| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 7/28/2029 |
| Caveat | When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys). |
| Vendor | Cohesity, Inc. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Physical Security | N/A |
| Non-Invasive Security | N/A |
| Sensitive Security Parameter Management | 1 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for Cohesity Cryptographic Module for Java
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Cohesity Cryptographic Module for Java
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Cohesity, Inc. Cohesity Cryptographic Module for Java Software Version 4.0.0 Document Version 1.1 January 21, 2026 Prepared For: Prepared By: Cohesity, Inc.
Santa Clara, CA 95054 USA https://cohesity.com/ SafeLogic, Inc.
Vienna, VA 22182 USA www.safelogic.com Document Version 1.1 ©Cohesity, Inc.
| # | Section | Page |
|---|---|---|
| 1 | General Information | 5 |
| 1.1 | Overview | 5 |
| 1.2 | Security Levels | 6 |
| 2 | Cryptographic Module Specification | 7 |
| 2.1 | Description | 7 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 8 |
| 2.3 | Excluded Components | 14 |
| 2.4 | Modes of Operation | 14 |
| 2.5 | Algorithms | 15 |
| 2.6 | Algorithm Specific Information | 24 |
| 2.7 | RBG and Entropy | 27 |
| 2.8 | Key Generation | 28 |
| 2.9 | Key Establishment | 29 |
| 2.10 | Industry Protocols | 29 |
| 3 | Cryptographic Module Ports and Interfaces | 30 |
| 3.1 | Ports and Interfaces | 30 |
| 3.2 | Additional Information | 30 |
| 4 | Roles, Services, and Authentication | 31 |
| 4.1 | Authentication Methods | 31 |
| 4.2 | Roles | 31 |
| 4.3 | Approved Services | 32 |
| 4.4 | Non-Approved Services | 45 |
| 5 | Software/Firmware Security | 46 |
| 5.1 | Integrity Techniques | 46 |
| 5.2 | Initiate on Demand | 46 |
| 6 | Operational Environment | 47 |
| 6.1 | Configuration Settings and Restrictions | 47 |
| 7 | Physical Security | 48 |
| 8 | Non-Invasive Security | 49 |
| 9 | Sensitive Security Parameter Management | 50 |
| 9.1 | SSPs | 51 |
| 10 | Self-Tests | 62 |
| 10.1 | Pre-Operational Self-Tests | 62 |
| 10.2 | Conditional Self-Tests | 62 |
| 10.3 | Error States | 64 |
| 10.4 | Operator Initiation of Self-Tests | 64 |
| 11 | Life-Cycle Assurance | 65 |
| 11.1 | Installation, Initialization, and Startup Procedures | 65 |
| 11.2 | Basic Guidance | 65 |
| 11.3 | Use of the JVM with a Java SecurityManager | 65 |
| 11.4 | Design and Rules | 67 |
| 11.5 | Vulnerabilities | 68 |
| 12 | Mitigation of Other Attacks | 69 |
| Appendix: References and Acronyms | 70 |
| Item | Page |
|---|---|
| Table 1 - Security Levels | 6 |
| Table 2 - Executable Code Sets | 8 |
| Table 3 - Tested Operational Environments – Software/Firmware/Hybrid | 9 |
| Table 4 - Vendor Affirmed Operational Environments – Software/Firmware/Hybrid | 10 |
| Table 5 - Modes of Operation | 14 |
| Table 6 - Approved Algorithms, CAVP Tested | 15 |
| Table 7 - Vendor Affirmed Algorithms | 21 |
| Table 8 - Non-Approved, Allowed Algorithms with No Security Claimed | 22 |
| Table 9 - Non-Approved, Not Allowed Algorithms | 22 |
| Table 10 - SP 800-38G Format-Preserving Encryption Constraints | 26 |
| Table 11 – Non-Deterministic Random Number Generation Specification | 27 |
| Table 12 – Ports and Interfaces | 30 |
| Table 13 - Roles | 31 |
| Table 14 – Approved Services | 32 |
| Table 15 - Non-Approved Services | 45 |
| Table 16 - Sensitive Security Parameters (SSPs) Key Table | 51 |
| Table 17 – Conditional Algorithm Self-Tests | 62 |
| Table 18 – Pairwise Consistency Tests | 63 |
| Table 19 - Available Java Permissions for SecurityManager | 66 |
| Table 20 - References | 70 |
| Table 21 - Acronyms | 72 |
| Figure 1 - Module Block Diagram | 8 |
This document provides a non-proprietary FIPS 140-3 Security Policy for Cohesity Cryptographic Module for Java.
Federal Information Processing Standards Publication 140-3, Security Requirements for Cryptographic Modules, (FIPS 140-3) specifies the latest requirements for cryptographic modules utilized to protect sensitive but unclassified information. The National Institute of Standards and Technology (NIST) and Canadian Centre for Cyber Security (CCCS) collaborate to run the Cryptographic Module Validation Program (CMVP), which assesses conformance to FIPS 140. NIST (through NVLAP) accredits independent testing labs to perform FIPS 140 testing. The CMVP reviews and validates modules tested against FIPS
140 criteria. Validated is the term given to a module that has successfully gone through this FIPS 140
validation process. Validated modules receive a validation certificate that is posted on the CMVP’s website. More information is available on the CMVP website at: https://csrc.nist.gov/projects/cryptographic-module-validation-program.
This non-proprietary cryptographic module Security Policy for Cohesity Cryptographic Module for Java from Cohesity, Inc. (Cohesity) provides an overview of the product and a high-level description of how it meets the security requirements of FIPS 140-3. This document includes details on the module’s cryptographic capabilities, services, sensitive security parameters, and self-tests. This Security Policy also includes guidance on operating the module while maintaining compliance with FIPS 140-3. Cohesity Cryptographic Module for Java may also be referred to as “the module” in this document.
The Cohesity website (https://cohesity.com/) contains information on Cohesity services and products. The CMVP website maintains this FIPS 140 certificate for Cohesity and the certificate includes Cohesity contact information.
This document may be freely reproduced and distributed, but only in its entirety and without modification. Document Version 1.1 ©Cohesity, Inc.
| Name | ISO Section | Level | ||
|---|---|---|---|---|
| Section 1 – General Information | Section 1 – General Information | 1 | ||
| Section 2 – Cryptographic Module Specification | Section 2 – Cryptographic Module Specification | 1 | ||
| Section 3 – Cryptographic Module Interfaces | Section 3 – Cryptographic Module Interfaces | 1 | ||
| Section 4 – Roles, Services, and Authentication | Section 4 – Roles, Services, and Authentication | 1 | ||
| Section 5 – Software/Firmware Security | Section 5 – Software/Firmware Security | 1 | ||
| Section 6 – Operational Environment | Section 6 – Operational Environment | 1 | ||
| Section 7 – Physical Security | Section 7 – Physical Security | N/A | ||
| Section 8 – Non-Invasive Security | Section 8 – Non-Invasive Security | N/A | ||
| Section 9 – Sensitive Security Parameter Management | Section 9 – Sensitive Security Parameter Management | 1 | ||
| Section 10 – Self-Tests | Section 10 – Self-Tests | 1 | ||
| Section 11 – Life-Cycle Assurance | Section 11 – Life-Cycle Assurance | 1 | ||
| Section 12 – Mitigation of Other Attacks | Section 12 – Mitigation of Other Attacks | 1 |
Table 1 lists the module’s level of validation for each area in FIPS 140-3. Table 1 - Security Levels N/A N/A Document Version 1.1 ©Cohesity, Inc.
Purpose and Use: Cohesity Cryptographic Module for Java delivers core cryptographic functions for use in various Cohesity products. The module delivers cryptographic services to host applications through a Java language Application Programming Interface (API). Module Type: Software Module Embodiment: Multi-Chip Stand Alone Cryptographic Boundary: The cryptographic boundary is the Java Archive (JAR) file, ccj-4.0.0.jar. The module is the only component within the cryptographic boundary and the only component that carries out cryptographic functions covered by FIPS 140-3. The module classes are executed on the Java Virtual Machine (JVM) using the classes of the Java Runtime Environment (JRE). The JVM is the interface to the computer’s Operating System (OS), which is the interface to the various physical components of the general purpose computer (GPC). As a software cryptographic module, the module operates within the Tested Operational Environment’s Physical Perimeter (TOEPP). The TOEPP physical perimeter is the physical perimeter of the GPC that the module operates on. The TOEPP includes the JVM/JRE, OS, and the GPC. The TOEPP includes the Operational Environment (OE) that the module operates in, the module itself, and all other applications that operate within the OE, including the host application for the module. The external entropy source used by the module is also within the TOEPP. The module’s block diagram is provided in Figure 1, which shows the cryptographic boundary and the logical relationship of the cryptographic module to the other software and hardware components of the TOEPP. The module’s logical interfaces are defined by its API. Document Version 1.1 ©Cohesity, Inc.
