FIPS 140-2 Algorithms in the Cryptographic Framework
To ensure that a consumer of the Cryptographic Framework is using a FIPS 140-2 validated algorithm, choose an algorithm from the following summary of validated algorithms, modes, and key lengths.
For the definitive lists of algorithms, review the security policy references in FIPS 140-2 Level 1 Guidance Documents for Oracle Solaris Systems.
Note:
The key length of an algorithm can be significant. Shorter key lengths might not be validated for FIPS 140-2.-
AES – With the following modes and key lengths only:
-
CBC mode – 128-bit, 192-bit, and 256-bit key lengths
-
CCM mode – 128-bit, 192-bit, and 256-bit key lengths
-
CFB mode – 128-bit key length
-
CTR mode – 128-bit, 192-bit, and 256-bit key lengths
-
ECB mode – 128-bit, 192-bit, and 256-bit key lengths
-
GCM mode – 128-bit, 192-bit, and 256-bit key lengths
-
XTS mode – 256-bit and 512-bit key lengths, for storage only
-
-
DSA – 2048-bit key length and longer.
-
ECC – With the following curves only. ECC contributes to ECDSA and ECDH. The first name is the NIST name; the second name is its equivalent in Oracle Solaris.
-
P-224 –
secp224r1
-
P-256 –
secp256r1
-
P-384 –
secp384r1
-
P-521 –
secp521r1
-
B-233 –
sect233r1
-
B-283 –
sect283r1
-
B-409 –
sect409r1
-
B-571 –
sect571r1
-
K-233 –
sect233k1
-
K-283 –
sect283k1
-
K-409 –
sect409k1
-
K-571 –
sect571k1
-
-
HMAC SHA1 – Has no variants.
-
HMAC SHA2 – 224-bit to 512-bit key lengths.
-
ECDSA SHA1 – Signature verification.
-
ECDSA SHA2 – Key generation and signature generation and verification.
-
RSA – 2048-bit key length and longer, with SHA1, and SHA2 with 256-bit to 512-bit key lengths.
-
SHA1 – Has variants for non-security use cases only.
-
SHA2 – 224-bit to 512-bit key lengths.
-
SHA512/224 – A truncated version of SHA-512, where the initial values are generated by using the method described in Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4 (https://csrc.nist.gov/publications/detail/itl-bulletin/2012/05/secure-hash-standard-updated-specifications-approved-and-issued/final).
-
SHA512/256 – A truncated version of SHA-512, where the initial values are generated by using the method described in Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4.
-
swrand
– Software entropy source the kernel Cryptographic Framework. Both kernel and userland have a NIST-approved DRBG (Deterministic Random Bit Generator). See Recommendation for Random Number Generation Using Deterministic Random Bit Generators (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf). -
intelrd
– Hardware entropy source in the kernel Cryptographic Framework. Both kernel and userland have a NIST-approved DRBG (Deterministic Random Bit Generator). See Recommendation for Random Number Generation Using Deterministic Random Bit Generators.
The following algorithms with specified key lengths are allowed in a FIPS 140-2 configuration:
-
RSA key wrapping – Key lengths longer than 112 bits are allowed.
-
Diffie-Hellman key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.
-
Elliptic Curve Diffie-Hellman (ECDH) key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.