All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Kernel Cryptography Module for AlmaLinux 9

Certificate#4750StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCloudlinux Inc., TuxCare division
Medium review priority  ·  exposes kernel crypto consumer  ·  Linux kernel upstream has published 10212 CVEs since this module's initial validation  ·  last validated 11 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date8/1/2029
CaveatInterim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy.
VendorCloudlinux Inc., TuxCare division

Vendor resources (verify with the vendor)

Product pagehttps://tuxcare.com/fips-for-almalinux/
Support pagehttps://docs.tuxcare.com/enterprise-support-for-almalinux/fips/ open support
Documentationhttps://docs.tuxcare.com/enterprise-support-for-almalinux/fips/
AssessmentPublic docs.tuxcare.com documentation gives the full FIPS package install/verify procedure; no login required.

Approved Algorithms (162)

AlgorithmACVP Cert
AES-CBCA4025
AES-CBCA4032
AES-CBCA4033
AES-CBCA4036
AES-CBCA4038
AES-CBCA4041
AES-CBC-CS3A4029
AES-CBC-CS3A4032
AES-CBC-CS3A4033
AES-CBC-CS3A4046
AES-CCMA4025
AES-CCMA4032
AES-CCMA4033
AES-CCMA4041
AES-CFB128A4027
AES-CFB128A4033
AES-CFB128A4044
AES-CMACA4025
AES-CMACA4032
AES-CMACA4033
AES-CMACA4041
AES-CTRA4025
AES-CTRA4032
AES-CTRA4033
AES-CTRA4033
AES-CTRA4036
AES-CTRA4038
AES-CTRA4041
AES-ECBA4025
AES-ECBA4030
AES-ECBA4031
AES-ECBA4032
AES-ECBA4033
AES-ECBA4034
AES-ECBA4035
AES-ECBA4036
AES-ECBA4038
AES-ECBA4039
AES-ECBA4040
AES-ECBA4041
AES-ECBA4042
AES-ECBA4043
AES-GCMA4025
AES-GCMA4030
AES-GCMA4031
AES-GCMA4033
AES-GCMA4034
AES-GCMA4035
AES-GCMA4038
AES-GCMA4039
AES-GCMA4040
AES-GCMA4041
AES-GCMA4042
AES-GCMA4043
AES-GMACA4025
AES-GMACA4033
AES-GMACA4041
AES-OFBA4028
AES-OFBA4033
AES-OFBA4045
AES-XTS Testing Revision 2.0A4025
AES-XTS Testing Revision 2.0A4032
AES-XTS Testing Revision 2.0A4033
AES-XTS Testing Revision 2.0A4036
AES-XTS Testing Revision 2.0A4038
AES-XTS Testing Revision 2.0A4041
Counter DRBGA4025
Counter DRBGA4030
Counter DRBGA4031
Counter DRBGA4033
Counter DRBGA4034
Counter DRBGA4035
Counter DRBGA4038
Counter DRBGA4039
Counter DRBGA4040
Counter DRBGA4041
Counter DRBGA4042
Counter DRBGA4043
Hash DRBGA4025
Hash DRBGA4030
Hash DRBGA4031
Hash DRBGA4034
Hash DRBGA4035
Hash DRBGA4038
Hash DRBGA4039
Hash DRBGA4040
Hash DRBGA4041
Hash DRBGA4042
Hash DRBGA4043
Hash DRBGA4047
Hash DRBGA4048
Hash DRBGA4049
HMAC DRBGA4025
HMAC DRBGA4030
HMAC DRBGA4031
HMAC DRBGA4034
HMAC DRBGA4035
HMAC DRBGA4038
HMAC DRBGA4039
HMAC DRBGA4040
HMAC DRBGA4041
HMAC DRBGA4042
HMAC DRBGA4043
HMAC DRBGA4047
HMAC DRBGA4048
HMAC DRBGA4049
HMAC-SHA2-224A4025
HMAC-SHA2-224A4032
HMAC-SHA2-224A4036
HMAC-SHA2-224A4037
HMAC-SHA2-224A4047
HMAC-SHA2-224A4048
HMAC-SHA2-224A4049
HMAC-SHA2-256A4025
HMAC-SHA2-256A4032
HMAC-SHA2-256A4036
HMAC-SHA2-256A4037
HMAC-SHA2-256A4047
HMAC-SHA2-256A4048
HMAC-SHA2-256A4049
HMAC-SHA2-384A4025
HMAC-SHA2-384A4047
HMAC-SHA2-384A4048
HMAC-SHA2-384A4049
HMAC-SHA2-512A4025
HMAC-SHA2-512A4047
HMAC-SHA2-512A4048
HMAC-SHA2-512A4049
HMAC-SHA3-224A4026
HMAC-SHA3-256A4026
HMAC-SHA3-384A4026
HMAC-SHA3-512A4026
RSA SigVer (FIPS186-4)A4025
RSA SigVer (FIPS186-4)A4047
RSA SigVer (FIPS186-4)A4048
RSA SigVer (FIPS186-4)A4049
SHA2-224A4025
SHA2-224A4032
SHA2-224A4036
SHA2-224A4037
SHA2-224A4047
SHA2-224A4048
SHA2-224A4049
SHA2-256A4025
SHA2-256A4032
SHA2-256A4036
SHA2-256A4037
SHA2-256A4047
SHA2-256A4048
SHA2-256A4049
SHA2-384A4025
SHA2-384A4047
SHA2-384A4048
SHA2-384A4049
SHA2-512A4025
SHA2-512A4047
SHA2-512A4048
SHA2-512A4049
SHA3-224A4026
SHA3-256A4026
SHA3-384A4026
SHA3-512A4026