| Name | Firmware Version | Package | Integrity Test |
|---|---|---|---|
| Names | Version | Names | Implemented |
| ccj-4.0.0.jar | 4.0.0 | ccj-4.0.0.jar | HMAC-SHA-256 |
Figure 1 - Module Block Diagram
Tested Module Identification
| Name | Operating System | Hardware Platform |
|---|---|---|
| Environment v17 on | Environment v17 on | PowerEdge |
| VMware Photon OS 5.0 | VMware Photon OS 5.0 | R830 |
Confirming the Module Checksum, Functionality, and Versioning The module checksum, functionality, and versioning can be confirmed by executing the command: java -cp ccj-4.0.0.jar com.safelogic.cryptocomply.util.DumpInfo which should display: Version Info: CryptoComply® for Java version v4.0.0 FIPS Ready Status: READY Module SHA-256 HMAC: c5f6e9c3593f67ea87f08b91590c7531c53ac2540685b921807c9e82581911ee This display indicates that the JAR represents the software release ccj-4.0.0, that it has successfully passed all its startup tests, and that the software release is confirmed to have the HMAC listed above. Tested Operational Environments - Software, Firmware, Hybrid: The module operates in a modifiable operational environment under the FIPS 140-3 definitions. The cryptographic module was tested on the following operational environments on the GPC platforms detailed in Table 3. Table 3 - Tested Operational Environments
| Name | Operating System | Hardware Platform | # 1. | |||
|---|---|---|---|---|---|---|
| 2. | 2. | Java SE Runtime Environment v8 on Solaris 10.1 U11 | Solaris Sparc | |||
| 3. | Java SE Runtime Environment v8 on Solaris 10.1 U11 | Solaris x86_64 | 3. | |||
| 4. | 4. | Java SE Runtime Environment v8 on IBM AIX 7.1 TL4 | IBM Power Series | |||
| 5. | Java SE Runtime Environment v11 on Rocky 9 | Dell Optiplex 755 | 5. | |||
| 6. | 6. | Java SE Runtime Environment v11 on Solaris 10.1 U11 | Solaris Sparc | |||
| 7. | Java SE Runtime Environment v11 on Solaris 10.1 U11 | Solaris x86_64 | 7. | |||
| 8. | 8. | Java SE Runtime Environment v11 on IBM AIX 7.1 TL4 | IBM Power Series | |||
| 9. | Java SE Runtime Environment v17 on Rocky 9 | Dell Optiplex 755 | 9. | |||
| 10. | 10. | Java SE Runtime Environment v17 on Solaris 10.1 U11 | Solaris Sparc | |||
| 11. | Java SE Runtime Environment v17 on Solaris 10.1 U11 | Solaris x86_64 | 11. | |||
| 12. | 12. | Java SE Runtime Environment v17 on IBM AIX 7.1 TL4 | IBM Power Series | |||
| 13. | Java SE Runtime Environment v21 on Rocky 9 | Dell Optiplex 755 | 13. | |||
| 14. | 14. | Java SE Runtime Environment v21 on Solaris 10.1 U11 | Solaris Sparc | |||
| 15. | Java SE Runtime Environment v21 on Solaris 10.1 U11 | Solaris x86_64 | 15. | |||
| 16. | 16. | Java SE Runtime Environment v21 on IBM AIX 7.1 TL4 | IBM Power Series | |||
| 17. | Generic Hardware | 17. | Java SE Runtime Environment v8 (1.8) with HP-UX | |||
| 18. | 18. | Java SE Runtime Environment v11 (1.11) with HP-UX | Generic Hardware Platform | |||
| 19. | Generic Hardware | 19. | Java SE Runtime Environment v17 (1.17) with HP-UX | |||
| 20. | 20. | Java SE Runtime Environment v21 (21) with HP-UX | Generic Hardware Platform | |||
| 21. | Generic Hardware | 21. | Java SE Runtime Environment v8 (1.8) with Linux CentOS | |||
| 22. | 22. | Java SE Runtime Environment v11 (1.11) with Linux CentOS | Generic Hardware Platform | |||
| 23. | Generic Hardware | 23. | Java SE Runtime Environment v17 (1.17) with Linux CentOS | |||
| 24. | 24. | Java SE Runtime Environment v21 (21) with Linux CentOS | Generic Hardware Platform | |||
| 25. | Java SE Runtime Environment v8 (1.8) with Red Hat Enterprise | Generic Hardware | 25. | |||
| Linux | Linux | Platform | ||||
| 26. | 26. | Java SE Runtime Environment v11 (1.11) with Red Hat Enterprise Linux | Generic Hardware Platform | |||
| 27. | Java SE Runtime Environment v17 (1.17) with Red Hat Enterprise | Generic Hardware | 27. | |||
| Linux | Linux | Platform | ||||
| 28. | 28. | Java SE Runtime Environment v21 (21) with Red Hat Enterprise Linux | Generic Hardware Platform | |||
| 29. | Generic Hardware | 29. | Java SE Runtime Environment v8 (1.8) with Linux Debian | |||
| 30. | 30. | Java SE Runtime Environment v11 (1.11) with Linux Debian | Generic Hardware Platform | |||
| 31. | Generic Hardware | 31. | Java SE Runtime Environment v17 (1.17) with Linux Debian | |||
| 32. | 32. | Java SE Runtime Environment v21 (21) with Linux Debian | Generic Hardware Platform | |||
| 33. | Generic Hardware | 33. | Java SE Runtime Environment v8 (1.8) with Linux Fedora | |||
| 34. | 34. | Java SE Runtime Environment v11 (1.11) with Linux Fedora | Generic Hardware Platform | |||
| 35. | Generic Hardware | 35. | Java SE Runtime Environment v17 (1.17) with Linux Fedora | |||
| 36. | 36. | Java SE Runtime Environment v21 (21) with Linux Fedora | Generic Hardware Platform | |||
| 37. | Generic Hardware | 37. | Java SE Runtime Environment v8 (1.8) with Linux Oracle RHC | |||
| 38. | 38. | Java SE Runtime Environment v11 (1.11) with Linux Oracle RHC | Generic Hardware Platform | |||
| 39. | Generic Hardware | 39. | Java SE Runtime Environment v17 (1.17) with Linux Oracle RHC | |||
| 40. | 40. | Java SE Runtime Environment v21 (21) with Linux Oracle RHC | Generic Hardware Platform | |||
| 41. | Generic Hardware | 41. | Java SE Runtime Environment v8 (1.8) with Linux Oracle UEK | |||
| 42. | 42. | Java SE Runtime Environment v11 (1.11) with Linux Oracle UEK | Generic Hardware Platform | |||
| 43. | Generic Hardware | 43. | Java SE Runtime Environment v17 (1.17) with Linux Oracle UEK | |||
| 44. | 44. | Java SE Runtime Environment v21 (21) with Linux Oracle UEK | Generic Hardware Platform | |||
| 45. | Generic Hardware | 45. | Java SE Runtime Environment v17 (1.8) with Linux Photon | |||
| 46. | 46. | Java SE Runtime Environment v11 (1.11) with Linux Photon | Generic Hardware Platform | |||
| 47. | Generic Hardware | 47. | Java SE Runtime Environment v17 (1.17) with Linux Photon | |||
| 48. | 48. | Java SE Runtime Environment v21 (21) with Linux Photon | Generic Hardware Platform | |||
| 49. | Java SE Runtime Environment v8 (1.8) with Linux SUSE | Generic Hardware | 49. | Java SE Runtime Environment v8 (1.8) with Linux SUSE | 49. | |
| 50. | 50. | Java SE Runtime Environment v11 (1.11) with Linux SUSE | Generic Hardware Platform | |||
| 51. | Generic Hardware | 51. | Java SE Runtime Environment v17 (1.17) with Linux SUSE | |||
| 52. | 52. | Java SE Runtime Environment v21 (21) with Linux SUSE | Generic Hardware Platform | |||
| 53. | Generic Hardware | 53. | Java SE Runtime Environment v8 (1.8) with Linux Ubuntu | |||
| 54. | 54. | Java SE Runtime Environment v11 (1.11) with Linux Ubuntu | Generic Hardware Platform | |||
| 55. | Generic Hardware | 55. | Java SE Runtime Environment v17 (1.17) with Linux Ubuntu | |||
| 56. | 56. | Java SE Runtime Environment v21 (21) with Linux Ubuntu | Generic Hardware Platform | |||
| 57. | Generic Hardware | 57. | Java SE Runtime Environment v8 (1.8) with Mac OS X | |||
| 58. | 58. | Java SE Runtime Environment v11 (1.11) with Mac OS X | Generic Hardware Platform | |||
| 59. | Generic Hardware | 59. | Java SE Runtime Environment v8 (1.8) with Microsoft Windows | |||
| 60. | 60. | Java SE Runtime Environment v11 (1.11) with Microsoft Windows | Generic Hardware Platform | |||
| 61. | Generic Hardware | 61. | Java SE Runtime Environment v17 (1.17) with Microsoft Windows | |||
| 62. | 62. | Java SE Runtime Environment v21 (21) with Microsoft Windows | Generic Hardware Platform | |||
| 63. | Java SE Runtime Environment v8 (1.8) with Microsoft Windows | Generic Hardware | 63. | |||
| Server | Server | Platform | ||||
| 64. | 64. | Java SE Runtime Environment v11 (1.11) with Microsoft Windows Server | Generic Hardware Platform | |||
| 65. | Java SE Runtime Environment v17 (1.17) with Microsoft Windows | Generic Hardware | 65. | |||
| Server | Server | Platform | ||||
| 66. | 66. | Java SE Runtime Environment v21 (21) with Microsoft Windows Server | Generic Hardware Platform | |||
| 67. | Generic Hardware | 67. | Java SE Runtime Environment v8 (1.8) with Microsoft Windows XP | |||
| 68. | 68. | Java SE Runtime Environment v11 (1.11) with Microsoft Windows XP | Generic Hardware Platform | |||
| 69. | Java SE Runtime Environment v17 (1.17) with Microsoft Windows | Generic Hardware | 69. | |||
| XP | XP | Platform | ||||
| 70. | 70. | Java SE Runtime Environment v21 (21) with Microsoft Windows XP | Generic Hardware Platform | |||
| 71. | Generic Hardware | 71. | Java SE Runtime Environment v8 (1.8) with Solaris | |||
| 72. | 72. | Java SE Runtime Environment v11 (1.11) with Solaris | Generic Hardware Platform | |||
| 73. | Generic Hardware | 73. | Java SE Runtime Environment v17 (1.17) with Solaris | |||
| 74. | 74. | Java SE Runtime Environment v21 (21) with Solaris | Generic Hardware Platform | |||
| 75. | Generic Hardware | 75. | Java SE Runtime Environment v8 (1.8) with AIX | |||
| 76. | 76. | Java SE Runtime Environment v11 (1.11) with AIX | Generic Hardware Platform | |||
| 77. | Generic Hardware | 77. | Java SE Runtime Environment v17 (1.17) with AIX | |||
| 78. | 78. | Java SE Runtime Environment v21 (21) with AIX | Generic Hardware Platform | |||
| 79. | Generic Hardware | 79. | Java SE Runtime Environment v17 (1.17) with Red Hat Enterprise Linux | |||
| 80. | 80. | Java SE Runtime Environment v21 (21) with Red Hat Enterprise Linux | Generic Hardware Platform with Intel Cascade Lakes | |||
| 81. | Generic Hardware | 81. | Java SE Runtime Environment v17 (1.17) with Red Hat Enterprise Linux | |||
| 82. | 82. | Java SE Runtime Environment v21 (21) with Red Hat Enterprise Linux | Generic Hardware Platform with Intel Sapphire Rapids | |||
| 83. | Generic Hardware | 83. | Java SE Runtime Environment v17 (1.17) with Ubuntu | |||
| 84. | 84. | Java SE Runtime Environment v21 (21) with Ubuntu | Generic Hardware Platform with Intel Cascade Lakes | |||
| 85. | Generic Hardware | 85. | Java SE Runtime Environment v17 (1.17) with Ubuntu | |||
| 86. | 86. | Java SE Runtime Environment v21 (21) with Ubuntu | Generic Hardware Platform with Intel Sapphire Rapids | |||
| 87. | Generic Hardware | 87. | Java SE Runtime Environment v17 (1.17) with ClevOS | |||
| 88. | 88. | Java SE Runtime Environment v21 (21) with ClevOS | Generic Hardware Platform with Intel Cascade Lakes | |||
| 89. | Java SE Runtime Environment v17 (1.17) with ClevOS | Generic Hardware | 89. | Java SE Runtime Environment v17 (1.17) with ClevOS | 89. | |
| 90. | 90. | Java SE Runtime Environment v21 (21) with ClevOS | Generic Hardware Platform with Intel Sapphire Rapids | |||
| 91. | Generic Hardware | 91. | Java SE Runtime Environment v17 (1.17) with ClevOS | |||
| 92. | 92. | Java SE Runtime Environment v21 (21) with ClevOS | Generic Hardware Platform with Intel Haswell | |||
| 93. | Generic Hardware | 93. | Java SE Runtime Environment v17 (1.17) with ClevOS | |||
| 94. | 94. | Java SE Runtime Environment v21 (21) with ClevOS | Generic Hardware Platform with Intel Broadwell |
# Document Version 1.1 ©Cohesity, Inc.
# Document Version 1.1 ©Cohesity, Inc.
# Document Version 1.1 ©Cohesity, Inc.
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- approved mode | Permits operations that are not approved | CryptoServicesRegistrar.IsInApprovedOnlyMode() can be called to determine the mode of operation. This method will return false for non- approved mode. | Non- Approved |
Not applicable. Modes List and Description: Table 5 - Modes of Operation Nonapproved NonApproved Mode Change Instructions and Status: In default operation the module will start with all algorithms and services enabled. If the module detects that the system property com.safelogic.cryptocomply.fips.approved_only is set to true the module will start in approved mode and non-approved mode functionality will not be available. Document Version 1.1 ©Cohesity, Inc.
