and SSSE 3 w/ Microsoft Surface Pro 3 w/ Windows 8.1 Pro (x64); Intel Xeon with AES-NI w/ Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6 on Windows Server 2012 R2 (x64); Intel Core i7 with AES-NI w/ Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12 on Windows Server 2012 R2 (x64) | 7/10/2014 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA256 ) ( FC: SHA256 ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#2373 DSA Val#855 DRBG Val#489 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Microsoft Windows Kernel Mode Cryptographic Primitives Library -- Cryptography Next Generation (CNG) -- is a general purpose, software-based, cryptographic module which provides FIPS 140-2 Level 1 cryptography." 12/11/14: Added new tested information; |
| 46 |
Arteparc Bachasson, Bât A Rue de la carrière de Bachasson, CS70025 Meyreuil, Bouches-du-Rhône 13590 France -Bob Oerlemans
|
Part # 1.1 |
N/A | 5/23/2014 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
/
ASN.1
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
]
"VaultIP is a Silicon IP Security Module which includes a complete set of high- and low-level cryptographic functions. It offers key management and crypto functions needed for platform and application security such as Content Protection and Mobile Payment, and can be used stand-alone or as a ''Root of Trust'' to support a TEE-based platform." |
| 45 |
37 Executive Drive Danbury, CT 06810 USA -Dave Riley
|
Version 01.01.0008 (Firmware) Part # MAX32590 Rev B4 |
N/A | 4/9/2014 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
)
]
"Pitney Bowes X4 HSM Cryptographic Module" |
| 44 |
4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.10.4 (Firmware) |
AMCC 440EPx PowerPC (PPC440EPx) Embedded Processor | 11/8/2013 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Partial Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The G5 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." 12/01/14: Updated implementation information; |
| 43 |
4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.10.4 (Firmware) |
AMCC 440EPx Power PC (PPC440EPx) Embedded Processor | 11/8/2013 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Partial Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The K6 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." 12/01/14: Updated implementation information; |
| 42 |
295 Phillip Street Waterloo, ON N2L3W8 Canada -Security Certifications Team
|
Version 6.1 |
Intel Xeon X5650 w/ CentOS 5.5 Linux 32-bit; Intel Xeon X5650 w/ CentOS 5.5 Linux 64-bit; Intel Xeon X5650 w/ Windows XP 32-bit; Intel Xeon X5650 w/ Windows XP 64-bit; ARMv7 w/ QNX Neutrino 8.0 | 9/30/2013 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
)
(
FB:
SHA256
HMAC
)
)
FC:
SHA256
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#2207 DSA Val#795 RNG: non-compliant per the SP800-131A Rev. 1 transition DRBG Val#406 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The BlackBerry Cryptographic Algorithm Library is a suite of cryptographic algorithms that provides advanced cryptographic functionality to systems running BlackBerry 10 OS and components of BlackBerry Enterprise Service 10." |
| 41 |
1680 University Avenue Rochester, NY 14610 USA -Robert Magnant
-Elias Theodorou
|
Version 2.00 (Firmware) |
Broadcom XLS108 | 8/29/2013 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FC: SHA256 ) ] SHS Val#2190 DSA Val#791 DRBG Val#398 "This is a firmware library that provides the cryptographic functions used on Harris'' industry leading reliable, secure and high performance Broadband Ethernet Radio (BER) products: RF-7800W-OU50x, -OU47x, -OU49x." |
| 40 |
Unterdorf Lauperswil, Bern CH-3438 Switzerland -Beat Waelti
|
Version V2.0.6 (Firmware) Part # FRM-II Version 1.2 |
firmware: running on built-in Fujitsu MB91302APM1R micro controller | 8/16/2013 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Full Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Responder
)