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication1
Software/Firmware Security1
Operational Environment1
Sensitive Security Parameter Management1
Self-Tests1
Life-Cycle Assurance1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Kernel Cryptography Module for AlmaLinux 9
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show status<br/>Self-test<br/>Error State</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Kernel Cryptography Module for AlmaLinux 9
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show status<br/>Self-test<br/>Error State</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Kernel Cryptography Module for AlmaLinux 9 version: kernel 5.14.0-284.1101.el9_2.tuxcare.7 libkcapi 1.3.1-3.el9 document version 1.3 Last update: 2025-04-29 Prepared by: Prepared for: atsec information security corporation

4516 Seton Center Parkway, Suite 250

CloudLinux Inc., TuxCare division

2318 Louis Road, Suite B

Austin, TX 78759 www.atsec.com Palo Alto, CA 94303 www.tuxcare.com © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

Page 2

Kernel Cryptography Module for AlmaLinux 9 Table of Contents 1.1 1.1.1 1.2 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 3.1 3.2 3.3 4.1 4.2 4.3 4.4 4.5 4.6 4.7 5.1 5.2 6.1 6.2 9.1 9.2 9.3 9.4 9.5 © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

2 of 33
Page 3

Kernel Cryptography Module for AlmaLinux 9 11.2.1 11.2.2 11.2.3 Appendix A. Appendix B. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

3 of 33
Page 4

Kernel Cryptography Module for AlmaLinux 9 List of Tables List of Figures © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

4 of 33
Page 5
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication1
55Software/Firmware Security1
66Operational Environment1
77Physical SecurityNot Applicable
88Non-invasive SecurityNot Applicable
99Sensitive Security Parameter Management1
1010Self-tests1

Kernel Cryptography Module for AlmaLinux 9

1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for version kernel 5.14.0284.1101.el9_2.tuxcare.7; libkcapi 1.3.1-3.el9 of the Kernel Cryptography Module for AlmaLinux 9 module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module. and including this notice. Other documentation is proprietary to their authors.

1.1.1 How this Security Policy was prepared

further consolidated into this document by atsec information security together with other vendorsupplied documentation. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.

1.2 Security levels

Table 1 describes the individual security areas of FIPS 140-3, as well as the security levels of those individual areas. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

5 of 33
Page 6
11Life-cycle Assurance1
12Mitigation of Other AttacksNot Applicable
Overall1

Kernel Cryptography Module for AlmaLinux 9 Table 1 - Security Levels © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

6 of 33
Page 7

Kernel Cryptography Module for AlmaLinux 9

2 Cryptographic module specification
2.1 Description

Purpose and Use: The Kernel Cryptography Module for AlmaLinux 9 (hereafter referred to as “the module”) provides a C language application program interface (API) for use by other (kernel space and user space) processes that require cryptographic functionality. The module operates on a general-purpose computer as part of the Linux kernel. Its cryptographic functionality can be accessed using the Linux Kernel Crypto API. Module Type: Software Module Embodiment: Multi-chip standalone Module Characteristics: N/A Cryptographic Boundary: The cryptographic boundary of the module is defined as the kernel binary and the kernel crypto object files, the libkcapi library, and the sha512hmac binary, which is used to verify the integrity of the software components. In addition, the cryptographic boundary contains the .hmac files which store the expected integrity values for each of the software components. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. Figure 1

2.2 Version Information

Hardware Versions: N/A Software Versions: kernel 5.14.0-284.1101.el9_2.tuxcare.7; libkcapi 1.3.1-3.el9 © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