| Name | CAVP Cert | Properties | Use Function | Reference | ||||
|---|---|---|---|---|---|---|---|---|
| AES | A6047 | Modes: CBC, CFB8, CFB128, CTR, ECB, FF1, OFB Key sizes: 128, 192, 256 bits | Encryption, Decryption | AES | A6047 | AES [FIPS 197, | ||
| AES CBC Ciphertext Stealing (CS) | Modes: CBC-CS1, CBC-CS2, CBC-CS3 Key sizes: 128, 192, 256 bits | Encryption, Decryption | [Addendum to SP 800-38A, Oct 2010] | AES CBC Ciphertext Stealing (CS) | A6047 | |||
| AES CCM | Key sizes: 128, 192, 256 bits | [SP 800-38C] | AES CCM | A6047 | Generation, | |||
| AES CMAC | Key sizes: 128, 192, 256 bits | Generation, Authentication | [SP 800-38B] | AES CMAC | A6047 | |||
| AES GCM/GMAC1 | Key sizes: 128, 192, 256 bits | [SP 800-38D] | AES GCM/GMAC1 | A6047 | Generation, | |||
| AES KW, KWP (KTS: Key Wrapping Using AES2) | Modes: AES KW, KWP Key sizes: 128, 192, 256 bits (key establishment methodology providing 128, 192 or 256 bits of encryption strength) | Key Wrapping | AES KW, KWP (KTS: Key Wrapping Using AES2) | A6047 | [SP 800-38F] | |||
| DRBG, Counter | AES 128, AES 192, AES 256 | A6047 | [SP 800-90Ar1] | Random Bit | ||||
| DRBG | Generation | |||||||
| DRBG, Hash DRBG | SHA sizes: SHA-1, SHA-224, SHA-256, SHA-384, SHA2-512, SHA-512/224, SHA2-512/256 | Random Bit Generation | DRBG, Hash DRBG | A6047 | [SP 800-90Ar1] | |||
| DRBG, HMAC DRBG | Random Bit Generation | SHA sizes: SHA-1, SHA-224, | DRBG, HMAC DRBG | A6047 | [SP 800-90Ar1] | |||
| DSA3 | Key sizes: 10244, 2048, 3072 bits | Key Pair Generation, PQG Generation, PQG Verification, Signature Generation, Signature Verification | DSA3 | A6047 | [FIPS 186-4] | |||
| ECDSA | Curves/Key sizes: P-224, P-256, P-384, P-521, K-233, K-283, K- 409, K-571, B-233, B-283, B- 409, B-571 | ECDSA | A6047 | [FIPS 186-5] | Key | |||
| ECDSA | Curves/Key sizes: P-192, K-163, B-1635 | Key Verification, Signature Verification | ECDSA | A6047 | [FIPS 186-4] |
The module optionally uses the Java SecurityManager. If the underlying JVM is running with a Java SecurityManager installed the module starts in approved mode by default with secret and private key export disabled. When the module is not used within the context of the Java SecurityManager, it will start by default in the non-approved mode. Refer to Security Policy Section 11.3 for additional information about the Java SecurityManager. Refer to Security Policy Section 11.4.1 for additional information on the module’s mode of operation rules.
The module implements the algorithms specified in the tables below. The module supports both an Approved mode and a Non-approved mode of operation. Please see Security Policy Section 2.4 for additional details on the modes of operation and the configuration of the Approved mode of operation. Please see Security Policy Section 11.1 for Initialization steps.
The module implements the following approved algorithms that have been tested by the Cryptographic Algorithm Validation Program (CAVP). There are algorithms, modes, and keys that have been CAVP tested but not used by the module. Only the algorithms, modes/methods, and key lengths/curves/moduli shown in this table are used by the module. Table 6 - Approved Algorithms, CAVP Tested GCM encryption with an internally generated IV, see Security Policy Section 2.6.1 concerning external IVs. IV generation is compliant with IG C.H. Document Version 1.1 ©Cohesity, Inc.
Keys are not established directly into the module using key agreement or key transport algorithms. DSA signature generation with SHA-1 is only for use with protocols. Key size only used for Signature Verification Legacy testing for signatures not specified under FIPS 186-5. Document Version 1.1 ©Cohesity, Inc.
| Name | CAVP Cert | Properties | Use Function | Reference | Algorithm Properties | ||
|---|---|---|---|---|---|---|---|
| HMAC | A6047 | SHA sizes: SHA-1, SHA-224, | Generation, Authentication | [FIPS 198-1] | HMAC | A6047 | |
| KAS-ECC6 | Key Agreement | [SP 800-56Ar3] | KAS-ECC6 | A6047 | Domain Parameter Generation Methods/Schemes: P-224, P-256, P-384, P-521, K- 233, K-283, K-409, K-571, B- 233, B-283, B-409, B-571 ephemeralUnified, fullMqv, fullUnified, onePassDh, onePassMqv, onePassUnified, staticUnified Curves specified above providing between 112 and 256 bits of encryption strength | ||
| KAS-FFC6 | Domain Parameter Generation | Key Agreement | [SP 800-56Ar3] | KAS-FFC6 | A6047 | ||
| KAS-IFC | Key Agreement | [SP 800-56Br2, Section 7.2.1] | KAS-IFC | A6047 | RSASVE with, and without, key confirmation. Key sizes: 2048, 3072, 4096 providing between 112 and 152 bits of encryption strength | ||
| KDA, HKDF | A6047 | PRFs: HMAC-SHA-1, HMAC | Key Derivation | [SP 800-56Cr2] | KDA, HKDF | A6047 | |
| KDA, One Step | Key Derivation | [SP 800-56Cr2] | KDA, One Step | A6047 | PRFs: SHA-1, SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA-512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3-512, HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA- 256, HMAC-SHA-384, HMAC- SHA-512, HMAC-SHA-512/224, HMAC-SHA-512/256, HMAC- SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3- 512, KMAC-128, KMAC-256 | ||
| KDA, Two Step | PRFs: HMAC-SHA-1, HMAC- | Key Derivation | [SP 800-56Cr2] | KDA, Two Step | A6047 | ||
| KDF, using Pseudorandom Functions7 | Key Derivation | [SP 800-108] | KDF, using Pseudorandom Functions7 | A6047 | Modes: Counter Mode, Feedback Mode, Double- Pipeline Iteration Mode Types: CMAC-based KBKDF with AES (128, 192, 256) HMAC-based KBKDF with SHA- 1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 |
Keys are not established directly into the module using key agreement or key transport algorithms. Document Version 1.1 ©Cohesity, Inc.
Note: CAVP testing is not provided for use of the PRFs SHA-512/224 and SHA-512/256. These must not be used in approved mode. Document Version 1.1 ©Cohesity, Inc.
| Name | CAVP Cert | Properties | Use Function | Reference | ||||
|---|---|---|---|---|---|---|---|---|
| KDF, Existing | CVL | [SP 800-135r1] | KDF, Existing Application- Specific8 | CVL A6047 | ANSI X9.63 KDF | Key Derivation | ||
| Application- | A6047 | Can be used | ||||||
| Specific8 | along with KAS- | |||||||
| KDF, Existing Application- Specific8 | IKEv2 KDF SHA sizes: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 | Key Derivation | [SP 800-135r1] | KDF, Existing Application- Specific8 | CVL A6047 | |||
| KDF, Existing | SNMP KDF Password Length: 64, 8192 | Key Derivation | [SP 800-135r1] | CVL A6047 | ||||
| KDF, Existing Application- Specific8 | SRTP KDF AES: 128, 192, 256 | Key Derivation | [SP 800-135r1] | KDF, Existing Application- Specific8 | CVL A6047 | |||
| KDF, Existing Application- Specific8 | Key Derivation | [SP 800-135r1] | KDF, Existing Application- Specific8 | CVL A6047 | SSH KDF | |||
| KDF, Existing Application- Specific8 | TLS v1.0/1.1 KDF SHA sizes: SHA2-256, SHA2- 384, SHA2-512 | Key Derivation | [SP 800-135r1] | KDF, Existing Application- Specific8 | CVL A6047 | |||
| KDF, Existing Application- Specific8 | Key Derivation | [SP 800-135r1] | KDF, Existing Application- Specific8 | CVL A6047 | TLS 1.2 KDF | |||
| KTS-IFC | RSA-OAEP with, and without, key confirmation. Key sizes: 2048, 3072, 4096 providing between 112 and 152 bits of encryption strength Key Generation Method: rsakpg2-crt | Key Transport | [SP 800-56Br2, Section 7.2.2] | KTS-IFC | A6047 | |||
| PBKDF, Password- based | Key Derivation | [SP 800-132] | PBKDF, Password- based | A6047 | Options: PBKDF with Option 1a | |||
| RSA | Key sizes: 2048, 3072, 4096 | Key Pair Generation | [FIPS 186-5, ANSI X9.31- 1998 and PKCS #1 v2.1 (PSS and PKCS1.5)] | RSA | A6047 | |||
| RSA | A6047 | Key sizes: 2048, 3072, 4096 | Signature Generation | [FIPS 186-5, | RSA | A6047 | ||
| RSA | Key sizes: 2048, 3072, 4096 | Signature Generation | RSA | A6047 | [FIPS 186-4, ANSI X9.31- 1998] | |||
| RSA | Key sizes: 2048, 3072, 4096 | Signature Verification | [FIPS 186-5, | RSA | A6047 | |||
| RSA | Key sizes: 1024, 2048, 3072, 40969 | Signature Verification | RSA | A6047 | [FIPS 186-4, ANSI X9.31- 1998 and PKCS #1 v2.1 (PSS and PKCS1.5)] | |||
| RSA | Key sizes: 1024, 1536, 2048, 3072, 4096 | Signature Verification | [FIPS 186-2, | RSA | A6047 | |||
| RSA Decryption Primitive | Key size: 2048 | Component Test | RSA Decryption Primitive | CVL A6047 | [SP 800-56Br2] | |||
| RSA Signature Primitive | Key size: 2048 | RSA Signature Primitive | CVL A6047 | [FIPS 186-4] | Component | |||
| Safe Primes | Parameter sets: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP- 2048, MODP-3072, MODP- 4096, MODP-6144, MODP- 8192 | Key Generation, Key Verification | Safe Primes | A6047 | [SP 800-56Ar3] | |||
| SHA-3, SHAKE | SHA3-224, SHA3-256, SHA3- 384, SHA3-512, SHAKE128, SHAKE256 | SHA-3, SHAKE | A6047 | [FIPS 202] | Digital |
ApplicationSpecific8 ApplicationSpecific8 ApplicationSpecific8 ApplicationSpecific8 ApplicationSpecific8 ApplicationSpecific8 ApplicationSpecific8 PBKDF, Passwordbased No parts of the protocols (TLS, SNMPv3, SSHv2, X9.63, IKEv2, SRTP), other than the approved cryptographic algorithms and the KDFs, have been reviewed or tested by the CAVP and CMVP Document Version 1.1 ©Cohesity, Inc.
Legacy testing for signatures not specified under FIPS 186-5 (all moduli for ANSI X9.31, and testing with 1024 or Document Version 1.1 ©Cohesity, Inc.