( FB: SHA256 ) ] SHS Val#2179 DRBG Val#393 "The PSD-II (Postal Security Device-II) is a hardware/firmware cryptographic module to be used in automated franking machines." |
| 39 |
4701 Tahoe Blvd, Building A, 5th Floor Missisauga, ON L4W 0B5 Canada -Certicom Sales
-Ian Laidlaw
|
Version 6.1 |
Intel x86 (Xeon X5650) w/ CentOS Linux 32-bit; Intel x64 (Xeon X5650) w/ CentOS Linux 64-bit; Intel x86 (Xeon X5650) w/ Windows XP 32-bit; Intel x64 (Xeon X5650) w/ Windows XP 64-bit; ARMv7 w/ QNX Neutrino 8.0 | 7/15/2013 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA256
SHA512
HMAC
)
)
FC:
SHA256
SHA512
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 SHA512 ) ( FC: SHA256 SHA512 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 SHA512 HMAC ) ( FC: SHA256 SHA512 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 SHA512 ) ( FC: SHA256 SHA512 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 SHA512 HMAC ) ( FC: SHA256 SHA512 HMAC ) ] SHS Val#2164 DSA Val#784 RNG: non-compliant per the SP800-131A Rev. 1 transition DRBG Val#388 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA256
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder® FIPS Core provides application developers with cryptographic tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec and SSL modules." |
| 38 |
4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.3.1 (Firmware) |
AMCC 440EPx Power PC (PPC440EPx) Embedded Processor | 11/21/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Luna IS cryptographic library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." |
| 37 |
4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.2.3 (Firmware) |
AMCC PowerPC 440EPx | 10/23/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The G5 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." 10/31/12: Updated implementation information; |
| 36 |
One Microsoft Way Redmond, WA 98052-6399 USA -Tim Myers
|
Version 6.2.9200 |
Qualcomm Snapdragon S4 w/ Windows RT (ARMv7 Thumb-2); NVIDIA Tegra 3 Quad-Core w/ Windows RT (ARMv7 Thumb-2); Intel Core i7 with AES-NI w/ Windows 8 Enterprise (x64); Intel Pentium D w/ Windows 8 Enterprise (x64); AMD Athlon 64 X2 Dual Core w/ Windows 8 Enterprise (x86); Intel Pentium D w/ Windows Server 2012 (x64); Intel Core i7 with AES-NI w/ Windows Server 2012 (x64); Qualcomm Snapdragon S4 w/ Windows Phone 8 (ARMv7 Thumb-2); Intel x64 Processor with AES-NI w/ Surface Windows 8 Pro (x64) ; Intel Core i7 without AES-NI w/ Windows Storage Server 2012; Intel Core i7 with AES-NI w/ Windows Storage Server 2012 | 9/26/2012 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Initiator
/
Responder
)
( FB: SHA256 ) ( FC: SHA256 ) ] [ dhOneFlow ( KARole(s): Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#1903 DSA Val#687 DRBG Val#258 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
DPV
KPG
Partial Validation
Key Regeneration
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module which can be dynamically linked into applications by developers to permit the use of FIPS 140-2 Level 1 compliant cryptography." 11/29/12: Added new tested information; |
| 35 |
125 Church Street, N.E., Suite 204 Vienna, VA 22180 USA -Satpal S. Sahni
|
Version 1.0 (Firmware) |
Cavium Octeon | 5/25/2012 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Full Validation
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA224
SHA256
SHA384
SHA512
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA224 SHA256 SHA384 SHA512 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA1 SHA256 SHA384 SHA512 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA224 SHA256 SHA384 SHA512 HMAC ) ] SHS Val#1784 DSA Val#646 DRBG Val#200 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
(SHA512, HMAC_SHA512)
)
]
"3SGX is a high performance PCIe cryptograhic module that provides complete cryptographic support to large numbers of users or applications simultaneously. 3SGX is the core of 3S Group''s hardare security appliances, ideal for enterprise key management, virtualization and cloud server solutions that demand high throughput." |