7 of 33
Figure 1 – Block Diagram
Figure 1 – Block Diagram
Page 8
Module configuration
NameOperating SystemHardware PlatformFirmware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) m5.metalIntel Xeon Platinum 8259CLAES-NI (PAA)N/A
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) m5.metalIntel Xeon Platinum 8259CLNoneN/A
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) a1.metalAWS GravitonNeon / CE, SHA Extensions (PAA)N/A
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) a1.metalAWS GravitonNoneN/A
/boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64 (for Intel platform) /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.a arch64 (for ARM platform)5.14.0- 284.1101.el9_2.tuxca re.7N/A/boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64 (for Intel platform) /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.a arch64 (for ARM platform)HMAC-SHA2-512N/A
/usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/crypto/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/arch/x86/crypt o/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7. aarch64/kernel/crypto/*.ko/usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/crypto/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/arch/x86/crypt o/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7. aarch64/kernel/crypto/*.koRSA signature verification
Module configuration
NameOperating SystemHardware PlatformFirmware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) m5.metalIntel Xeon Platinum 8259CLAES-NI (PAA)N/A
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) m5.metalIntel Xeon Platinum 8259CLNoneN/A
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) a1.metalAWS GravitonNeon / CE, SHA Extensions (PAA)N/A
AlmaLinux 9.2AlmaLinux 9.2Amazon Web Services (AWS) a1.metalAWS GravitonNoneN/A
/boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64 (for Intel platform) /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.a arch64 (for ARM platform)5.14.0- 284.1101.el9_2.tuxca re.7N/A/boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64 (for Intel platform) /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.a arch64 (for ARM platform)HMAC-SHA2-512N/A
/usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/crypto/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/arch/x86/crypt o/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7. aarch64/kernel/crypto/*.ko/usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/crypto/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/arch/x86/crypt o/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7. aarch64/kernel/crypto/*.koRSA signature verification
/usr/lib64/libkcapi.so.1.3.1 (for Intel platform) /usr/bin/sha512hmac1.3.1-3.el9N/A/usr/lib64/libkcapi.so.1.3.1 (for Intel platform) /usr/bin/sha512hmacHMAC-SHA2-512N/A
/usr/lib64/libkcapi.so.1.3.1 (for ARM platform) /usr/bin/sha512hmac1.3.1-3.el9N/A/usr/lib64/libkcapi.so.1.3.1 (for ARM platform) /usr/bin/sha512hmacHMAC-SHA2-512N/A
2.3 Operating Environments

N/A N/A N/A N/A Table 2 - Software, Firmware, Hybrid Tested Operating Environments Executable Code Sets: N/A N/A © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

8 of 33
Page 9
Service
NameDescriptionIndicatorType
Non-approved modeAutomatically entered whenever a non-approved service is requested.Equivalent to the indicator of the requested serviceNon-approved

Kernel Cryptography Module for AlmaLinux 9 N/A N/A N/A N/A Table 3 - Executable Code Sets

2.4 Excluded Components

There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.

2.5 Modes of Operation

Modes List and Description: Table 4 - Modes List and Description After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on startup, the module automatically transitions to the approved mode. Mode change instructions and status indicators: The module automatically switches between the approved and non-approved modes depending on The module does not implement a degraded mode of operation. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

9 of 33
Page 10
Approved algorithm
NameCAVP CertMode MethodKey SizeUse FunctionAlgorithm and
A4025SHA-224, SHA-256, SHA-384, SHA-512N/AMessage digestSHA [FIPS 180-4]
A4026A4026N/AMessage digestSHA-3 [FIPS 202]SHA3-224, SHA3-256,
A4025ECB, CBC, CBC-CTS- CS3, OFB, CFB128, CTR128, 192, 256 bitsEncryption DecryptionECB, CBC, CBC-CTS-AES [FIPS 197, SP 800-
A4027CS3, OFB, CFB128, CTR38A, SP 800-38A
A4028Addendum]
A4029 A4030CCM128, 192, 256 bitsAuthenticated encryption Authenticated decryptionAES [FIPS 197, SP 800- 38C]AES [FIPS 197, SP 800-
A403138C]
A4025GCM (internal IV)128, 192, 256 bitsAuthenticated encryptionAES [FIPS 197, SP 800-
A403038D]
A4031 A4033GCM (external IV)128, 192, 256 bitsAuthenticated decryptionAES [FIPS 197, SP 800- 38D]AES [FIPS 197, SP 800-
A403438D]
A4025XTS128, 256 bitsEncryption DecryptionAES [FIPS 197, SP 800- 38E]

Kernel Cryptography Module for AlmaLinux 9

2.6 Approved algorithms
1 Key strengths are identical to key sizes unless indicated otherwise.

© 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

10 of 33
Page 11
Approved algorithm
NameCAVP CertMode MethodKey SizeUse FunctionAlgorithm and
A4025CMAC, GMAC128, 192, 256 bitsMessage authenticationAES [FIPS 197, SP 800- 38B, SP 800-38D]
A4025SHA-224, SHA-256, SHA-384, SHA-512112-524288 bits (112-256 bits)Message authenticationHMAC [FIPS 198-1]
A4026A4026SHA3-224, SHA3-256,
A4025AES-128, AES-192, AES-256, with derivation function, with/without prediction resistance128, 192, 256 bitsRandom number generationCTR_DRBG [SP 800- 90Ar1]AES-128, AES-192,
A4030AES-256, with
A4031derivation function,
A4033with/without prediction
A4034resistance
A4025112, 256 bitsRandom number generationHash_DRBG [SP 800- 90Ar1]SHA-1, SHA-256, SHA-
A4030512 with/without
A4031prediction resistance
A4034 A4035SHA-1, SHA-256, SHA- 512 with/without prediction resistance112, 256 bitsRandom number generationHMAC_DRBG [SP 800- 90Ar1]SHA-1, SHA-256, SHA-
A4038512 with/without
A4039prediction resistance
A4025PKCS#1 v1.5 with SHA- 2564096 bits (150 bits)Internal function: Integrity verificationRSA [FIPS 186-4]

