Export (0) Print
Expand All

FIPS 140 Validation

Updated: May 2014

Introduction

This document provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard, Federal Information Processing Standard (FIPS) 140 – Security Requirements for Cryptographic Modules [FIPS 140].

Audience

This document is primarily focused on providing information for three parties:

Procurement Officer – Responsible for verifying that Microsoft products (or even third-party applications) are either FIPS 140 validated or utilize a Microsoft FIPS 140 validated cryptographic module.

System Integrator – Responsible for ensuring that Microsoft Products are configured properly to use only FIPS 140 validated cryptographic modules.

Software Developer – Responsible for building software products that utilize Microsoft FIPS 140 validated cryptographic modules.

Document Map

This document is broken into seven major sections:

FIPS 140 Overview – Provides an overview of the FIPS 140 standard as well as provides some historical information about the standard.

Microsoft Product Validation (Information for Procurement Officers and Auditors) – Provides information on how Microsoft products are FIPS 140 validated.

Information for System Integrators – Describes how to configure and verify that Microsoft Products are being used in a manner consistent with the product’s FIPS 140 Security Policy.

Information for Software Developers – Identifies how developers can leverage the Microsoft FIPS 140 validated cryptographic modules.

FAQ – Frequently Asked Questions.

Microsoft FIPS 140 Validated Cryptographic Modules – Explains Microsoft cryptographic architecture and identifies specific modules that are FIPS 140 validated.

Cryptographic Algorithms – Lists the cryptographic algorithm, modes, states, key sizes, Windows versions, and corresponding cryptographic algorithm validation certificates.

FIPS 140 Overview

FIPS 140 Standard

FIPS 140 is a US government and Canadian government standard that defines a minimum set of the security requirements for products that implement cryptography. This standard is designed for cryptographic modules that are used to secure sensitive but unclassified information. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment of Canada (CSEC).

The current standard defines four-levels of increasing security, 1 through 4. Most software products (including all Microsoft products) are tested against the Level 1 security requirements.

Applicability of the FIPS standard

Within the US Federal government, the FIPS 140 standard applies to any security system (whether hardware, firmware, software, or a combination thereof) to be used by agencies for protecting sensitive but unclassified information. Some agencies have expanded its use by requiring that the modules to be procured for secret systems also meet the FIPS 140 requirements.

The FIPS 140 standard has also been used by different standards bodies, specification groups, nations, and private institutions as a requirement or guideline for those products (e.g. – Digital Cinema Systems Specification).

History of 140-1

FIPS 140-1 is the original working version of the standard made official on January 11, 1994. The standard remained in effect until FIPS 140-2 became mandatory for new products on May 25, 2002.

FIPS 140-2

FIPS 140-2 is currently the active version of the standard.

Microsoft FIPS Support Policy

Microsoft actively maintains FIPS 140 validation for its cryptographic modules.

FIPS Mode of Operation

The common term “FIPS mode” is used in this document and Security Policy documents. When a cryptographic module contains both FIPS-approved and non-FIPS approved security methods, it must have a "FIPS mode of operation" to ensure only FIPS-approved security methods may be used. When a module is in "FIPS mode", a non-FIPS approved method cannot be used instead of a FIPS-approved method.


Microsoft Product Validation (Information for Procurement Officers and Auditors)

This section provides information for Procurement Officers and Auditors who are responsible for ensuring that Microsoft products with FIPS 140 validated cryptographic modules are used in their organization. The goal of this section is to provide an overview of the Microsoft developed products and modules and explain how the validated cryptographic modules are used.

Microsoft Product Relationship with CNG and CAPI libraries

Rather than validate individual components and products, Microsoft chooses to validate only the underlying cryptographic modules. Subsequently, many Windows components and Microsoft products are built to rely on the Cryptographic API: Next Generation (CNG) and legacy Cryptographic API (CAPI) FIPS 140 validated cryptographic modules. Windows components and Microsoft products use the documented application programming interfaces (APIs) for each of the modules to access various cryptographic services.

The following list contains some of the Windows components and Microsoft products that rely on FIPS 140 validated cryptographic modules:

  • Schannel Security Package
  • Remote Desktop Protocol (RDP) Client
  • Encrypting File System (EFS)
  • Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
  • BitLocker® Drive Full-volume Encryption (Windows Vista, Windows Server 2008, or later)
  • IPsec Settings of Windows Firewall (Windows Vista SP1, Windows Server 2008, or later)

Information for System Integrators

This section provides information for System Integrators and Auditors who are responsible for deploying Microsoft products in a manner consistent with the product’s FIPS 140 Security Policy.

There are two steps to ensure that Microsoft products operate in FIPS mode:

  1. Selecting/Installing FIPS 140 validated cryptographic modules
  2. Setting FIPS local/group security policy flag.

Step 1 – Selecting/Installing FIPS 140 Validated Cryptographic Modules

Systems Integrators must ensure that all cryptographic modules installed are, in fact, FIPS 140 validated. This can be accomplished by cross-checking the version number of the installed module with the list of validated binaries. The list of validated CAPI binaries is identified in the CAPI Validated Cryptographic Modules section below and the list of validated CNG binaries is identified in the CNG Validated Cryptographic Modules section below. There are similar sections for all other validated cryptographic modules.

The version number of the installed binary is found by right-clicking the module file and clicking on the Version or Details tab. Cryptographic modules are stored in the "windows\system32" or "windows\system32\drivers" directory.

Step 2 – Setting FIPS Local/Group Security Policy Flag

The Windows operating system provides a group (or local) security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing”, which is used by many Microsoft products to determine whether to operate in a FIPS-approved mode. When this policy is set, the validated cryptographic modules in Windows will also operate in a FIPS-approved mode.

