Module Name

Tavve Cryptographic Module

Standard

FIPS 140-2

Status

Active

Sunset Date

12/7/2021

Validation Dates

03/24/2017;03/30/2017

Overall Level

1

Caveat

When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #2804.

Security Level Exceptions

• Physical Security: N/A

Module Type

Software

Embodiment

Multi-Chip Stand Alone

Description

The Tavve Cryptographic Module provides cryptographic functions for Tavve's ZoneRanger and Ranger Gateway applications.

Tested Configuration(s)

• Java SE Runtime Environment v8 (1.8.0) on CentOS 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode)

FIPS Algorithms

AES	Cert. #3756
CVL	Certs. #704, #705 and #706
DRBG	Cert. #1031
DSA	Cert. #1043
ECDSA	Cert. #804
HMAC	Cert. #2458
KAS	Cert. #73
KAS	SP 800-56Arev2, vendor affirmed
KBKDF	Cert. #78
KTS	vendor affirmed
KTS	AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS	Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength
PBKDF	vendor affirmed
RSA	Cert. #1932
SHA-3	Cert. #3
SHS	Cert. #3126
Triple-DES	Cert. #2090

Other Algorithms

Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL

Software Versions

6.0