| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 7/24/2029 |
| Caveat | Interim validation. When operated in Approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. |
| Vendor | Oracle Corporation |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Sensitive Security Parameter Management | 1 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show status<br/>Self-test<br/>Error State</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show status<br/>Self-test<br/>Error State</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module FIPS 140-3 Level 1 Validation Software Versions: kernel: 5.15.0-303.171.5.2.2.el8uek and 5.15.0-303.171.5.2.2.el9uek libkcapi: 1.2.0-2.0.1.el8 and 1.3.1-3.0.1.el9 Date: February 26th, 2026 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com Document Version: 1.5 ©Oracle Corporation
Title: Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy Date: February 26th, 2026 Contributing Authors: Oracle Linux Engineering Security Evaluations
Austin, TX 78741 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 www.oracle.com change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy i
| # | Section | Page |
|---|---|---|
| 1 | General | 1 |
| 1.1 | Overview | 1 |
| 1.1.1 | How this Security Policy was prepared | 1 |
| 1.2 | Security Levels | 1 |
| 2 | Cryptographic Module Specification | 2 |
| 2.1 | Description | 2 |
| 2.2 | Version Information | 2 |
| 2.3 | Operating Environments | 3 |
| 2.4 | Excluded Components | 5 |
| 2.5 | Modes of Operation | 5 |
| 2.6 | Approved Algorithms | 5 |
| 2.7 | RNG and Entropy | 8 |
| 2.8 | SSP Generation | 8 |
| 2.9 | SSP Establishment | 8 |
| 2.10 | Industry Protocols | 9 |
| 2.11 | Design and Rules | 9 |
| 2.12 | Initialization | 9 |
| 3 | Cryptographic Module Interfaces | 10 |
| 3.1 | Description | 10 |
| 3.2 | Trusted Channel Specification | 10 |
| 3.3 | Control Interface Not Inhibited | 10 |
| 4 | Roles, Services, and Authentication | 11 |
| 4.1 | Authentication Methods | 11 |
| 4.2 | Roles | 11 |
| 4.3 | Approved Services | 11 |
| 4.4 | Non-Approved Services | 13 |
| 4.5 | External Software/Firmware Loaded | 13 |
| 4.6 | Bypass Actions and Status | 13 |
| 4.7 | Cryptographic Output Actions and Status | 13 |
| 5 | Software/Firmware Security | 14 |
| 5.1 | Integrity Techniques | 14 |
| 5.2 | Initiate on Demand | 14 |
| 6 | Operational Environment | 15 |
| 6.1 | Operational Environment Type and Requirements | 15 |
| 6.2 | Configurable Settings and Restrictions | 15 |
| 7 | Physical Security | 16 |
| 8 | Non-Invasive Security | 17 |
| 9 | Sensitive Security Parameters Management | 18 |
| 9.1 | Storage Areas | 18 |
| 9.2 | SSP Input-Output Methods | 18 |
| 9.3 | SSP Zeroization Methods | 18 |
| 9.4 | SSPs | 19 |
| 9.5 | Transitions | 20 |
| 10 | Self-Tests | 21 |
| 10.1 | Pre-Operational Self-Tests | 21 |
| 10.2 | Conditional Self-Tests | 21 |
| 10.2.1 | Conditional Cryptographic Algorithm Tests | 22 |
| 10.2.2 | Conditional Cryptographic Algorithm Tests | 23 |
| 10.3 | Periodic Self-Tests | 23 |
| 10.4 | Error States | 23 |
| 10.5 | Operator Initiation | 23 |
| 11 | Life-Cycle Assurance | 24 |
| 11.1 | Startup Procedures | 24 |
| 11.2 | Administrator Guidance | 25 |
| 11.2.1 | AES GCM IV | 25 |
| 11.2.2 | AES XTS | 25 |
| 11.2.3 | SP 800-56Arev3 Assurances | 25 |
| 11.2.4 | RSA | 25 |
| 11.2.5 | SHA-3 | 26 |
| 11.3 | Non-Administrator Guidance | 26 |
| 11.4 | Maintenance Requirements | 26 |
| 11.5 | End of Life | 26 |
| 12 | Mitigation of Other Attacks | 27 |
| Appendix A. Glossary and Abbreviations | 28 | |
| Appendix B. References | 29 |
9.4 9.5 10.1 10.2 10.3 10.4 10.5 11.1 11.2 11.3 11.4 11.5 Appendix A. Appendix B. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy iii
| Item | Page |
|---|---|
| Table 1 - Security Levels | 1 |
| Table 2 - Software, Firmware, Hybrid Tested Operating Environments | 3 |
| Table 3 - Executable Code Sets | 4 |
| Table 4 - Vendor Affirmed Operational Environments | 5 |
| Table 5 - Modes List and Description | 5 |
| Table 6 - Approved Algorithms | 7 |
| Table 7 - Non-Approved, Allowed Algorithms with No Security Claimed | 7 |
| Table 8 – Non-Approved, Not Allowed Algorithms | 8 |
| Table 9 – Entropy | 8 |
| Table 10 - Key Generation | 8 |
| Table 11 - Key Agreement | 8 |
| Table 12 - Key Transport | 9 |
| Table 13 - Ports and Interfaces | 10 |
| Table 14 – Roles | 11 |
| Table 15 – Approved Services | 12 |
| Table 16 - Non-Approved Services | 13 |
| Table 17 – Storage Areas | 18 |
| Table 18 – SSP Input-Output | 18 |
| Table 19 - SSP Zeroization Methods | 18 |
| Table 20 - SSP Information First | 20 |
| Table 21 - SSP Information Second | 20 |
| Table 22 - Pre-Operational Self-Tests | 21 |
| Table 23 - Conditional Self-Tests | 22 |
| Table 24 - Error States | 23 |
| Figure 1 – Block Diagram | 2 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 1 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | 1 |
| 7 | 7 | Physical Security | Not Applicable |
| 8 | 8 | Non-invasive Security | Not Applicable |
| 9 | 9 | Sensitive Security Parameter Management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle Assurance | 1 |
| 12 | 12 | Mitigation of Other Attacks | Not Applicable |
| Overall Level | Overall Level | 1 |
This document is the non-proprietary FIPS 140-3 Security Policy for Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module versions:
In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.