Kernel Cryptography Module for AlmaLinux 9 Table 5 - Approved Algorithms Vendor Affirmed Algorithms: The module does not implement vendor affirmed algorithms. Non-Approved, Allowed Algorithms: The module does not implement non-approved algorithms allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: The module does not implement non-approved algorithms allowed in the approved mode of operation with no security claimed. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

11 of 33
Page 12
Approved algorithm
NameUse Function
AES GCM with external IVEncryption
KBKDF (libkcapi)Key derivation
HKDF (libkcapi)Key derivation
PBKDF2 (libkcapi)Password-based key derivation
RSAEncryption primitive Decryption primitive
RSA with PKCS#1 v1.5 padding (pre-hashed message)Signature generation primitive Signature verification primitive
Sensitive security parameter
NameTypeStrength
AlmaLinux Kernel CPU Time Jitter RNG Entropy Source (ESV cert. #E75)Non- physical256 bitsSee Table 2256 bitsSHA3-256

Kernel Cryptography Module for AlmaLinux 9 Non-Approved, Not Allowed Algorithms: Table 6

2.8 SSP Generation

The module does not implement any SSP generation methods.

2.9 SSP Establishment

The module does not implement any SSP establishment methods.

2.10 Industry Protocols

AES GCM with internal IV generation in approved mode is compliant with RFC 4106 and shall only be used in conjunction with the IPsec protocol. No parts of this protocol, other than the AES GCM implementation, have been tested by the CAVP and CMVP. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

12 of 33
Page 13

Kernel Cryptography Module for AlmaLinux 9

2.11 Design and Rules

The module operates in the approved mode of operation by default and can only transition into the non-approved mode by calling one of the non-approved services listed in Table 11 of the Security Policy. In the operational state, the module accepts service requests from calling applications through its logical interfaces. If the Linux kernel is shut down, the module will end its operation.

2.12 Initialization

There are no specific initialization requirements. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

13 of 33
Page 14
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs.As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs.Data InputAPI data input parameters, AF_ALG type sockets.
Data OutputData OutputAPI output parameters, AF_ALG type sockets.
Control InputControl InputAPI function calls, API control input parameters, AF_ALG type sockets, kernel command line.
Status OutputStatus OutputAPI return values, AF_ALG type sockets, kernel logs.

Kernel Cryptography Module for AlmaLinux 9

3 Cryptographic Module Interfaces
3.1 Description

Table 8 - Ports and Interfaces The logical interfaces are the APIs through which the applications request services and AF_ALG type socket that allows the applications running in the user space to request cryptographic services from the module. These logical interfaces are logically separated from each other by the API design.

3.2 Trusted Channel Specification

The module does not implement a trusted channel. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

14 of 33
Page 15
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Message digestCompute a message digestN/ASHA-224, SHA- 256, SHA-384, SHA-512, SHA3- 224, SHA3-256, SHA3-384, SHA3- 512crypto_shash _init returns 0MessageDigest value
EncryptionEncrypt a plaintextAES key: W, EAES ECB, CBC, CBC-CTS-CS3, OFB, CFB128, CTR, XTScrypto_skciph er_setkey return 0AES key, plaintextCiphertext
DecryptionDecrypt a ciphertextAES key, ciphertextPlaintext
Authenticated encryptionEncrypt a plaintextAES key: W, E HMAC key: W, EAES CCM, GCM (internal IV) AES CBC or CTR with HMAC-SHA2- 256, SHA2-384, or SHA2-512For all except AES_GCM: crypto_aead_ setkey returns 0 For AES-GCM: the TFM handle has the CRYPTO_TFM_ FIPS_COMPLI ANCE flag setAES key, plaintextCiphertext, MAC tag
Authenticated decryptionDecrypt a ciphertextAES CCM, GCM (external IV) AES CBC or CTR with HMAC-SHA2- 256, SHA2-384, or SHA2-512AES key, ciphertext, MAC tagPlaintext
Message authenticationCompute a MAC tagAES key: W, EAES CMAC, GMACcrypto_shash _init returns 0AES key, messageMAC tag
HMAC key, messageHMAC key: W, EHMAC-SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA3-224, SHA3- 256, SHA3-384,HMAC key, message
Random number generationGenerate random bytesEntropy input: W, E DRBG seed: E, G DRBG Internal state (V, Key), DRBG Internal state (V, C): W, E, GCTR_DRBG Hash_DRBG HMAC_DRBGcrypto_rng_g et_bytes returns 0Output lengthRandom bytes
Error detection codeCompute an EDC (crc32, crct10dif)N/AN/ANoneMessageEDC
CompressionCompress data (deflate, lzo, zlib-deflate)N/AN/ANoneDataCompressed data
Generic system callUse the kernel to perform various non- cryptographic operationsN/AN/ANoneIdentifier, various argumentsVarious return values
Show versionReturn the module name and version informationN/AN/ANoneN/AModule name and version
Show statusReturn the module statusN/AN/ANoneN/AModule status
Self-testPerform the CASTs and integrity testsN/ASHA SHA-3 AES HMAC CTR_DRBG Hash_DRBG HMAC_DRBG RSA See Table 18 for specificsNoneN/APass/fail
TypeOperator TypeAuthentication
Methods
Crypto OfficerRoleCON/A