| 34 |
2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Joe Warren
|
Version 5.0 (Firmware) |
PowerPC Core 405 | 4/30/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Full Validation
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
ED:
P-384
SHA384
HMAC
)
]
"The Thales Datacryptor protects the confidentiality and integrity of sensitive data travelling over public networks." |
| 33 |
37 Executive Drive Danbury, CT 06810 USA -Dave Riley
|
Version 02000007 (Firmware) |
ARM 7 TDMI | 4/9/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EC:
P-256
SHA256
HMAC
)
)
]
"The Pitney Bowes Cygnus X-3 Hardware Security Module (HSM) employs strong cryptographic and physical security techniques for the protection of funds in Pitney Bowes Postage systems." |
| 32 |
4701 Tahoe Blvd, Building A, 5th Floor Missisauga, ON L4W 0B5 Canada -Certicom Sales
-Kris Orr
|
Version 6.0.2 |
64-bit Intel Core i5-2300 w/ Red Hat Linux 5.6; 64-bit Intel Core i5-2300 w/ Windows 7 | 3/26/2012 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA256
HMAC
)
)
FC:
SHA256
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#1729 DSA Val#630 DRBG Val#178 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
(SHA512, HMAC_SHA512)
)
]
"Security Builder FIPS Core provides application developers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and DRM modules." |
| 31 |
Unterdorf Lauperswil, Bern CH-3438 Switzerland -Beat Waelti
|
Version V2.0.4 (Firmware) Part # FRM-II Version 1.2 |
firmware: running on built-in Fujitsu MB91302APM1R micro controller | 2/21/2012 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Full Validation
)
SCHEMES
[
dhEphem
(
KARole(s):
Responder
)
( FB: SHA256 ) ] SHS Val#1699 DRBG Val#169 "The PSD-II (Postal Security Device-II) is a hardware/firmware cryptographic module to be used in automated franking machines." |
| 30 |
465 Fairchild Dr. Suite 130 Mountain View, CA 94043 USA -Bruce Bernstein
|
Version 2.0 |
Intel Pentium 4 w/ Ubuntu Linux version 11; AMD E-350 w/ Red Hat Enterprise Linux version 5.8 | 1/26/2012 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
KPG
Partial Validation
)
SCHEMES
[
FullUnified
(
KC
<
KCRole(s):
Provider
/
Recipient
>
<
KCType(s):
Bilateral
>
<
KARole(s):
Initiator
/
Responder
>
<
KDF:
CONCAT
>
)
(
EB:
P-224
SHA224
SHA256
HMAC
)
(
EC:
P-256
SHA256
SHA384
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"The cccmLib is a dynamically linked library whose sole use is to serve as a cryptographic engine to the Covia Labs Connector application. In particular the cccmLib will provide the underlying functionality needed to implement secured communications and an encrypted file system." 08/21/12: Added new tested information; |
| 29 |
20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych
-Laurie Smith
|
Version 4.8.7 (Firmware) |
StrongARM II 80219 | 12/16/2011 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
)
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
K-233
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
B-283
SHA256
SHA384
SHA512
HMAC
)
(
ED:
K-409
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Luna K5 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware and associated co-processor." |
| 28 |
1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews
|
Version R00.00.01_KAS (Firmware) Part # AT58Z04 |
Motorola µMace AT58Z04 | 11/17/2011 |
ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
Partial Validation
)
SCHEMES
[
FullMQV
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
ED:
P-384
SHA384
)
]
"The µMace cryptographic processor is used in security modules embedded in Motorola Solutions security products." |
| 27 |
1753 Shimonumabe Nakahara-ku Kawasaki-si, Kanagawa 211-8666 Japan -NEC Corporation
|
Version 01.00 (Firmware) |
MPC8314CVRAFDA; | 10/13/2011 | Completely moved to Historical page per SP800-131A transition, all tested components non-compliant. See Historical KAS List Val#27. |
| 26 | N/A | N/A | N/A | 9/30/2011 | N/A |
| 25 |
4701 Tahoe Blvd, Building A, 5th Floor Missisauga, ON L4W 0B5 Canada -Certicom Sales
-Kris Orr
|
Version 6.0 |
64-bit Intel Core i5-2300 w/ RedHat Linux 5.6; 32-bit Intel Core i7 w/ RedHat Linux 5.6; 32-bit Intel Pentium III w/ QNX 6.5; ARM Cortex A9 MPCore w/ QNX 6.6; Intel Core 2 Duo w/ Mac OS X 10.5; 32-bit Intel Core i5-2300 w/ Windows 7 | 9/20/2011 |
FFC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
Hybrid1
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
FB:
SHA256
HMAC
)
)
FC:
SHA256
HMAC
)
]
[ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#1571 DSA Val#563 RNG: non-compliant per the SP800-131A Rev. 1 transition DRBG Val#127 ECC:
(FUNCTIONS INCLUDED IN IMPLEMENTATION:
DPG
KPG
Key Regeneration
)
SCHEMES
[
FullUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
P-224
SHA256
HMAC
)
(
EC:
P-256
SHA256
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
]
"Security Builder FIPS Core provides application developers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and DRM modules." 10/01/11: Update implementation information; |
| 24 |
20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych
-Laurie Smith
|
Version 4.8.7 (Firmware) |
StrongARM-11 80200 600 MHz | 9/6/2011 |
ECC:
SCHEMES
[
EphemeralUnified
(
No_KC
<
KARole(s):
Initiator
/
Responder
>
)
(
EB:
K-233
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
B-283
SHA256
SHA384
SHA512
HMAC
)
(
ED:
K-409
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The Luna PCM/PCM KE/CA4 offer dedicated hardware key management to protect sensitive cryptographic keys from attack. Digital sign/verify operations are performed in the HSM to increase performance and maintain security. Cryptographic keys are backed up by a FIPS-approved algorithm and can be stored in software or replicated on one or more tokens." |
| 23 |
4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.2.1 (Firmware) |
AMCC PowerPC 440EPx | 8/3/2011 |
ECC:
SCHEMES
[
EphemeralUnified
(
EB:
P-224
SHA224
SHA256
SHA384
SHA512
HMAC
)
(
EC:
P-256
SHA256
SHA384
SHA512
HMAC
)
(
ED:
P-384
SHA384
SHA512
HMAC
)
(
EE:
P-521
HMAC
(SHA512, HMAC_SHA512)
)
)
]
"The K6 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." 11/08/11: Update implementation information; 01/05/12: Correction made to the tested information; |
| 22 |
1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 8800740013F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
| 21 |
1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 8800740012F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
| 20 |
1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 8800740010F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
| 19 |
1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 880074009F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
| 18 |
1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 880074007F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
| 17 |
1860 Hartog Drive San Jose, CA 95131-2203 USA -Jack Young
|
Version 03.00.0C (Firmware) Part # 880074006F |
NXP LPC3131 | 6/16/2011 |
ECC:
ASSURANCES
<
5.5.2:
#1
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#3
>
<
5.6.3.1:
#5
>
"The Spyrus FIPS Sector-based Encryption Module is a multifunctional USB security device combining security token and portable secure storage drive features with the strongest hardware-based encryption technology commercially available for protection of user data files." 06/27/11: Update implementation information; |
| 16 |
Triftweg 21-26 Birkenwerder, 16547 Germany -Dirk Rosenau
|
Version 1.1 (Firmware) |
Maxim IC0400 | 6/16/2011 |
FFC:
SCHEMES
[
dhEphem
(
KARole(s):
Responder
)
( FB: SHA256 ) ] SHS Val#1346 DSA Val#522 DRBG Val#61 "The firmware implementation of the FPmCryptoLibrary, which runs on an embedded hardware module, with a Maxim IC0400 processor. The cryptographic algortihm implementation is used in context of security critical services." |
| 15 | N/A | N/A | N/A | 6/7/2011 | N/A |