Table 1 describes the individual security areas of FIPS 140-3, as well as the security levels of those individual areas. [Number Below] Table 1 - Security Levels Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
Purpose and Use: The Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module (hereafter referred to as “the module”) provides a C language application program interface (API) for use by other (kernel space and user space) processes that require cryptographic functionality. The module operates on a general-purpose computer as part of the Linux kernel. Its cryptographic functionality can be accessed using the Linux Kernel Crypto API. Module Type: Software Module Embodiment: Multi-chip standalone Module Characteristics: N/A Cryptographic Boundary: The cryptographic boundary of the module is defined as the kernel binary and the loadable kernel crypto object files, the libkcapi library, and the sha512hmac binary, which is used to verify the integrity of the software components. In addition, the cryptographic boundary contains the .hmac files which store the expected integrity values for each of the software components. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. Figure 1
Hardware Versions: N/A Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Operating System | Hardware Platform | Hardware Version | Firmware Version | Processor | Features | Package | Integrity Test | ||
|---|---|---|---|---|---|---|---|---|---|---|
| Oracle Linux 8 | ORACLE SERVER X9-2c | Intel(R) Xeon(R) Platinum 8358 | Yes: AES-NI and SHA Extensions | Oracle Linux 8 | KVM on Oracle Linux 8 | |||||
| ORACLE SERVER E4-2c | ORACLE SERVER E4-2c | AMD EPYC 7J13 | Yes: AES-NI and SHA Extensions | |||||||
| ORACLE SERVER A1-2c | ORACLE SERVER A1-2c | Ampere(R) Altra(R) Q80-30 | Yes: NEON and Cryptography Extensions | |||||||
| Oracle Linux 9 | ORACLE SERVER X9-2c | Intel(R) Xeon(R) Platinum 8358 | Yes: AES-NI and SHA Extensions | Oracle Linux 9 | ||||||
| ORACLE SERVER E4-2c | ORACLE SERVER E4-2c | AMD EPYC 7J13 | Yes: AES-NI and SHA Extensions | |||||||
| ORACLE SERVER A1-2c | ORACLE SERVER A1-2c | Ampere(R) Altra(R) Q80-30 | Yes: NEON and Cryptography Extensions | |||||||
| Marvell Liquid IO II (MIPS64) SmartNIC | Marvell Liquid IO II (MIPS64) SmartNIC | OCTEON III | No | N/A | ||||||
| Oracle Linux 8 Intel and AMD Platforms: /boot/vmlinuz-5.15.0- 303.171.5.2.2.el8uek.x86_64 *.ko and *.ko.xz files in /usr/lib/modules/5.15.0- 303.171.5.2.2.el8uek.x86_64/kernel/crypto *.ko and *.ko.xz files in /usr/lib/modules/5.15.0- 303.171.5.2.2.el8uek.x86_64/kernel/arch/x86/c rypto Oracle Linux 8 Ampere Platform: /boot/vmlinuz-5.15.0-303.171.5.2.2.el8uek. aarch64 *.ko and *.ko.xz files in | N/A | 5.15.0-303.171.5.2.2.el8uek | N/A | Oracle Linux 8 Intel and AMD Platforms: /boot/vmlinuz-5.15.0- 303.171.5.2.2.el8uek.x86_64 *.ko and *.ko.xz files in /usr/lib/modules/5.15.0- 303.171.5.2.2.el8uek.x86_64/kernel/crypto *.ko and *.ko.xz files in /usr/lib/modules/5.15.0- 303.171.5.2.2.el8uek.x86_64/kernel/arch/x86/c rypto Oracle Linux 8 Ampere Platform: /boot/vmlinuz-5.15.0-303.171.5.2.2.el8uek. aarch64 *.ko and *.ko.xz files in | HMAC-SHA-5121 RSA 4096 bit signature verification2 |
| Name | Operating System | Hardware Platform | Hardware Version | Firmware Version | Processor | Features | Package | Integrity Test | Virtual Platforms | ||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Oracle Linux 8 | ORACLE SERVER X9-2c | Intel(R) Xeon(R) Platinum 8358 | Yes: AES-NI and SHA Extensions | Oracle Linux 8 | KVM on Oracle Linux 8 | ||||||
| ORACLE SERVER E4-2c | ORACLE SERVER E4-2c | AMD EPYC 7J13 | Yes: AES-NI and SHA Extensions | ||||||||
| ORACLE SERVER A1-2c | ORACLE SERVER A1-2c | Ampere(R) Altra(R) Q80-30 | Yes: NEON and Cryptography Extensions | ||||||||
| Oracle Linux 9 | ORACLE SERVER X9-2c | Intel(R) Xeon(R) Platinum 8358 | Yes: AES-NI and SHA Extensions | Oracle Linux 9 | |||||||
| ORACLE SERVER E4-2c | ORACLE SERVER E4-2c | AMD EPYC 7J13 | Yes: AES-NI and SHA Extensions | ||||||||
| ORACLE SERVER A1-2c | ORACLE SERVER A1-2c | Ampere(R) Altra(R) Q80-30 | Yes: NEON and Cryptography Extensions | ||||||||
| Marvell Liquid IO II (MIPS64) SmartNIC | Marvell Liquid IO II (MIPS64) SmartNIC | OCTEON III | No | N/A | |||||||
| Oracle Linux 8 Intel and AMD Platforms: /boot/vmlinuz-5.15.0- 303.171.5.2.2.el8uek.x86_64 *.ko and *.ko.xz files in /usr/lib/modules/5.15.0- 303.171.5.2.2.el8uek.x86_64/kernel/crypto *.ko and *.ko.xz files in /usr/lib/modules/5.15.0- 303.171.5.2.2.el8uek.x86_64/kernel/arch/x86/c rypto Oracle Linux 8 Ampere Platform: /boot/vmlinuz-5.15.0-303.171.5.2.2.el8uek. aarch64 *.ko and *.ko.xz files in | N/A | 5.15.0-303.171.5.2.2.el8uek | N/A | Oracle Linux 8 Intel and AMD Platforms: /boot/vmlinuz-5.15.0- 303.171.5.2.2.el8uek.x86_64 *.ko and *.ko.xz files in /usr/lib/modules/5.15.0- 303.171.5.2.2.el8uek.x86_64/kernel/crypto *.ko and *.ko.xz files in /usr/lib/modules/5.15.0- 303.171.5.2.2.el8uek.x86_64/kernel/arch/x86/c rypto Oracle Linux 8 Ampere Platform: /boot/vmlinuz-5.15.0-303.171.5.2.2.el8uek. aarch64 *.ko and *.ko.xz files in | HMAC-SHA-5121 RSA 4096 bit signature verification2 | ||||||
| Oracle Linux 8 Platforms: /usr/lib64/libkcapi.so.1.2.0 /usr/bin/sha512hmac Oracle Linux 9 Platforms: /usr/lib64/libkcapi.so.1.3.1 /usr/bin/sha512hmac | N/A | 5.15.0-303.171.5.2.2.el9uek | N/A | Oracle Linux 8 Platforms: /usr/lib64/libkcapi.so.1.2.0 /usr/bin/sha512hmac Oracle Linux 9 Platforms: /usr/lib64/libkcapi.so.1.3.1 /usr/bin/sha512hmac | HMAC-SHA-512 | ||||||
| Oracle Linux 8 | Oracle Linux 8 | Oracle X Series Servers | Oracle Linux KVM |
N/A Table 2 - Software, Firmware, Hybrid Tested Operating Environments Executable Code Sets: N/A N/A verification 2 HMAC-SHA-512 integrity test is used for the kernel binary. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Operating System | Hardware Platform | Hardware Version | Firmware Version | Features | Package | Integrity Test | Virtual Platforms |
|---|---|---|---|---|---|---|---|---|
| Oracle Linux 8 Platforms: /usr/lib64/libkcapi.so.1.2.0 /usr/bin/sha512hmac Oracle Linux 9 Platforms: /usr/lib64/libkcapi.so.1.3.1 /usr/bin/sha512hmac | N/A | 5.15.0-303.171.5.2.2.el9uek | N/A | Oracle Linux 8 Platforms: /usr/lib64/libkcapi.so.1.2.0 /usr/bin/sha512hmac Oracle Linux 9 Platforms: /usr/lib64/libkcapi.so.1.3.1 /usr/bin/sha512hmac | HMAC-SHA-512 | |||
| Oracle Linux 8 | Oracle Linux 8 | Oracle X Series Servers | Oracle Linux KVM | |||||
| Oracle Linux 9 | Oracle Linux 9 | Oracle E Series Servers Oracle A Series Servers Marvell T93 LiquidIO III (ARM v8.x) SmartNIC Pensando DSC-200-R (ARM v8.x) SmartNIC Nvidia Bluefield-3 (ARM v8.x) SmartNIC |
N/A N/A Table 3 - Executable Code Sets Vendor Affirmed Operating Environments: Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non-approved mode | Automatically entered whenever a non- approved service is requested | Equivalent to the indicator of the requested service | Non-approved |
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| SHA [FIPS 180-4] | A3860 A3861 A3862 | SHA-1, SHA-224, SHA-256, SHA- | N/A | Message digest |
| A3885 A3886 A3887 | A3885 A3886 A3887 | 384, SHA-512 | ||
| SHA-3 [FIPS 202] | A3863 A4163 | SHA3-224, SHA3-256, SHA3-384, | N/A | Message digest |
| AES [FIPS 197, SP 800-38A, SP | A3860 A3861 A3862 | ECB, CBC, CBC-CS3, CFB128, | 128, 192, 256 bits | Encryption |
| 800-38A Addendum] | A3864 A3865 A3866 | OFB, CTR | Decryption | |
| AES [FIPS 197, SP 800-38C] | A3862 A3869 A3879 | CCM | 128, 192, 256 bits | Authenticated encryption |
| A3889 A3891 A4162 | A3889 A3891 A4162 | Authenticated decryption | ||
| AES [FIPS 197, SP 800-38D] | A3867 A3870 A3877 | GCM (internal IV) | 128, 192, 256 bits | Authenticated encryption |
| AES [FIPS 197, SP 800-38D] | A3862 A3868 A3869 | GCM (external IV) | 128, 192, 256 bits | Authenticated decryption |
| AES [FIPS 197, SP 800-38E] | A3862 A3869 A3876 | XTS | 128, 256 bits | Encryption |
| A3879 A3889 A3891 | A3879 A3889 A3891 | Decryption | ||
| AES [FIPS 197, SP 800-38B, SP | A3862 A3869 A3879 | CMAC, GMAC | 128, 192, 256 bits | Message authentication |
| 800-38D] | A3889 A3891 A4162 | |||
| HMAC [FIPS 198-1] | A3860 A3861 A3862 | SHA-1, SHA-224, SHA-256, SHA- | 112-256 bits | Message authentication |
| A3885 A3886 A3887 | A3885 A3886 A3887 | 384, SHA-512 | ||
| A3863 A4163 | A3863 A4163 | SHA3-224, SHA3-256, SHA3-384, | ||
| ECDSA [FIPS 186-4] | A3861 A4161 | B.4.2 Testing candidates | P-256, P-384 | Key pair generation |
| KAS ECC-SSC [SP 800- | A3861 A4161 | Ephemeral Unified Model | P-256, P-384 | Shared secret computation |
| 56Arev3] | (initiator/responder) | (128 and 192 bits) | ||
| KAS FFC-SSC [SP 800-56Arev3] | A3860 A4160 | dhEphem (initiator/responder) | ffdhe2048, ffdhe3072, | Shared secret computation |
| Safe Primes [SP 800-56Arev3] | A3860 A4160 | Section 5.6.1.1.4 Testing | ffdhe2048, ffdhe3072, | Key pair generation |
| Candidates | Candidates | ffdhe4096, ffdhe6144, | ||
| CTR_DRBG [SP 800-90Ar1] | A3860 A3861 A3862 | AES-128, AES-192, AES-256, with | 128, 192, 256 bits | Random number generation |
| A3867 A3868 A3869 | A3867 A3868 A3869 | derivation function, | ||
| A3870 A3871 A3876 | A3870 A3871 A3876 | with/without prediction | ||
| A3877 A3878 A3879 | A3877 A3878 A3879 | resistance | ||
| Hash_DRBG [SP 800-90Ar1] | A3860 A3861 A3862 | SHA-1, SHA-256, SHA-512 | 128, 256 bits | Random number generation |
| A3867 A3868 A3869 | A3867 A3868 A3869 | with/without prediction | ||
| A3870 A3871 A3876 | A3870 A3871 A3876 | resistance | ||
| HMAC_DRBG [SP 800-90Ar1] | A3877 A3878 A3879 A3880 A3881 A3885 | SHA-1, SHA-256, SHA-512 | 128, 256 bits | Random number generation |
| A3886 A3887 A3892 | A3886 A3887 A3892 | with/without prediction | ||
| A3893 A4160 A4161 | A3893 A4160 A4161 | resistance | ||
| RSA [FIPS 186-4] | A3862 A3885 A3886 | PKCS#1 v1.5 with SHA1, SHA- | 2048, 3072, 4096 bits (112, | Signature verification |
| A3887 A4162 A4189 | A3887 A4162 A4189 | 224, SHA-256, SHA-384, SHA- | 128, 150 bits) | |
| A4190 A4192 | A4190 A4192 | 512 |
Table 4 - Vendor Affirmed Operational Environments Note: the CMVP makes no statement as to the correct operation of the module or the security strengths of the generated SSPs when so ported if the specific operational environment is not listed on the validation certificate.
There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.
Modes List and Description: Table 5 - Modes List and Description After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically Mode change instructions and status indicators: The module automatically switches between the approved and non-approved modes depending on the services requested by The module does not implement a degraded mode of operation.
Approved Algorithms: Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Approved Functions |
|---|---|
| ECDSA Signature Verification Primitive | Signature Verification Primitive |
| AES GCM with external IV | Encryption |
| KBKDF (libkcapi) | Key derivation |
| HKDF (libkcapi) | Key derivation |
| PBKDF2 (libkcapi) | Password-based key derivation |
Table 6 - Approved Algorithms Vendor Affirmed Algorithms: The module implements Cryptographic Key Generation (CKG), with vendor affirmed compliance to SP 800-133r2, Section 5.2. Non-Approved, Allowed Algorithms: The module does not implement non-approved algorithms allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: Table 7 - Non-Approved, Allowed Algorithms with No Security Claimed Non-Approved, Not Allowed Algorithms: Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Use Function |
|---|---|
| RSA | Encryption primitive Decryption primitive |
| RSA with PKCS#1 v1.5 padding | Signature generation (pre-hashed message) Signature verification (pre-hashed message) |
| Key encapsulation Key decapsulation | Key encapsulation Key decapsulation |
| Name | Type | Strength | Operational Environment | ||
|---|---|---|---|---|---|
| UEK7 CPU Time Jitter RNG Entropy Source (Cert. #E61) | Non-physical | 64 bits | See Table 2 | 59.41 bits | Linear-Feedback Shift Register (LFSR) |
| Name | Type | Properties |
|---|---|---|
| Safe primes key pair generation | Asymmetric | Key type: Diffie-Hellman key pair Groups: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 Security strength: 112-200 bits Method: SP 800-56Ar3 (safe primes) Section 5.6.1.1.4 Testing Candidates Compliant to SP 800-133r2, Section 5.2 |
| EC key pair generation | Key type: EC key pair Curves: P-256, P-384 Security strength: 128, 192 bits Method: FIPS 186-4 Appendix B.4.2 Testing Candidates Compliant to SP 800-133r2, Section 5.2 | |
| Diffie-Hellman | Shared secret computation | Groups: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 Security strength: 112-200 bits Compliant with Scenario 2 (1) of FIPS 140-3 IG D.F |
| EC Diffie-Hellman | Shared secret computation | Curves: P-256, P-384 Security strength: 128, 192 bits Compliant with Scenario 2 (1) of FIPS 140-3 IG D.F |
| Name | Type | Properties |
|---|---|---|
| Safe primes key pair generation | Asymmetric | Key type: Diffie-Hellman key pair Groups: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 Security strength: 112-200 bits Method: SP 800-56Ar3 (safe primes) Section 5.6.1.1.4 Testing Candidates Compliant to SP 800-133r2, Section 5.2 |
| EC key pair generation | Key type: EC key pair Curves: P-256, P-384 Security strength: 128, 192 bits Method: FIPS 186-4 Appendix B.4.2 Testing Candidates Compliant to SP 800-133r2, Section 5.2 | |
| Diffie-Hellman | Shared secret computation | Groups: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 Security strength: 112-200 bits Compliant with Scenario 2 (1) of FIPS 140-3 IG D.F |
| EC Diffie-Hellman | Shared secret computation | Curves: P-256, P-384 Security strength: 128, 192 bits Compliant with Scenario 2 (1) of FIPS 140-3 IG D.F |
Table 8
Table 11 - Key Agreement Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Type | Properties |
|---|---|---|
| AES CCM | Key wrapping Key unwrapping | Security strength: 128, 192, or 256 bits SP 800-38F |
| AES GCM | Key wrapping | IV generated internally Security strength: 128, 192, or 256 bits SP 800-38F |
| Key unwrapping | Key unwrapping | IV provided externally Security strength: 128, 192, or 256 bits SP 800-38F |
| AES CBC or CTR with HMAC SHA-1, HMAC SHA- 256, HMAC SHA-384, or HMAC SHA-512 | Key wrapping Key unwrapping | Security strength: 112-256 bits SP 800-38F |
Table 12 - Key Transport As permitted by IG D.G, the module provides key transport methods either by using an approved authenticated encryption mode or by a combination of any approved symmetric encryption mode and an approved authentication method.
AES GCM with internal IV generation in the approved mode is compliant with RFC 4106 and shall only be used in conjunction with the IPsec protocol. No parts of this protocol, other than the AES GCM implementation, have been tested by the CAVP and CMVP.
Upon start-up, the module immediately performs the pre-operational integrity test using the integrity values stored in the .hmac files associated with the module’s software components (Table 23). When all those self-tests pass successfully, the module automatically performs all cryptographic algorithm self-tests (CASTs) as specified in Table 23. Only if these CASTs also passed successfully, the module transitions to the operational state. No operator intervention is required to reach this point. In the operational state, the module accepts service requests from calling applications through its logical interfaces. If the Linux kernel which contains the module is shut down, the module will end its operation.
There are no specific initialization requirements. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs. | As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs. | Data Input | API data input parameters, AF_ALG type sockets |
| Data Output | Data Output | API output parameters, AF_ALG type sockets | |
| Control Input | Control Input | API function calls, API control input parameters, AF_ALG type sockets, kernel command line | |
| Status Output | Status Output | API return values, AF_ALG type sockets, kernel logs |
Table 13 - Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design.
The module does not implement a trusted channel. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | N/A | ||||||
| Message digest | Compute a message digest | N/A | SHA-1, SHA-224, SHA- 256, SHA-384, SHA- 512, SHA3-224, SHA3- 256, SHA3-384, SHA3- 512 | crypto_shash_init returns 0 | Message | Digest value | |||
| Encryption | Encrypt a plaintext | AES key: W, E | AES ECB, CBC, CBC- CS3, OFB, CFB128, CTR, XTS | crypto_skcipher_s etkey returns 0 | AES key, plaintext | Ciphertext | |||
| Decryption | Decrypt a ciphertext | AES key, ciphertext | Plaintext | ||||||
| Authenticated encryption | Encrypt a plaintext | AES key: W, E HMAC key: W, E | AES CCM, GCM (internal IV) AES CBC or CTR with HMAC SHA-1, HMAC SHA-256, HMAC SHA- 384, or HMAC SHA- 512 | For all modes except AES GCM: crypto_aead_setk ey returns 0 For AES GCM: crypto_aead_get_ flags(tfm) has the CRYPTO_TFM_FIP S_COMPLIANCE flag set | AES key, plaintext | Ciphertext, MAC tag | |||
| Authenticated decryption | Decrypt a ciphertext | AES CCM, GCM (external IV) AES CBC or CTR with HMAC SHA-1, HMAC SHA-256, HMAC SHA- 384, or HMAC SHA- 512 | AES key, ciphertext, MAC tag | Plaintext | |||||
| Message authentication | Compute a MAC tag | AES key: W, E | AES CMAC, GMAC | crypto_shash_init returns 0 | AES key, message | MAC tag | |||
| HMAC key, message | HMAC key: W, E | HMAC SHA-1, HMAC SHA-224, HMAC SHA- 256, HMAC SHA-384, HMAC SHA-512, HMAC SHA3-224, HMAC SHA3-256, HMAC SHA3-384, HMAC SHA3-512 | HMAC key, message | ||||||
| Signature verification primitive | Perform ECDSA signature verification primitive | EC public key: W, E | ECDSA signature verification primitive with P-256 and P-384 | crypto_akcipher_v erify returns 0 | Hashed message | Pass/fail | |||
| Shared secret computation | Compute a shared secret | DH private key: W, E DH public key: W, E | KAS-FFC-SSC | crypto_kpp_comp ute_shared_secre t returns 0 | DH private key, DH public key | Shared secret |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | N/A | ||||||
| Message digest | Compute a message digest | N/A | SHA-1, SHA-224, SHA- 256, SHA-384, SHA- 512, SHA3-224, SHA3- 256, SHA3-384, SHA3- 512 | crypto_shash_init returns 0 | Message | Digest value | |||
| Encryption | Encrypt a plaintext | AES key: W, E | AES ECB, CBC, CBC- CS3, OFB, CFB128, CTR, XTS | crypto_skcipher_s etkey returns 0 | AES key, plaintext | Ciphertext | |||
| Decryption | Decrypt a ciphertext | AES key, ciphertext | Plaintext | ||||||
| Authenticated encryption | Encrypt a plaintext | AES key: W, E HMAC key: W, E | AES CCM, GCM (internal IV) AES CBC or CTR with HMAC SHA-1, HMAC SHA-256, HMAC SHA- 384, or HMAC SHA- 512 | For all modes except AES GCM: crypto_aead_setk ey returns 0 For AES GCM: crypto_aead_get_ flags(tfm) has the CRYPTO_TFM_FIP S_COMPLIANCE flag set | AES key, plaintext | Ciphertext, MAC tag | |||
| Authenticated decryption | Decrypt a ciphertext | AES CCM, GCM (external IV) AES CBC or CTR with HMAC SHA-1, HMAC SHA-256, HMAC SHA- 384, or HMAC SHA- 512 | AES key, ciphertext, MAC tag | Plaintext | |||||
| Message authentication | Compute a MAC tag | AES key: W, E | AES CMAC, GMAC | crypto_shash_init returns 0 | AES key, message | MAC tag | |||
| HMAC key, message | HMAC key: W, E | HMAC SHA-1, HMAC SHA-224, HMAC SHA- 256, HMAC SHA-384, HMAC SHA-512, HMAC SHA3-224, HMAC SHA3-256, HMAC SHA3-384, HMAC SHA3-512 | HMAC key, message | ||||||
| Signature verification primitive | Perform ECDSA signature verification primitive | EC public key: W, E | ECDSA signature verification primitive with P-256 and P-384 | crypto_akcipher_v erify returns 0 | Hashed message | Pass/fail | |||
| Shared secret computation | Compute a shared secret | DH private key: W, E DH public key: W, E | KAS-FFC-SSC | crypto_kpp_comp ute_shared_secre t returns 0 | DH private key, DH public key | Shared secret | |||
| EC private key, EC public key | EC private key: W, E EC public key: W, E Shared secret: G, R | KAS-ECC-SSC | EC private key, EC public key | ||||||
| Key pair generation | Generate a key pair | DH private key: G, R DH public key: G, R Intermediate key generation value: G, Z | Safe primes key pair generation | crypto_kpp_set_s ecret and crypto_kpp_gener ate_public_key return 0 | Group | DH private key, DH public key | |||
| Curve | EC private key: G, R EC public key: G, R Intermediate key generation value: G, Z | EC key pair generation | Curve | EC private key, EC public key | |||||
| Random number generation | Generate random bytes | Entropy input: W, E DRBG seed: E, G DRBG internal state: E, G | CTR_DRBG Hash_DRBG HMAC_DRBG | crypto_rng_get_b ytes returns 0 | Output length | Random bytes | |||
| Error detection code | Compute an EDC (crc32, crct10dif) | N/A | N/A | None | Message | EDC | |||
| Compression | Compress data (deflate, lz4, lz4hc, lzo, zlib-deflate, zstd) | N/A | N/A | None | Data | Compressed data | |||
| Generic system call | Use the kernel to perform various non-cryptographic operations | N/A | N/A | None | Identifier, various arguments | Various return values | |||
| Show version | Return the module name and version information | N/A | N/A | None | N/A | Module name and version | |||
| Show status | Return the module status | N/A | N/A | None | N/A | Module status | |||
| Self-test | Perform the CASTs and integrity tests | N/A | SHA SHA-3 AES HMAC KAS-FFC-SSC KAS-ECC-SSC CTR_DRBG Hash_DRBG HMAC_DRBG RSA See Table 23 for specifics | None | N/A | Pass/fail |
Roles, Services, and Authentication The module does not implement authentication.
N/A Table 14
SHA-1, SHA-224, SHA256, SHA-384, SHA512, SHA3-224, SHA3256, SHA3-384, SHA3512 N/A W, E W, E E Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
N/A R W, E E R G, R G, R W, E N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Table 15
| Name | Description | Security Function | |
|---|---|---|---|
| AES GCM external IV encryption | Encrypt a plaintext using AES GCM with an external IV | AES GCM (external IV) | CO |
| Key derivation | Derive a key from a key-derivation key or a shared secret | KBKDF (libkcapi) HKDF (libkcapi) | |
| Password-based key derivation | Derive a key from a password | PBKDF2 (libkcapi) | |
| RSA encryption primitive | Compute the raw RSA encryption of a plaintext/ciphertext | RSA | |
| RSA decryption primitive | Compute the raw RSA decryption of a plaintext/ciphertext | ||
| RSA signature generation (pre- hashed message) | Generate a digital signature for a pre-hashed message | RSA with PKCS#1 v1.5 padding (pre-hashed message) | |
| RSA signature verification (pre- hashed message) | Verify a digital signature for a pre-hashed message | ||
| Key encapsulation | Encapsulate a secret key using RSA with PKCS#1 v1.5 padding | ||
| Key decapsulation | Decapsulate a secret key using RSA with PKCS#1 v1.5 padding |
Table 16 - Non-Approved Services
The module does not load external software or firmware.
The module does not implement a bypass capability.
The module does not implement a self-initiated cryptographic output capability. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
The Linux kernel binary is integrity tested using an HMAC SHA-512 calculation performed by the sha512hmac utility (which utilizes the module’s HMAC and SHA-512 implementations) which compares the computed HMAC value with a precomputed HMAC value. An HMAC SHA-512 calculation is also performed on the sha512hmac utility and the libkcapi library to verify their integrity by comparing the computed HMAC value with a precomputed HMAC value. The kernel crypto object files listed in Table
3 are loaded on start-up by the module and verified using RSA signature verification with PKCS#1 v1.5 padding, SHA-512, and a
Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity tests can be invoked on demand by unloading and subsequently re-initializing the module, which will perform (among others) the software integrity tests. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
Type of Operating Environment: modifiable: the module executes as part of a general-purpose operating system (Oracle Linux 8 and Oracle Linux 9), which allows modification, loading, and execution of software that is not part of the validated module. How Requirements are Satisfied: The operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented.