| Name | Properties | Use Function | Reference | Use/Function | Implementation | ||
|---|---|---|---|---|---|---|---|
| SHA-3 Derived Functions | Types: cSHAKE-128, cSHAKE- 256, KMAC-128, KMAC-256, ParallelHash-128, ParallelHash- 256, TupleHash-128, TupleHash-256 | [SP 800-185] | SHA-3 Derived Functions | A6047 | Digital Signature Generation, Digital Signature Verification, non-Digital Signature Applications | ||
| SHS | SHA sizes: SHA-1, SHA-224, | Digital | [FIPS 180-4] | SHS | A6047 | ||
| SHA-256, SHA-384, SHA-512, | SHA-256, SHA-384, SHA-512, | Signature | |||||
| CKG | Used for the | [SP 800-133r2] | CKG | Used for the generation of symmetric keys and asymmetric seeds | Other Cryptographic key generation | ||
| symmetric keys and | symmetric keys and | CKG using output from DRBG, | |||||
| asymmetric seeds | asymmetric seeds | Vendor Affirmed per IG D.H. |
| Name | Properties | Use Function | Reference | Use/Function | Implementation | ||
|---|---|---|---|---|---|---|---|
| SHA-3 Derived Functions | Types: cSHAKE-128, cSHAKE- 256, KMAC-128, KMAC-256, ParallelHash-128, ParallelHash- 256, TupleHash-128, TupleHash-256 | [SP 800-185] | SHA-3 Derived Functions | A6047 | Digital Signature Generation, Digital Signature Verification, non-Digital Signature Applications | ||
| SHS | SHA sizes: SHA-1, SHA-224, | Digital | [FIPS 180-4] | SHS | A6047 | ||
| SHA-256, SHA-384, SHA-512, | SHA-256, SHA-384, SHA-512, | Signature | |||||
| CKG | Used for the | [SP 800-133r2] | CKG | Used for the generation of symmetric keys and asymmetric seeds | Other Cryptographic key generation | ||
| symmetric keys and | symmetric keys and | CKG using output from DRBG, | |||||
| asymmetric seeds | asymmetric seeds | Vendor Affirmed per IG D.H. |
Table 7 - Vendor Affirmed Algorithms
| Name | Use Function | Use/Function | Algorithm |
|---|---|---|---|
| MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake | |
| AES (non-compliant10) | Non-approved modes for AES | AES (non-compliant10) | |
| ARC4 (RC4) | ARC4/RC4 stream cipher | ||
| Blowfish | Blowfish block cipher | Blowfish | |
| Camellia | Camellia block cipher | ||
| CAST5 | CAST5 block cipher | CAST5 | |
| ChaCha20 | ChaCha20 stream cipher | ||
| ChaCha20-Poly1305 | AEAD ChaCha20 using Poly1305 as the MAC | ChaCha20-Poly1305 | |
| DES | DES block cipher | ||
| Diffie-Hellman KAS (non-compliant11) | non-compliant key agreement methods | Diffie-Hellman KAS (non-compliant11) | |
| DSA (non-compliant12) | non-FIPS digest signatures using DSA | ||
| DSTU4145 | DSTU4145 EC algorithm | DSTU4145 | |
| ECDSA (non-compliant13) | non-FIPS digest signatures using ECDSA | ||
| EdDSA | Ed25519 and Ed448 signature algorithms | EdDSA | |
| ElGamal | ElGamal key transport algorithm | ||
| FF3-1 | Format Preserving Encryption – AES FF3-1 | FF3-1 | |
| GOST28147 | GOST-28147 block cipher | ||
| GOST3410-1994 | GOST-3410-1994 algorithm | GOST3410-1994 | |
| GOST3410-2001 | GOST-3410-2001 EC algorithm | ||
| GOST3410-2012 | GOST-3410-2012 EC algorithm | GOST3410-2012 | |
| GOST3411 | GOST-3411-1994 message digest | ||
| GOST3411-2012-256 | GOST-3411-2012 256-bit message digest | GOST3411-2012-256 | |
| GOST3411-2012-512 | GOST-3411-2012 512-bit message digest | ||
| HMAC-GOST3411 | GOST-3411 HMAC | HMAC-GOST3411 | |
| HMAC-MD5 | MD5 HMAC | ||
| HMAC-RIPEMD128 | RIPEMD128 HMAC | HMAC-RIPEMD128 | |
| HMAC-RIPEMD160 | RIPEMD160 HMAC | ||
| HMAC-RIPEMD256 | RIPEMD256HMAC | HMAC-RIPEMD256 | |
| HMAC-RIPEMD320 | RIPEMD320 HMAC | ||
| HMAC-TIGER | TIGER HMAC | ||
| HMAC-WHIRLPOOL | WHIRLPOOL HMAC | ||
| HSS | HSS signature scheme (RFC 8708) | HSS | |
| IDEA | IDEA block cipher | ||
| KAS14 using SHA-512/224 or SHA-512/256 | Key Agreement using SHA-512/224 and SHA- | KAS14 using SHA-512/224 or SHA-512/256 | |
| (non-compliant) | 512/256 based KDFs | (non-compliant) | |
| KBKDF using SHA-512/224 or SHA-512/256 (non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA- 512/256 | ||
| LMS | LMS signature scheme (RFC 8708) | LMS | |
| MD5 | MD5 message digest | ||
| OpenSSL PBKDF (non-compliant) | OpenSSL PBE key derivation scheme | OpenSSL PBKDF (non-compliant) | |
| PKCS#12 PBKDF (non-compliant) | PKCS#12 PBE key derivation scheme | ||
| PKCS#5 Scheme 1 PBKDF (non-compliant) | PKCS#5 PBE key derivation scheme | PKCS#5 Scheme 1 PBKDF (non-compliant) | |
| Poly1305 | Poly1305 message MAC | ||
| PRNG X9.31 | X9.31 PRNG | PRNG X9.31 | |
| RC2 | RC2 block cipher | ||
| RIPEMD128 | RIPEMD128 message digest | RIPEMD128 | |
| RIPEMD160 | RIPEMD160 message digest | ||
| RIPEMD256 | RIPEMD256 message digest | RIPEMD256 | |
| RIPEMD320 | RIPEMD320 message digest | ||
| RSA (non-compliant15) | Non-compliant RSA signature schemes | RSA (non-compliant15) | |
| RSA KTS (non-compliant16) | Non-compliant RSA key transport schemes | ||
| SCrypt (non-compliant) | SCrypt using non-compliant PBKDF2 | SCrypt (non-compliant) | |
| SEED | SEED block cipher | ||
| Serpent | Serpent block cipher | Serpent | |
| SipHash | SipHash MAC | ||
| SHACAL-2 | SHACAL2 block cipher | SHACAL-2 | |
| TIGER | TIGER message digest | ||
| Triple-DES | Triple-DES cipher | Triple-DES | |
| Twofish | Twofish block cipher | ||
| WHIRLPOOL | WHIRLPOOL message digest | ||
| XDH | X25519 and X448 key agreement algorithms |
Not applicable. These algorithms are Allowed in Approved mode. Table 9 - Non-Approved, Not Allowed Algorithms Support for additional modes of operation. Support for additional key sizes and the establishment of keys of less than 112 bits of security strength. Deterministic signature calculation, support for additional digests, and key sizes. Deterministic signature calculation, support for additional digests, and key sizes. Document Version 1.1 ©Cohesity, Inc.
Keys are not directly established into the module using key agreement or transport techniques. Document Version 1.1 ©Cohesity, Inc.
IVs for GCM can be generated randomly, or via a FipsNonceGenerator. IV generation is compliant with IG C.H. Where an IV is not generated within the module the module supports the importing of GCM IVs. In approved mode, importing a GCM IV for encryption that originates from outside the module is nonconformant. In approved mode, when a GCM IV is generated randomly, the module enforces the use of an approved DRBG in line with Section 8.2.2 of SP 800-38D. Support for additional digests and signature formats, PKCS#1 1.5 key wrapping, support for additional key sizes. Support for additional key sizes and the establishment of keys of less than 112 bits of security strength. Document Version 1.1 ©Cohesity, Inc.
In approved mode, when a GCM IV is generated using the FipsNonceGenerator, a counter is used as the basis for the nonce and the IV is generated in accordance with TLS protocol. Rollover of the counter in the FipsNonceGenerator will result in an IllegalStateException indicating the FipsNonceGenerator is exhausted and (as per IG C.H) where used for TLS 1.2, rollover will terminate any TLS session in process using the current key and the exception can only be recovered from by using a new handshake and creating a new FipsNonceGenerator. A service indicator for IV usage is provided in the module through Java logging. Setting the logging level to Level.FINE for the named logger com.safelogic.cryptocomply.jcajce.provider.BaseCipher will produce a log message when an IV which may have been produced outside the module and/or not from a compliant source is detected. The log message will be of the standard form including the detail: FINE: Passed in GCM nonce detected: <IV value> where <IV value> is a HEX representation of the IV in use. Setting the logging level to Level.FINER will produce an additional log message for any GCM IV which is used if the previous Level.FINE message is not activated. Log messages in this case will show the detail as: FINER: GCM nonce detected: <IV value> where <IV value> is a HEX representation of the IV in use. Per IG C.H, this Security Policy also states that in the event module power is lost and restored the consuming application must ensure that any of its AES GCM keys used for encryption or decryption are re-distributed. The AES GCM mode falls under:
2.6.2 Enforcement and Guidance for Use of the Approved PBKDF (IG D.N conformance)
The PBKDF aligns with Option 1a in Section 5.4 of SP 800-132. In line with the requirements for SP 800-132, keys generated using the approved PBKDF must only be used for storage applications. Any other use of the approved PBKDF is non-conformant. In approved mode the module enforces that any password used must encode to at least 14 bytes (112 bits) and that the salt is at least 16 bytes (128 bits) long. The iteration count associated with the PBKDF should be as large as practical. Document Version 1.1 ©Cohesity, Inc.
| FF1 | FF3-1 | ||||
|---|---|---|---|---|---|
| radix | in range of 2 … 216 | in range of 2 … 216 | |||
| radixminlen | ≥ 1,000,000 | ≥ 1,000,000 |
As the module is a general purpose software module, it is not possible to anticipate all the levels of use for the PBKDF, however a user of the module should also note that a password should at least contain enough entropy to be unguessable and also contain enough entropy to reflect the security strength required for the key being generated. In the event a password encoding is simply based on ASCII, a 14byte password is unlikely to contain sufficient entropy for most purposes. The standard set of printable characters only allows for as much as 6 bits of entropy per byte. For a 14-byte password, this yields a key that has been generated using 14 * 6 bits of entropy, giving only 84 bits of security, which is well below what is required for a key with the same level of hardness as a 112-bit one. Users are referred to Appendix A (Security Considerations) of SP 800-132 for further information on password, salt, and iteration count selection. The iteration count value is provided by the user and should be appropriate to the way the algorithm is being used. (The memory hard augmentation of PBKDF provided by SCRYPT uses an iteration count of 1). For straight PBKDF with no memory hard support, the iteration count provided by the user should be at point of maximum cost bearable by the user carrying out the key derivation in the normal course of usage. To ensure sufficient whitening of the password in both cases, the module enforces a salt size of
For users interested in introducing memory hardness as a layer on top of the PBKDF the SCrypt augmentation to PBDKF based on HMAC-SHA-256 (as described in RFC 7914) is also available in nonapproved mode.
To customize the output of the cSHAKE function, the cSHAKE algorithm permits the operator to input strings for the Function-Name input (N) and the Customization String (S). The Function-Name input (N) is reserved for values specified by NIST and should only be set to the appropriate NIST specified value. Any other use of N is non-conformant. The Customization String (S) is available to allow users to customize the cSHAKE function as they wish. The length of S is limited to the available size of a byte array in the JVM running the module.
The module supports both FF1 and, in non-approved mode, FF3-1 format preserving encryption. Both are modes of AES. Table 10 shows the parameter constraints applicable to the module's implementation, as required by IG C.J. Table 10 - SP 800-38G Format-Preserving Encryption Constraints Document Version 1.1 ©Cohesity, Inc.
| FF1 | FF3-1 | ||||
|---|---|---|---|---|---|
| minlen | ≥ 2 octets | 2 octets | |||
| maxlen | < 232 octets | 2 * floor(log (296)) octets radix | |||
| maxTlen | ≥ 0 octets | 8 octets (fixed) |
| Entropy Sources | Minimum | Details | ||
|---|---|---|---|---|
| number of bits | ||||
| of entropy | ||||
| Passive Entropy | 128 | 128 | As per FIPS 140-3 IG 9.3.A Section 2b, a minimum of 16 bytes (128 | |
| bits) is required from the source configured for seed generation for | ||||
| the JVM. The entropy reader will block until the seed generator has | ||||
| provided the minimum number of bytes. |
An attempt to use the FF1 or FF3-1 without meeting the radixminlen constraint or by exceeding maxlen will result in an IllegalArgumentException. Note: only FF1 should be used in approved mode.
As indicated under CAVP certificate A6047, the module supports TLS 1.2 KDF per RFC 5246, i.e. without using the extended master secret.
Approved HMAC algorithms can produce truncated versions of the specified HMAC. The right-most bits are truncated as per the NIST SP 800-107r1 (see also IG C.L and IG C.D).
