Module Name
BC-FNA (Bouncy Castle FIPS .NET API)
Validation Dates
11/14/2016
Caveat
When installed, initialized and configured as specified in the Security Policy Section 8 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well.
Tested Configuration(s)
- Windows 10 Enterprise on .NET framework 4.6.1 running on a Lenovo Flex 3
- Windows 10 Pro on .NET framework 4.6.1 running on an Asus T100HA (single-user mode)
- Windows 7.0 SP1 on .NET framework 4.5.2 running on HP Zbook 14 G2
- Windows 8.1 Pro on .NET framework 4.5.2 running on a HP Zbook 14 G2
FIPS Algorithms
AES |
Cert. #4015 |
CVL |
Certs. #837, #838, #839 and #875 |
DRBG |
Cert. #1194 |
DSA |
Cert. #1087 |
ECDSA |
Cert. #894 |
HMAC |
Cert. #2618 |
KAS |
Cert. #89 |
KAS |
SP 800-56Arev2 with CVL Cert. #875, vendor affirmed |
KTS |
AES Cert. #4015; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
Triple-DES Cert. #2199; key establishment methodology provides 112 bits of encryption strength |
KTS |
vendor affirmed |
PBKDF |
vendor affirmed |
RSA |
Cert. #2059 |
SHA-3 |
Cert. #5 |
SHS |
Cert. #3312 |
Triple-DES |
Cert. #2199 |
Other Algorithms
EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ARC4; Camellia; ChaCha; ElGamal; NewHope; OpenSSL PBKDF; PKCS#12 PBKDF; Poly1305; SEED; Serpent; SPHINCS-256.