The module shall be installed as stated in Section 11.1. Instrumentation tools like the ptrace system call, gdb and strace, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
Physical Security The module is comprised of software only and therefore this section is not applicable. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
Non-Invasive Security This module does not implement any non-invasive security mechanism and therefore this section is not applicable. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution |
| Name | From | To | ||||
|---|---|---|---|---|---|---|
| API input parameters | Operator calling application (TOEPP) | Cryptographic module | Plaintext | Manual | Electronic | N/A |
| API output parameters | Cryptographic module | Operator calling application (TOEPP) |
| Zeroization Method | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Free cipher handle | Zeroizes the SSPs contained within the cipher handle | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable | By calling the appropriate zeroization functions: AES key: crypto_free_skcipher and crypto_free_aead HMAC key: crypto_free_shash and crypto_free_ahash DRBG internal state: crypto_free_rng Intermediate key generation value: automatically zeroized DH public & private key: crypto_free_kpp EC public & private key: crypto_free_kpp and crypto_free_akcipher | |
| DH public & private key: crypto_free_kpp | ||||
| EC public & private key: crypto_free_kpp and | ||||
| crypto_free_akcipher | ||||
| Remove power from the module | De-allocates the volatile memory used to store SSPs | Volatile memory used by the module is overwritten within nanoseconds when power is removed | By removing power |
Sensitive Security Parameters Management
Table 17
| Name | Type | Description | Strength | Generation | Establishment | Use |
|---|---|---|---|---|---|---|
| AES key | Symmetric Key | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits | N/A | N/A | Encryption Decryption Authenticated encryption Authenticated decryption Message authentication |
| HMAC key | Authentication key | HMAC key | 112-256 bits | N/A | N/A | Message authentication code (MAC) |
| Shared secret | Shared secret | Shared secret generated by (EC) Diffie- Hellman | EC Diffie-Hellman 128 and 192 bits | N/A | SP 800-56Ar3 (DH and ECDH shared secret computation) | Shared secret computation |
| Entropy input | Entropy input | Entropy input used to seed the DRBGs. Compliant with IG D.L. | 128-448 bits (128-256 bits) | ENT (NP) See Table 9 | N/A | Random number generation |
| DRBG seed | Seed | DRBG seed derived from entropy input. Compliant with IG D.L. | CTR_DRBG: 128, 192, 256 bits Hash_DRBG: 128, 256 bits HMAC_DRBG: 128, 256 bits | Derived from the entropy input as defined in SP800- 90Arev1 | N/A | Random number generation |
| DRBG internal state (V, Key) | DRBG Internal state | Internal state of CTR_DRBG and HMAC_DRBG instances. Compliant with IG D.L. | Derived from DRBG seed as defined in SP800- 90Arev1 | N/A | Random number generation | |
| DRBG internal state (V, C) | DRBG Internal state | Internal state of Hash_DRBG instances. Compliant with IG D.L. | N/A | Random number generation | ||
| Intermediate Key Generation Value | Intermediate value | Temporary value generated during Key Pair Generation services | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, P- 256, P-384 (112- 200 bits) | CKG | N/A | Key pair generation |
| DH public key | Public key | Public key used for Diffie- Hellman | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 (112- 200 bits) | SP 800-56Ar3 (safe primes) Section 5.6.1.1.4 Testing Candidates random values used are generated by SP 8000-90ADRBG | N/A | Shared secret computation Key pair generation |
| DH private key | Private key | Private key used for Diffie- Hellman | ||||
| EC public key | Public key | Public key used for EC Diffie- Hellman | P-256, P-384 (128, 192 bits) | FIPS 186-4 Appendix B.4.2 Testing Candidates random values used are generated by SP | N/A | Shared secret computation Key pair generation |
| EC private key | Private key | Private key used for EC Diffie- Hellman | Shared secret computation Key pair generation |
(EC) DiffieHellman for DiffieHellman for DiffieHellman N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Type | Storage | Input | Storage Duration | Related SSPs |
|---|---|---|---|---|---|
| AES key | CSP | RAM | API input parameters AF_ALG type sockets (input) | Until cipher handled is freed or module powered off | None |
| Shared secret | API output parameters AF_ALG type sockets (output) | DH public & private key EC public & private key | |||
| Entropy input | N/A | From generation until DRBG seed is created | DRBG seed | ||
| DRBG seed | N/A | While the DRBG is being instantiated | Entropy input DRBG internal state | ||
| DRBG internal state (V, Key) | N/A | From DRBG instantiation until DRBG termination | DRBG seed | ||
| DRBG Internal state (V, C) | N/A | DRBG seed | |||
| Intermediate Key Generation Value | No input No output | Until key pair generation service completes. | DH Private Key, DH Public Key, EC Private Key, EC Public Key | ||
| DH public key | PSP | API input parameters AF_ALG type sockets (input) API output parameters AF_ALG type sockets (output) | Until cipher handled is freed or module powered off | DH private key, shared secret | |
| DH private key | CSP | DH public key, shared secret | |||
| EC public key | PSP | EC private key, shared secret | |||
| EC private key | CSP | EC public key, shared secret |
| Name | Type | Storage | Input | Storage Duration | Related SSPs |
|---|---|---|---|---|---|
| AES key | CSP | RAM | API input parameters AF_ALG type sockets (input) | Until cipher handled is freed or module powered off | None |
| Shared secret | API output parameters AF_ALG type sockets (output) | DH public & private key EC public & private key | |||
| Entropy input | N/A | From generation until DRBG seed is created | DRBG seed | ||
| DRBG seed | N/A | While the DRBG is being instantiated | Entropy input DRBG internal state | ||
| DRBG internal state (V, Key) | N/A | From DRBG instantiation until DRBG termination | DRBG seed | ||
| DRBG Internal state (V, C) | N/A | DRBG seed | |||
| Intermediate Key Generation Value | No input No output | Until key pair generation service completes. | DH Private Key, DH Public Key, EC Private Key, EC Public Key | ||
| DH public key | PSP | API input parameters AF_ALG type sockets (input) API output parameters AF_ALG type sockets (output) | Until cipher handled is freed or module powered off | DH private key, shared secret | |
| DH private key | CSP | DH public key, shared secret | |||
| EC public key | PSP | EC private key, shared secret | |||
| EC private key | CSP | EC public key, shared secret |
Table 20 - SSP Information First N/A N/A N/A N/A Table 21 - SSP Information Second
