Reference Guide
Crypto-C ME Cryptographic Toolkit 25
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
with Level 2 Roles, Services and Authentication
Key Derivation
Functions (KDFs)
HMAC-based Extract-and-Expand KDF (HKDF):
• SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
SP 800-56C
VA
KBKDF, using pseudo-random functions:
• HMAC-based Feedback Mode
5
, with:
– SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
SP 800-108
C584
Password-based Key Derivation Function 2 (PBKDF2)
6
SP 800-132
VA
7
TLS Pseudo-random Function (TLS PRF) - Component Test
Protocol:
• TLS 1.0/1.1
8
• TLS 1.2; SHA: SHA-256, SHA-384, SHA-512
8
SP 800-135
Rev. 1
C584
X9.63 KDF - Component Test:
• SHA: SHA-224, SHA-256, SHA-384, SHA-512
ANSI X9.63,
SP 800-135
Rev. 1
C584
Key Generation Cryptographic Key Generation (CKG) SP 800-133
VA
Key Transport
Schemes
KTS-OAEP, KTS-OAEP-Party_V-confirmation, KTS-KEM-KWS,
KTS-KEM-KWS-Party_V-confirmation.
Modulus sizes: 2048 and 3072-bit
SP 800-56B
VA
Key Wrap AES in KW and KWP modes with 128, 192, and 256-bit key sizes SP 800-38F
C584
RSA-OAEP and RSA-KEM-KWS
Modulus sizes: 2048 and 3072-bit.
SP 800-56B
VA as part
of Key
Transport
Schemes
7
MAC HMAC SHA:
• SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224,
SHA-512/256
FIPS 198-1
C584
HMAC SHA-3:
• SHA3-224, SHA3-256, SHA3-384, SHA3-512
FIPS 198-1
C584
Message Digest SHA:
• SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224,
SHA-512/256
FIPS 180-4
C584
SHA-3:
• SHA3-224, SHA3-256, SHA3-384, SHA3-512
FIPS 202
C584
Random Bit
Generator
CTR DRBG
• AES-CTR mode with 128, 192, and 256-bit key sizes.
SP 800-90A
Rev. 1
C584
HMAC DRBG Modes
• SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224,
SHA-512/256
• SHA3-224, SHA3-256, SHA3-384, SHA3-512
SP 800-90A
Rev. 1
FIPS 202
C584
Table 4 Crypto-C ME FIPS 140-2-approved Algorithms (continued)
Algorithm Type Algorithm and approved parameter/modulus/key sizesStandard
Validation
Certificate