Kernel Cryptography Module for AlmaLinux 9

4 Roles, Services, and Authentication

The module does not implement authentication.

4.2 Roles

N/A Table 9

4.3 Approved Services

N/A W, E W, E © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

15 of 33
Page 16

E, G (V, C): W, E, G N/A N/A N/A N/A various noncryptographic N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Table 10

16 of 33
Page 17
Service
NameDescriptionRolesApproved Functions
AES GCM external IV encryptionEncrypt a plaintext using AES GCM with an external IVCOAES GCM with external IV
Key derivationDerive a key from a key-derivation key or a shared secretCOKBKDF (libkcapi) HKDF (libkcapi)
Password-based key derivationDerive a key from a passwordCOPBKDF2 (libkcapi)
RSA encryption primitiveCompute the raw RSA encryption of a numberCORSA
RSA decryption primitiveCompute the raw RSA decryption of a numberCO
RSA signature generation primitive (pre-hashed message)Generate a digital signature for a pre-hashed messageCORSA with PKCS#1 v1.5 padding (pre- hashed message)
RSA signature verification primitive (pre-hashed message)Verify a digital signature for a pre- hashed messageCO

Kernel Cryptography Module for AlmaLinux 9

4.4 Non-Approved Services

Table 11 - Non-Approved Services

4.5 External Software/Firmware Loaded

The module does not load external software or firmware.

4.6 Bypass Actions and Status

The module does not implement a bypass capability.

4.7 Cryptographic Output Actions and Status

The module does not implement a self-initiated cryptographic output capability. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

17 of 33
Page 18

Kernel Cryptography Module for AlmaLinux 9

5 Software/Firmware Security
5.1 Integrity Techniques

The Linux kernel binary, libkcapi, and sha512hmac software components are integrity tested using an HMAC-SHA2-512 calculation performed by the sha512hmac utility (which utilizes the module’s HMAC and SHA-512 implementations). The kernel crypto object files listed in Table 3 are loaded on start-up by the module and verified using RSA signature verification with PKCS#1 v1.5 padding, SHA-256, and a 4096-bit key.

5.2 Initiate on Demand

Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity tests can be invoked on demand by unloading and subsequently re-initializing the module, which will perform (among others) the software integrity tests. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

18 of 33
Page 19

Kernel Cryptography Module for AlmaLinux 9

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operating Environment: modifiable: the module executes as part of a general-purpose operating system (AlmaLinux 9.2), which allows modification, loading, and execution of software that is not part of the validated module. How Requirements are Satisfied: the approved cryptographic algorithms of the module are part of the Linux kernel, which operates in Linux kernel space. This ensures that any SSPs contained within the module are protected by the process isolation and memory separation mechanisms provided by the Linux kernel, and only the module has control over these SSPs. The user space libkcapi and sha512hmac components, though not processing any SSPs, are similarly protected by the operating environment.

6.2 Configurable Settings and Restrictions

The module shall be installed as stated in Section 11.1. Instrumentation tools like the ptrace system call, gdb and strace, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

19 of 33
Page 20

Kernel Cryptography Module for AlmaLinux 9

7 Physical Security

The module is comprised of software only and therefore this section is not applicable. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

20 of 33
Page 21

Kernel Cryptography Module for AlmaLinux 9

8 Non-Invasive Security

This module does not implement any non-invasive security mechanism and therefore this section is not applicable. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

21 of 33
Page 22
Service
NameDescriptionType
RAMTemporary storage for SSPs used by the module as part of service executionDynamic
NameFromToFormatDistributionEntry TypeRelated SFI
TypeType
API input parametersOperator calling application (TOEPP)Cryptographic modulePlaintextManualElectronicN/A
AF_ALG type sockets (input)
Zeroization MethodDescriptionRationaleOperator Initiation
Free cipher handleZeroizes the SSPs contained within the cipher handleMemory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievableBy calling the appropriate API functions
AES key: crypto_free_skcipher and crypto_free_aead HMAC key: crypto_free_shash and crypto_free_ahash Entropy input, DRBG seed, DRBG Internal state (V, Key), DRBG Internal state (V, C): crypto_free_rng
Remove power from the moduleDe-allocates the volatile memory used to store SSPsVolatile memory used by the module is overwritten within nanoseconds when power is removedBy removing power

Kernel Cryptography Module for AlmaLinux 9

9 Sensitive Security Parameters Management
9.1 Storage Areas

Table 12 - Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in the

9.2 SSP Input-Output Methods

N/A Table 13 - SSP Input-Output Table 14 - SSP Zeroization Methods All data output is inhibited during zeroization. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

22 of 33
Page 23
Sensitive security parameter
NameTypeStrengthGenerationEstablishmentStorageUseInputDescriptionRelated SSPs
AES keySymmetric KeyXTS: 128, 256 bits Other modes: 128, 192, 256 bitsN/AN/AEncryption Decryption Authenticated encryption Authenticated decryption Message authenticationAES key used for encryption, decryption, and computing MAC tags
HMAC keyAuthentication key112-524288 bits (112-256 bits)N/AN/AMessage authenticationHMAC key
Entropy inputEntropy input128-384 bitsNon-Physical Entropy Source See Table 7N/ARandom number generationEntropy input used to seed the DRBGs. IG D.L compliant
DRBG seedSeedCTR_DRBG: 128, 192, 256 bits Hash_DRBG: 128, 256 bits HMAC_DRBG: 128, 256 bitsCTR_DRBG Hash_DRBG HMAC_DRBGN/ARandom number generationDRBG seed derived from entropy input. IG D.L compliant
DRBG Internal state (V, Key)Internal stateCTR_DRBG HMAC_DRBGN/ARandom number generationInternal state of CTR_DRBG and HMAC_DRBG instances. IG D.L compliant
DRBG Internal state (V, C)Internal stateHash_DRBGN/ARandom number generationInternal state of Hash_DRBG instances. IG D.L compliant
AES keyCSPRAMAPI input parameters AF_ALG type sockets (input)Until cipher handle is freedNone
HMAC keyCSPNone
Entropy inputCSPN/AFrom generation until the DRBG seed is createdDRBG seed
DRBG seedCSPN/AWhile the DRBG is being instantiatedEntropy input DRBG Internal state (V, Key) DRBG Internal state (V, C)
Sensitive security parameter
NameTypeStrengthGenerationEstablishmentStorageUseInputDescriptionRelated SSPs
AES keySymmetric KeyXTS: 128, 256 bits Other modes: 128, 192, 256 bitsN/AN/AEncryption Decryption Authenticated encryption Authenticated decryption Message authenticationAES key used for encryption, decryption, and computing MAC tags
HMAC keyAuthentication key112-524288 bits (112-256 bits)N/AN/AMessage authenticationHMAC key
Entropy inputEntropy input128-384 bitsNon-Physical Entropy Source See Table 7N/ARandom number generationEntropy input used to seed the DRBGs. IG D.L compliant
DRBG seedSeedCTR_DRBG: 128, 192, 256 bits Hash_DRBG: 128, 256 bits HMAC_DRBG: 128, 256 bitsCTR_DRBG Hash_DRBG HMAC_DRBGN/ARandom number generationDRBG seed derived from entropy input. IG D.L compliant
DRBG Internal state (V, Key)Internal stateCTR_DRBG HMAC_DRBGN/ARandom number generationInternal state of CTR_DRBG and HMAC_DRBG instances. IG D.L compliant
DRBG Internal state (V, C)Internal stateHash_DRBGN/ARandom number generationInternal state of Hash_DRBG instances. IG D.L compliant
AES keyCSPRAMAPI input parameters AF_ALG type sockets (input)Until cipher handle is freedNone
HMAC keyCSPNone
Entropy inputCSPN/AFrom generation until the DRBG seed is createdDRBG seed
DRBG seedCSPN/AWhile the DRBG is being instantiatedEntropy input DRBG Internal state (V, Key) DRBG Internal state (V, C)
DRBG Internal state (V, Key)CSPN/AFrom DRBG instantiation until DRBG terminationDRBG seed
DRBG Internal state (V, C)CSPN/ADRBG seed

Kernel Cryptography Module for AlmaLinux 9 N/A N/A N/A N/A N/A N/A N/A N/A C) Table 15 - SSP Information First N/A N/A © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

23 of 33
Page 24

Kernel Cryptography Module for AlmaLinux 9 N/A N/A Table 16 - SSP Information Second

9.5 Transitions

The RSA algorithm as implemented by the module conforms to FIPS 186-4, which has been superseded by FIPS 186-5. FIPS 186-4 will be withdrawn on February 3, 2024. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

24 of 33
Page 25
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsImplementatio nImplement ationIndicatorConditions
HMAC-SHA2- 512HMAC-SHA2- 512Message AuthenticationSoftware integrityUsed for kernel binary, libkcapi, and sha512hmac binaryC128-bit keyModule becomes operational
RSA PKCS#1 v1.5RSA PKCS#1 v1.5Signature VerificationUsed for kernel crypto object filesC4096-bit key with SHA-256
SHA-224SHA-224Message digest0-8184 bit messagesC, CE, Neon, AVX, AVX2, SSSE3KATCASTModule is operationalModule initialization
SHA-384SHA-384C, AVX, AVX2, SSSE3
SHA3-224SHA3-224C
AES ECBAES ECBEncryption Decryption (separately)128, 192, 256 bit keysC, CE, AES-NI
AES CBC-CTS- CS3AES CBC-CTS- CS3128 bit keysC, CE, Neon, AES-NI
AES OFBAES OFB128 bit keysC, CE, AES-NI
AES CFB128AES CFB128128, 192, 256 bit keys
AES CCMAES CCM128, 192, 256 bit keysC, CE
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsImplementatio nImplement ationIndicatorConditionsTest Properties
HMAC-SHA2- 512HMAC-SHA2- 512Message AuthenticationSoftware integrityUsed for kernel binary, libkcapi, and sha512hmac binaryC128-bit keyModule becomes operational
RSA PKCS#1 v1.5RSA PKCS#1 v1.5Signature VerificationUsed for kernel crypto object filesC4096-bit key with SHA-256
SHA-224SHA-224Message digest0-8184 bit messagesC, CE, Neon, AVX, AVX2, SSSE3KATCASTModule is operationalModule initialization
SHA-384SHA-384C, AVX, AVX2, SSSE3
SHA3-224SHA3-224C
AES ECBAES ECBEncryption Decryption (separately)128, 192, 256 bit keysC, CE, AES-NI
AES CBC-CTS- CS3AES CBC-CTS- CS3128 bit keysC, CE, Neon, AES-NI
AES OFBAES OFB128 bit keysC, CE, AES-NI
AES CFB128AES CFB128128, 192, 256 bit keys
AES CCMAES CCM128, 192, 256 bit keysC, CE
AES GCM (internal IV)AES GCM (internal IV)EncryptionC, CE, AES-NI128, 192, 256 bit keys 96-bit IVs
AES GCM (external IV)AES GCM (external IV)Decryption128, 192, 256 bit keys
AES XTSAES XTSEncryption Decryption (separately)128 and 256 bit keys
AES CMACAES CMACMessage authenticati onC, CE, Neon, AES-NI128 and 256 bit keys
HMAC-SHA2- 224HMAC-SHA2- 224C, CE, AVX232, 160, 1048 bit keys
HMAC-SHA2- 256HMAC-SHA2- 25632, 256, 296, 640 bit keys
HMAC-SHA2- 384HMAC-SHA2- 384C, AVX232, 160, 1048 bit keys
HMAC-SHA2- 512HMAC-SHA2- 51232, 160, 1048 bit keys
HMAC SHA3- 224HMAC SHA3- 224C32, 160, 1048 bit keys
HMAC SHA3- 256HMAC SHA3- 25632, 160, 1048 bit keys
HMAC SHA3- 384HMAC SHA3- 38432, 160, 1048 bit keys
HMAC SHA3- 512HMAC SHA3- 51232, 160, 1048 bit keys
CTR_DRBGCTR_DRBGKAT, Health tests according to section 11.3 of [SP800- 90Arev1]Seed Generate128, 192, 256 bit keys With/without PR
Hash_DRBGHash_DRBGKAT, Health tests according to section 11.3 of [SP800- 90Arev1]SHA-1, SHA- 256, SHA-512 With/without PR
HMAC_DRBGHMAC_DRBGKAT, Health testsSHA-1, SHA- 256, SHA-512 With/without
10 Self-Tests
10.1 Pre-Operational Self-Tests

n r HMAC-SHA2512 C C Table 17 - Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is powered on, before the module transitions into the operational state. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully.

10.2 Conditional Self-Tests

C © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

25 of 33
Page 26

Kernel Cryptography Module for AlmaLinux 9 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC SHA3224 C HMAC SHA3256 HMAC SHA3384 HMAC SHA3512 [SP80090Arev1] [SP80090Arev1] © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

26 of 33
Page 27
Self test
NameAlgorithm Or TestTest MethodDetailsPRConditionsIndicator
RSA PKCS#1 v1.5RSA PKCS#1 v1.5KATVerify4096-bit key with SHA-256
Non-Physical Entropy SourceNon-Physical Entropy SourceRCTEntropy source start- up test1024 time deltasEntropy source initialization
1024 time deltasAPT1024 time deltas
ContinuouslyRCTEntropy source continuous testContinuouslyContinuouslyEntropy source is operational
ContinuouslyAPTContinuously
Service
NameDescriptionIndicator
Error StateThe Linux kernel immediately stops executingKernel PanicAny self-test failureRestart of the module

Kernel Cryptography Module for AlmaLinux 9 [SP80090Arev1] Table 18 - Conditional Self-Tests When all of the pre-operational self-tests pass successfully, the module automatically performs all cryptographic algorithm self-tests (CASTs) as specified in Table 18. Only if these CASTs also passed successfully, the module transitions to the operational state. No operator intervention is required to reach this point. Services are not available, and data output (via the data output interface) is inhibited during the self-tests. If any of these tests fails, the module transitions to the

10.3 Periodic Self-Tests

The module does not implement any periodic self-tests.

10.4 Error States

Table 19 - Error States In the error state, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running).

10.5 Operator Initiation

The software integrity tests, cryptographic algorithm self-tests, and entropy source start-up tests can be invoked on demand by unloading and subsequently re-initializing the module. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

27 of 33
Page 28

Kernel Cryptography Module for AlmaLinux 9

11 Life-Cycle Assurance
11.1 Startup Procedures

The module is distributed as a part of the AlmaLinux 9.2 package in the form of the kernel-5.14.0284.1101.el9_2.tuxcare.7, libkcapi-1.3.1-3.el9, and libkcapi-hmaccalc-1.3.1-3.el9 RPM packages. Before the packages are installed, the AlmaLinux 9.2 system must operate in approved mode. This can be achieved by:

11.2 Administrator Guidance

The cryptographic boundary consists only of those APIs provided by the Kernel crypto API. If any other API in the Linux kernel is invoked, the user is not interacting with the module specified in this Security Policy. 11.2.1 AES GCM IV The Crypto Officer shall consider the following requirements and restrictions when using the module. For IPsec, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The mechanism for IV generation is compliant with RFC 4106. IVs generated using this mechanism may only be used in the context of AES GCM encryption within the IPsec protocol. The module does not implement IPsec. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. This application must use RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption keys are derived. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

28 of 33
Page 29

Kernel Cryptography Module for AlmaLinux 9 The design of the IPsec protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the crypto_aead_encrypt API function with an AES GCM handle. When this is the case, the API will not set an approved service indicator, as described in Table 10. 11.2.2 AES XTS In compliance with FIPS 140-3 IG C.I, the module implements the check to ensure that the two AES keys used in AES XTS algorithm are not identical. The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 220 AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 80038E. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit. 11.2.3 RSA The module provides RSA signature verification as an internal function compliant with IG C.F. The module supports RSA modulus lengths of 4096 bits for signature verification. The RSA signature verification implementation has been tested for all implemented RSA modulus lengths.

11.3 Non-Administrator Guidance

There is no non-administrator guidance.

11.4 Maintenance Requirements

There are no maintenance requirements.

11.5 End of Life

Secure disposal is the customer’s responsibility, since the module goes EOL with the operating system. As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the kernel5.14.0-284.1101.el9_2.tuxcare.7, libkcapi-1.3.1-3.el9, and libkcapi-hmaccalc-1.3.1-3.el9 RPM packages (for both Intel and ARM platforms) can be uninstalled from the AlmaLinux 9.2 system. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

29 of 33
Page 30

Kernel Cryptography Module for AlmaLinux 9

12 Mitigation of Other Attacks

The module does not offer mitigation of other attacks and therefore this section is not applicable. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

30 of 33
Page 31

Kernel Cryptography Module for AlmaLinux 9 Appendix A. Glossary and abbreviations AES Advanced Encryption Standard AES-NI Advanced Encryption Standard New Instructions API Application Programming Interface CAST Cryptographic Algorithm Self-Test CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter CTS Ciphertext Stealing DRBG Deterministic Random Bit Generator ECB Electronic Code Book ESV Entropy Source Validation FIPS Federal Information Processing Standards GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HKDF HMAC-based Key Derivation Function HMAC Keyed-Hash Message Authentication Code IPsec Internet Protocol Security KAT Known Answer Test KBKDF Key-based Key Derivation Function MAC Message Authentication Code NIST National Institute of Science and Technology PAA Processor Algorithm Acceleration PCT Pair-wise Consistency Test PBKDF2 Password-based Key Derivation Function v2 PKCS Public-Key Cryptography Standards RSA Rivest, Shamir, Addleman SHA Secure Hash Algorithm SSP Sensitive Security Parameter XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

31 of 33
Page 32

Kernel Cryptography Module for AlmaLinux 9 Appendix B. FIPS 140-3 References FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP 800-38A Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

32 of 33
Page 33

Kernel Cryptography Module for AlmaLinux 9 SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf RFC 4106 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) June 2005 https://datatracker.ietf.org/doc/html/rfc4106 © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.

33 of 33

Referenced URLs