The module does not include an entropy source. The module's use of an external Random Number Generator (RNG) is determined by the settings described in the subsections below. Table 11
The module makes use of the JVM's configured SecureRandom entropy source to provide entropy when required. The module will request entropy as appropriate to the security strength and seeding configuration for the DRBG that is using it and for the default DRBG will request a minimum of 256 bits of entropy. In approved mode the minimum amount of entropy that can be requested by a DRBG is 112 bits. The module will wait until the SecureRandom.generateSeed() returns the requested amount of entropy, blocking if necessary. Document Version 1.1 ©Cohesity, Inc.
The JVM’s entropy source can be configured through setting the security property securerandom.strongAlgorithms in the JVM's java.security file.
A user can instantiate the default Approved DRBG for the module explicitly by using SecureRandom.getInstance("DEFAULT", "CCJ"), or by using a CryptoComplyFipsProvider object instead of the provider name as appropriate. This will seed the Approved DRBG from the live entropy source of the JVM with a number of bits of entropy appropriate to the security level of the default Approved DRBG configured for the module. The JVM's entropy source is checked according to SP 800-90B, Section 4.4 using the suggested C values for the Repetition Count Test (Section 4.4.1) and the Adaptive Proportion Test (Section 4.4.2) by default. These values can also be configured using the security property com.safelogic.cryptocomply.entropy.factors. This property takes a comma separated list of C values: one for 4.4.1, one for 4.4.2, and a value of H. For the default, the property would be set as: com.safelogic.cryptocomply.entropy.factors: 4, 13, 8.0 in the java.security property file. An additional option is available using the Approved Hash DRBG and the process outlined in SP 800-90A, Section 8.6.5. This can be turned on by following the instructions in Section 2.3 of the User Guide. The two DRBGs are instantiated in a chain as a "Source DRBG" to seed the "Target DRBG" in accordance with Section 7 of Draft NIST SP 800-90C, where the Target DRBG is the default Approved DRBG used by the module. The initial seed and the subsequent reseeds for the DRBG chain come from the live entropy source configured for the JVM. The DRBG chain will reseed automatically by pausing for 20 requests (which will usually equate to 5120 bytes). An entropy gathering thread reseeds the DRBG chain when it has gathered sufficient entropy (currently 256 bits) from the live entropy source. Once reseeded, the request counter is reset and the reseed process begins again. The “Source DRBG” in the chain is internal to the module and inaccessible to the user to ensure it is only used for generating seeds for the default Approved DRBG of the module. The user shall ensure that the entropy source is configured per Section 2.7.1 of this Security Policy and will block, or fail, if it is unable to provide the amount of entropy requested.
The module performs Cryptographic Key Generation in conformance to FIPS 140-3 IG D.H. The CKG for symmetric keys and seeds used for generating asymmetric keys is performed as per Section 4 of the SP 800-133r2 (using the output of a random bit generator) and is compliant with FIPS 186-5 and SP 800Document Version 1.1 ©Cohesity, Inc.
90Ar1 for DRBG. The seed used in asymmetric key generation is the direct output of SP 800-90Ar1 DRBG. Refer to Section 9.1 of the Security Policy for SSP generation details.
The module does not perform automatic SSP establishment, it only provides the components to the calling application, which can be used in SSP establishment.
The module implements KDFs from SP 800-135r1 (Recommendation for Existing Application-Specific Key Derivation Functions). These KDFs have been validated by the CAVP and received CVL certificates (A6047). No parts of these protocols, other than the CAVP tested components, have been reviewed or tested by the CAVP and CMVP. Document Version 1.1 ©Cohesity, Inc.
| Name | Physical Port | Logical Interface | Data That Passes | |
|---|---|---|---|---|
| N/A | N/A | Data Output | API output parameters and return values – plaintext and/or ciphertext data. | |
| N/A | N/A | Control Input | API method calls – method calls or input parameters that | |
| N/A | N/A | Control Output | N/A, not implemented | |
| N/A | N/A | Status Output | API output parameters and return/error codes that provide | |
| N/A | N/A | Power | N/A for software modules |
As a software cryptographic module, the module supports logical interfaces only and not physical ports. All access to the module is through the module’s API. The API provides and defines the module’s logical interfaces. is also not applicable. The mapping of the FIPS 140-3 logical interfaces to the module is described in Table 12. Table 12
All interfaces are logically separated by the module’s API. When the module performs self-tests, is in an error state, is generating keys, or performing zeroization, the module prevents all output on the logical data output interface as only the thread performing the operation has access to the data. The module is single-threaded, and in an error state, the module does not return any output data, only an error value. Document Version 1.1 ©Cohesity, Inc.
| Name | Type | Strength | Operator Type | Authentication Type | |||||
|---|---|---|---|---|---|---|---|---|---|
| CO | Role | N/A | CO | Role | CO | CO | N/A – Authentication not | N/A | |
| User | User | Role | User | N/A | N/A – Authentication not required for Level 1 |
Not applicable. The module does not support authentication.
The module supports two distinct operator roles, which are the User and Cryptographic Officer (CO). The cryptographic module implicitly maps the two roles to the services. An operator is considered the owner of the thread that instantiates the module and, therefore, only one concurrent operator is allowed. The module does not support a maintenance role and/or bypass capability. Table 13 lists all operator roles supported by the module. Table 13 - Roles Document Version 1.1 ©Cohesity, Inc. N/A N/A
| Name | Description | Roles | Csps Accessed | Access | Indicator | Input | Output | Approved | |
|---|---|---|---|---|---|---|---|---|---|
| Initialize | The JRE will call the static constructor for self-tests on module initialization | CO / User | N/A | N/A | Flag | N/A | Exception in case of failure | N/A | N/A |
Table 14 lists the module services and corresponding details. The modes of SSP access shown in the table are defined as:
| Name | Description | Roles | Csps Accessed | Access | Indicator | Input | Output | ||
|---|---|---|---|---|---|---|---|---|---|
| Show Status | A user can call FipsStatus.IsReady() at any time to determine if the module is ready. CryptoServicesRegistrar.IsI nApprovedOnlyMode() can be called to determine the approved mode of operation | CO / User | N/A | N/A | Flag | N/A | Boolean | N/A | |
| Info Service | CO / User | N/A | N/A | Flag | N/A | Module name and version, checksum, and status | N/A | A user can call | |
| Zeroize / Power-off | The module uses the JVM garbage collector on thread termination | CO / User | All SSPs | Z | Flag | N/A | Shutdown indication | N/A |
Indicator Document Version 1.1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Z ©Cohesity, Inc.
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output | |||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Data Encryption | Used to encrypt data | CO / User | AES Encryption Key | AES CBC, AES | E | Flag | Key, Plaintext | Ciphertext | |||
| Data Decryption | Used to decrypt data | CO / User | AES Decryption Key | E | Flag | Key, Ciphertext | Plaintext | AES CBC, AES CFB8, AES CFB128, AES CTR, AES ECB, AES FF1, AES OFB, AES CBC-CS1, AES CBC-CS2, AES CBC-CS3, AES CCM, AES GCM | |||
| MAC Calculation | CO / User | E | Flag | Key, Message | MAC | AES CMAC, AES GMAC | Used to calculate data | AES Authentication | |||
| integrity codes with | integrity codes with | Key |
Indicator Document Version 1.1 ©Cohesity, Inc. E E E
| Name | Description | Roles | Csps Accessed | Access | Indicator | Input | Output | Keys / SSPs | |
|---|---|---|---|---|---|---|---|---|---|
| Signature Generation | Used to generate digital signatures | CO / User | E | Flag | Key, Message | Signature | DSA, ECDSA, RSA | DSA Signing Key, EC Signing Key, RSA Signing Key | |
| Signature Verification | Used to verify digital signatures | CO / User | DSA Verification | E | Flag | Key, Message Signature | Boolean | DSA, ECDSA, RSA |
Document Version 1.1 Indicator ©Cohesity, Inc. E E
| DRBG (SP 800-90Ar1) output | Used to generate random numbers, IVs and keys | Flag | N/A | Data | Counter DRBG Hash DRBG HMAC DRBG | AES Encryption Key, AES Decryption Key, AES Authentication Key, AES Wrapping Key, DH Agreement Private Key, DH Agreement Public Key, DRBG Seed, Internal State V and C value, and DRBG Key, DSA Signing Key, EC Agreement Private Key, EC Agreement Public Key, EC Signing Key, HMAC Authentication Key, KMAC Authentication Key, RSA Signing Key, RSA Key Transport Private Key, RSA Key Transport Public Key | CO / User CO / User | G E |
|---|
Document Version 1.1 N/A ©Cohesity, Inc. G E
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Message Hashing | Used to generate a message digest, SHAKE output | CO / User | N/A | SHS, SHA-3, | N/A | Flag | Message | Hash | |
| Keyed Message Hashing | Used to calculate data integrity codes with HMAC and KMAC | CO / User | HMAC Authentication Key, KMAC Authentication Key | E | Flag | Key, Message | Hash | HMAC, SHA-3 Derived Functions (KMAC) | |
| TLS Key Derivation Function | Used to calculate a value suitable to be used for a master secret in TLS | CO / User | TLS KDF Secret Value | HKDF, | E | Flag | TLS Parameters | Data | |
| SP 800- 108r1 KDF | Used to calculate a value suitable to be used for a secret key | CO / User | SP 800-108r1 KDF Secret Value | E | Flag | KDF Parameters | Data | KBKDF using Pseudorando m Functions | |
| SSH Derivation Function | Used to calculate a value suitable to be used for a secret key | CO / User | SSH KDF Secret Value | Existing | E: | Flag | SSH Parameters | Data | |
| X9.63 Derivation Function | Used to calculate a value suitable to be used for a secret key | CO / User CO / User | DH Agreement Private Key, EC Agreement Private Key, RSA Signing Key X9.63 KDF Secret Value | G E | Flag | X9.63 Parameters | Data | Existing Application- Specific (X9.63 KDF) |
Indicator Document Version 1.1 ©Cohesity, Inc. ApplicationSpecific (TLS N/A N/A E E
Indicator m ApplicationSpecific (SSH ApplicationSpecific E E: G E Document Version 1.1 ©Cohesity, Inc.
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output | Keys / SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| SP 800- 56Cr2 OneStep/ TwoStep Key Derivation Function (KDM) | Used to calculate a value suitable to be used for a secret key | CO / User CO / User | DH Agreement | HKDF, KDF | G E | Flag | KDM Parameters | Data | HKDF, KDF One Step, KDF Two Step | |
| One Step, | Private Key, | One Step, | ||||||||
| KDF Two | EC Agreement | KDF Two | ||||||||
| Step | Private Key, | Step | ||||||||
| IKEv2 Derivation Function | Used to calculate a value suitable to be used for a secret key | CO / User | E | Flag | IKEv2 Parameters | Data | Existing Application- Specific (IKEv2 KDF) | IKEv2 KDF Secret Value | ||
| SRTP Derivation Function | Used to calculate a value suitable to be used for a secret key | CO / User | Existing | E | Flag | SRTP Parameters | Data | SRTP KDF Secret Value |
SP 80056Cr2 Document Version 1.1 Indicator ©Cohesity, Inc. ApplicationSpecific ApplicationSpecific G E E E
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|---|
| PBKDF | Used to generate a key using an encoding of a password and a message hash | CO / User CO / User | HMAC Authentication Key, KMAC Authentication Key HMAC Authentication Key, KMAC Authentication Key, PBKDF Secret Value | KDF Password- Based | G E | Flag | Password, PBKDF Parameters | Data |
Indicator PasswordBased G E Document Version 1.1 ©Cohesity, Inc.