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. The RSA algorithm as implemented by the module conforms to FIPS 186-4, which has been superseded by FIPS 186-5. FIPS 186-4 will be withdrawn on February 3, 2024. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Algorithm Or Test | Test Method | Details | Implementation | Indicator | Implementa tion | Conditions | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| HMAC SHA-512 | HMAC SHA-512 | Message Authentication | Integrity test for vmlinuz, libkcapi components and sha512hmac binary | Generic C, ARM64 | 128-bit key | Software integrity | Module becomes operational | ||||
| RSA PKCS#1 v1.5 | RSA PKCS#1 v1.5 | Signature Verification | Integrity test for kernel object files | Generic C | 4096-bit key with SHA-512 | ||||||
| Safe primes CKG | Safe primes CKG | SP 800-56Ar3 Section 5.6.2.1.4 | N/A | crypto_kpp_g enerate_publi c_key returns 0 | Generic C | PCT | PCT | Key pair generation | |||
| SHA-1 | SHA-1 | Message digest | 0-8184 bit messages | Module is operational | Generic C, SSSE3, AVX, AVX2, SHA_NI, CE | KAT | CAST | Module initialization | |||
| SHA-224 | SHA-224 | Generic C, SSSE3, AVX, AVX2, SHA_NI, CE, ARM64, ARM64-NEON | |||||||||
| SHA-384 | SHA-384 | Generic C, SSSE3, AVX, AVX2, SHA_NI, ARM64, | |||||||||
| SHA3-224 | SHA3-224 | Generic C | |||||||||
| AES ECB | AES ECB | Encryption Decryption (separately) | 128, 192, 256 bit keys | Generic C, AESNI, CE, ARM64 | |||||||
| AES CBC-CS3 | AES CBC-CS3 | 128 bit keys | AESNI, CE, ARM64 | ||||||||
| AES OFB | AES OFB | AESNI, ARM64 | |||||||||
| AES CFB128 | AES CFB128 | 128, 192, 256 bit keys | AESNI ARM64 | ||||||||
| AES CTR | AES CTR | Generic C, AESNI, CE, ARM64 | |||||||||
| AES CCM | AES CCM | 128, 192, 256 bit | AESNI, ARM64 |
| Name | Algorithm Or Test | Test Method | Details | Implementation | Indicator | Implementa tion | Conditions | Test Properties | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| HMAC SHA-512 | HMAC SHA-512 | Message Authentication | Integrity test for vmlinuz, libkcapi components and sha512hmac binary | Generic C, ARM64 | 128-bit key | Software integrity | Module becomes operational | |||||
| RSA PKCS#1 v1.5 | RSA PKCS#1 v1.5 | Signature Verification | Integrity test for kernel object files | Generic C | 4096-bit key with SHA-512 | |||||||
| Safe primes CKG | Safe primes CKG | SP 800-56Ar3 Section 5.6.2.1.4 | N/A | crypto_kpp_g enerate_publi c_key returns 0 | Generic C | PCT | PCT | Key pair generation | ||||
| SHA-1 | SHA-1 | Message digest | 0-8184 bit messages | Module is operational | Generic C, SSSE3, AVX, AVX2, SHA_NI, CE | KAT | CAST | Module initialization | ||||
| SHA-224 | SHA-224 | Generic C, SSSE3, AVX, AVX2, SHA_NI, CE, ARM64, ARM64-NEON | ||||||||||
| SHA-384 | SHA-384 | Generic C, SSSE3, AVX, AVX2, SHA_NI, ARM64, | ||||||||||
| SHA3-224 | SHA3-224 | Generic C | ||||||||||
| AES ECB | AES ECB | Encryption Decryption (separately) | 128, 192, 256 bit keys | Generic C, AESNI, CE, ARM64 | ||||||||
| AES CBC-CS3 | AES CBC-CS3 | 128 bit keys | AESNI, CE, ARM64 | |||||||||
| AES OFB | AES OFB | AESNI, ARM64 | ||||||||||
| AES CFB128 | AES CFB128 | 128, 192, 256 bit keys | AESNI ARM64 | |||||||||
| AES CTR | AES CTR | Generic C, AESNI, CE, ARM64 | ||||||||||
| AES CCM | AES CCM | 128, 192, 256 bit | AESNI, ARM64 | |||||||||
| AES GCM (internal IV) | AES GCM (internal IV) | Encryption | AESNI, CE | 128, 192, 256 bit keys 96-bit IVs | ||||||||
| AES GCM (external IV) | AES GCM (external IV) | Decryption | 128, 192, 256 bit keys | |||||||||
| AES XTS | AES XTS | Encryption Decryption (separately) | AESNI, CE, ARM64 | 128 and 256 bit keys | ||||||||
| AES CMAC | AES CMAC | Message authentication | 128 and 256 bit keys | |||||||||
| HMAC SHA-1 | HMAC SHA-1 | SHA_NI, CE | 32-64 bit keys | |||||||||
| HMAC SHA-224 | HMAC SHA-224 | 32-1048 bit keys | ||||||||||
| HMAC SHA-256 | HMAC SHA-256 | Generic C, SHA_NI, CE | 32-64 bit keys | |||||||||
| HMAC SHA-384 | HMAC SHA-384 | AVX2, ARM64 | 32-1048 bit keys | |||||||||
| HMAC SHA-512 | HMAC SHA-512 | Generic C, ARM64 | 32-1048 bit keys | |||||||||
| HMAC SHA3-224 | HMAC SHA3-224 | Generic C | 32-1048 bit keys | |||||||||
| HMAC SHA3-256 | HMAC SHA3-256 | 32-1048 bit keys | ||||||||||
| HMAC SHA3-384 | HMAC SHA3-384 | 32-1048 bit keys | ||||||||||
| HMAC SHA3-512 | HMAC SHA3-512 | 32-1048 bit keys | ||||||||||
| KAS-FFC-SSC | KAS-FFC-SSC | Shared secret computation | ffdhe2048 | |||||||||
| KAS-ECC-SSC | KAS-ECC-SSC | P-256, P-384 | ||||||||||
| CTR_DRBG | CTR_DRBG | Seed Generate | 128, 192, 256 bit keys With/without PR Health test per section 11.3 of SP 800-90A | |||||||||
| Hash_DRBG | Hash_DRBG | SHA-256 With/without PR Health test per section 11.3 of SP 800-90A | ||||||||||
| HMAC_DRBG | HMAC_DRBG | SHA-256, SHA-512 With/without PR Health test per section 11.3 of SP 800-90A | ||||||||||
| RSA PKCS#1 v1.5 | RSA PKCS#1 v1.5 | Verify | 4096-bit key with SHA-256 | |||||||||
| ENT (NP) | ENT (NP) | RCT | Entropy source start-up test | Entropy source initialization | 1024 samples | |||||||
| 1024 samples | APT | 1024 samples | ||||||||||
| N/A | RCT | Entropy source continuous test | Entropy source is operational | Continuously | N/A | |||||||
| N/A | APT | N/A |
Table 22 - Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is powered on, before the module transitions into the operational state. The algorithms used for the integrity test (i.e., HMAC-SHA2-512 and RSA SigVer with 4096 bit key) run their CASTs before the integrity test is performed. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the pre-operational software integrity self-tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully
N/A 5.6.2.1.4 Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
N/A N/A Table 23 - Conditional Self-Tests
The module performs self-tests on all approved cryptographic algorithms as part of the approved services supported in the approved mode of operation, using the tests shown in Table 23. Services are not available, and data output (via the data output interface) is inhibited during the conditional self-tests. If any of these tests fails, the module transitions to the Error state. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error State | The Linux kernel immediately stops executing | Any self-test failure | Kernel Panic | Restart of the module |
Upon generation of a DH or EC key pair, the module will perform a pair-wise consistency test (PCT) as shown in Table 23, which provides some assurance that the generated key pair is well formed. This test consists of the PCT described in Section 5.6.2.1.4 of SP 800-56Ar3. Services are not available, and data output (via the data output interface) is inhibited during execution of the PCT. If the test fails, the module transitions to the error state.
