Symmetric Mechanisms and Algorithms
In the following table, "Unrestricted", "FIPS 140 Level 3", and "Common Criteria CMTS" refer to the Security World mode designation. The cells in these columns detail any restrictions for the corresponding feature in each of the Security World modes. A blank cell means that the feature has no restrictions.
FIPS 140 Level 3: In v3 Security Worlds, in FIPS 140 Level 3 mode, some smaller key sizes are disabled. |
ARIA
Algorithm | FIPS approved in a v1 or v2 Security World | FIPS approved in a v3 Security World | Key type | Supported by generatekey |
---|---|---|---|---|
ARIA |
N |
N |
Aria |
N |
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
ARIA key generation |
Forbidden |
||
ARIA CBC no padding |
Forbidden |
||
ARIA ECB no padding |
Forbidden |
Camellia
Algorithm | FIPS approved in a v1 or v2 Security World | FIPS approved in a v3 Security World | Key type | Supported by generatekey |
---|---|---|---|---|
Camellia |
N |
N |
Camellia |
N |
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
Camellia key generation |
Forbidden |
||
Camellia CBC no padding |
Forbidden |
||
Camellia ECB no padding |
Forbidden |
CAST256
Algorithm | FIPS approved in a v1 or v2 Security World | FIPS approved in a v3 Security World | Key type | Supported by generatekey |
---|---|---|---|---|
CAST 256 |
N |
N |
CAST256 |
N |
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
CAST256 key generation |
Forbidden |
||
CAST256 CBC PKCS#5 padding |
Forbidden |
||
CAST256 ECB PKCS#5 padding |
Forbidden |
||
CAST256 CBC no padding |
Forbidden |
||
CAST256 ECB no padding |
Forbidden |
||
CAST256 CBC-MAC PKCS#5 padding |
Forbidden |
DES
Algorithm | FIPS approved in a v1 or v2 Security World | FIPS approved in a v3 Security World | Key type | Supported by generatekey |
---|---|---|---|---|
DES |
N |
N |
DES |
N |
DES2 |
N |
N |
DES |
Y |
Triple DES |
Y |
N 1 |
Triple DES |
Y |
1 Not FIPS approved for encryption operations, but available for decryption operations.
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
Single-DES key generation |
Forbidden |
||
Single-DES CBC PKCS#5 padding |
Forbidden |
||
Single-DES CBC no padding |
Forbidden |
||
Single-DES ECC PKCS#5 padding |
Forbidden |
||
Single-DES ECB no padding |
Forbidden |
||
Single-DES CBC-MAC PKCS#5 padding |
Forbidden |
||
Single-DES CBC-MAC no padding |
Forbidden |
||
2-key triple-DES key generation |
Forbidden |
||
2-key triple-DES PKCS#5 padding |
Forbidden |
||
2-key triple-DES CBC no padding |
Forbidden |
||
2-key triple-DES ECC PKCS#5 padding |
Forbidden |
||
2-key triple-DESS ECB no padding |
Forbidden |
||
2-key triple-DES CBC-MAC PKCS#5 padding |
Forbidden |
||
2-key triple-DES CBC-MAC no padding |
Forbidden |
||
3-key triple-DES key generation |
Forbidden |
||
3-key triple-DES PKCS#5 padding |
Decrypt only |
||
3-key triple-DES CBC no padding |
Decrypt only |
||
3-key triple-DES ECC PKCS#5 padding |
Decrypt only |
||
3-key triple-DESS ECB no padding |
Decrypt only |
||
3-key triple-DES CBC-MAC PKCS#5 padding |
Forbidden |
||
3-key triple-DES CBC-MAC no padding |
Forbidden |
AES (aka Rijndael)
Algorithm | FIPS approved in a v1 or v2 Security World | FIPS approved in a v3 Security World | Key type | Supported by generatekey |
---|---|---|---|---|
AES |
Y |
Y |
AES or Rijndael |
Y |
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
AES key generation |
|||
AES CBC PKCS#5 padding |
|||
AES ECB PKCS#5 padding |
|||
AES CBC no padding |
|||
AES ECB no padding |
|||
AES GCM |
|||
AES GCM |
Forbidden |
||
AES GCM |
|||
AES KWP |
|||
AES CMAC with PKCS#5 padding |
|||
AES CBC-MAC with PKCS#5 padding |
Forbidden |
||
AES CBC-MAC with no padding |
Forbidden |
RC4
Algorithm | FIPS approved in a v1 or v2 Security World | FIPS approved in a v3 Security World | Key type | Supported by generatekey |
---|---|---|---|---|
Arcfour |
N |
N |
Arcfour |
N |
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
RC4 key generation |
Forbidden |
||
RC4 encrypt/decrypt |
Forbidden |
SEED
Algorithm | FIPS approved in a v1 or v2 Security World | FIPS approved in a v3 Security World | Key type | Supported by generatekey |
---|---|---|---|---|
SEED |
N |
N |
SEED |
N |
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
SEED key generation |
Forbidden |
||
SEED CBC PKCS#5 padding |
|||
SEED ECBPKCS#5 padding |
|||
SEED CBC no padding |
|||
SEED ECB no padding |
|||
SEED CBC-MAC PKCS#5 padding |
HMAC
Algorithm | FIPS approved in a v1 or v2 Security World | FIPS approved in a v3 Security World | Key type | Supported by generatekey |
---|---|---|---|---|
MD5 HMAC |
N |
N |
HMACMD5 |
N |
RIPEMD160 HMAC |
N |
N |
HMACRIPEMD160 |
N |
SHA-1 HMAC |
Y |
Y |
HMACSHA1 |
Y |
SHA-224 HMAC |
Y |
Y |
HMACSHA224 |
N |
SHA-256 HMAC |
Y |
Y |
HMACSHA256 |
Y |
SHA-384 HMAC |
Y |
Y |
HMACSHA384 |
Y |
SHA-512 HMAC |
Y |
Y |
HMACSHA512 |
Y |
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
HMAC SHA-1/2/3 key generation |
Minimum 14 bytes |
||
HMAC SHA-1/2/3 sign/verify |
|||
HMAC MD5 key generation |
Forbidden |
||
HMACMD5 sign/verify |
Forbidden |
||
HMAC RIPEMD160 key generation |
Forbidden |
||
HMACRIPEMD160 sign/verify |
Forbidden |