Note – There is no enforcement of the FIPS policy by the operating system or the validated cryptographic modules. Instead, each individual application must check this flag and enforce the Security Policy of the validated cryptographic modules.

Instructions on Setting the FIPS Local/Group Security Policy Flag

While there are alternative methods for setting the FIPS local/group security policy flag, the following method is included as a guide to users with Administrative privileges. This description is for the Local Security Policy, but the Group Security Policy may be set in a similar manner.

  1. Open the 'Run' menu by pressing the combination 'Windows Key + R'.
  2. Type 'secpol.msc' and press 'Enter' or click the 'Ok' button.
  3. In the Local Security Policy management console window that opens, use the left tab to navigate to the Local Policies -> Security Options.
  4. Scroll down the right pane and double-click 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing'.
  5. In the properties window, select the 'Enabled' option and click the 'Apply' button.

Microsoft Components and Products That Utilize FIPS Local/Group Security Policy

The following list details some of the Microsoft components that use the cryptographic functionality implemented by either CNG or legacy CAPI. When the FIPS Local/Group Security Policy is set, the following components will enforce the validated module Security Policy.

  • Schannel Security Package
  • Remote Desktop Protocol (RDP) Client
  • Encrypting File System (EFS)
  • Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
  • BitLocker® Drive Full-volume Encryption (Windows Vista, Windows Server 2008, or later)
  • IPsec Settings of Windows Firewall (Windows Vista SP1, Windows Server 2008 or later)

Effects of Setting FIPS Local/Group Security Policy Flag

When setting the FIPS local/group security policy flag, the behavior of several Microsoft components and products are affected. The most noticeable difference will be that the components enforcing this setting will only use those algorithms approved or allowed in FIPS mode. The specific changes to the products listed above are:

  • Schannel Security Package forced to negotiate sessions using TLS1.0. The following supported Cipher Suites are disabled:
    • TLS_RSA_WITH_RC4_128_SHA
    • TLS_RSA_WITH_RC4_128_MD5
    • SSL_CK_RC4_128_WITH_MD5
    • SSL_CK_DES_192_EDE3_CBC_WITH_MD5
    • TLS_RSA_WITH_NULL_MD5
    • TLS_RSA_WITH_NULL_SHA
  • The set of cryptographic algorithms that a Remote Desktop Protocol (RDP) server will use is scoped to:
    • CALG_RSA_KEYX - RSA public key exchange algorithm
    • CALG_3DES - Triple DES encryption algorithm
    • CALG_AES_128 - 128 bit AES
    • CALG_AES_256 - 256 bit AES
    • CALG_SHA1 - SHA hashing algorithm
    • CALG_SHA_256 - 256 bit SHA hashing algorithm
    • CALG_SHA_384 - 384 bit SHA hashing algorithm
    • CALG_SHA_512 - 512 bit SHA hashing algorithm
  • Any Microsoft .NET Framework applications, such as Microsoft ASP.NET or Windows Communication Foundation (WCF), only allow algorithm implementations that are validated to FIPS 140, meaning only classes that end in "CryptoServiceProvider" or "Cng" can be used. Any attempt to create an instance of other cryptographic algorithm classes or create instances that use non-allowed algorithms will cause an InvalidOperationException exception.
  • Verification of ClickOnce applications fails unless the client computer has .NET Framework 2.0 SP1 or later service pack installed or .NET Framework 3.5 or later installed.
  • On Windows Vista and Windows Server 2008 and later, BitLocker Drive Encryption will switch from AES-128 using the elephant diffuser to using the approved AES-256 encryption. Recovery passwords are not created or backed up. Instead, backup a recovery key on a local drive or on a network share. To use the recovery key, put the key on a USB device and plug the device into the computer.

Please be aware that selection of FIPS mode can limit product functionality (See http://support.microsoft.com/kb/811833).

Information for Software Developers

This section is targeted at developers who wish to build their own applications using the FIPS 140 validated cryptographic modules.

Each of the validated cryptographic modules defines a series of rules that must be followed. The security rules for each validated cryptographic module are specified in the Security Policy document. Links to each of the Security Policy documents is provided in the Microsoft FIPS 140 Validated Cryptographic Modules section below. Generally, the restriction in Microsoft validated cryptographic modules is limiting the use of cryptography to only FIPS Approved cryptographic algorithms, modes, and key sizes.

Using Microsoft Cryptographic Modules in a FIPS mode of operation

No matter whether developing with native languages or using .NET, it is important to first check whether the CNG modules for the target system are FIPS validated. The list of validated CNG binaries is identified in the CNG Validated Cryptographic Modules section.

When developing using CNG directly, it is the responsibility of the developer to follow the security rules outlined in the FIPS 140 Security Policy for each module. The security policy for each module is provided on the CMVP website. Links to each of the Security Policy documents is provided in the tables below. It is important to remember that setting the FIPS local/group security policy Flag (discussed above) does not affect the behavior of the modules when used for developing custom applications.

If you are developing your application using .NET instead of using the native libraries, then setting the FIPS local policy flag will generate an exception when an improper .NET class is used for cryptography (i.e. the cryptographic classes whose names end in "Managed"). The names of these allowed classes end with "Cng", which use the CNG binaries or "CryptoServiceProvider", which use the legacy CAPI binaries.

Key Strengths and Validity Periods

NIST Special Publication 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, dated January 2011, [SP 800-131A], offers guidance for moving to stronger cryptographic keys and algorithms. This does not replace NIST SP 800-57, Recommendation for Key Management Part 1: General, [SP 800-57], but gives more specific guidance. One of the most important topics discussed in these publications deals with the key strengths of FIPS Approved algorithms and their validity periods. When developing applications that use FIPS Approved algorithms, it is also extremely important to select appropriate key sizes based on the security lifetimes recommended by NIST.