The module does not implement any periodic self-tests.
Table 24 - Error States In the error state, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running).
The software integrity tests, cryptographic algorithm self-tests, and entropy source start-up tests can be invoked on demand by unloading and subsequently re-initializing the module. The pair-wise consistency tests can be invoked on demand by requesting the key pair generation service. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
The module is distributed as a part of the Oracle Linux 8 (OL8) and Oracle Linux 9 (OL9) RPM packages kernel-uek-5.15.0303.171.5.2.2.el8uek and kernel-uek-5.15.0-303.171.5.2.2.el9uek, libkcapi-1.2.0-2.0.1.el8 and libkcapi-1.3.1-3.0.1.el9, libkcapihmaccalc-1.2.0-2.0.1.el8 and libkcapi-hmaccalc-1.3.1-3.0.1.el9. The modules can achieve the approved mode by:
The Crypto Officer shall consider the following requirements and restrictions when using the module. For IPsec, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The mechanism for IV generation is compliant with RFC 4106. IVs generated using this mechanism may only be used in the context of AES GCM encryption within the IPsec protocol. The module does not implement IPsec. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. This application must use RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption keys are derived. The design of the IPsec protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the crypto_aead_encrypt API function with an AES GCM handle. When this is the case, the API will not set an approved service indicator, as described in Table 15.
The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 220 AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check to ensure that the two AES keys used in AES XTS mode are not identical. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.
To comply with the assurances found in Section 5.6.2 of SP 800-56Ar3, the operator must use elliptic curve Diffie-Hellman shared secret computation algorithm with Bluetooth protocol. Additionally, the module’s approved key pair generation service (see section 2.8) must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the full public key validation of the generated public key. The module’s shared secret computation service will internally perform the full public key validation of the peer DH public key, and the partial public key validation of the peer EC public key, complying with Section 5.6.2.2.2 of SP 800-56Ar3. The module is compliant to IG D.F scenario 2 path (1).
For RSA signature verification, the module supports modulus sizes 2048, 3072, and 4096 bits compliant to IG C.F. All supported modulus sizes have been CAVP tested. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
The module provides SHA-3 hash functions compliant with IG C.C. Every implementation of each SHA-3 function was tested and validated on all of the module’s operating environments. SHAKE functions are not implemented. SHA-3 hash functions are also used as part of a higher-level algorithm for HMAC.
There is no non-administrator guidance.
There are no maintenance requirements.
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the kernel-uek-5.15.0-303.171.5.2.2.el8uek and kernel-uek-5.15.0303.171.5.2.2.el9uek, libkcapi-1.2.0-2.0.1.el8 and libkcapi-1.3.1-3.0.1.el9, libkcapi-hmaccalc-1.2.0-2.0.1.el8 and libkcapihmaccalc-1.3.1-3.0.1.el9 RPM packages can be uninstalled from the Oracle Linux 8 and Oracle Linux 9 systems. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
The module does not offer mitigation of other attacks and therefore this section is not applicable. Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| AES | Advanced Encryption Standard |
|---|---|
| AES-NI | Advanced Encryption Standard New Instructions |
| API | Application Programming Interface |
| CAST | Cryptographic Algorithm Self-Test |
| CAVP | Cryptographic Algorithm Validation Program |
| CBC | Cipher Block Chaining |
| CCM | Counter with Cipher Block Chaining-Message Authentication Code |
| CFB | Cipher Feedback |
| CMAC | Cipher-based Message Authentication Code |
| CMVP | Cryptographic Module Validation Program |
| CSP | Critical Security Parameter |
| CTR | Counter |
| DH | Diffie-Hellman |
| DRBG | Deterministic Random Bit Generator |
| ECB | Electronic Code Book |
| ECDH | Elliptic Curve Diffie-Hellman |
| ECDH | Elliptic Curve Diffie-Hellman |
| ECDSA | Elliiptic Curve Digital Signature Algorithm |
| ENT (NP) | Non-physical Entropy Source |
| FIPS | Federal Information Processing Standards |
| GCM | Galois Counter Mode |
| GMAC | Galois Counter Mode Message Authentication Code |
| HKDF | HMAC-based Key Derivation Function |
| HMAC | Keyed-Hash Message Authentication Code |
| IPsec | Internet Protocol Security |
| KAT | Known Answer Test |
| KBKDF | Key-based Key Derivation Function |
| MAC | Message Authentication Code |
| NIST | National Institute of Science and Technology |
| PAA | Processor Algorithm Acceleration |
| PBKDF2 | Password-based Key Derivation Function v2 |
| PKCS | Public-Key Cryptography Standards |
| RSA | Rivest, Shamir, Adleman |
| SHA | Secure Hash Algorithm |
| SSC | Shared Secret Computation |
| SSP | Sensitive Security Parameter |
| XTS | XEX-based Tweaked-codebook mode with cipher text Stealing |
Appendix A.Glossary and Abbreviations Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
| Name | Key Size |
|---|---|
| ANS X9.42-2001 | Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9422001 |
| ANS X9.63-2001 | Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9632001 |
| FIPS 140-3 | FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf |
| FIPS 140-3 IG | Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements |
| FIPS 180-4 | Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf |
| FIPS 186-4 | Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf |
| FIPS 197 | Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf |
| FIPS 198-1 | The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf |
| FIPS 202 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf |
| PKCS#1 | Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt |
| RFC 3526 | More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) May 2003 https://www.ietf.org/rfc/rfc3526.txt |
| SP 800-38A | Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf |
| SP 800-38A Addendum | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf |
| SP 800-38B | Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf |
| SP 800-38C | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf |
| SP 800-38D | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf |
| SP 800-38E | Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf |
| SP 800-38F | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf |
| SP 800-56Ar3 | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf |
| SP 800-56Cr2 | Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf |
| SP 800-90Ar1 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf |
| SP 800-90B | Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf |
| SP 800-108r1 | NIST Special Publication 800-108 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf |
| SP 800-131Ar2 | Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf |
| SP 800-132 | Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf |
| SP 800-133r2 | Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf |
| SP 800-135r1 | Recommendation for Existing Application-Specific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf |
| SP 800-140B | CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf |
Appendix B. References Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module Security Policy
Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module