To ensure that a consumer of the Cryptographic Framework is using a FIPS 140-validated algorithm, choose an algorithm from the following summary of validated algorithms, modes, and key lengths.
For the definitive lists of algorithms, study the security policy references in FIPS 140-2 Level 1 Certificate References for Oracle Solaris Systems.
AES – With the following modes and key lengths only.
CBC mode – 128-bit, 192-bit, and 256-bit key lengths.
CCM mode – 128-bit, 192-bit, and 256-bit key lengths.
CFB mode – 128-bit key length.
CTR mode – 128-bit, 192-bit, and 256-bit key lengths.
ECB mode – 128-bit, 192-bit, and 256-bit key lengths.
GCM mode – 128-bit, 192-bit, and 256-bit key lengths.
GMAC mode – 128-bit, 192-bit, and 256-bit key lengths.
XTS mode – 256-bit and 512-bit key lengths, kernel Cryptographic Framework only.
3DES – In CBC and ECB modes for keying option 1.
Diffie-Hellman – Used in key agreement, in 2048-bit to 5012-bit key lengths, userland Cryptographic Framework only.
DSA – 2048-bit key length and longer.
ECC – With the following curves only. The first name is the NIST name; the second name is its equivalent in Oracle Solaris.
P-192 – secp192r1
P-224 – secp224r1
P-256 – secp256r1
P-384 – secp384r1
P-521 – secp521r1
B-163 – sect163r2
B-233 – sect233r1
B-283 – sect283r1
B-409 – sect409r1
B-571 – sect571r1
K-163 – sect163k1
K-233 – sect233k1
K-283 – sect283k1
K-409 – sect409k1
K-571 – sect571k1
Elliptic-Curve Diffie-Hellman – Used in key agreement, in 2048-bit to 5012-bit key lengths, userland Cryptographic Framework only.
HMAC SHA1 – Has no variants.
HMAC SHA2 – 224-bit to 512-bit key lengths.
RSA – 2048-bit key length and longer, with SHA1, and SHA2 with 256-bit to 512-bit key lengths.
SHA1 – Has no variants.
SHA2 – 224-bit to 512-bit key lengths.
swrand – Random number generator in kernel Cryptographic Framework. Userland has a FIPS 186-2 random number generator.