FIPS 140-2 Algorithms in the Cryptographic Framework

To ensure that a consumer of the Cryptographic Framework is using a FIPS 140-2 validated algorithm, choose an algorithm from the following summary of validated algorithms, modes, and key lengths.

For the definitive lists of algorithms, review the security policy references in FIPS 140-2 Level 1 Guidance Documents for Oracle Solaris Systems.

Note:

The key length of an algorithm can be significant. Shorter key lengths might not be validated for FIPS 140-2.

• AES – With the following modes and key lengths only:

  • CBC mode – 128-bit, 192-bit, and 256-bit key lengths

  • CCM mode – 128-bit, 192-bit, and 256-bit key lengths

  • CFB mode – 128-bit key length

  • CTR mode – 128-bit, 192-bit, and 256-bit key lengths

  • ECB mode – 128-bit, 192-bit, and 256-bit key lengths

  • GCM mode – 128-bit, 192-bit, and 256-bit key lengths

  • XTS mode – 256-bit and 512-bit key lengths, for storage only

• DSA – 2048-bit key length and longer.

• ECC – With the following curves only. ECC contributes to ECDSA and ECDH. The first name is the NIST name; the second name is its equivalent in Oracle Solaris.

  • P-224 – secp224r1

  • P-256 – secp256r1

  • P-384 – secp384r1

  • P-521 – secp521r1

  • B-233 – sect233r1

  • B-283 – sect283r1

  • B-409 – sect409r1

  • B-571 – sect571r1

  • K-233 – sect233k1

  • K-283 – sect283k1

  • K-409 – sect409k1

  • K-571 – sect571k1

• HMAC SHA1 – Has no variants.

• HMAC SHA2 – 224-bit to 512-bit key lengths.

• ECDSA SHA1 – Signature verification.

• ECDSA SHA2 – Key generation and signature generation and verification.

• RSA – 2048-bit key length and longer, with SHA1, and SHA2 with 256-bit to 512-bit key lengths.

• SHA1 – Has variants for non-security use cases only.

• SHA2 – 224-bit to 512-bit key lengths.

• SHA512/224 – A truncated version of SHA-512, where the initial values are generated by using the method described in Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4 (https://csrc.nist.gov/publications/detail/itl-bulletin/2012/05/secure-hash-standard-updated-specifications-approved-and-issued/final).

• SHA512/256 – A truncated version of SHA-512, where the initial values are generated by using the method described in Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4.

• swrand – Software entropy source the kernel Cryptographic Framework. Both kernel and userland have a NIST-approved DRBG (Deterministic Random Bit Generator). See Recommendation for Random Number Generation Using Deterministic Random Bit Generators (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf).

• intelrd – Hardware entropy source in the kernel Cryptographic Framework. Both kernel and userland have a NIST-approved DRBG (Deterministic Random Bit Generator). See Recommendation for Random Number Generation Using Deterministic Random Bit Generators.

The following algorithms with specified key lengths are allowed in a FIPS 140-2 configuration:

• RSA key wrapping – Key lengths longer than 112 bits are allowed.

• Diffie-Hellman key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.

• Elliptic Curve Diffie-Hellman (ECDH) key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.