This section lists the algorithms that can be used in FIPS 140-2 mode and the algorithms that should be avoided.
To ensure that a consumer of the Cryptographic Framework is using a FIPS 140-2 validated algorithm, choose an algorithm from the following summary of validated algorithms, modes, and key lengths.
For the definitive lists of algorithms, review the security policy references in FIPS 140-2 Level 1 Guidance Documents for Oracle Solaris Systems.
AES – With the following modes and key lengths only:
CBC mode – 128-bit, 192-bit, and 256-bit key lengths
CCM mode – 128-bit, 192-bit, and 256-bit key lengths
CFB mode – 128-bit key length
CTR mode – 128-bit, 192-bit, and 256-bit key lengths
ECB mode – 128-bit, 192-bit, and 256-bit key lengths
GCM mode – 128-bit, 192-bit, and 256-bit key lengths
XTS mode – 128-bit and 256-bit key lengths, for data storage only
3DES – In CBC and ECB modes for keying option 1.
Diffie-Hellman – Used in key agreement, in 2048-bit to 5012-bit key lengths, userland Cryptographic Framework only.
Elliptic-Curve Diffie-Hellman (ECDH) – Allowed for use in key agreement in 2048-bit to 5012-bit key lengths, userland Cryptographic Framework only.
DSA – 2048-bit key length and longer.
ECC – With the following curves only. ECC contributes to ECDSA and ECDH. The first name is the NIST name; the second name is its equivalent in Oracle Solaris.
P-192 – secp192r1
P-224 – secp224r1
P-256 – secp256r1
P-384 – secp384r1
P-521 – secp521r1
B-163 – sect163r2
B-233 – sect233r1
B-283 – sect283r1
B-409 – sect409r1
B-571 – sect571r1
K-163 – sect163k1
K-233 – sect233k1
K-283 – sect283k1
K-409 – sect409k1
K-571 – sect571k1
HMAC SHA1 – Has no variants.
HMAC SHA2 – 224-bit to 512-bit key lengths.
ECDSA SHA1 – Signature verification.
RSA – 2048-bit key length and longer, with SHA1, and SHA2 with 256-bit to 512-bit key lengths.
SHA1 – Has no variants.
SHA2 – 224-bit to 512-bit key lengths.
SHA512/224 – A truncated version of SHA-512, where the initial values are generated by using the method described in Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4 (https://csrc.nist.gov/publications/detail/itl-bulletin/2012/05/secure-hash-standard-updated-specifications-approved-and-issued/final).
SHA512/256 – A truncated version of SHA-512, where the initial values are generated by using the method described in Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4.
swrand – Software entropy source the kernel Cryptographic Framework. Both kernel and userland have a NIST-approved DRBG (Deterministic Random Bit Generator). See Recommendation for Random Number Generation Using Deterministic Random Bit Generators (https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final).
intelrd – Hardware entropy source in the kernel Cryptographic Framework. Both kernel and userland have a NIST-approved DRBG (Deterministic Random Bit Generator). See Recommendation for Random Number Generation Using Deterministic Random Bit Generators.
The following algorithms with specified key lengths are allowed in a FIPS 140-2 configuration:
RSA key wrapping – Key lengths longer than 112 bits are allowed.
Diffie-Hellman key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.
Elliptic Curve Diffie-Hellman (ECDH) key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.
In FIPS 140-2 mode, you cannot use an algorithm from the following summarized list of algorithms even if the algorithm is implemented in the Cryptographic Framework or is a FIPS 140-2 validated algorithm for other providers.
For the definitive lists of algorithms, review the security policy references in FIPS 140-2 Level 1 Guidance Documents for Oracle Solaris Systems.
Two-key Triple-DES – Also written 3DES, is a weak algorithm that provides only 80 bits of security.
MD4 – Message Digest Algorithm 4, developed by Ronald Rivest in 1990, is a demonstrably vulnerable algorithm.
MD5 and HMAC MD5 – Message Digest Algorithm 5 can be used in FIPS 140-2 mode with TLS only.
The MD5 algorithm, developed by Ron Rivest in 1991, produces a 128-bit hash value. MD5 is commonly used to verify data integrity. MD5 is not suitable for applications like SSL certificates or digital signatures that rely on collision resistance for digital security.
RC4 – Also known as ARCFOUR or ARC4, RC4 is a software stream cipher that is used in Transport Layer Security (TLS) to protect Internet traffic, and in WEP to secure wireless networks. RC4 is demonstrably vulnerable when the beginning of the output keystream is not discarded or when keys are not random.
AES – Modes not explicitly validated, such as XCBC-MAC and CTS.
Blowfish – A symmetric key block cipher, designed in 1993 by Bruce Schneier, that is not proprietary.
Camellia – Developed in Japan, is comparable to AES, and is designed to be suitable for both software and hardware implementations, from low-cost smart cards to high-speed network systems.
DES – Data Encryption Standard, developed by IBM, was published as an U.S. Federal Information Processing Standard (FIPS) in 1977. In today's computing environment, its 56-bit key length is weak.
DSA key generation – The 512-bit and 1024-bit key lengths are weak. Longer key lengths are validated for FIPS 140-2.
DSA signature generation – The 512-bit and 1024-bit key lengths are weak. Longer key lengths are validated for FIPS 140-2.
DSA signature verification – The 512-bit key length is weak. Longer key lengths are validated for FIPS 140-2.
RSA signature generation – The 256-bit, 512-bit, and 1024-bit key lengths are weak. Longer key lengths are validated for FIPS 140-2.
RSA signature verification – The 256-bit and 512-bit key lengths are weak. Longer key lengths are validated for FIPS 140-2.
RSA key wrapping – The key lengths less than 112 bits are weak. Longer key lengths are allowed for FIPS 140-2.
Diffie-Hellman – Key lengths less than 112 bits are weak. Longer key lengths are allowed for key agreement, userland Cryptographic Framework only.
ECDH – Key lengths less than 112 bits are weak. Longer key lengths are allowed for key agreement, userland Cryptographic Framework only.
The security policies in the following table provide a complete list of cryptographic mechanisms that are validated to run in FIPS 140-2 mode on Oracle Solaris.
|
The following FIPS 140-2 standard document and transitions document provide guidance about the FIPS 140-2 process and deprecated or restricted algorithms and their weaker variants: