(For historical purposes only)
(Please see AES Validation List for CCM Validation information.)
Last Update: 2/11/2008
This page provides technical information about implementations that have been validated as conforming to the Counter with Cipher Block Chaining-Message Authentication Code (CCM), as specified in Special Publication 800-38C (Dated May, 2004).
The list below describes implementations which have been validated as correctly implementing the CCM algorithm, using the tests found in The CCM Validation System (CCMVS). This testing is performed by NVLAP accredited Cryptographic Module Testing (CMT) laboratories.
The implementations below consist of software, firmware, hardware, and any combination thereof. The National Institute of Standards and Technology (NIST) has made every attempt to provide complete and accurate information about the implementations described in this document. However, due to the possibility of changes made within individual companies, NIST cannot guarantee that this document reflects the current status of each product. It is the responsibility of the vendor to notify NIST of any necessary changes to its entry in the following list. A validation certificate issued to each vendor also indicates 1) the CMT laboratory that tested the implementation, and 2) the operating environment used to test the implementation (if software or firmware).
NIST has made every attempt to provide complete and accurate information about the implementations described in the following list. It is the responsibility of the vendor to notify NIST of any necessary changes to its contact information and implementation description.
In addition to a general description of each product, this list mentions the features that were tested as conforming to
the CCM; these features are listed on the validation certificate that is issued to the vendor. The following notation
is used to describe the implemented features that were successfully tested.
| Key Sizes Tested: | 128, 192, 256 |
| Associated Data Length Range Tested | Minimum - Maximum |
| Payload Length Range Tested | Minimum - Maximum |
| Nonce Length(s) tested | 7, 8, 9, 10, 11, 12, 13 |
| Tag Length(s) tested | 4, 6, 8, 10, 12, 14, 16 |
The list is in reverse numerical order, by certificate number. Thus, the more recent validations are closer to the top of the list.
| Cert# | Vendor | Implementation | Operational Environment | Val. Date |
Description/Notes |
|---|---|---|---|---|---|
| 12 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Brian Mansfield
|
Version 3.2.116.21 |
IBM 405GP PowerPC w/ IOS 12.3(7)JX3 | 3/14/2006 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 22 - 30 ) (Payload Length Range Tested: 32 - 32 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 12 ) (128 bit Symmetric Algorithm: AES Cert# 373 ) ] "The Cisco LWAPP Aironet 1131, 1232, 1231, and 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i and IEEE 802.1x standards and Advanced Encryption Standard (AES) for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards." |
| 11 | Cisco Systems, Inc 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo
|
Part # A506 |
N/A | 3/14/2006 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 22 - 30 ) (Payload Length Range Tested: 10 - 20 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 8 ) (128 bit Symmetric Algorithm: AES Cert# 370 ) ] "The Cisco AMAC chip is an ASIC that provides 802.11i functionality to the Cisco AP1131AG, AP1242AG, and AP1232AG wireless access points, and the Cisco BR1310G wireless bridge." |
| 10 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Brian Mansfield
|
Version 3.2.116.21 |
Motorola MPC8540 PowerQUICC III w/ Linux Montavista Hardhat 2.4.20 | 3/14/2006 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 22 - 30 ) (Payload Length Range Tested: 32 - 32 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 12 ) (128 bit Symmetric Algorithm: AES Cert# 368 ) ] "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio resource management and comply with the commercial wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)." |
| 9 | 3e Technologies International, Inc. 700 King Farm Blvd, Suite 600 Rockville, MD 20850 USA -Tiebing Zhang
|
Version 1.0 (Firmware) |
CSR BC03MM Chip | 1/19/2006 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 1 - 32 ) (Payload Length Range Tested: 1 - 32 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 8 ) (128 bit Symmetric Algorithm: AES Cert# 351 ) ] "3eTI Secure Bluetooth Module with AES-CCM encryption" |
| 8 | Alvarion 2495 Leghorn Street Mountain View, CA 94043 USA -Alfred Cohen
|
Part # AR5212 |
N/A | 9/9/2005 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 22 - 28 ) (Payload Length Range Tested: 0 - 32 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 8 ) (128 bit Symmetric Algorithm: AES Cert# 309 ) ] "Alvarion's BreezeACCESS VL, 4900, and BreezeNET B wireless broadband solution is designed to provide an IP based metro-scale communications network. Deployed in a PtMP or PtP architecture, the solution provides public safety agencies, government and educational organizations with cost-effective high speed connectivity regionally, citywide or countrywide." |
| 7 | RSA Security, Inc. 2955 Campus Drive, Suite 400 San Mateo, CA 94403 USA -Kathy Kriese
|
Version 2.0 |
Intel PXA255 w/ PocketPC 2003; Intel Celeron w/ Microsoft Windows XP SP2; Motorola MPC 7455 w/ VxWorks 5.4, PowerPC 604; Motorola MPC 8260 w/ VxWorks 5.5, PowerPC 603; Motorola MPC 7455 w/VxWorks 5.5, PowerPC 604; SPARC IIe w/ Sun Microsystems Solaris 8 (Sun OS 5.8) Sparc V9; SPARC IIe w/ Sun Microsystems Solaris 8 (Sun OS 5.8) Sparc V8+; SPARC IIe w/ Sun Microsystems Solaris 8 (Sun OS 5.8) SPARC V8; Intel Pentium 4 w/ Red Hat Linux 7.2; AMD Athlon 800 w/ Red Hat Enterprise Linux AS 3.0; Intel Itanium 2 w/ HP-UX 11.23 Itanium2, 64-bit; IBM Power5 (2-way) w/ AIX 5L v5.x, 32-bit; PA-RISC PA8500 2.0 w/ HP-UX 11.11; PA-RISC PA8500 2.0W w/ HP-UX 11.23 | 8/26/2005 |
[
(Key Sizes Tested:
128
192
256
)
(Assoc. Data Len Range Tested: 0 - 32 ) (Payload Length Range Tested: 0 - 32 ) ( Nonce Length(s) Tested: 7 8 9 10 11 12 13 ) (Tag Length(s) Tested: 4 6 8 10 12 14 16 ) (128 bit Symmetric Algorithm: AES Cert# 303 ) ] "The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 6 | 3e Technologies International, Inc. 700 King Farm Blvd, Suite 600 Rockville, MD 20850 USA -Ryon Coleman
|
Version 2.0 |
Intel Mobile Processor, 1700 MHz w Windows XP Service Pack 2; Intel Mobile Processor, 1700 MHz w/ Windows 2000 Service Pack 4 | 7/20/2005 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 22 - 28 ) (Payload Length Range Tested: 1 - 24 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 8 ) (128 bit Symmetric Algorithm: AES Cert# 288 ) ] "AirGuardTM Wireless Solutions implement leading cryptographic technologies. This particular algorithm certification is for AES-CCM using a Windows 2000/XP-based software implementation. AirGuardTM Crypto Client includes the following models: AirGuardTM 3e-010F-A-2 Crypto Client Software, v2.0 Build 1 for Windows 2000/XP" |
| 5 | 3e Technologies International, Inc. 700 King Farm Blvd, Suite 600 Rockville, MD 20850 USA -Ryon Coleman
|
Version 2.0 |
Intel Mobile Processor, 1700 MHz w/ Windows 2000 Service Pack 4; Intel Mobile Processor, 1700 MHz w/ Windows XP Service Pack 2 | 7/20/2005 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 22 - 28 ) (Payload Length Range Tested: 1 - 24 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 8 ) (128 bit Symmetric Algorithm: AES Cert# 287 ) ] "AirGuardTM Wireless Solutions implement leading cryptographic technologies. This particular algorithm certification is for AES-CCM using a Windows 2000/XP-based software implementation. AirGuardTM Crypto Client includes the following models: AirGuardTM 3e-010F-C-2 Crypto Client Software, v2.0 Build 1 for Windows 2000/XP" |
| 4 | Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Kenneth Jensen - Dir of Prod Mgmt
|
Version CN1000 Part # 1000199-01 |
N/A | 5/16/2005 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 15 - 30 ) (Payload Length Range Tested: 0 - 32 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 8 ) (128 bit Symmetric Algorithm: AES Cert# 159 ) ] "Aruba Wireless Networks’ WLAN switching platform is a purpose-built WLAN voice and data switching solution designed to specifically address the needs and reduce the cost of large scale Wi-Fi network deployments for Government agencies and large enterprise. The Aruba Wireless Networks WLAN switching platform is a highly scalable and redundant solution that provides centralized intelligence to secure and manage the corporate RF environment, enforce identity based user security policies, enable service creation and provide secure mobility management to thousands of simultaneously connected users." |
| 3 | Funk Software, Inc. 222 Third Street Cambridge, MA 02142 USA -Steven Erickson
|
Version 1.0 |
x86 platform w/ Windows XP; x86 platform w/ Linux RedHat 9.0 | 3/23/2005 |
[
(Key Sizes Tested:
128
192
256
)
(Assoc. Data Len Range Tested: 0 - 32 , 2^16 ) (Payload Length Range Tested: 0 - 32 ) ( Nonce Length(s) Tested: 7 8 9 10 11 12 13 ) (Tag Length(s) Tested: 4 6 8 10 12 14 16 ) (128 bit Symmetric Algorithm: AES Cert# 246 ) ] "The Odyssey Security Component/Portable is Funk Software, Inc.'s general purpose cryptographic library. Wide-ranging algorithm support is provided, making the library suitable for use in applications such as wireless LAN, IPsec, SSL/TLS, EAP, and so on. The portable (C) version can be compiled for use on a large variety of platforms." |
| 2 | Funk Software, Inc. 222 Third Street Cambridge, MA 02142 USA -Steven Erickson
|
Version 1.0 |
Windows XP on x86 platform; Linux RedHat 9.0 on x86 platform | 3/22/2005 |
[
(Key Sizes Tested:
128
192
256
)
(Assoc. Data Len Range Tested: 0 - 32 , 2^16 ) (Payload Length Range Tested: 0 - 32 ) ( Nonce Length(s) Tested: 7 8 9 10 11 12 13 ) (Tag Length(s) Tested: 4 6 8 10 12 14 16 ) (128 bit Symmetric Algorithm: AES Cert# 245 ) ] "The Odyssey Security Component is Funk Software, Inc.'s general purpose cryptographic library. Wide-ranging algorithm support is provided, making the library suitable for use in applications such as wireless LAN, IPsec, SSL/TLS, EAP, and so on. Assembly language optimizations allow high-speed operation on specific platforms." |
| 1 | 3e Technologies International, Inc. 700 King Farm Blvd, Suite 600 Rockville, MD 20850 USA -Ryon Coleman
|
Version 3.0 |
Intel Xscale, 533 MHz w/ Linux Kernel v2.4.17 | 3/9/2005 |
[
(Key Sizes Tested:
128
)
(Assoc. Data Len Range Tested: 22 - 28 ) (Payload Length Range Tested: 1 - 24 ) ( Nonce Length(s) Tested: 13 ) (Tag Length(s) Tested: 8 ) (128 bit Symmetric Algorithm: AES Cert# 238 ) ] "AirGuardTM Wireless Solutions implement leading cryptographic technologies. This particular algorithm certification is for AES-CCM using a Linux-based software implementation." |
Computer Security Division
National Institute of Standards and Technology