| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 8/1/2029 |
| Caveat | Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. |
| Vendor | Cloudlinux Inc., TuxCare division |
| Product page | https://tuxcare.com/fips-for-almalinux/ |
|---|---|
| Support page | https://docs.tuxcare.com/enterprise-support-for-almalinux/fips/ open support |
| Documentation | https://docs.tuxcare.com/enterprise-support-for-almalinux/fips/ |
| Assessment | Public docs.tuxcare.com documentation gives the full FIPS package install/verify procedure; no login required. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Sensitive Security Parameter Management | 1 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for Kernel Cryptography Module for AlmaLinux 9
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show status<br/>Self-test<br/>Error State</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Kernel Cryptography Module for AlmaLinux 9
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show status<br/>Self-test<br/>Error State</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Kernel Cryptography Module for AlmaLinux 9 version: kernel 5.14.0-284.1101.el9_2.tuxcare.7 libkcapi 1.3.1-3.el9 document version 1.3 Last update: 2025-04-29 Prepared by: Prepared for: atsec information security corporation
CloudLinux Inc., TuxCare division
Austin, TX 78759 www.atsec.com Palo Alto, CA 94303 www.tuxcare.com © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 Table of Contents 1.1 1.1.1 1.2 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 3.1 3.2 3.3 4.1 4.2 4.3 4.4 4.5 4.6 4.7 5.1 5.2 6.1 6.2 9.1 9.2 9.3 9.4 9.5 © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 11.2.1 11.2.2 11.2.3 Appendix A. Appendix B. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 List of Tables List of Figures © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 1 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | 1 |
| 7 | 7 | Physical Security | Not Applicable |
| 8 | 8 | Non-invasive Security | Not Applicable |
| 9 | 9 | Sensitive Security Parameter Management | 1 |
| 10 | 10 | Self-tests | 1 |
Kernel Cryptography Module for AlmaLinux 9
This document is the non-proprietary FIPS 140-3 Security Policy for version kernel 5.14.0284.1101.el9_2.tuxcare.7; libkcapi 1.3.1-3.el9 of the Kernel Cryptography Module for AlmaLinux 9 module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module. and including this notice. Other documentation is proprietary to their authors.
further consolidated into this document by atsec information security together with other vendorsupplied documentation. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.
Table 1 describes the individual security areas of FIPS 140-3, as well as the security levels of those individual areas. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| 11 | Life-cycle Assurance | 1 |
|---|---|---|
| 12 | Mitigation of Other Attacks | Not Applicable |
| Overall | 1 |
Kernel Cryptography Module for AlmaLinux 9 Table 1 - Security Levels © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9
Purpose and Use: The Kernel Cryptography Module for AlmaLinux 9 (hereafter referred to as “the module”) provides a C language application program interface (API) for use by other (kernel space and user space) processes that require cryptographic functionality. The module operates on a general-purpose computer as part of the Linux kernel. Its cryptographic functionality can be accessed using the Linux Kernel Crypto API. Module Type: Software Module Embodiment: Multi-chip standalone Module Characteristics: N/A Cryptographic Boundary: The cryptographic boundary of the module is defined as the kernel binary and the kernel crypto object files, the libkcapi library, and the sha512hmac binary, which is used to verify the integrity of the software components. In addition, the cryptographic boundary contains the .hmac files which store the expected integrity values for each of the software components. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. Figure 1
Hardware Versions: N/A Software Versions: kernel 5.14.0-284.1101.el9_2.tuxcare.7; libkcapi 1.3.1-3.el9 © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Operating System | Hardware Platform | Firmware Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test | |
|---|---|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) m5.metal | Intel Xeon Platinum 8259CL | AES-NI (PAA) | N/A | |||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) m5.metal | Intel Xeon Platinum 8259CL | None | N/A | |||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) a1.metal | AWS Graviton | Neon / CE, SHA Extensions (PAA) | N/A | |||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) a1.metal | AWS Graviton | None | N/A | |||||
| /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64 (for Intel platform) /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.a arch64 (for ARM platform) | 5.14.0- 284.1101.el9_2.tuxca re.7 | N/A | /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64 (for Intel platform) /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.a arch64 (for ARM platform) | HMAC-SHA2-512 | N/A | |||||
| /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/crypto/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/arch/x86/crypt o/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7. aarch64/kernel/crypto/*.ko | /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/crypto/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/arch/x86/crypt o/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7. aarch64/kernel/crypto/*.ko | RSA signature verification |
| Name | Operating System | Hardware Platform | Firmware Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test | |
|---|---|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) m5.metal | Intel Xeon Platinum 8259CL | AES-NI (PAA) | N/A | |||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) m5.metal | Intel Xeon Platinum 8259CL | None | N/A | |||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) a1.metal | AWS Graviton | Neon / CE, SHA Extensions (PAA) | N/A | |||||
| AlmaLinux 9.2 | AlmaLinux 9.2 | Amazon Web Services (AWS) a1.metal | AWS Graviton | None | N/A | |||||
| /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64 (for Intel platform) /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.a arch64 (for ARM platform) | 5.14.0- 284.1101.el9_2.tuxca re.7 | N/A | /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64 (for Intel platform) /boot/vmlinuz-5.14.0- 284.1101.el9_2.tuxcare.7.a arch64 (for ARM platform) | HMAC-SHA2-512 | N/A | |||||
| /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/crypto/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/arch/x86/crypt o/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7. aarch64/kernel/crypto/*.ko | /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/crypto/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7.x 86_64/kernel/arch/x86/crypt o/*.ko (for Intel platform) /usr/lib/modules/5.14.0- 284.1101.el9_2.tuxcare.7. aarch64/kernel/crypto/*.ko | RSA signature verification | ||||||||
| /usr/lib64/libkcapi.so.1.3.1 (for Intel platform) /usr/bin/sha512hmac | 1.3.1-3.el9 | N/A | /usr/lib64/libkcapi.so.1.3.1 (for Intel platform) /usr/bin/sha512hmac | HMAC-SHA2-512 | N/A | |||||
| /usr/lib64/libkcapi.so.1.3.1 (for ARM platform) /usr/bin/sha512hmac | 1.3.1-3.el9 | N/A | /usr/lib64/libkcapi.so.1.3.1 (for ARM platform) /usr/bin/sha512hmac | HMAC-SHA2-512 | N/A |
N/A N/A N/A N/A Table 2 - Software, Firmware, Hybrid Tested Operating Environments Executable Code Sets: N/A N/A © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non-approved mode | Automatically entered whenever a non-approved service is requested. | Equivalent to the indicator of the requested service | Non-approved |
Kernel Cryptography Module for AlmaLinux 9 N/A N/A N/A N/A Table 3 - Executable Code Sets
There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.
Modes List and Description: Table 4 - Modes List and Description After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on startup, the module automatically transitions to the approved mode. Mode change instructions and status indicators: The module automatically switches between the approved and non-approved modes depending on The module does not implement a degraded mode of operation. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Algorithm and | ||
|---|---|---|---|---|---|---|---|
| A4025 | SHA-224, SHA-256, SHA-384, SHA-512 | N/A | Message digest | SHA [FIPS 180-4] | |||
| A4026 | A4026 | N/A | Message digest | SHA-3 [FIPS 202] | SHA3-224, SHA3-256, | ||
| A4025 | ECB, CBC, CBC-CTS- CS3, OFB, CFB128, CTR | 128, 192, 256 bits | Encryption Decryption | ECB, CBC, CBC-CTS- | AES [FIPS 197, SP 800- | ||
| A4027 | CS3, OFB, CFB128, CTR | 38A, SP 800-38A | |||||
| A4028 | Addendum] | ||||||
| A4029 A4030 | CCM | 128, 192, 256 bits | Authenticated encryption Authenticated decryption | AES [FIPS 197, SP 800- 38C] | AES [FIPS 197, SP 800- | ||
| A4031 | 38C] | ||||||
| A4025 | GCM (internal IV) | 128, 192, 256 bits | Authenticated encryption | AES [FIPS 197, SP 800- | |||
| A4030 | 38D] | ||||||
| A4031 A4033 | GCM (external IV) | 128, 192, 256 bits | Authenticated decryption | AES [FIPS 197, SP 800- 38D] | AES [FIPS 197, SP 800- | ||
| A4034 | 38D] | ||||||
| A4025 | XTS | 128, 256 bits | Encryption Decryption | AES [FIPS 197, SP 800- 38E] |
Kernel Cryptography Module for AlmaLinux 9
© 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Algorithm and | |
|---|---|---|---|---|---|---|
| A4025 | CMAC, GMAC | 128, 192, 256 bits | Message authentication | AES [FIPS 197, SP 800- 38B, SP 800-38D] | ||
| A4025 | SHA-224, SHA-256, SHA-384, SHA-512 | 112-524288 bits (112-256 bits) | Message authentication | HMAC [FIPS 198-1] | ||
| A4026 | A4026 | SHA3-224, SHA3-256, | ||||
| A4025 | AES-128, AES-192, AES-256, with derivation function, with/without prediction resistance | 128, 192, 256 bits | Random number generation | CTR_DRBG [SP 800- 90Ar1] | AES-128, AES-192, | |
| A4030 | AES-256, with | |||||
| A4031 | derivation function, | |||||
| A4033 | with/without prediction | |||||
| A4034 | resistance | |||||
| A4025 | 112, 256 bits | Random number generation | Hash_DRBG [SP 800- 90Ar1] | SHA-1, SHA-256, SHA- | ||
| A4030 | 512 with/without | |||||
| A4031 | prediction resistance | |||||
| A4034 A4035 | SHA-1, SHA-256, SHA- 512 with/without prediction resistance | 112, 256 bits | Random number generation | HMAC_DRBG [SP 800- 90Ar1] | SHA-1, SHA-256, SHA- | |
| A4038 | 512 with/without | |||||
| A4039 | prediction resistance | |||||
| A4025 | PKCS#1 v1.5 with SHA- 256 | 4096 bits (150 bits) | Internal function: Integrity verification | RSA [FIPS 186-4] |
Kernel Cryptography Module for AlmaLinux 9 Table 5 - Approved Algorithms Vendor Affirmed Algorithms: The module does not implement vendor affirmed algorithms. Non-Approved, Allowed Algorithms: The module does not implement non-approved algorithms allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: The module does not implement non-approved algorithms allowed in the approved mode of operation with no security claimed. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Use Function |
|---|---|
| AES GCM with external IV | Encryption |
| KBKDF (libkcapi) | Key derivation |
| HKDF (libkcapi) | Key derivation |
| PBKDF2 (libkcapi) | Password-based key derivation |
| RSA | Encryption primitive Decryption primitive |
| RSA with PKCS#1 v1.5 padding (pre-hashed message) | Signature generation primitive Signature verification primitive |
| Name | Type | Strength | |||
|---|---|---|---|---|---|
| AlmaLinux Kernel CPU Time Jitter RNG Entropy Source (ESV cert. #E75) | Non- physical | 256 bits | See Table 2 | 256 bits | SHA3-256 |
Kernel Cryptography Module for AlmaLinux 9 Non-Approved, Not Allowed Algorithms: Table 6
The module does not implement any SSP generation methods.
The module does not implement any SSP establishment methods.
AES GCM with internal IV generation in approved mode is compliant with RFC 4106 and shall only be used in conjunction with the IPsec protocol. No parts of this protocol, other than the AES GCM implementation, have been tested by the CAVP and CMVP. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9
The module operates in the approved mode of operation by default and can only transition into the non-approved mode by calling one of the non-approved services listed in Table 11 of the Security Policy. In the operational state, the module accepts service requests from calling applications through its logical interfaces. If the Linux kernel is shut down, the module will end its operation.
There are no specific initialization requirements. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs. | As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs. | Data Input | API data input parameters, AF_ALG type sockets. |
| Data Output | Data Output | API output parameters, AF_ALG type sockets. | |
| Control Input | Control Input | API function calls, API control input parameters, AF_ALG type sockets, kernel command line. | |
| Status Output | Status Output | API return values, AF_ALG type sockets, kernel logs. |
Kernel Cryptography Module for AlmaLinux 9
Table 8 - Ports and Interfaces The logical interfaces are the APIs through which the applications request services and AF_ALG type socket that allows the applications running in the user space to request cryptographic services from the module. These logical interfaces are logically separated from each other by the API design.
The module does not implement a trusted channel. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Message digest | Compute a message digest | N/A | SHA-224, SHA- 256, SHA-384, SHA-512, SHA3- 224, SHA3-256, SHA3-384, SHA3- 512 | crypto_shash _init returns 0 | Message | Digest value |
| Encryption | Encrypt a plaintext | AES key: W, E | AES ECB, CBC, CBC-CTS-CS3, OFB, CFB128, CTR, XTS | crypto_skciph er_setkey return 0 | AES key, plaintext | Ciphertext |
| Decryption | Decrypt a ciphertext | AES key, ciphertext | Plaintext | |||
| Authenticated encryption | Encrypt a plaintext | AES key: W, E HMAC key: W, E | AES CCM, GCM (internal IV) AES CBC or CTR with HMAC-SHA2- 256, SHA2-384, or SHA2-512 | For all except AES_GCM: crypto_aead_ setkey returns 0 For AES-GCM: the TFM handle has the CRYPTO_TFM_ FIPS_COMPLI ANCE flag set | AES key, plaintext | Ciphertext, MAC tag |
| Authenticated decryption | Decrypt a ciphertext | AES CCM, GCM (external IV) AES CBC or CTR with HMAC-SHA2- 256, SHA2-384, or SHA2-512 | AES key, ciphertext, MAC tag | Plaintext | ||
| Message authentication | Compute a MAC tag | AES key: W, E | AES CMAC, GMAC | crypto_shash _init returns 0 | AES key, message | MAC tag |
| HMAC key, message | HMAC key: W, E | HMAC-SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA3-224, SHA3- 256, SHA3-384, | HMAC key, message | |||
| Random number generation | Generate random bytes | Entropy input: W, E DRBG seed: E, G DRBG Internal state (V, Key), DRBG Internal state (V, C): W, E, G | CTR_DRBG Hash_DRBG HMAC_DRBG | crypto_rng_g et_bytes returns 0 | Output length | Random bytes |
| Error detection code | Compute an EDC (crc32, crct10dif) | N/A | N/A | None | Message | EDC |
| Compression | Compress data (deflate, lzo, zlib-deflate) | N/A | N/A | None | Data | Compressed data |
| Generic system call | Use the kernel to perform various non- cryptographic operations | N/A | N/A | None | Identifier, various arguments | Various return values |
| Show version | Return the module name and version information | N/A | N/A | None | N/A | Module name and version |
| Show status | Return the module status | N/A | N/A | None | N/A | Module status |
| Self-test | Perform the CASTs and integrity tests | N/A | SHA SHA-3 AES HMAC CTR_DRBG Hash_DRBG HMAC_DRBG RSA See Table 18 for specifics | None | N/A | Pass/fail |
| Type | Operator Type | Authentication | ||
|---|---|---|---|---|
| Methods | ||||
| Crypto Officer | Role | CO | N/A |
Kernel Cryptography Module for AlmaLinux 9
The module does not implement authentication.
N/A Table 9
N/A W, E W, E © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
E, G (V, C): W, E, G N/A N/A N/A N/A various noncryptographic N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Table 10
| Name | Description | Roles | Approved Functions |
|---|---|---|---|
| AES GCM external IV encryption | Encrypt a plaintext using AES GCM with an external IV | CO | AES GCM with external IV |
| Key derivation | Derive a key from a key-derivation key or a shared secret | CO | KBKDF (libkcapi) HKDF (libkcapi) |
| Password-based key derivation | Derive a key from a password | CO | PBKDF2 (libkcapi) |
| RSA encryption primitive | Compute the raw RSA encryption of a number | CO | RSA |
| RSA decryption primitive | Compute the raw RSA decryption of a number | CO | |
| RSA signature generation primitive (pre-hashed message) | Generate a digital signature for a pre-hashed message | CO | RSA with PKCS#1 v1.5 padding (pre- hashed message) |
| RSA signature verification primitive (pre-hashed message) | Verify a digital signature for a pre- hashed message | CO |
Kernel Cryptography Module for AlmaLinux 9
Table 11 - Non-Approved Services
The module does not load external software or firmware.
The module does not implement a bypass capability.
The module does not implement a self-initiated cryptographic output capability. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9
The Linux kernel binary, libkcapi, and sha512hmac software components are integrity tested using an HMAC-SHA2-512 calculation performed by the sha512hmac utility (which utilizes the module’s HMAC and SHA-512 implementations). The kernel crypto object files listed in Table 3 are loaded on start-up by the module and verified using RSA signature verification with PKCS#1 v1.5 padding, SHA-256, and a 4096-bit key.
Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity tests can be invoked on demand by unloading and subsequently re-initializing the module, which will perform (among others) the software integrity tests. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9
Type of Operating Environment: modifiable: the module executes as part of a general-purpose operating system (AlmaLinux 9.2), which allows modification, loading, and execution of software that is not part of the validated module. How Requirements are Satisfied: the approved cryptographic algorithms of the module are part of the Linux kernel, which operates in Linux kernel space. This ensures that any SSPs contained within the module are protected by the process isolation and memory separation mechanisms provided by the Linux kernel, and only the module has control over these SSPs. The user space libkcapi and sha512hmac components, though not processing any SSPs, are similarly protected by the operating environment.
The module shall be installed as stated in Section 11.1. Instrumentation tools like the ptrace system call, gdb and strace, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9
The module is comprised of software only and therefore this section is not applicable. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9
This module does not implement any non-invasive security mechanism and therefore this section is not applicable. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Description | Type |
|---|---|---|
| RAM | Temporary storage for SSPs used by the module as part of service execution | Dynamic |
| Name | From | To | Format | Distribution | Entry Type | Related SFI | |||
|---|---|---|---|---|---|---|---|---|---|
| Type | Type | ||||||||
| API input parameters | Operator calling application (TOEPP) | Cryptographic module | Plaintext | Manual | Electronic | N/A | |||
| AF_ALG type sockets (input) |
| Zeroization Method | Description | Rationale | Operator Initiation |
|---|---|---|---|
| Free cipher handle | Zeroizes the SSPs contained within the cipher handle | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable | By calling the appropriate API functions |
| AES key: crypto_free_skcipher and crypto_free_aead HMAC key: crypto_free_shash and crypto_free_ahash Entropy input, DRBG seed, DRBG Internal state (V, Key), DRBG Internal state (V, C): crypto_free_rng | |||
| Remove power from the module | De-allocates the volatile memory used to store SSPs | Volatile memory used by the module is overwritten within nanoseconds when power is removed | By removing power |
Kernel Cryptography Module for AlmaLinux 9
Table 12 - Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in the
N/A Table 13 - SSP Input-Output Table 14 - SSP Zeroization Methods All data output is inhibited during zeroization. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Type | Strength | Generation | Establishment | Storage | Use | Input | Description | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| AES key | Symmetric Key | XTS: 128, 256 bits Other modes: 128, 192, 256 bits | N/A | N/A | Encryption Decryption Authenticated encryption Authenticated decryption Message authentication | AES key used for encryption, decryption, and computing MAC tags | ||||
| HMAC key | Authentication key | 112-524288 bits (112-256 bits) | N/A | N/A | Message authentication | HMAC key | ||||
| Entropy input | Entropy input | 128-384 bits | Non-Physical Entropy Source See Table 7 | N/A | Random number generation | Entropy input used to seed the DRBGs. IG D.L compliant | ||||
| DRBG seed | Seed | CTR_DRBG: 128, 192, 256 bits Hash_DRBG: 128, 256 bits HMAC_DRBG: 128, 256 bits | CTR_DRBG Hash_DRBG HMAC_DRBG | N/A | Random number generation | DRBG seed derived from entropy input. IG D.L compliant | ||||
| DRBG Internal state (V, Key) | Internal state | CTR_DRBG HMAC_DRBG | N/A | Random number generation | Internal state of CTR_DRBG and HMAC_DRBG instances. IG D.L compliant | |||||
| DRBG Internal state (V, C) | Internal state | Hash_DRBG | N/A | Random number generation | Internal state of Hash_DRBG instances. IG D.L compliant | |||||
| AES key | CSP | RAM | API input parameters AF_ALG type sockets (input) | Until cipher handle is freed | None | |||||
| HMAC key | CSP | None | ||||||||
| Entropy input | CSP | N/A | From generation until the DRBG seed is created | DRBG seed | ||||||
| DRBG seed | CSP | N/A | While the DRBG is being instantiated | Entropy input DRBG Internal state (V, Key) DRBG Internal state (V, C) |
| Name | Type | Strength | Generation | Establishment | Storage | Use | Input | Description | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| AES key | Symmetric Key | XTS: 128, 256 bits Other modes: 128, 192, 256 bits | N/A | N/A | Encryption Decryption Authenticated encryption Authenticated decryption Message authentication | AES key used for encryption, decryption, and computing MAC tags | ||||
| HMAC key | Authentication key | 112-524288 bits (112-256 bits) | N/A | N/A | Message authentication | HMAC key | ||||
| Entropy input | Entropy input | 128-384 bits | Non-Physical Entropy Source See Table 7 | N/A | Random number generation | Entropy input used to seed the DRBGs. IG D.L compliant | ||||
| DRBG seed | Seed | CTR_DRBG: 128, 192, 256 bits Hash_DRBG: 128, 256 bits HMAC_DRBG: 128, 256 bits | CTR_DRBG Hash_DRBG HMAC_DRBG | N/A | Random number generation | DRBG seed derived from entropy input. IG D.L compliant | ||||
| DRBG Internal state (V, Key) | Internal state | CTR_DRBG HMAC_DRBG | N/A | Random number generation | Internal state of CTR_DRBG and HMAC_DRBG instances. IG D.L compliant | |||||
| DRBG Internal state (V, C) | Internal state | Hash_DRBG | N/A | Random number generation | Internal state of Hash_DRBG instances. IG D.L compliant | |||||
| AES key | CSP | RAM | API input parameters AF_ALG type sockets (input) | Until cipher handle is freed | None | |||||
| HMAC key | CSP | None | ||||||||
| Entropy input | CSP | N/A | From generation until the DRBG seed is created | DRBG seed | ||||||
| DRBG seed | CSP | N/A | While the DRBG is being instantiated | Entropy input DRBG Internal state (V, Key) DRBG Internal state (V, C) | ||||||
| DRBG Internal state (V, Key) | CSP | N/A | From DRBG instantiation until DRBG termination | DRBG seed | ||||||
| DRBG Internal state (V, C) | CSP | N/A | DRBG seed |
Kernel Cryptography Module for AlmaLinux 9 N/A N/A N/A N/A N/A N/A N/A N/A C) Table 15 - SSP Information First N/A N/A © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 N/A N/A Table 16 - SSP Information Second
The RSA algorithm as implemented by the module conforms to FIPS 186-4, which has been superseded by FIPS 186-5. FIPS 186-4 will be withdrawn on February 3, 2024. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Implementatio n | Implement ation | Indicator | Conditions | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| HMAC-SHA2- 512 | HMAC-SHA2- 512 | Message Authentication | Software integrity | Used for kernel binary, libkcapi, and sha512hmac binary | C | 128-bit key | Module becomes operational | |||||
| RSA PKCS#1 v1.5 | RSA PKCS#1 v1.5 | Signature Verification | Used for kernel crypto object files | C | 4096-bit key with SHA-256 | |||||||
| SHA-224 | SHA-224 | Message digest | 0-8184 bit messages | C, CE, Neon, AVX, AVX2, SSSE3 | KAT | CAST | Module is operational | Module initialization | ||||
| SHA-384 | SHA-384 | C, AVX, AVX2, SSSE3 | ||||||||||
| SHA3-224 | SHA3-224 | C | ||||||||||
| AES ECB | AES ECB | Encryption Decryption (separately) | 128, 192, 256 bit keys | C, CE, AES-NI | ||||||||
| AES CBC-CTS- CS3 | AES CBC-CTS- CS3 | 128 bit keys | C, CE, Neon, AES-NI | |||||||||
| AES OFB | AES OFB | 128 bit keys | C, CE, AES-NI | |||||||||
| AES CFB128 | AES CFB128 | 128, 192, 256 bit keys | ||||||||||
| AES CCM | AES CCM | 128, 192, 256 bit keys | C, CE |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Implementatio n | Implement ation | Indicator | Conditions | Test Properties | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| HMAC-SHA2- 512 | HMAC-SHA2- 512 | Message Authentication | Software integrity | Used for kernel binary, libkcapi, and sha512hmac binary | C | 128-bit key | Module becomes operational | ||||||
| RSA PKCS#1 v1.5 | RSA PKCS#1 v1.5 | Signature Verification | Used for kernel crypto object files | C | 4096-bit key with SHA-256 | ||||||||
| SHA-224 | SHA-224 | Message digest | 0-8184 bit messages | C, CE, Neon, AVX, AVX2, SSSE3 | KAT | CAST | Module is operational | Module initialization | |||||
| SHA-384 | SHA-384 | C, AVX, AVX2, SSSE3 | |||||||||||
| SHA3-224 | SHA3-224 | C | |||||||||||
| AES ECB | AES ECB | Encryption Decryption (separately) | 128, 192, 256 bit keys | C, CE, AES-NI | |||||||||
| AES CBC-CTS- CS3 | AES CBC-CTS- CS3 | 128 bit keys | C, CE, Neon, AES-NI | ||||||||||
| AES OFB | AES OFB | 128 bit keys | C, CE, AES-NI | ||||||||||
| AES CFB128 | AES CFB128 | 128, 192, 256 bit keys | |||||||||||
| AES CCM | AES CCM | 128, 192, 256 bit keys | C, CE | ||||||||||
| AES GCM (internal IV) | AES GCM (internal IV) | Encryption | C, CE, AES-NI | 128, 192, 256 bit keys 96-bit IVs | |||||||||
| AES GCM (external IV) | AES GCM (external IV) | Decryption | 128, 192, 256 bit keys | ||||||||||
| AES XTS | AES XTS | Encryption Decryption (separately) | 128 and 256 bit keys | ||||||||||
| AES CMAC | AES CMAC | Message authenticati on | C, CE, Neon, AES-NI | 128 and 256 bit keys | |||||||||
| HMAC-SHA2- 224 | HMAC-SHA2- 224 | C, CE, AVX2 | 32, 160, 1048 bit keys | ||||||||||
| HMAC-SHA2- 256 | HMAC-SHA2- 256 | 32, 256, 296, 640 bit keys | |||||||||||
| HMAC-SHA2- 384 | HMAC-SHA2- 384 | C, AVX2 | 32, 160, 1048 bit keys | ||||||||||
| HMAC-SHA2- 512 | HMAC-SHA2- 512 | 32, 160, 1048 bit keys | |||||||||||
| HMAC SHA3- 224 | HMAC SHA3- 224 | C | 32, 160, 1048 bit keys | ||||||||||
| HMAC SHA3- 256 | HMAC SHA3- 256 | 32, 160, 1048 bit keys | |||||||||||
| HMAC SHA3- 384 | HMAC SHA3- 384 | 32, 160, 1048 bit keys | |||||||||||
| HMAC SHA3- 512 | HMAC SHA3- 512 | 32, 160, 1048 bit keys | |||||||||||
| CTR_DRBG | CTR_DRBG | KAT, Health tests according to section 11.3 of [SP800- 90Arev1] | Seed Generate | 128, 192, 256 bit keys With/without PR | |||||||||
| Hash_DRBG | Hash_DRBG | KAT, Health tests according to section 11.3 of [SP800- 90Arev1] | SHA-1, SHA- 256, SHA-512 With/without PR | ||||||||||
| HMAC_DRBG | HMAC_DRBG | KAT, Health tests | SHA-1, SHA- 256, SHA-512 With/without |
n r HMAC-SHA2512 C C Table 17 - Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is powered on, before the module transitions into the operational state. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully.
C © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC SHA3224 C HMAC SHA3256 HMAC SHA3384 HMAC SHA3512 [SP80090Arev1] [SP80090Arev1] © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
| Name | Algorithm Or Test | Test Method | Details | PR | Conditions | Indicator |
|---|---|---|---|---|---|---|
| RSA PKCS#1 v1.5 | RSA PKCS#1 v1.5 | KAT | Verify | 4096-bit key with SHA-256 | ||
| Non-Physical Entropy Source | Non-Physical Entropy Source | RCT | Entropy source start- up test | 1024 time deltas | Entropy source initialization | |
| 1024 time deltas | APT | 1024 time deltas | ||||
| Continuously | RCT | Entropy source continuous test | Continuously | Continuously | Entropy source is operational | |
| Continuously | APT | Continuously |
| Name | Description | Indicator | ||
|---|---|---|---|---|
| Error State | The Linux kernel immediately stops executing | Kernel Panic | Any self-test failure | Restart of the module |
Kernel Cryptography Module for AlmaLinux 9 [SP80090Arev1] Table 18 - Conditional Self-Tests When all of the pre-operational self-tests pass successfully, the module automatically performs all cryptographic algorithm self-tests (CASTs) as specified in Table 18. Only if these CASTs also passed successfully, the module transitions to the operational state. No operator intervention is required to reach this point. Services are not available, and data output (via the data output interface) is inhibited during the self-tests. If any of these tests fails, the module transitions to the
The module does not implement any periodic self-tests.
Table 19 - Error States In the error state, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running).
The software integrity tests, cryptographic algorithm self-tests, and entropy source start-up tests can be invoked on demand by unloading and subsequently re-initializing the module. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9
The module is distributed as a part of the AlmaLinux 9.2 package in the form of the kernel-5.14.0284.1101.el9_2.tuxcare.7, libkcapi-1.3.1-3.el9, and libkcapi-hmaccalc-1.3.1-3.el9 RPM packages. Before the packages are installed, the AlmaLinux 9.2 system must operate in approved mode. This can be achieved by:
The cryptographic boundary consists only of those APIs provided by the Kernel crypto API. If any other API in the Linux kernel is invoked, the user is not interacting with the module specified in this Security Policy. 11.2.1 AES GCM IV The Crypto Officer shall consider the following requirements and restrictions when using the module. For IPsec, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The mechanism for IV generation is compliant with RFC 4106. IVs generated using this mechanism may only be used in the context of AES GCM encryption within the IPsec protocol. The module does not implement IPsec. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. This application must use RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption keys are derived. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 The design of the IPsec protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the crypto_aead_encrypt API function with an AES GCM handle. When this is the case, the API will not set an approved service indicator, as described in Table 10. 11.2.2 AES XTS In compliance with FIPS 140-3 IG C.I, the module implements the check to ensure that the two AES keys used in AES XTS algorithm are not identical. The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 220 AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 80038E. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit. 11.2.3 RSA The module provides RSA signature verification as an internal function compliant with IG C.F. The module supports RSA modulus lengths of 4096 bits for signature verification. The RSA signature verification implementation has been tested for all implemented RSA modulus lengths.
There is no non-administrator guidance.
There are no maintenance requirements.
Secure disposal is the customer’s responsibility, since the module goes EOL with the operating system. As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the kernel5.14.0-284.1101.el9_2.tuxcare.7, libkcapi-1.3.1-3.el9, and libkcapi-hmaccalc-1.3.1-3.el9 RPM packages (for both Intel and ARM platforms) can be uninstalled from the AlmaLinux 9.2 system. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9
The module does not offer mitigation of other attacks and therefore this section is not applicable. © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 Appendix A. Glossary and abbreviations AES Advanced Encryption Standard AES-NI Advanced Encryption Standard New Instructions API Application Programming Interface CAST Cryptographic Algorithm Self-Test CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter CTS Ciphertext Stealing DRBG Deterministic Random Bit Generator ECB Electronic Code Book ESV Entropy Source Validation FIPS Federal Information Processing Standards GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HKDF HMAC-based Key Derivation Function HMAC Keyed-Hash Message Authentication Code IPsec Internet Protocol Security KAT Known Answer Test KBKDF Key-based Key Derivation Function MAC Message Authentication Code NIST National Institute of Science and Technology PAA Processor Algorithm Acceleration PCT Pair-wise Consistency Test PBKDF2 Password-based Key Derivation Function v2 PKCS Public-Key Cryptography Standards RSA Rivest, Shamir, Addleman SHA Secure Hash Algorithm SSP Sensitive Security Parameter XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 Appendix B. FIPS 140-3 References FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP 800-38A Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.
Kernel Cryptography Module for AlmaLinux 9 SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf RFC 4106 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) June 2005 https://datatracker.ietf.org/doc/html/rfc4106 © 2025 Cloudlinux Inc., TuxCare division / atsec information security corporation.