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output | Roles | |
|---|---|---|---|---|---|---|---|---|---|---|
| Key Agreement Schemes | Used to calculate key agreement values | AES Encryption | KAS-ECC, | G E | Flag | Key Agreement keys, Parameters | Data | KAS-ECC, KAS-FFC, KAS-IFC, Safe Primes | CO / User CO / User | |
| KAS-FFC, | Key, | KAS-FFC, | ||||||||
| KAS-IFC, | AES Decryption | KAS-IFC, | ||||||||
| Safe Primes | Key, | Safe Primes | ||||||||
| Key Wrapping | Used to encrypt a key value | AES Wrapping Key, HMAC Authentication Key, KMAC Authentication Key, RSA Key Transport Private Key | E | Flag | Wrapping key, Key | Wrapped key | AES KW, AES KWP, KTS-IFC | CO / User |
Document Version 1.1 Indicator ©Cohesity, Inc. G E E
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Key Unwrapping | Used to decrypt a key value | CO / User | AES KW, AES | E | Flag | Unwrappin g key, Wrapped key | Key | AES KW, AES KWP, KTS-IFC | AES Wrapping Key, | ||||
| KWP, KTS-IFC | KWP, KTS-IFC | HMAC | |||||||||||
| Verification | KeyVer | EC Verification Key | Verification | User | |||||||||
| Entropy Callback | Gathers entropy in a passive manner from a user-provided function | CO / User | DRBG Seed, Internal State V and C value, and DRBG Key | G | Flag | N/A | Random bits | DRBG, CKG | |||||
| DRBG Health Tests | CO / User | N/A | N/A | Flag | N/A | N/A | DRBG | Used to perform checks of |
Indicator N/A N/A N/A Document Version 1.1 ©Cohesity, Inc. N/A E E E N/A G
| SSP Export Operation | Returns a CSP as data that can be used for later output | Flag | SSP | Data | N/A | AES Encryption Key, AES Decryption Key, AES Authentication Key, AES Wrapping Key, DH Agreement Private Key, DH Agreement Public Key, DSA Signing Key, DSA Verification Key, EC Agreement Private Key, EC Agreement Public Key, EC Signing Key, EC Verification Key, HMAC Authentication Key, KMAC Authentication Key, RSA Signing Key, RSA Key Transport Private Key, RSA Key Transport Public Key | CO / User | R |
|---|
Document Version 1.1 ©Cohesity, Inc. N/A R
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Utility | Miscellaneous utility | User | N/A | N/A | N/A | Flag | N/A | N/A | N/A |
Document Version 1.1 Indicator N/A N/A ©Cohesity, Inc. N/A N/A N/A
| Name | Data Encryption | |
|---|---|---|
| Calculation | Calculation | with CMAC |
Table 15 - Non-Approved Services Flag is accessed by calling the method CryptoServicesRegistrar.isInApprovedOnlyMode() - this method will return true if the thread is running in approved-only mode, false otherwise. Refer also to Section 2.4 of this Security Policy. Document Version 1.1 ©Cohesity, Inc.
The integrity technique used by the module is HMAC-SHA-256. The integrity technique has received CAVP certificate A6047. The integrity technique is implemented by the module itself. The HMAC of the module JAR file, excluding directories and metadata, is calculated and compared to the expected value embedded within the module’s properties. If the calculated value does not match the expected value, the module raises an error and fails to load. The integrity test can be performed on demand by power cycling the host platform.
Each time the module is powered up, it runs the pre-operational tests to ensure that the integrity of the module has been maintained. Self-tests are available on demand by power cycling the module. Document Version 1.1 ©Cohesity, Inc.
The module operates in a modifiable operational environment under the FIPS 140-3 definitions. The module runs on a GPC running one of the operating systems specified in the approved operational environment list (refer to Section 2.2 of this Security Policy). Each approved operating system manages processes and threads in a logically separated manner. The module’s operator is considered the owner of the calling application that instantiates the module within the process space of the Java Virtual Machine.
The module must be installed as described in Security Policy Section 11.1. No specific configuration options are required for the operational environments. No security rules, settings, or restrictions to the configuration of the operational environment are needed for the module to function in a FIPS-conformant manner. Document Version 1.1 ©Cohesity, Inc.
The requirements of this section are not applicable to the module. The module is a software module and does not implement any physical security mechanisms. Document Version 1.1 ©Cohesity, Inc.
The requirements of this section are not applicable to the module. Document Version 1.1 ©Cohesity, Inc.
All Sensitive Security Parameters (SSPs) used by the module are described in this section in Table 16. All usage of these SSPs by the module (including all SSP lifecycle states) is described in the services detailed in Section 4.3 - Approved Services. Please note that the module does not perform automatic SSP establishment, it only provides the components to the calling application, which can be used in SSP establishment. Document Version 1.1 ©Cohesity, Inc.
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | SSP Name / Type | Zeroisation |
|---|---|---|---|---|---|---|---|---|
| AES encryption23 | 128, 192, 256 bits | AES CBC, | DRBG20 | N/A | N/A | Import21, Export22 | AES Encryption Key | destroy() service call or host platform power cycle |
Table 16 - Sensitive Security Parameters (SSPs) Key Table AES CBCCS1, AES AES CBCCS3, AES N/A N/A The module does not provide persistent storage Key generator used in conjunction with an approved DRBG Import done via key constructor and/or factory (Electronic Entry) Export done via key recovery using getEncoded() method and followed by separate step to export key details as either plaintext or encrypted (Electronic Entry) Document Version 1.1 ©Cohesity, Inc.
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | SSP Name / Type | Zeroisation | |
|---|---|---|---|---|---|---|---|---|---|
| AES decryption | 128, 192, 256 bits | DRBG20 | N/A | N/A | Import21, Export22 | AES Decryption Key | AES CBC, AES CFB8, AES CFB128, AES CTR, AES ECB, AES FF1, AES OFB, AES CBC- CS1, AES CBC-CS2, AES CBC- CS3, AES CCM, AES GCM, CKG A6047 | destroy() service call or host platform power cycle | |
| AES CMAC/GMAC | 128, 192, 256 bits | AES CMAC, | DRBG20 | N/A | N/A | Import21, Export22 | AES Authentication Key | destroy() service call or host platform power cycle |
AES CBCCS1, AES AES CBCCS3, AES N/A N/A N/A N/A The AES GCM key and IV is generated randomly per IG C.H, and the Initialization Vector (IV) is a minimum of 96 bits. In the event module power is lost and restored, the consuming application must ensure that any of its AES GCM keys used for encryption or decryption are re-distributed. Refer to Section 2.6.1 of the Security Policy. Document Version 1.1 ©Cohesity, Inc.
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | SSP Name / Type | Zeroisation | ||
|---|---|---|---|---|---|---|---|---|---|---|
| AES (128/192/256) key wrapping key for KTS | 128, 192, 256 bits | DRBG20 | N/A | N/A | Import21, Export22 | AES Wrapping Key | AES KW, AES KWP, CKG A6047 | destroy() service call or host platform power cycle | ||
| DH Agreement Private Key | 112, 128, 152, 176, 200 bits | DRBG20 | N/A | N/A | Import21, Export22 | DH Agreement Private Key | KAS-FFC, CKG A6047 | destroy() service call or host platform power cycle | Diffie-Hellman | |
| Diffie-Hellman (ffdhe and MODP) key agreement May be paired with DH Agreement Private Key | 112, 128, 152, 176, 200 bits | DRBG20 | N/A | N/A | Import21, Export22 | DH Agreement Public Key | KAS-FFC, CKG A6047 | Not zeroized, public key value known outside of module | ||
| DSA Signing Key | 112, 128 bits | DSA | DRBG20 | N/A | N/A | Import21, Export22 | DSA Signing Key | DSA Signature Generation, CKG A6047 | destroy() service call or host platform power cycle | DSA signature |
| Signature | Signature | generation | ||||||||
| CKG | CKG | May be paired | ||||||||
| A6047 | A6047 | Verification | ||||||||
| DSA signature verification May be paired with DSA Signing Key | 80, 112, 128 bits | DRBG20 | N/A | N/A | Import21, Export22 | DSA Verification Key | DSA Signature Verification, CKG A6047 | Not zeroized, public key value known outside of module | ||
| EC Agreement Private Key | 112, 128, 192, 256 bits | DRBG20 | N/A | N/A | Import21, Export22 | EC Agreement Private Key | KAS-ECC, CKG A6047 | destroy() service call or host platform power cycle | EC key | |
| EC key agreement May be paired with EC Agreement Private Key | 112, 128, 192, 256 bits | DRBG20 | N/A | N/A | Import21, Export22 | EC Agreement Public Key | KAS-ECC, CKG A6047 | Not zeroized, public key value known outside of module | ||
| EC Signing Key | 112, 128, 192, 256 bits | DRBG20 | N/A | N/A | Import21, Export22 | EC Signing Key | ECDSA Signature Generation, CKG A6047 | destroy() service call or host platform power cycle | ECDSA | |
| ECDSA signature verification. May be paired with EC Signing Key | 112, 128, 192, 256 bits | DRBG20 | N/A | N/A | Import21, Export22 | EC Verification Key | ECDSA Signature Verification, CKG A6047 | Not zeroized, public key value known outside of module | ||
| Keyed-Hash Calculation | 112-256 bits | HMAC-SHA- | DRBG20 | N/A | N/A | Import21, Export22 | HMAC Authentication Key | destroy() service call or host platform power cycle | ||
| Keyed-Hash Calculation | 112-256 bits | DRBG20 | N/A | N/A | Import21, Export22 | KMAC Authentication Key | KMAC, CKG A6047 | destroy() service call or host platform power cycle | ||
| RSA Signing Key | 112, 128, 152 bits | DRBG20 | N/A | N/A | Import21, Export22 | RSA Signing Key | RSA Signature Generation, CKG A6047 | destroy() service call or host platform power cycle | RSA signature | |
| RSA signature verification May be paired with RSA Signing Key | 80, 112, 128, 152 bits | DRBG20 | N/A | N/A | Import21, Export22 | RSA Verification Key | RSA Signature Verification, CKG A6047 | Not zeroized, public key value known outside of module |
N/A N/A N/A N/A N/A N/A Document Version 1.1 ©Cohesity, Inc.
N/A N/A Document Version 1.1 ©Cohesity, Inc. N/A N/A N/A N/A
N/A N/A N/A N/A N/A N/A Document Version 1.1 ©Cohesity, Inc.
HMAC-SHA1, HMACSHA-2, N/A N/A N/A N/A N/A N/A Document Version 1.1 ©Cohesity, Inc. N/A N/A
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | SSP Name / Type | Zeroisation | |||
|---|---|---|---|---|---|---|---|---|---|---|---|
| RSA Key Transport Private Key24 | 112, 128, 152 bits | KTS-IFC, | DRBG20 | N/A | N/A | Import21, Export22 | RSA Key Transport Private Key24 | KTS-IFC, CKG A6047 | destroy() service call or host platform power cycle | RSA key | |
| CKG | CKG | transport and | |||||||||
| RSA key transport May be paired with RSA Key Transport Private Key | 112, 128, 152 bits | DRBG20 | N/A | N/A | Import21, Export22 | RSA Key Transport Public Key24 | KTS-IFC, CKG A6047 | Not zeroized, public key value known outside of module | |||
| Key Derivation | 112, 128, 192, 256 bits | N/A | N/A | N/A | IKEv2 KDF Secret Value | KDF IKEv2 A6047 | destroy() service call or host platform power cycle | Generated as | |||
| Key Derivation | 112-256 bits | Generated as output of a PBE key and a PRF | N/A | N/A | N/A | PBKDF Secret Value | PBKDF A6047 | destroy() service call or host platform power cycle |
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A RSA key transport using PKCS#1 1.5 padding is deprecated through 2023 and disallowed after 2023. Document Version 1.1 ©Cohesity, Inc.
