Module Name
VMware's IKE Crypto Module
Validation Dates
04/19/2019;02/21/2020;06/15/2020
Caveat
When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The VMware's IKE Crypto Module v1.1.0 is a general-purpose cryptographic module that provides FIPS-Approved cryptographic functions and services to various VMware's products and components.
Tested Configuration(s)
- PhotonOS 2.0 on ESXi 6.7 running on a Dell PowerEdge R740 with an Intel Xeon 6126 with PAA
- PhotonOS 2.0 on ESXi 6.7 running on a Dell PowerEdge R740 with an Intel Xeon 6126 without PAA
- Ubuntu 16.04 on ESXi 6.7 running on a Dell PowerEdge R740 with an Intel Xeon 6126 with PAA
- Ubuntu 16.04 on ESXi 6.7 running on a Dell PowerEdge R740 with an Intel Xeon 6126 without PAA
- Ubuntu 16.04 on ESXi 7.0 running on a Dell PowerEdge R740 with an Intel Xeon Gold 6126 with PAA
- Ubuntu 16.04 on ESXi 7.0 running on a Dell PowerEdge R740 with an Intel Xeon Gold 6126 without PAA
- Ubuntu 18.04 on ESXi 7.0 running on a Dell PowerEdge R740 with an Intel Xeon Gold 6126 with PAA
- Ubuntu 18.04 on ESXi 7.0 running on a Dell PowerEdge R740 with an Intel Xeon Gold 6126 without PAA (single-user mode)
- VMware SD-WAN OS 3.3 on ESXi 6.7 running on a Dell PowerEdge R740 with an Intel Xeon 6126 with PAA
- VMware SD-WAN OS 3.3 on ESXi 6.7 running on a Dell PowerEdge R740 with an Intel Xeon 6126 without PAA
- VMware SD-WAN OS 3.3 running on a VMware SD-WAN Edge 3800 with an Intel Xeon D-2187NT with PAA
- VMware SD-WAN OS 3.3 running on a VMware SD-WAN Edge 3800 with an Intel Xeon D-2187NT without PAA
- VMware SD-WAN OS 3.3 running on a VMware SD-WAN Edge 610 with an Intel Atom C3308 with PAA
- VMware SD-WAN OS 3.3 running on a VMware SD-WAN Edge 610 with an Intel Atom C3308 without PAA
- VMware SD-WAN OS 4.0 on ESXi 7.0 running on a Dell PowerEdge R640 with an Intel Xeon Gold 5218 with PAA
- VMware SD-WAN OS 4.0 on ESXi 7.0 running on a Dell PowerEdge R640 with an Intel Xeon Gold 5218 without PAA
FIPS Algorithms
AES |
Cert. #C460 |
CKG |
vendor affirmed |
CVL |
Cert. #C460 |
DRBG |
Certs. #C460 and #C461 |
DSA |
Cert. #C460 |
ECDSA |
Cert. #C460 |
HMAC |
Cert. #C460 |
KTS |
AES Cert. #C460; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
vendor affirmed |
PBKDF |
vendor affirmed |
RSA |
Cert. #C460 |
SHS |
Cert. #C460 |
Triple-DES |
Cert. #C460 |
Allowed Algorithms
MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)