FIPS 140 FAQ

The following are answers to commonly asked questions for the FIPS 140-2 validation of Microsoft products.

  1. How does FIPS 140 relate to the Common Criteria?
    Answer: These are two separate security standards with different, but complementary, purposes. FIPS 140 is a standard designed specifically for validating product modules that implement cryptography. On the other hand, Common Criteria is designed to help evaluate security functions in IT products.
    In many cases, Common Criteria evaluations will rely on FIPS 140 validations to provide assurance that cryptographic functionality is implemented properly.
  2. How does FIPS 140 relate to Suite B?
    Answer: Suite B is simply a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information.
    The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140 standard.
  3. There are so many modules listed on the NIST website for each release, how are they related and how do I tell which one applies to me?
    Answer: Microsoft strives to validate all releases of its cryptographic modules. Each module provides a different set of cryptographic algorithms. If you are required to use only FIPS validated cryptographic modules, you simply need to verify that the version being used appears on the validation list.
    Please see the Microsoft FIPS 140 Validated Cryptographic Modulessection for a complete list of Microsoft validated modules.
  4. My application links against crypt32.dll, cryptsp.dll, advapi32.dll, bcrypt.dll, bcryptprimitives.dll, or ncrypt.dll. What do I need to do to assure I’m using FIPS 140 validated cryptographic modules?
    Answer: crypt32.dll, cryptsp.dll, advapi32.dll, and ncrypt.dll are intermediary libraries that will offload all cryptographic operations to the FIPS validated cryptographic modules. Bcrypt.dll itself is a validated cryptographic module for Windows Vista and Windows Server 2008. For Windows 7 and Windows Server 2008 R2 and later, bcryptprimitives.dll is the validated module, but bcrypt.dll remains as one of the libraries to link against.
    You must first verify that the underlying CNG cryptographic module is validated. Once verified, you'll need to confirm that you're using the module correctly in FIPS mode (See Information for Software Developers section for details).
  5. What does "When operated in FIPS mode" mean on certificates?
    Answer: This caveat identifies that a required configuration and security rules must be followed in order to use the cryptographic module in a manner consistent with its FIPS 140 Security Policy. The security rules are defined in the Security Policy for the module and usually revolve around using only FIPS Approved cryptographic algorithms and key sizes. Please see the Security Policy for the specific security rules for each cryptographic module (See Microsoft FIPS 140 Validated Cryptographic Modules section for links to each policy).
  6. Which FIPS validated module is called when Windows 7 or Windows 8 is configured to use the FIPS setting in the wireless configuration?
    Answer: CNG is used. This setting tells the wireless driver to call FIPS 140-2 validated cryptographic modules instead of using the driver’s own cryptography, if any.
  7. Is BitLocker to Go FIPS 140-2 validated?
    Answer: There are two separate parts for BitLocker to Go. One part is simply a native feature of BitLocker and as such, it uses FIPS 140-2 validated cryptographic modules. The other part is the BitLocker to Go Reader application for down-level support of older operating systems such as Windows XP and Windows Vista. The Reader application does not use FIPS 140-2 validated cryptographic modules.
  8. Are applications FIPS 140-2 validated?
    Answer: Microsoft only has low-level cryptographic modules in Windows FIPS 140-2 validated, not high-level applications. A better question is whether a certain application calls a FIPS 140-2 validated cryptographic module in the underlying Windows OS. That question needs to be directed to the company/product group that created the application of interest.
  9. How can Systems Center Operations Manager 2012 be configured to use FIPS 140-2 validated cryptographic modules?
    Answer: See http://technet.microsoft.com/en-us/library/hh914094.aspx

Microsoft FIPS 140 Validated Cryptographic Modules

Overview of CNG

With Windows Vista came the introduction of Cryptographic API: Next Generation (CNG), which provides a new API to use both kernel and user space cryptography. It replaced the legacy Microsoft Cryptography API (CAPI), which has been deprecated. Developers should use the new CNG APIs. In Windows Vista and Windows Server 2008, user mode applications directly interface with BCRYPT (bcrypt.dll), while kernel mode applications directly interface through the API with KSECDD. Both of these underlying libraries are validated cryptographic modules in the Windows Vista and Windows Server 2008 releases

In Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012, the list of FIPS 140-2 validated cryptographic modules is different. Now, the kernel mode cryptographic functionality is contained in a separate driver, cng.sys, which supports both the CNG and the legacy FIPS.sys APIs. The user mode CNG algorithm implementations are now in bcryptprimitives.dll, which is loaded by bcrypt.dll; applications must still interface with bcrypt.dll.

Microsoft strongly recommends using CNG modules for new applications. The legacy CAPI modules should not be used because their APIs have been deprecated.

CNG Validated Cryptographic Modules

Microsoft maintains FIPS 140-2 validation for two CNG libraries in Windows Vista and Windows Server 2008:

  • Cryptographic Primitives Library (bcrypt.dll)
  • Kernel Mode Security Support Provider Interface (ksecdd.sys)

Microsoft maintains FIPS 140-2 validation for two CNG libraries in Windows 7, Windows 8, Windows Server 2008 R2, and Windows Server 2012:

  • Cryptographic Primitives Library (bcryptprimitives.dll)
  • Kernel Mode Cryptographic Primitives Library (cng.sys)

The following tables identify the specific versions that are validated as well as the operating systems for which testing is valid. Hyperlinks are also provided to the CMVP issued certificate as well as the Security Policy for each. A full listing of cryptographic algorithms supported by each module is provided in the Cryptographic Algorithms section below.


Table 1 – Bcrypt Validated cryptographic modules

Bcrypt Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

Windows Vista Ultimate Edition

6.0.6000.16386

#892

Windows Vista Ultimate Edition SP1

6.0.6001.22202

6.0.6002.18005

6.0.6002.22872

#1001

Windows Server 2008

6.0.6001.22202

6.0.6002.18005

6.0.6002.22872

#1008

Windows Embedded Compact 7

7.00.1687

#1989


Table 2 – Ksecdd Validated cryptographic modules

Ksecdd Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

Windows Vista Ultimate Edition

6.0.6000.16386

6.0.6000.16870

6.0.6000.21067

#891

Windows Vista Ultimate Edition SP1

6.0.6001.18709

6.0.6001.18272

6.0.6001.18796

6.0.6001.22202

6.0.6001.22450

6.0.6001.22987

6.0.6001.23069

6.0.6002.18005

6.0.6002.18051

6.0.6002.18541

6.0.6002.18643

6.0.6002.22152

6.0.6002.22742

6.0.6002.22869

#1000

Windows Server 2008

6.0.6001.18709

6.0.6001.18272

6.0.6001.18796

6.0.6001.22202

6.0.6001.22450

6.0.6001.22987

6.0.6001.23069

6.0.6002.18005

6.0.6002.18051

6.0.6002.18541

6.0.6002.18643

6.0.6002.22152

6.0.6002.22742

6.0.6002.22869

#1007


Table 3 – BCRYPTPRIMITIVES Validated cryptographic modules

BCRYPTPRIMITIVES Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

Windows 7 and Windows 7 SP1

6.1.7600.16385

6.1.7601.17514

#1329

Windows Server 2008 R2 and Windows Server 2008 R2 SP1

6.1.7600.16385

6.1.7601.17514

#1336

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1892


Table 4 – CNG Validated cryptographic modules

CNG Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

Windows 7 and Windows 7 SP1

6.1.7600.16385

6.1.7600.16915

6.1.7600.21092

6.1.7601.17514

6.1.7601.17725

6.1.7601.17919

6.1.7601.21861

6.1.7601.22076

#1328

Windows Server 2008 R2 and Windows Server 2008 R2 SP1

6.1.7600.16385

6.1.7600.16915

6.1.7600.21092

6.1.7601.17514

6.1.7601.17725

6.1.7601.17919

6.1.7601.21861

6.1.7601.22076

#1335

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1891

CAPI Validated Cryptographic Modules

  • Microsoft maintains FIPS 140 validation for three CAPI Cryptographic Service Providers (CSPs):
  • Enhanced Cryptographic Provider (rsaenh.dll)
  • Enhanced DSS and Diffie-Hellman Cryptographic Provider (dssenh.dll)

Kernel Mode Cryptographic Module (FIPS.sys)

The following tables identify the specific versions that are validated as well as the operating systems for which testing is valid. Hyperlinks are also provided to the CMVP issued certificate as well as the Security Policy for each. A full listing of cryptographic algorithms supported by each module is provided in the Cryptographic Algorithms section below.

Table 5 – RSA Enhanced Validated cryptographic modules

RSAENH Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

FIPS Version Validated

Windows NT 4.0 SP6

5.0.1877.6

5.0.1877.7

#68

140-1

Windows 95

5.0.1877.6

5.0.1877.7

#75

140-1

Windows 98

5.0.1877.6

5.0.1877.7

#75

140-1

Windows 2000

5.0.2150.1

#76

140-1

Windows 2000 SP1

5.0.2150.1391

#103

140-1

Windows 2000 SP2

5.0.2195.2228

#103

140-1

Windows 2000 SP3

5.0.2195.3665

#103

140-1

Windows XP

5.1.2518.0

#238

140-1

Windows XP SP1

5.1.2600.1029

#238

140-1

Windows XP SP2

5.1.2600.2161

#238

140-1

Windows XP Professional SP3

5.1.2600.5507

#989

140-2

Windows CE 5.00 and 5.01

5.00.911762

5.01.01603

#560

140-2

Windows Mobile 6.0, 6.1, and 6.5

5.04.17228

5.05.19202

5.05.21840

#560

140-2

Windows CE 6.0 and 6.0 R2

6.00.1937

#825

140-2

Windows Server 2003

5.2.3790.0

#382

140-2

Windows Server 2003 SP1

5.2.3790.1830

#382

140-2

Windows Server 2003 SP2

5.2.3790.3959

#868

140-2

Windows Server 2003 SP2

5.2.3790.4313

#1012

140-2

Windows Vista Ultimate Edition

6.0.6000.16386

#893

140-2

Windows Vista Ultimate Edition SP1

6.0.6001.22202

6.0.6002.18005

#1002

140-2

Windows Server 2008

6.0.6001.22202

6.0.6002.18005

#1010

140-2

Windows Server 2008 R2 and Windows Server 2008 R2 SP1

6.1.7600.16385
(no change in SP1)

#1337

140-2

Windows 7 and Windows 7 SP1

6.1.7600.16385
(no change in SP1)

#1330

140-2

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1894

140-2


Table 6 – DSS Enhanced Validated cryptographic modules

DSSENH Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

FIPS Version Validated

Microsoft Windows NT 4.0 SP4

5.0.1998.1

#60

140-1

Windows NT 4.0 SP6

5.0.1877.6

5.0.1877.7

#68

140-1

Windows 95

5.0.1877.6

5.0.1877.7

#75

140-1

Windows 98

5.0.1877.6

5.0.1877.7

#75

140-1

Windows 2000

5.0.2150.1

#76

140-1

Windows 2000 SP1

5.0.2150.1391

#103

140-1

Windows 2000 SP2

5.0.2195.2228

#103

140-1

Windows 2000 SP3

5.0.2195.3665

#103

140-1

Windows XP

5.1.2518.0

#240

140-1

Windows XP SP2

5.1.2600.2133

#240

140-1

Windows XP Professional SP3

5.1.2600.5507

#990

140-2

Windows Server 2003

5.2.3790.0

#381

140-2

Windows Server 2003 SP1

5.2.3790.1830

#381

140-2

Windows Server 2003 SP2

5.2.3790.3959

#875

140-2

Windows Vista Ultimate Edition

6.0.6000.16386

#894

140-2

Windows Vista Ultimate Edition SP1

6.0.6001.18000

6.0.6002.18005

#1003

140-2

Windows Server 2008

6.0.6001.18000

6.0.6002.18005

#1009

140-2

Windows Server 2008 R2 and Windows Server 2008 R2 SP1

6.1.7600.16385
(no change in SP1)

#1338

140-2

Windows 7 and Windows 7 SP1

6.1.7600.16385
(no change in SP1)

#1331

140-2

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1893

140-2


Table 7 – FIPS.sys Validated cryptographic modules

FIPS.sys Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

FIPS Version Validated

Windows 2000 SP2 or higher

5.0.2195.1569

#106

140-1

Windows XP

5.1.2600.0

#241

140-1

Windows XP Professional SP3

5.1.2600.5512

#997

140-2

Windows Server 2003

5.2.3790.0

#405

140-2

Windows Server 2003 SP1

5.2.3790.1830

#405

140-2

Windows Server 2003 SP2

5.2.3790.3959

#869

140-2


Additional Validated Cryptographic Modules

For Windows Vista and Windows Server 2008 and later, Microsoft has also validated three additional modules: Code Integrity, Winload OS Loader, and Boot Manager. For Windows 8, Windows Server 2012, Windows RT, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8, the BitLocker® Dump Filter was also validated.


Table 8 – Code Integrity Validations

Code Integrity Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

Windows Vista Ultimate Edition

6.0.6000.16386

#890

Windows Vista Ultimate Edition SP1

6.0.6001.18000

6.0.6001.18023

6.0.6001.22120

6.0.6002.18005

#980

Windows Server 2008

6.0.6001.18000

6.0.6002.18005

#1006

Windows 7 and Windows 7 SP1

6.1.7600.16385

6.1.7600.17122

6.1.7600.21320

6.1.7601.17514

6.1.7601.17950

6.1.7601.22108

#1327

Windows Server 2008 R2 and Windows Server 2008 R2 SP1

6.1.7600.16385

6.1.7600.17122

6.1.7600.21320

6.1.7601.17514

6.1.7601.17950

6.1.7601.22108

#1334

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1897


Table 9 – Windows OS Loader (Winload) Validations

Windows OS Loader (Winload) Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

Windows Vista Ultimate Edition

6.0.6000.16386

6.0.6000.16476

6.0.6000.20586

#889

Windows Vista Ultimate Edition SP1

6.0.6001.18000

6.0.6001.18027

6.0.6001.18606

6.0.6001.22125

6.0.6001.22861

6.0.6002.18005

6.0.6002.18411

6.0.6002.22596

#979

Windows Server 2008

6.0.6001.18000

6.0.6002.18005

6.0.6002.22497

6.0.6001.18606

6.0.6001.22861

6.0.6002.18411

6.0.6002.22596

#1005

Windows 7 and Windows 7 SP1

6.1.7600.16385

6.1.7600.16757

6.1.7600.20897

6.1.7600.20916

6.1.7601.17514

6.1.7601.17556

6.1.7601.21655

6.1.7601.21675

#1326

Windows Server 2008 R2 and Windows Server 2008 R2 SP1

6.1.7600.16385

6.1.7600.16757

6.1.7600.20897

6.1.7600.20916

6.1.7601.17514

6.1.7601.17556

6.1.7601.21655

6.1.7601.21675

#1333

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1896


Table 10 – Boot Manager Validations

Boot Manager Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

Windows Vista Ultimate Edition

6.0.6000.16386

#888

Windows Vista Ultimate Edition SP1

6.0.6001.18000

6.0.6002.18005

#978

Windows Server 2008

6.0.6001.18000

6.0.6002.18005

6.0.6002.22497

#1004

Windows 7 and Windows 7 SP1

6.1.7600.16385

6.1.7601.17514

#1319

Windows Server 2008 R2 and Windows Server 2008 R2 SP1

6.1.7600.16385

6.1.7601.17514

#1321

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1895

BitLocker® Validated Cryptographic Modules

Microsoft also maintains FIPS 140-2 validation for the BitLocker cryptographic modules. The following tables identify the specific versions that are validated as well as the operating systems for which testing is valid. Hyperlinks are also provided to the CMVP issued certificate as well as the Security Policy for each.

Table 11 – BitLocker Validations

BitLocker Validated Operating Systems

Validated Versions

(Links to Security Policy)

FIPS Certificate #

Windows Vista Ultimate Edition

6.0.6000.16386

#947

Windows Vista Ultimate Edition SP1

6.0.6001.18000

6.0.6001.18027

6.0.6001.18606

6.0.6001.22125

6.0.6001.22861

6.0.6002.18005

6.0.6002.18411

6.0.6002.22596

#1053

Windows Server 2008

6.0.6001.18000

6.0.6001.18606

6.0.6001.22861

6.0.6002.18005

6.0.6002.18411

6.0.6002.22497

6.0.6002.22596

#1054

Windows 7 and Windows 7 SP1

6.1.7600.16385

6.1.7600.16429

6.1.7600.16757

6.1.7600.20536

6.1.7600.20873

6.1.7600.20897

6.1.7600.20916

6.1.7601.17514

6.1.7601.17556

6.1.7601.21634

6.1.7601.21655

6.1.7601.21675

#1332

Windows Server 2008 R2 and Windows Server 2008 R2 SP1

6.1.7600.16385

6.1.7600.16429

6.1.7600.16757

6.1.7600.20536

6.1.7600.20873

6.1.7600.20897

6.1.7600.20916

6.1.7601.17514

6.1.7601.17556

6.1.7601.21634

6.1.7601.21655

6.1.7601.21675

#1339

BitLocker® Windows OS Loader (WINLOAD) in

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1896

BitLocker® Windows Resume (WINRESUME) in

Microsoft Windows 8, Microsoft Windows Server 2012, and Microsoft Surface Windows 8 Pro


Note: WINRESUME is not a component of Microsoft Windows RT, Microsoft Surface Windows RT, and Microsoft Windows Phone 8

6.2.9200

#1898

BitLocker® Dump Filter (DUMPFVE.SYS) in

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8

6.2.9200

#1899



Cryptographic Algorithms

The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.


Table 12 – Advanced Encryption Standard (AES)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
AES Val#2197

CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
AES Val#2197

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
GMAC_Supported

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

AES Val#2196

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
AES Val#1168

Windows Server 2008 R2 and SP1 CNG algorithms #1187

Windows 7 Ultimate and SP1 CNG algorithms #1178

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
AES Val#1168

Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )

Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

Windows Server 2008 CNG algorithms #757

Windows Vista Ultimate SP1 CNG algorithms #756

CBC ( e/d; 128 , 256 );

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )

Windows Vista Ultimate BitLocker Drive Encryption #715

Windows Vista Ultimate BitLocker Drive Encryption #424

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

CFB128 ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197

GCM

GMAC

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed


ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );


Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168

Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739

Windows Vista Symmetric Algorithm Implementation #553

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781

Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516

Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290

Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80

Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33


Table 13 – Deterministic Random Bit Generator (DRBG)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ]

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258

Dual_EC_DRBG:[ Prediction Resistance Tested: Not Enabled ( P-256: SHA-256 ) ( ECDSA Val#341 ) ( SHS Val#1903 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #259

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ]

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193

Dual_EC_DRBG:[ Prediction Resistance Tested: Not Enabled ( P-256: SHA-256 ) ( ECDSA Val#142 ) ( SHS Val#1081 )

Windows Server 2008 R2 and SP1 CNG algorithms #27

Dual_EC_DRBG:[ Prediction Resistance Tested: Not Enabled ( P-256: SHA-256 ) ( SHS Val#1081 )

Windows 7 Ultimate and SP1 CNG algorithms #24

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ]

Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23

DRBG (SP 800–90)

Windows Vista Ultimate SP1, vendor-affirmed


Table 14 – Digital Signature Algorithm (DSA)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

FIPS186-2:
PQG(ver) MOD(1024);
SIG(ver) MOD(1024);
SHS: Val# 1903
DRBG: Val# 258

FIPS186-4:
PQG(gen)PARMS TESTED
: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
SHS: Val# 1903
DRBG: Val# 258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687

FIPS186-2:
PQG(ver) MOD(1024);
SIG(ver) MOD(1024);
SHS: Val# 1902
DRBG: Val# 258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686

FIPS186-2:
SIG(ver) MOD(1024);
SHS: Val# 1773
DRBG: Val# 193
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645

FIPS186-2:
SIG(ver) MOD(1024);
SHS: Val# 1081
DRBG: Val# 23
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.

Windows Server 2008 R2 and SP1 CNG algorithms #391

Windows 7 Ultimate and SP1 CNG algorithms #386

FIPS186-2:
SIG(ver) MOD(1024);
SHS: Val# 1081
RNG: Val# 649
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.

Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 753
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.

Windows Server 2008 CNG algorithms #284

Windows Vista Ultimate SP1 CNG algorithms #283

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 753
RNG: Val# 435
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.

Windows Server 2008 Enhanced DSS (DSSENH) #282

Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281

FIPS186-2:
SIG(ver) MOD(1024);
SHS: Val# 618
RNG: Val# 321
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.

Windows Vista CNG algorithms #227

Windows Vista Enhanced DSS (DSSENH) #226

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 784
RNG: Val# 448
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 783
RNG: Val# 447
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291

FIPS186-2:
PQG(gen)
MOD(1024);
PQG(ver) MOD(1024);
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
SHS: Val# 611
RNG: Val# 314

Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221

FIPS186-2:
PQG(gen)
MOD(1024);
PQG(ver) MOD(1024);
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
SHS: Val# 385

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146

FIPS186-2:
PQG(ver) MOD(1024);
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
SHS: Val# 181
RNG: Val# 0

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95

FIPS186-2:
PQG(gen)
MOD(1024);
PQG(ver) MOD(1024);
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SHS: SHA-1 (BYTE)
SIG(ver) MOD(1024);
SHS: SHA-1 (BYTE)

Windows 2000 DSSENH.DLL #29

Windows 2000 DSSBASE.DLL #28

Windows NT 4 SP6 DSSENH.DLL #26

Windows NT 4 SP6 DSSBASE.DLL #25

FIPS186-2: PRIME;
FIPS186-2:

KEYGEN(Y):
SHS: SHA-1 (BYTE)

SIG(gen):
SIG(ver) MOD(1024);
SHS: SHA-1 (BYTE)

Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17


Table 15 – Elliptic Curve Digital Signature Algorithm (ECDSA)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

FIPS186-2:
PKG: CURVES
( P-256 P-384 P-521 )
SHS: Val#1903
DRBG: Val# 258
SIG(ver):CURVES( P-256 P-384 P-521 )
SHS: Val#1903
DRBG: Val# 258

FIPS186-4:
PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
SHS: Val#1903
DRBG: Val# 258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341

FIPS186-2:
PKG: CURVES( P-256 P-384 P-521 )
SHS: Val#1773
DRBG: Val# 193
SIG(ver): CURVES( P-256 P-384 P-521 )
SHS: Val#1773
DRBG: Val# 193

FIPS186-4:
PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
SHS: Val#1773
DRBG: Val# 193
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295

FIPS186-2:
PKG: CURVES
( P-256 P-384 P-521 )
SHS: Val#1081
DRBG: Val# 23
SIG(ver): CURVES( P-256 P-384 P-521 )
SHS: Val#1081
DRBG: Val# 23
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.