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | SSP Name / Type | Zeroisation | ||
|---|---|---|---|---|---|---|---|---|---|---|
| Key Derivation | 112, 128, 192, 256 bits | KDA | Generated as output of an agreement scheme | N/A | N/A | N/A | SP 800-56Cr2 OneStep/ TwoStep KDF Secret Value | destroy() service call or host platform power cycle | ||
| Key Derivation | 112, 128, 192, 256 bits | Generated as output of an agreement scheme | N/A | N/A | N/A | SP 800-108r1 KDF Secret Value | destroy() service call or host platform power cycle | KDF SP 800- 108 A6047 | ||
| Key Derivation | 128, 192, 256 bits | N/A | N/A | N/A | SRTP KDF Secret Value | destroy() service call or host platform power cycle | KDF SRTP A6047 | Generated as | ||
| Key Derivation | 80, 112, 128, 192, 256 bits | Generated as output of an SSH agreement scheme | N/A | N/A | N/A | SSH KDF Secret Value | destroy() service call or host platform power cycle | KDF SSH A6047 |
Document Version 1.1 N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A ©Cohesity, Inc.
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | SSP Name / Type | Zeroisation | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Used to derive keys using TLS KDF | 384 bits | KDF TLS | N/A | N/A | Import21, Export22 | TLS Premaster Secret Value | KDF TLS A6047 | Protocol | destroy() service call or host platform power cycle | |||
| A6047 | A6047 | bytes) and 46 | ||||||||||
| Key Derivation | 112, 128, 192, 256 bits | Generated as output of TLS agreement scheme | N/A | N/A | N/A | TLS KDF Secret Value | KDF TLS A6047 | destroy() service call or host platform power cycle | ||||
| Key Derivation | 112, 128, 192, 256 bits | KDF ANS | N/A | N/A | N/A | X9.63 KDF Secret Value | Generated as | destroy() service | ||||
| 9.63 | 9.63 | output of an | call or host | |||||||||
| agreement | agreement | platform power | ||||||||||
| A6047 | A6047 | scheme | cycle | |||||||||
| Random Number Generation | >128 bits | N/A | N/A | N/A | Obtained from the entropy source | Entropy Input String | N/A | destroy() service call or host platform power cycle | ||||
| Internal use | 128, 192, 256 bits | N/A | N/A | N/A | CTR DRBG Seed | N/A | Immediately | From | ||||
| external | after use or host | external | ||||||||||
| entropy | platform power | entropy | ||||||||||
| source | cycle | source | ||||||||||
| Internal use | 128 bits | From seed value | N/A | N/A | N/A | CTR DRBG V Value | N/A | reseed() service call or host platform power cycle |
N/A N/A N/A N/A N/A Document Version 1.1 ©Cohesity, Inc. N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | SSP Name / Type | Zeroisation | |||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Internal use | 128, 192, 256 bits | N/A | From DRBG V value | N/A | N/A | N/A | CTR DRBG Key | N/A | reseed() service | ||
| Internal use | 112, 128, 192, 256 bits | N/A | N/A | N/A | From external entropy source | Hash DRBG Seed | N/A | Immediately after use or host platform power cycle | |||
| Internal use | 112, 128, 192, 256 bits | From seed value | N/A | N/A | N/A | Hash DRBG V Value | N/A | reseed() service | |||
| Internal use | 112, 128, 192, 256 bits | From DRBG V value | N/A | N/A | N/A | Hash DRBG C Value | N/A | reseed() service call or host platform power cycle | |||
| Internal use | 112, 128, 192, 256 bits | N/A | N/A | N/A | HMAC DRBG Seed | N/A | Immediately | From | |||
| external | after use or host | external | |||||||||
| entropy | platform power | entropy | |||||||||
| source | cycle | source | |||||||||
| Internal use | 112, 128, 192, 256 bits | From seed value | N/A | N/A | N/A | HMAC DRBG V Value | N/A | reseed() service call or host platform power cycle |
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document Version 1.1 ©Cohesity, Inc.
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | SSP Name / Type | Zeroisation | ||
|---|---|---|---|---|---|---|---|---|---|---|
| Internal use | 112, 128, 192, 256 bits | N/A | From DRBG V value | N/A | N/A | N/A | HMAC DRBG Key | N/A | reseed() service | |
| Used as seed for asymmetric key generation or for symmetric key generation | 128, 192, 256 bits | DRBG | N/A | N/A | N/A | DRBG Output | N/A | destroy() service call or host platform power cycle |
Document Version 1.1 N/A N/A N/A N/A N/A N/A N/A N/A ©Cohesity, Inc.
| Name | Mode Method | Key Size | |
|---|---|---|---|
| Test Target | Test Target | Description | |
| AES ECB | AES ECB | Encryption KAT (128 bits) | |
| AES ECB | Decryption KAT (128 bits) | ||
| AES CCM | AES CCM | Encryption KAT (128 bits) | |
| AES CCM | Decryption KAT (128 bits) | ||
| AES CMAC | AES CMAC | Generation KAT (128 bits) | |
| AES CMAC | Verification KAT (128 bits) | ||
| AES GCM | AES GCM | Encrypt KAT (128 bits) | |
| AES GCM | Decrypt KAT (128 bits) | ||
| HASH DRBG | SHA2-256 KAT (Health Tests: Generate, Reseed, Instantiate | ||
| HMAC DRBG | HMAC-SHA2-256 KAT (Health Tests: Generate, Reseed, Instantiate functions per Section 11.3 of SP 800-90Ar1) | ||
| CTR DRBG | AES CTR 256 bits KAT (Health Tests: Generate, Reseed, Instantiate | ||
| DSA | Signature Generation KAT (2048 bits) | ||
| DSA | DSA | Signature Verification KAT (2048 bits) | |
| Test Target | Test Target | Description | |
| ECDSA | Signature Generation KAT (P-256) | ||
| ECDSA | ECDSA | Signature Verification KAT (P-256) | |
| HMAC-SHA2-256 | HMAC-SHA2-256 KAT | ||
| HMAC-SHA2-512 | HMAC-SHA2-512 | HMAC-SHA2-512 KAT | |
| HMAC-SHA3-256 | HMAC-SHA3-256 KAT | ||
| KAS-ECC | KAS-ECC | Primitive “Z” Computation KAT (P-256) | |
| KAS-ECC | Primitive “Z” Computation KAT (B-233) | ||
| KAS-FFC | KAS-FFC | Primitive “Z” Computation KAT (ffdhe2048) | |
| KBKDF | KBKDF KAT (Counter, Feedback, Double Pipeline) | ||
| KDA OneStep | KDA OneStep | KDA OneStep KAT | |
| KDA TwoStep | KDA TwoStep KAT | ||
| PBKDF | PBKDF | PBKDF KAT (HMAC-SHA2-256) | |
| RSA | Signature Generation KAT (2048 bits) | ||
| RSA | RSA | Signature Verification KAT (2048 bits) | |
| RSA Encryption | RSA Encryption KAT SP 800-56Br2 (2048 bits) | ||
| RSA Decryption | RSA Decryption | RSA Decryption KAT SP 800-56Br2 (2048 bits) | |
| SHA-1 | SHA-1 KAT | ||
| SHA2-256 | SHA2-256 | SHA2-256 KAT | |
| SHA2-512 | SHA2-512 KAT | ||
| SHA-3 | SHA-3 | SHA-3 KAT (cSHAKE-128) | |
| SHAKE256 | SHAKE256 KAT | ||
| ANS 9.63 KDF | ANS 9.63 KDF | ANS 9.63 KDF KAT | |
| IKEv2 KDF | IKEv2 KDF KAT | ||
| SNMP KDF | SNMP KDF | SNMP KDF KAT | |
| SRTP KDF | SRTP KDF KAT | ||
| SSH KDF | SSH KDF | SSH KDF KAT | |
| TLS 1.0 KDF | TLS 1.0 KDF KAT | ||
| TLS 1.1 KDF | TLS 1.1 KDF | TLS 1.1 KDF KAT | |
| TLS 1.2 KDF | TLS 1.2 KDF KAT | ||
| Test Target | Test Target | Description | |
| DH | DH | DH Pairwise Consistency Test | |
| DSA | DSA Pairwise Consistency Test | ||
| EC DH | EC DH | EC DH Pairwise Consistency Test | |
| ECDSA | ECDSA Pairwise Consistency Test | ||
| RSA | RSA | RSA Pairwise Consistency Test |
Cryptographic Algorithm Self-Tests (CASTs) are performed prior to the first use of services related to the test target. CASTs also run periodically on service invocation. Pairwise Consistency Tests (PCTs) are performed on the corresponding key pairs.
Each time the module is powered up, it performs the pre-operational self-tests to confirm that sensitive data has not been damaged. The pre-operational tests include the software integrity test, which verifies the module using HMACSHA-256. Pre-operational tests also include the HMAC and SHS CASTs that are run prior to the software integrity test to ensure the correctness of the HMAC used. Pre-operational self-tests are available on demand by power cycling the module.
The module performs conditional self-tests when the conditions specified for cryptographic algorithm self-test and pair-wise consistency tests occur. The self-tests implemented are specified below. Table 17
Table 18
If any of the above-mentioned self-tests fail, the module enters an error state called “Hard Error” state. Upon entering the error state, the module outputs status by way of an exception. An example exception for AES Encryption failure is: “Failed self-test on encryption: AES” The module can be recovered by power cycling, which results in execution of pre-operational self-tests and conditional cryptographic algorithm self-tests. If the tests pass, then the module will be available for use.
Each time the module is powered up, it runs the pre-operational tests to ensure that the integrity of the module has been maintained. Pre-operational self-tests are available on demand by power cycling the module. Initial CAST self-tests are available on demand by power cycling the module and then invoking the service related to the test target. Document Version 1.1 ©Cohesity, Inc.
The module exists as part of the running JVM, and as such:
The JAR file representing the module needs to be installed in a JVM's class path in a manner appropriate to its use in applications running on the JVM. Functionality in the module is provided in two ways. At the lowest level there are distinct classes that provide access to the approved and non-approved services provided by the module. A more abstract level of access can also be gained by using strings providing operation names passed into the module's Java cryptography provider through the APIs described in the Java Cryptography Architecture (JCA) and the Java Cryptography Extension (JCE). When the module is used in approved mode, classes providing implementations of algorithms that are not approved or allowed are explicitly disabled. SSPs such as private and secret keys implement the Destroyable interface. Where appropriate these SSPs can be zeroized on demand by invoking the destroy() method. The return of the destroy() method indicates that the zeroization is complete.
If the underlying JVM is running with a Java SecurityManager installed, the module will be running in approved mode with secret and private key export disabled. Document Version 1.1 ©Cohesity, Inc.
| Permission | Settings | Required | Usage | ||||
|---|---|---|---|---|---|---|---|
| RuntimePermission | RuntimePermission | getProtectionDomain | getProtectionDomain | Yes | Yes | Allows checksum to be | |
| carried out on JAR. | |||||||
| RuntimePermission | accessDeclaredMembers | Yes | Allows use of reflection API within the provider. | ||||
| PropertyPermission | java.runtime.name, | No | Only if configuration | ||||
| read | properties are used. | ||||||
| SecurityPermission | putProviderProperty.CCJ | No | Only if provider installed during execution. | ||||
| CryptoServicesPermission | unapprovedModeEnabled | No | Only if non-approved mode | ||||
| algorithms required. | |||||||
| CryptoServicesPermission | changeToApprovedModeEnabled | No | Only if threads allowed to change modes. | ||||
| CryptoServicesPermission | exportSecretKey | No | To allow export of secret | ||||
| keys only. | |||||||
| CryptoServicesPermission | exportPrivateKey | No | To allow export of private keys only. | ||||
| CryptoServicesPermission | exportKeys | Yes | Required to be applied for | ||||
| the module itself. Optional | |||||||
| for any other codebase. | |||||||
| CryptoServicesPermission | tlsNullDigestEnabled | No | Only required for TLS digest calculations. | ||||
| CryptoServicesPermission | tlsPKCS15KeyWrapEnabled | No | Only required if TLS is used | ||||
| with RSA encryption. |
In the presence of a Java SecurityManager approved mode services specific to a context, such as DSA and ECDSA for use in TLS, require specific policy permissions to be configured in the JVM configuration by the Cryptographic Officer or User. The SecurityManager can also be used to restrict the ability of particular code bases to examine CSPs. In the absence of a Java SecurityManager specific services related to protocols such as TLS are available, however must only be used in relation to those protocols.
