Go to main content

Using a FIPS 140-2 Enabled System in Oracle® Solaris 11.4

Exit Print View

Updated: May 2019
 
 

FIPS 140-2 Algorithm Lists and Certificate References for Oracle Solaris Systems

This section lists the algorithms that can be used in FIPS 140-2 mode and the algorithms that should be avoided.


Note -  >These lists are provided for convenience only. For the official list, see Figure 1, Table 1, FIPS 140-2 Certificates and Security Policies for Provider Modules in Oracle Solaris.

FIPS 140-2 Algorithms in the Cryptographic Framework

To ensure that a consumer of the Cryptographic Framework is using a FIPS 140-2 validated algorithm, choose an algorithm from the following summary of validated algorithms, modes, and key lengths.

For the definitive lists of algorithms, review the security policy references in FIPS 140-2 Level 1 Guidance Documents for Oracle Solaris Systems.


Note -  The key length of an algorithm can be significant. Shorter key lengths might not be validated for FIPS 140-2.

    The following algorithms with specified key lengths are allowed in a FIPS 140-2 configuration:

  • RSA key wrapping – Key lengths longer than 112 bits are allowed.

  • Diffie-Hellman key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.

  • Elliptic Curve Diffie-Hellman (ECDH) key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.

Algorithms That Are Not Approved for FIPS 140-2 in the Cryptographic Framework

In FIPS 140-2 mode, you cannot use an algorithm from the following summarized list of algorithms even if the algorithm is implemented in the Cryptographic Framework or is a FIPS 140-2 validated algorithm for another provider.

    For the definitive lists of algorithms, review the security policy references in FIPS 140-2 Level 1 Guidance Documents for Oracle Solaris Systems.

  • Two-key Triple-DES – A weak algorithm that provides only 80 bits of security.

  • MD5 and HMAC MD5 – Message Digest Algorithm 5 can be used in FIPS 140-2 mode with TLS only.

    The MD5 algorithm, developed by Ron Rivest in 1991, produces a 128-bit hash value. MD5 is commonly used to verify data integrity. MD5 is not suitable for applications like SSL certificates or digital signatures that rely on collision resistance for digital security.

  • RC4 – Also known as ARCFOUR or ARC4, RC4 is a software stream cipher that is used in Transport Layer Security (TLS) to protect Internet traffic, and in WEP to secure wireless networks. RC4 is demonstrably vulnerable when the beginning of the output keystream is not discarded or when keys are not random.

  • AES – Modes not explicitly validated, such as XCBC-MAC, XCBC-MAC-96, CMAC, and CTS.

  • Blowfish – A symmetric key block cipher, designed in 1993 by Bruce Schneier, that is not proprietary.

  • Camellia – Developed in Japan, is comparable to AES, and is designed to be suitable for both software and hardware implementations, from low-cost smart cards to high-speed network systems.

  • DES – Data Encryption Standard, developed by IBM, was published as an U.S. Federal Information Processing Standard (FIPS) in 1977. In today's computing environment, its 56-bit key length is weak.

  • DSA key generation – The 512-bit and 1024-bit key lengths are weak. Longer key lengths are validated for userland Cryptographic Framework only.

  • DSA signature generation – The 512-bit and 1024-bit key lengths are weak. Longer key lengths are validated for userland Cryptographic Framework only.

  • DSA signature verification – The 512-bit key length is weak. Longer key lengths are validated for userland Cryptographic Framework only.

  • SHA3 – All variants.

  • RSA key wrapping – The key lengths less than 112 bits are weak. Longer key lengths are allowed for FIPS 140-2.

  • RSA signature generation – The 256-bit, 512-bit, and 1024-bit key lengths are weak. Longer key lengths are validated for FIPS 140-2.

  • RSA signature verification – The 256-bit and 512-bit key lengths are weak. Longer key lengths are validated for FIPS 140-2.

  • Diffie-Hellman – Key lengths less than 112 bits are weak. Longer key lengths are allowed for key agreement, userland Cryptographic Framework only.

  • ECDH – Key lengths less than 112 bits are weak. Longer key lengths are allowed for key agreement, userland Cryptographic Framework only.

FIPS 140-2 Level 1 Guidance Documents for Oracle Solaris Systems

The security policies in the following table provide a complete list of cryptographic mechanisms that are validated to run in FIPS 140-2 mode on Oracle Solaris.

Table 1  FIPS 140-2 Certificates and Security Policies for Provider Modules in Oracle Solaris
Certificate
Provider Module
Security Policy
2698
2699
3335