| 14 |
5520 Explorer Drive., 4th Floor Mississauga, Ontario L4W 5L1 Canada -Atsushi Yamada
-Kris Orr
|
Version 5.6 |
ARMv7 w/ QNX Neutrino 6.6 ; Intel Celeron N2820 w/ QNX Neutrino 6.6; Freescale P1010 w/ QNX Neutrino 6.5 | 4/8/2011 |
FFC:
ASSURANCES
<
5.5.2:
#1
,
#3
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.2:
#1
>
<
5.6.2.3:
#1
>
<
5.6.3.1:
,
#4
,
#5
>
<
5.6.3.2:
#1
,
#2
>
SCHEMES [ Hybrid1 ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ) FC: SHA256 HMAC ) ] [ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#1422 DSA Val#500 RNG: non-compliant per the SP800-131A Rev. 1 transition ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#1
>
<
5.6.3.1:
#4
#5
>
<
5.6.3.2:
#1
>
"Security Builder® FIPS Core provides application developpers with cryptographics tools to easily integrate encryption, digital signatures and other security mechanisms into C-based apps for FIPS 140-2 and Suite B security. It can also be used with Certicom''s PKI, IPSec SSL and DRM modules." 02/25/15: Added new tested information; |
| 13 |
2200 University Ave. E Waterloo, Ontario N2K 0A7 Canada -Security Certifications Team
|
Version 5.6 |
ARMv7 w/ BlackBerry Tablet OS | 4/8/2011 |
FFC:
ASSURANCES
<
5.5.2:
#1
,
#3
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.2:
#1
>
<
5.6.2.3:
#1
>
<
5.6.3.1:
,
#4
,
#5
>
<
5.6.3.2:
#1
,
#2
>
SCHEMES [ Hybrid1 ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ) FC: SHA256 HMAC ) ] [ dhEphem ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] [ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ] SHS Val#1421 DSA Val#499 RNG: non-compliant per the SP800-131A Rev. 1 transition ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#1
>
<
5.6.3.1:
#4
#5
>
<
5.6.3.2:
#1
>
"The BlackBerry Tablet Cryptographic Library is the software module that provides advanced cryptographic functionality to BlackBerry Tablets." |
| 12 |
Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.4 (Firmware) |
Bluefly Processor | 6/7/2011 |
FFC:
SCHEMES
[
dhEphem
(
KARole(s):
Responder
)
( FC: SHA256 ) ] SHS Val#1456 DSA Val#519 RNG: non-compliant per the SP800-131A Rev. 1 transition "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." 04/23/12: Updated vendor information; |
| 11 |
Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.3 (Firmware) |
Bluefly Processor | 2/24/2011 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1394 DSA Val#485 RNG: non-compliant per the SP800-131A Rev. 1 transition "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." 04/23/12: Updated vendor information; |
| 10 |
77 A Street Needham, MA 02494 USA -David Aylesworth
|
Version 1.0 (Firmware) |
RMI Alchemy MIPS Processon; Broadcom XLS Processor | 12/6/2010 |
FFC:
ASSURANCES
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Initiator / Responder ) ( FC: SHA256 ) ] SHS Val#1357 DRBG Val#66 ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#2
>
"The Fortress KAS Implementation suite works in unison to provide security to your wireless and wired networks." 11/06/14: Updated vendor and implementation information; |
| 9 |
Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.2 (Firmware) |
Bluefly Processor | 8/30/2010 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1315 RNG: non-compliant per the SP800-131A Rev. 1 transition "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." 04/23/12: Updated vendor information; |
| 8 |
5520 Explorer Drive., 4th Floor Mississauga, Ontario L4W 5L1 Canada -Rob Williams
-Atsushi Yamada
|
Version 2.8 |
Intel Pentium D w/ Red Hat Enterprise Linux AS 5.5 with SUN JRE 1.5.0; Intel Pentium D w/ Red Hat Enterprise Linux AS 5.5 with SUN JRE 1.6.0; Intel Xeon w/ Red Hat Enterprise Linux AS 5.5 x64 with SUN JRE 1.5.0; Intel Xeon w/ Red Hat Enterprise Linux AS 5.5 x64 with SUN JRE 1.6.0; SPARC v9 w/ Sun Solaris 10 (32-bit) with SUN JRE 1.5.0; SPARC v9 w/ Sun Solaris 10 (32-bit) with SUN JRE 1.6.0; SPARC v9 w/ Sun Solaris 10 (64-bit) with SUN JRE 1.5.0; SPARC v9 w/ Sun Solaris 10 (64-bit) with SUN JRE 1.6.0; Intel Xeon w/ MS-Windows Vista SP2 (32-bit) with SUN JRE 1.5.0; Intel Xeon w/ MS-Windows Vista SP2 (32-bit) with SUN JRE 1.6.0; Intel Xeon w/ MS-Windows Vista SP2 (64-bit) with SUN JRE 1.5.0; Intel Xeon w/ MS-Windows Vista SP2 (64-bit) with SUN JRE 1.6.0; Intel Xeon w/ MS-Windows 2008 Server SP2 (64-bit) with JRE 1.5.0; Intel Xeon w/ MS-Windows 2008 Server SP2 (64-bit) with JRE 1.6.0 | 6/30/2010 |
FFC:
ASSURANCES
<
5.5.2:
#2
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.2:
#1
>
<
5.6.2.3:
#1
>
SCHEMES SHS Val#1281 DSA Val#455 RNG: non-compliant per the SP800-131A Rev. 1 transition DRBG Val#52 ECC:
ASSURANCES
<
5.5.2:
#2
>
<
5.6.2.1:
#1
,
#3
>
<
5.6.2.1:
#1
>
<
5.6.2.3:
#1
>
"Java cryptographic toolkit." 10/12/10: Update vendor information; |
| 7 |
Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.1 (Firmware) |
Bluefly Processor | 4/26/2010 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1220 RNG: non-compliant per the SP800-131A Rev. 1 transition "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." 04/23/12: Updated vendor information; |
| 6 |
Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid
|
Version 2.0 (Firmware) |
Bluefly Processor | 3/17/2010 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1186 RNG: non-compliant per the SP800-131A Rev. 1 transition "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." |
| 5 |
805 E Middlefield Road Mountain View, CA 94109 USA -TA Ramanujam
|
Version 1.0 (Firmware) |
Cavium Networks OCTEON CN52XX Processor with NITROX CN16XX Security Processor | 1/7/2010 |
ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.1:
#3
>
<
5.6.2.1:
#1
>
<
5.6.3.1:
#5
>
"NITROX XL CN16XX-NFBE HSM (Hardware Security Module) Adapter family." |
| 4 |
450 Holger Way San Jose, CA 95134 USA -Murthy Vedula
|
Version BOS_AE57C1_v_2.1_1012 (Firmware) Part # AE57C1, Version 19 |
Renesas AE57C1 | 10/9/2009 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.1:
#1
,
#4
>
<
5.6.2.2:
#1
,
#3
>
<
5.6.3.1:
,
#4
>
SCHEMES [ dhStatic ( KC < KCRole(s): Recipient > < KCType(s): Unilateral > < KARole(s): Responder > ) ( FC: SHA256 HMAC ) ] SHS Val#982 RNG: non-compliant per the SP800-131A Rev. 1 transition "Renesas BOS software development framework is a mask ROM used for prototyping and mass production of embedded smart chip systems based on AE4XC/AE5XC/N2xx devices. BOS provides authentication and secure program download mechanism. Users can develop embedded applications using the BOS cryptographic, communication, and OS application interfaces." |
| 3 |
35 Waterview Drive Shelton, CT 06484-8000 USA -Robert Sisson
|
Version 01.00.0004 (Firmware) |
Sigma ASIC | 8/17/2009 |
ECC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#4
>
"The Pitney Bowes Cygnus X-3 Postal Security Device (PSD) is designed in compliance with FIPS 140-2 and IPMAR standards to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong cryptographic and physical security techniques for the protection of customer funds in Pitney Bowes Postage Metering products." |
| 2 |
227 Montcalm Suite 101 & 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid
|
Version 1.3 (Firmware) |
Bluefly Processor | 6/26/2009 |
FFC:
ASSURANCES
<
5.5.2:
#3
>
<
5.6.2.3:
#1
>
SCHEMES [ dhEphem ( KARole(s): Responder ) ( FC: SHA256 ) ] SHS Val#1042 RNG: non-compliant per the SP800-131A Rev. 1 transition "The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals." |
| 1 |
35 Waterview Drive Shelton, CT 06484-8000 USA -Robert Sisson
|
Version 03.00.0049 (Firmware) |
Sigma ASIC | 5/28/2009 |
ECC:
SCHEMES
[
EphemeralUnified
(
EC:
P-256
SHA256
HMAC
)
)
]
"The Pitney Bowes Cygnus X-3 Postal Security Device (PSD) is designed in compliance with FIPS 140-2 and IPMAR standards to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong cryptographic and physical security techniques for the protection of customer funds in Pitney Bowes Postage Metering products." |
Computer Security Division
National Institute of Standards and Technology