Use of the module with a Java SecurityManager requires the setting of some basic permissions to allow the module HMAC-SHA-256 software integrity test to take place as well as to allow the module itself to examine secret and private keys. The basic permissions required for the module to operate correctly with a Java SecurityManager are indicated by the Required column of Table 19. Table 19 - Available Java Permissions for SecurityManager Document Version 1.1 ©Cohesity, Inc.
| Permission | Settings | Required | Usage | ||||
|---|---|---|---|---|---|---|---|
| CryptoServicesPermission | tlsAlgorithmsEnabled | No | Enables both NullDigest and PKCS15KeyWrap. | ||||
| CryptoServicesPermission | defaultRandomConfig | No | Allows setting of default | ||||
| SecureRandom. | |||||||
| CryptoServicesPermission | threadLocalConfig | No | Required to set a thread local property in the CryptoServicesRegistrar. | ||||
| CryptoServicesPermission | globalConfig | No | Required to set a global | ||||
| property in the | |||||||
| CryptoServicesRegistrar. |
The module design corresponds to the module security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-3 Level 1 module.
When the module is used within the context of Java Security Manager or the system/security property com.safelogic.cryptocomply.fips.approved_only is set to true, the module will start in approved mode and non-approved services are not accessible in this mode. When the module is not used within the context of Java Security Manager, the module will start in non-approved mode by default. Refer to Security Policy Section 2.4 for additional details. Document Version 1.1 ©Cohesity, Inc.
The transition from non-approved mode to approved mode is a combination of granted permission (a) and request to change mode (b): a) com.safelogic.cryptocomply.crypto.CryptoServicesPermission “changeToApprovedModeEnabled” b) CryptoServicesRegistrar.setApprovedMode(true) The CSPs made available in non-approved mode will not be accessible once the thread transitions into approved mode. The CSPs generated using the non-approved mode cannot be passed or shared with algorithms operating in approved mode, and vice-versa. This is done by an indicator within the class (object) instantiating the key that the key was created in an approved mode or non-approved mode. Any attempt by a thread within the module to use the key in an opposite mode will result in an exception being generated by the module. For example, if an RSA private key has been created in either approved or non-approved mode, then any request to access that key will first need to confirm if the thread making the request is in the same mode.
The module cannot transition from approved mode to non-approved mode. To initiate the module in non-approved mode, either it should not be used in the context of Java Security Manager, or the module should have the permission com.safelogic.cryptocomply.crypto.CryptoServicesPermission unapprovedModeEnabled granted by the Java Security Manager.
Vulnerabilities found in the module will be reported on the National Vulnerability Database, located at the following link: https://nvd.nist.gov/ Researchers and users are encouraged to report any security related concerns to Cohesity. Contact information can be found on the FIPS 140 certificate for this module. Document Version 1.1 ©Cohesity, Inc.
The module implements basic protections to mitigate against timing-based attacks against its internal implementations. There are two countermeasures used. The first countermeasure is Constant Time Comparisons, which protect the digest and integrity algorithms by strictly avoiding “fast fail” comparison of MACs, signatures, and digests so the time taken to compare a MAC, signature, or digest is constant regardless of whether the comparison passes or fails. The second countermeasure is made up of Numeric Blinding and decryption/signing verification which both protect the RSA algorithm. Numeric Blinding prevents timing attacks against RSA decryption and signing by providing a random input into the operation which is subsequently eliminated when the result is produced. The random input makes it impossible for a third party observing the private key operation to attempt a timing attack on the operation as they do not have knowledge of the random input and consequently the time taken for the operation tells them nothing about the private value of the RSA key. Decryption/signing verification is carried out by calculating a primitive encryption or signature verification operation after a corresponding decryption or signing operation before the result of the decryption or signing operation is returned. The purpose of this is to protect against Lenstra's CRT attack by verifying the correctness of the private key calculations involved. Lenstra's CRT attack takes advantage of undetected errors in the use of RSA private keys with CRT values and, if exploitable, can be used to discover the private value of the RSA key. Document Version 1.1 ©Cohesity, Inc.
| Name | Term | Definition | ||
|---|---|---|---|---|
| ANSI X9.31 | ANSI X9.31 | X9.31-1998, Digital Signatures using Reversible Public Key Cryptography for the | ANSI X9.31 | |
| FIPS 140-3 | FIPS 140-3 | Security Requirements for Cryptographic modules, March 22, 2019 | ||
| FIPS 180-4 | FIPS 180-4 | Secure Hash Standard (SHS) | ||
| FIPS 186-2 | FIPS 186-2 | Digital Signature Standard (DSS) | ||
| FIPS 186-4 | FIPS 186-4 | Digital Signature Standard (DSS) | ||
| FIPS 186-5 | FIPS 186-5 | Digital Signature Standard (DSS) | ||
| FIPS 197 | FIPS 197 | Advanced Encryption Standard | ||
| FIPS 198-1 | FIPS 198-1 | The Keyed-Hash Message Authentication Code (HMAC) | ||
| FIPS 202 | FIPS 202 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions | ||
| IG | IG | Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program | ||
| PKCS#1 v2.1 | PKCS#1 v2.1 | RSA Cryptography Standard | ||
| PKCS#5 | PKCS#5 | Password-Based Cryptography Standard | ||
| PKCS#12 | Personal Information Exchange Syntax Standard -Recommendation for the Triple Data | PKCS#12 | ||
| SP 800-38A | SP 800-38A | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode | ||
| SP 800-38B | Recommendation for Block Cipher Modes of Operation: The CMAC Mode for | SP 800-38B | ||
| SP 800-38C | SP 800-38C | Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality | ||
| SP 800-38D | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) | SP 800-38D | ||
| SP 800-38F | SP 800-38F | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping | ||
| SP 800-38G | Recommendation for Block Cipher Modes of Operation: Methods for Format- | SP 800-38G | ||
| SP 800-56Ar3 | SP 800-56Ar3 | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography | ||
| SP 800-56Br2 | Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization | SP 800-56Br2 | ||
| SP 800-56Cr2 | SP 800-56Cr2 | Recommendation for Key Derivation through Extraction-then-Expansion | ||
| SP 800-67r2 | SP 800-67r2 | Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher | ||
| SP 800-89 | SP 800-89 | Recommendation for Obtaining Assurances for Digital Signature Applications | ||
| SP 800-90A | Recommendation for Random Number Generation Using Deterministic Random Bit | SP 800-90A | ||
| SP 800-90B | SP 800-90B | Recommendation for the Entropy Sources Used for Random Bit Generation | ||
| SP 800-108r1 | SP 800-108r1 | Recommendation for Key Derivation Using Pseudorandom Functions | ||
| SP 800-131A | SP 800-131A | Transitioning the Use of Cryptographic Algorithms and Key Lengths | ||
| SP 800-132 | SP 800-132 | Recommendation for Password-Based Key Derivation | ||
| SP 800-133r2 | SP 800-133r2 | Recommendation for Cryptographic Key Generation | ||
| SP 800-135r1 | SP 800-135r1 | Recommendation for Existing Application – Specific Key Derivation Functions | ||
| SP 800-185 | SP 800-185 | SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash | ||
| Acronym | Acronym | Definition | ||
| AES | AES | Advanced Encryption Standard | ||
| API | API | Application Programming Interface | ||
| CAST | CAST | Cryptographic Algorithm Self-Test | ||
| CBC | CBC | Cipher-Block Chaining | ||
| CCM | CCM | Counter with CBC-MAC | ||
| CCCS | CCCS | Canadian Centre for Cyber Security | ||
| CDH | CDH | Computational Diffie-Hellman | ||
| CFB | CFB | Cipher Feedback Mode | ||
| CMAC | CMAC | Cipher-based Message Authentication Code | ||
| CMVP | CMVP | Cryptographic Module Validation Program | ||
| CO | CO | Cryptographic Officer | ||
| CPU | CPU | Central Processing Unit | ||
| CS | CS | Ciphertext Stealing | ||
| CTR | CTR | Counter Mode | ||
| CVL | CVL | Component Validation List | ||
| DES | DES | Data Encryption Standard | ||
| DH | DH | Diffie-Hellman | ||
| DRAM | DRAM | Dynamic Random Access Memory | ||
| DRBG | DRBG | Deterministic Random Bit Generator | ||
| DSA | DSA | Digital Signature Algorithm | ||
| DSTU4145 | DSTU4145 | Ukrainian DSTU-4145-2002 Elliptic Curve Scheme | ||
| EC | EC | Elliptic Curve | ||
| ECB | ECB | Electronic Code Book | ||
| ECC | ECC | Elliptic Curve Cryptography | ||
| ECDSA | ECDSA | Elliptic Curve Digital Signature Algorithm | ||
| EdDSA | EdDSA | Edwards Curve DSA using Ed25519, Ed448 | ||
| EMC | EMC | Electromagnetic Compatibility | ||
| EMI | EMI | Electromagnetic Interference | ||
| FIPS | FIPS | Federal Information Processing Standard | ||
| GCM | GCM | Galois/Counter Mode | ||
| GMAC | GMAC | Galois Message Authentication Code | ||
| GOST | Gosudarstvennyi Standard Soyuza SSR/Government Standard of the Union of Soviet Socialist | GOST | ||
| GPC | GPC | General Purpose Computer | ||
| HMAC | HMAC | (Keyed) Hashed Message Authentication Code | ||
| IG | IG | Implementation Guidance, see References | ||
| IV | IV | Initialization Vector | ||
| JAR | JAR | Java ARchive | ||
| Acronym | Acronym | Definition | ||
| JCA | JCA | Java Cryptography Architecture | ||
| JCE | JCE | Java Cryptography Extension | ||
| JDK | JDK | Java Development Kit | ||
| JRE | JRE | Java Runtime Environment | ||
| JVM | JVM | Java Virtual Machine | ||
| KAS | KAS | Key Agreement Scheme | ||
| KAT | KAT | Known Answer Test | ||
| KDF | KDF | Key Derivation Function | ||
| KW | KW | Key Wrap | ||
| KWP | KWP | Key Wrap with Padding | ||
| KMAC | KMAC | KECCAK Message Authentication Code | ||
| MAC | MAC | Message Authentication Code | ||
| MD5 | MD5 | Message Digest algorithm MD5 | ||
| N/A | N/A | Not Applicable | ||
| OCB | OCB | Offset Codebook Mode | ||
| OFB | OFB | Output Feedback | ||
| OS | OS | Operating System | ||
| PBKDF | PBKDF | Password-Based Key Derivation Function | ||
| PKCS | PKCS | Public Key Cryptography Standards | ||
| PQG | PQG | Diffie-Hellman Parameters P, Q and G | ||
| RC | RC | Rivest Cipher, Ron’s Code | ||
| RIPEMD | RIPEMD | RACE Integrity Primitives Evaluation Message Digest | ||
| RSA | RSA | Rivest Shamir Adleman | ||
| SHA | SHA | Secure Hash Algorithm | ||
| TLS | TLS | Transport Layer Security | ||
| USB | USB | Universal Serial Bus | ||
| XDH | XDH | Edwards Curve Diffie-Hellman using X25519, X448 | ||
| XOF | XOF | Extendable-Output Function |
Appendix: References and Acronyms The following standards are referred to in this Security Policy. Table 20 - References Document Version 1.1 ©Cohesity, Inc.
Document Version 1.1 ©Cohesity, Inc.
The following acronyms are used in this Security Policy. Table 21 - Acronyms Document Version 1.1 ©Cohesity, Inc.
N/A Document Version 1.1 ©Cohesity, Inc.
Prepared By: SafeLogic, Inc. Website: www.safelogic.com Email: sales@safelogic.com Phone: 844-436-2797
Vienna, VA 22182 Document Version 1.1 ©Cohesity, Inc.