Windows Server 2008 R2 and SP1 CNG algorithms #142

Windows 7 Ultimate and SP1 CNG algorithms #141

FIPS186-2:
PKG: CURVES
( P-256 P-384 P-521 )
SHS: Val#753
SIG(ver): CURVES( P-256 P-384 P-521 )
SHS: Val#753
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.

Windows Server 2008 CNG algorithms #83

Windows Vista Ultimate SP1 CNG algorithms #82

FIPS186-2:
PKG: CURVES( P-256 P-384 P-521 )
SHS: Val#618
RNG: Val# 321
SIG(ver): CURVES( P-256 P-384 P-521 )
SHS: Val#618
RNG: Val# 321
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.

Windows Vista CNG algorithms #60


Table 16 – Keyed-Hash Message Authentication Code (HMAC)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1773

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1773

Tinker HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1773

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1773


Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS ) SHS Val#1902

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS ) SHS Val#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS>BS ) SHS Val#1902

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS>BS ) SHS Val#1902

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS>BS ) SHS Val#1902

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS>BS ) SHS Val#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS )

SHS Val#1903

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS )

SHS Val#1903

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS )

SHS Val#1903

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS )

SHS Val#1903

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1774

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1774

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1774

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1774

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1081

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1081

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1081

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#1081

Windows Server 2008 R2 and SP1 CNG algorithms #686

Windows 7 and SP1 CNG algorithms #677

Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687

Windows 7 Enhanced Cryptographic Provider (RSAENH) #673

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS ) SHS Val#1081

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS ) SHS Val#1081

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#816

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#816

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#816

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#816

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS ) SHS Val#753

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS ) SHS Val#753

Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#753

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#753

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#753

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#753

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408

Windows Vista Enhanced Cryptographic Provider (RSAENH) #407

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#618

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#618

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#618

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#618

Windows Vista Enhanced Cryptographic Provider (RSAENH) #297

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#785

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429

Windows XP, vendor-affirmed


HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#783

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#783

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#783

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#783

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#613

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#613

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#613

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#613

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#610

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#753

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#753

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#753

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#753

Windows Server 2008 CNG algorithms #413

Windows Vista Ultimate SP1 CNG algorithms #412

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS ) SHS Val#737

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS ) SHS Val#737

Windows Vista Ultimate BitLocker Drive Encryption #386

HMAC-SHA1 ( Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#618

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#618

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#618

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#618

Windows Vista CNG algorithms #298

HMAC-SHA1 ( Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#589

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#589

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#589

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#589

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267

HMAC-SHA1 ( Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#578

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#578

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#578

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#578

Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS ) SHS Val#495

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS ) SHS Val#495

Windows Vista BitLocker Drive Encryption #199

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#364

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#305

HMAC-SHA256 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#305

HMAC-SHA384 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#305

HMAC-SHA512 ( Key Size Ranges Tested: KS<BS KS=BS KS>BS ) SHS Val#305

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31


Table 17 – Key Agreement Scheme (KAS)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
SHS Val#1903 DSA Val#687 DRBG Val#258

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]

SHS Val#1903 ECDSA Val#341 DRBG Val#258

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36


KAS (SP 800–56A)

key agreement

key establishment methodology provides 80 to 256 bits of encryption strength

Windows 7 and SP1, vendor-affirmed

Windows Server 2008 R2 and SP1, vendor-affirmed


Table 18 – SP 800-108 Key-Based Key Derivation Functions (KBKDF)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

DRBG Val#258 HMAC Val#1345

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3



Table 19 – Random Number Generator (RNG)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

FIPS 186-2 General Purpose

[ (x-Original); (SHA-1) ]

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110 tts

FIPS 186-2
[ (x-Original); (SHA-1) ]

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292

Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286

Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66

FIPS 186-2
[ (x-Change Notice); (SHA-1) ]

FIPS 186-2 General Purpose
[ (x-Change Notice); (SHA-1) ]

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649

Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435

Windows Vista RNG implementation #321

FIPS 186-2 General Purpose
[ (x-Change Notice); (SHA-1) ]

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313

FIPS 186-2
[ (x-Change Notice); (SHA-1) ]

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314



Table 20 – RSA

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
SHA Val#1903

Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134


FIPS186-4:
186-4KEY(gen): FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
SHA Val#1903 DRBG: Val# 258

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133

FIPS186-2:
ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 258
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1902 , SHA-384Val#1902 , SHA-512Val#1902 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1902 , SHA-256Val#1902 , SHA-384Val#1902 , SHA-512Val#1902 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132

FIPS186-2:
ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774 , SHA-384Val#1774 , SHA-512Val#1774 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774 , SHA-256Val#1774 , SHA-384Val#1774 , SHA-512Val#1774 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052

FIPS186-2:
ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773 , SHA-384Val#1773 , SHA-512Val#1773 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773 , SHA-256Val#1773 , SHA-384Val#1773 , SHA-512Val#1773 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081 , SHA-384Val#1081 , SHA-512Val#1081 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081 , SHA-256Val#1081 , SHA-384Val#1081 , SHA-512Val#1081 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.

Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081 , SHA-384Val#1081 , SHA-512Val#1081 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081 , SHA-256Val#1081 , SHA-384Val#1081 , SHA-512Val#1081 ,
ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081 , SHA-384Val#1081 , SHA-512Val#1081
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081 , SHA-256Val#1081 , SHA-384Val#1081 , SHA-512Val#1081
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.

Windows Server 2008 R2 and SP1 CNG algorithms #567

Windows 7 and SP1 CNG algorithms #560

FIPS186-2:
ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.

Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081 , SHA-384Val#1081 , SHA-512Val#1081 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081 , SHA-256Val#1081 , SHA-384Val#1081 , SHA-512Val#1081 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.

Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557

FIPS186-2:
ALG[ANSIX9.31]:
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816 , SHA-384Val#816 , SHA-512Val#816 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816 , SHA-256Val#816 , SHA-384Val#816 , SHA-512Val#816 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395

FIPS186-2:
ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783 , SHA-384Val#783 , SHA-512Val#783 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753 , SHA-384Val#753 , SHA-512Val#753 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753 , SHA-256Val#753 , SHA-384Val#753 , SHA-512Val#753 ,
ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753 , SHA-384Val#753 , SHA-512Val#753
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753 , SHA-256Val#753 , SHA-384Val#753 , SHA-512Val#753
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.

Windows Server 2008 CNG algorithms #358

Windows Vista SP1 CNG algorithms #357

FIPS186-2:
ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753 , SHA-384Val#753 , SHA-512Val#753 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753 , SHA-256Val#753 , SHA-384Val#753 , SHA-512Val#753 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355

Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354

FIPS186-2:
ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.

Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353

FIPS186-2:
ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.

Windows Vista RSA key generation implementation #258

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618 , SHA-384Val#618 , SHA-512Val#618 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618 , SHA-256Val#618 , SHA-384Val#618 , SHA-512Val#618 ,
ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618 , SHA-384Val#618 , SHA-512Val#618
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618 , SHA-256Val#618 , SHA-384Val#618 , SHA-512Val#618
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.

Windows Vista CNG algorithms #257

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618 , SHA-384Val#618 , SHA-512Val#618 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618 , SHA-256Val#618 , SHA-384Val#618 , SHA-512Val#618 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.

Windows Vista Enhanced Cryptographic Provider (RSAENH) #255

FIPS186-2:
ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613 , SHA-384Val#613 , SHA-512Val#613 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613 , SHA-256Val#613 , SHA-384Val#613 , SHA-512Val#613 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245

FIPS186-2:
ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589 , SHA-384Val#589 , SHA-512Val#589 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589 , SHA-256Val#589 , SHA-384Val#589 , SHA-512Val#589 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230

FIPS186-2:
ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578 , SHA-384Val#578 , SHA-512Val#578 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578 , SHA-256Val#578 , SHA-384Val#578 , SHA-512Val#578 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.

Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81

FIPS186-2:
ALG[ANSIX9.31]:
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305 , SHA-384Val#305 , SHA-512Val#305 ,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305 , SHA-256Val#305 , SHA-384Val#305 , SHA-512Val#305 ,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52

FIPS186-2:

– PKCS#1 v1.5, signature generation and verification

– Mod sizes: 1024, 1536, 2048, 3072, 4096

– SHS: SHA–1/256/384/512

Windows XP, vendor-affirmed

Windows 2000, vendor-affirmed


Table 21 – Secure Hash Standard (SHS)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

SHA-1 (BYTE-only)

SHA-256 (BYTE-only)

SHA-384 (BYTE-only)

SHA-512 (BYTE-only)

Implementation does not support zero-length (null) messages.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows 7and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816

SHA-1 (BYTE-only)

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753

Windows Vista Symmetric Algorithm Implementation #618

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)

Windows Vista BitLocker Drive Encryption #737

Windows Vista Beta 2 BitLocker Drive Encryption #495

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364

SHA-1 (BYTE-only)

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589

Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305

SHA-1 (BYTE-only)

Windows XP Microsoft Enhanced Cryptographic Provider #83

Crypto Driver for Windows 2000 (fips.sys) #35

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32

Windows 2000 RSAENH.DLL #24

Windows 2000 RSABASE.DLL #23

Windows NT 4 SP6 RSAENH.DLL #21

Windows NT 4 SP6 RSABASE.DLL #20


Table 22 – Triple DES

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 ) ;

TCFB8( e/d; KO 1,2 ) ;

TCFB64( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 ) ;

TCFB8( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656

Windows Vista Symmetric Algorithm Implementation #549

Triple DES MAC

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 )

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542

Windows CE 6.0 and Window CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526

Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192

Windows XP Microsoft Enhanced Cryptographic Provider #81

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18

Crypto Driver for Windows 2000 (fips.sys) #16


Table 23 – SP 800-132 Password Based Key Derivation Function (PBKDF)

Modes / States / Key Sizes

Algorithm Implementation and Certificate #

PBKDF

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed


References

[FIPS 140] - FIPS 140-2, Security Requirements for Cryptographic Modules

[FIPS FAQ] - Cryptographic Module Validation Program (CMVP) FAQ

[SP 800-57] - Recommendation for Key Management – Part 1: General (Revised)

[SP 800-131A] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

Additional Microsoft References

Enabling FIPS mode - http://support.microsoft.com/kb/811833

Cipher Suites in Schannel - http://msdn.microsoft.com/en-us/library/aa374757(VS.85).aspx

Page generated 2014-05-12 14:15Z-07:00.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft