| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Historical |
| Caveat | Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy |
| Vendor | Red Hat(R), Inc. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for Red Hat Enterprise Linux 9 libgcrypt
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric encryption and decryption<br/>Symmetric encryption and decryption with AES XTS…<br/>Show status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Red Hat Enterprise Linux 9 libgcrypt
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric encryption and decryption<br/>Symmetric encryption and decryption with AES XTS…<br/>Show status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Red Hat, Inc. Red Hat Enterprise Linux 9 libgcrypt Prepared by: atsec information security corporation
Austin, TX 78759 Document version: 1.0 www.atsec.com Last update: 2024-07-30
Red Hat Enterprise Linux 9 libgcrypt Table of Contents © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt List of Tables Table 2: Tested Module Identification
| Name | ISO Section | Level |
|---|---|---|
| 1 | 1 | 1 |
| 2 | 2 | 1 |
| 3 | 3 | 1 |
| 4 | 4 | 1 |
| 5 | 5 | 1 |
| 6 | 6 | 1 |
| 7 | 7 | N/A |
| 8 | 8 | N/A |
| 9 | 9 | 1 |
| 10 | 10 | 1 |
| 11 | 11 | 1 |
| 12 | 12 | 1 |
Red Hat Enterprise Linux 9 libgcrypt
This document is the non-proprietary FIPS 140-3 Security Policy for version 1.10.08b6840b590cedd43 of the Red Hat Enterprise Linux 9 libgcrypt. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module.
This Security Policy describes the features and design of the module named Red Hat Enterprise Linux 9 libgcrypt using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Module specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic module to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. intact and including this notice. Other documentation is proprietary to their authors. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
Purpose and Use: The Red Hat Enterprise Linux 9 libgcrypt (hereafter referred to as “the module”) is a software library implementing general purpose cryptographic algorithms. The module provides cryptographic services to applications running in the user space of the underlying operating system through an application program interface (API). Module Type: Software Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The module consists of the shared library file (i.e. libgcrypt.so.20.4.0) which constitutes the cryptographic boundary. The block diagram in Figure 1 shows the cryptographic boundary of the module, its interfaces with the operational environment and the flow of information between the module and operator. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP is the general-purpose computer on which the module is installed. Figure 1: Block Diagram © 2024 Red Hat, Inc., atsec information security.
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| /usr/lib64/libgcrypt.so.20.4.0 | 1.10.0- 8b6840b590cedd43 | N/A | /usr/lib64/libgcrypt.so.20.4.0 | HMAC-SHA-256 | ||||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | Dell PowerEdge R440 | 1.10.0- 8b6840b590cedd43 | Intel(R) Xeon(R) Silver 4216 | AES-NI, SHA extensions (PAA) | N/A | ||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | IBM z16 3931-A01 | 1.10.0- 8b6840b590cedd43 | IBM z16 | CPACF (PAI) | N/A | ||||
| Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 | Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 | IBM 9080- HEX | 1.10.0- 8b6840b590cedd43 | IBM POWER10 | ISA (PAA) | N/A | ||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | Intel(R) Xeon(R) E5 |
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| /usr/lib64/libgcrypt.so.20.4.0 | 1.10.0- 8b6840b590cedd43 | N/A | /usr/lib64/libgcrypt.so.20.4.0 | HMAC-SHA-256 | ||||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | Dell PowerEdge R440 | 1.10.0- 8b6840b590cedd43 | Intel(R) Xeon(R) Silver 4216 | AES-NI, SHA extensions (PAA) | N/A | ||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | IBM z16 3931-A01 | 1.10.0- 8b6840b590cedd43 | IBM z16 | CPACF (PAI) | N/A | ||||
| Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 | Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 | IBM 9080- HEX | 1.10.0- 8b6840b590cedd43 | IBM POWER10 | ISA (PAA) | N/A | ||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | Intel(R) Xeon(R) E5 |
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| /usr/lib64/libgcrypt.so.20.4.0 | 1.10.0- 8b6840b590cedd43 | N/A | /usr/lib64/libgcrypt.so.20.4.0 | HMAC-SHA-256 | ||||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | Dell PowerEdge R440 | 1.10.0- 8b6840b590cedd43 | Intel(R) Xeon(R) Silver 4216 | AES-NI, SHA extensions (PAA) | N/A | ||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | IBM z16 3931-A01 | 1.10.0- 8b6840b590cedd43 | IBM z16 | CPACF (PAI) | N/A | ||||
| Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 | Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 | IBM 9080- HEX | 1.10.0- 8b6840b590cedd43 | IBM POWER10 | ISA (PAA) | N/A | ||||
| Red Hat Enterprise Linux 9 | Red Hat Enterprise Linux 9 | Intel(R) Xeon(R) E5 |
Identification Tested Module Identification
The module does not claim any excluded components. © 2024 Red Hat, Inc., atsec information security.
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- approved Mode | Automatically entered whenever a non-approved service is requested | Equivalent to the indicator of the requested service | Non- Approved |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A3757 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A3757 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A3757 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A3757 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A3757 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A3757 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A3757 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A3757 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A3757 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A3757 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A3757 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A3757 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3757 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3757 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3757 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| Hash DRBG | A3757 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3757 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 224 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 256 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 384 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 512 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3757 | Iteration Count - Iteration Count: 1000- 10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3757 | Key Generation Mode - B.3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3757 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A3757 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024, 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3757 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A3757 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHAKE-128 | A3757 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A3757 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| HMAC-SHA-1 | A3758 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| SHA-1 | A3758 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| AES-CBC | A3759 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A3759 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A3759 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A3759 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A3759 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A3759 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A3759 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A3759 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A3759 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A3759 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A3759 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A3759 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3759 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3759 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3759 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| Hash DRBG | A3759 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3759 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3759 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A3759 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A3759 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A3759 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A3759 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3759 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3759 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3759 | Iteration Count - Iteration Count: 1000- 10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3759 | Key Generation Mode - B.3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3759 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A3759 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024, 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3759 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3759 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3759 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3759 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3759 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3759 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3759 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3759 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| AES-CBC | A3760 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A3760 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A3760 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A3760 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A3760 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A3760 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A3760 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A3760 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A3760 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A3760 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A3760 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A3760 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3760 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3760 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3760 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| Hash DRBG | A3760 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3760 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3760 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A3760 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A3760 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A3760 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A3760 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3760 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3760 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3760 | Iteration Count - Iteration Count: 1000- 10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3760 | Key Generation Mode - B.3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3760 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A3760 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024, 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3760 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3760 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3760 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3760 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3760 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3760 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3760 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3760 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| ECDSA KeyGen (FIPS186-4) | A3761 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3761 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3761 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3761 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| Hash DRBG | A3761 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3761 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 224 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 256 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 384 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 512 | A3761 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3761 | Iteration Count - Iteration Count: 1000- 10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3761 | Key Generation Mode - B.3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3761 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A3761 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024, 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3761 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A3761 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHAKE-128 | A3761 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A3761 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| AES-CBC | A3762 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A3762 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A3762 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A3762 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A3762 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A3762 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A3762 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A3762 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A3762 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A3762 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A3762 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A3762 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3762 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3762 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3762 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4 |
| Hash DRBG | A3762 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3762 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 224 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 256 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 384 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 512 | A3762 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3762 | Iteration Count - Iteration Count: 1000- 10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3762 | Key Generation Mode - B.3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3762 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A3762 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024, 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3762 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A3762 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHAKE-128 | A3762 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A3762 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| AES-CBC | A4675 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A4675 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A4675 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A4675 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4675 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A4675 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| SHA2-256 | A4675 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A4675 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| AES-CBC | A4676 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A4676 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A4676 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A4676 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4676 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A4676 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| SHA2-256 | A4676 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A4676 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
Red Hat Enterprise Linux 9 libgcrypt
Modes List and Description: Nonapproved NonApproved Table 5: Modes List and Description Mode Change Instructions and Status: When the module starts up successfully, after passing all the pre-operational self-test and the cryptographic algorithms self-tests (CASTs), the module is operating in the approved mode of operation by default and can only be transitioned into the non-approved mode by calling one of the non-approved services listed in the Non-Approved Services table. The module will transition back to approved mode when approved service is called. Section 4 provides details on the service indicator implemented by the module. The service indicator identifies when an approved service is called. The module does not implement a degraded mode of operation.
Approved Algorithms: © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA3224 HMAC-SHA3256 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA3384 HMAC-SHA3512 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA2224 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3512 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA3384 HMAC-SHA3512 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
| Name | Approved Functions | Properties | ||
|---|---|---|---|---|
| Cryptographic Key Generation (CKG) with RSA | RSA (FIPS 186-4):2048, 3072, 4096 with 112, 128, 149 bits of strength | libgcrypt (64 bit) (No Acceleration) | SP 800- 133Rev2 | |
| Cryptographic Key Generation (CKG) with ECDSA | ECDSA:P-224, P-256, P- 384, P-521 with 112, 128, 192, 256 bits of strength | libgcrypt (64 bit) (No Acceleration) | SP 800- 133Rev2 | |
| MD5 | Message Digest | |||
| ECDH | Shared Secret Computation | |||
| AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAX | Symmetric encryption and decryption | |||
| RSA | Signature generation/verification primitives | |||
| RSA | Encryption/decryption primitives | |||
| RSA using public key flags not listed in section 4.8 | Key generation | |||
| RSA using public key flags not listed in section 4.8 | Signature generation/verification | |||
| ECDSA | Signature generation/verification primitives | |||
| ECDSA using public key flags not listed in section 4.8 | Key generation | |||
| ECDSA using public key flags not listed in section 4.8 | Signature generation/verification |
| Name | Approved Functions | Properties | ||
|---|---|---|---|---|
| Cryptographic Key Generation (CKG) with RSA | RSA (FIPS 186-4):2048, 3072, 4096 with 112, 128, 149 bits of strength | libgcrypt (64 bit) (No Acceleration) | SP 800- 133Rev2 | |
| Cryptographic Key Generation (CKG) with ECDSA | ECDSA:P-224, P-256, P- 384, P-521 with 112, 128, 192, 256 bits of strength | libgcrypt (64 bit) (No Acceleration) | SP 800- 133Rev2 | |
| MD5 | Message Digest | |||
| ECDH | Shared Secret Computation | |||
| AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAX | Symmetric encryption and decryption | |||
| RSA | Signature generation/verification primitives | |||
| RSA | Encryption/decryption primitives | |||
| RSA using public key flags not listed in section 4.8 | Key generation | |||
| RSA using public key flags not listed in section 4.8 | Signature generation/verification | |||
| ECDSA | Signature generation/verification primitives | |||
| ECDSA using public key flags not listed in section 4.8 | Key generation | |||
| ECDSA using public key flags not listed in section 4.8 | Signature generation/verification |
Red Hat Enterprise Linux 9 libgcrypt Table 6: Approved Algorithms The above table lists all approved cryptographic algorithms of the module, including specific key lengths employed for approved services, and implemented modes or methods of operation of the algorithms. Vendor-Affirmed Algorithms: SP 800133Rev2 SP 800133Rev2 Table 7: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: 4.8 4.8 Table 8: Non-Approved, Not Allowed Algorithms The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved services. © 2024 Red Hat, Inc., atsec information security.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Symmetric encryption and decryption | Encryption, decryption using AES | AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8 AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-OFB AES-OFB AES-OFB AES-OFB | BC-UnAuth | Keys:128, 192, 256- bit keys with 128-256 bits key strength |
| Message authentication generation using AES CMAC | Message authentication generation using AES CMAC | AES-CMAC AES-CMAC AES-CMAC AES-CMAC | MAC | AES-CMAC keys:128, 192, 256-bit keys with 128, 192, 256 bits of strength |
| Key wrapping with AES | Key wrapping with AES | AES-KW AES-KW AES-KW AES-KW AES-CCM AES-CCM AES-CCM AES-CCM | KTS-Wrap | Keys:128, 192, 256- bit keys with 128-256 bits of strength Compliance:Compliant with IG D.G AES Mode:KW, CCM |
| Key unwrapping with AES | Key unwrapping with AES | AES-KW AES-KW AES-KW AES-KW AES-CCM AES-CCM AES-CCM AES-CCM | KTS-Wrap | Keys:128, 192, 256- bit keys with 128-256 bits of strength Compliance:Compliant with IG D.G AES Mode:KW, CCM |
| Authenticated symmetric encryption and decryption | Encryption, decryption using AES CCM | AES-CCM AES-CCM AES-CCM AES-CCM | BC-Auth | Keys:128, 192, 256 bits with 128, 192, 256 bits of strength |
| Symmetric encryption and decryption with AES XTS (for data storage) | Encryption, decryption using AES XTS (for data storage) | AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 | BC-UnAuth | Keys:128, 256-bit keys with 128, 256 bits of strength |
| Random number generation with CTR_DRBG | Random number generation using CTR_DRBG | Counter DRBG Counter DRBG Counter DRBG Counter DRBG | DRBG | CTR_DRBG:AES-128, AES-192, AES-256 with DF, with/without PR |
| Random number generation with HMAC_DRBG | Random number generation using HMAC_DRBG | HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG | DRBG | HMAC_DRBG:SHA-1, SHA-256, SHA-512 with/without PR |
| Random number generation with Hash_DRBG | Random number generation using Hash_DRBG | Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG | DRBG | Hash_DRBG:SHA-1, SHA-256, SHA-512 with/without PR |
| Key pair generation with ECDSA | Key pair generation using ECDSA | ECDSA KeyGen (FIPS186-4) ECDSA | CKG | Curves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength |
Red Hat Enterprise Linux 9 libgcrypt
© 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
| Name | Description | Role Access | Approved Functions | Type |
|---|---|---|---|---|
| Key pair generation with RSA | Keys:2048, 3072, 4096 with 112, 128, 149 bits of strength Method:B.3.3 Random Probable Primes | Key pair generation using RSA IG D.H compliant | RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) | CKG |
| Public key verification with ECDSA | Curves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength | Public key verification using ECDSA | ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) | AsymKeyPair- KeyVer |
| Digital signature generation with ECDSA | Curves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength Hash:SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Digital signature generation using ECDSA | ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) | DigSig-SigGen |
| Digital signature generation with RSA | Padding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512, SHA2-512/224, SHA2-512/256 Keys:2048, 3072, | Digital signature generation using RSA | RSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) | DigSig-SigGen |
| 4096 with 112, 128, 149 bits of strength | 4096 with 112, 128, 149 bits of strength | RSA SigGen (FIPS186-4) | ||
| Digital signature verification with ECDSA | Curves:P-224, P-256, P-384, P-521 with 112, 128, 192, 256 bits of strength Hash:SHA2-224, SHA2- 256, SHA2-384, SHA2-512, SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Digital signature verification using ECDSA | ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) | DigSig-SigVer |
| FIPS 186-4 Digital signature verification with RSA | Padding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512, SHA2-512/224, SHA2-512/256 Keys:2048, 3072, 4096 with 112, 128, 149 bits of strength | FIPS 186-4 Digital signature verification using RSA | RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) | DigSig-SigVer |
| FIPS 186-2 Digital signature verification with RSA | Padding:PKCS#1v1.5, PSS Hash:SHA-224, SHA- 256, SHA-384, SHA- 512 Keys:1024, 1536 with 80, 92 bits of strength Compliance:FIPS 186- 2, IG C.F | FIPS 186-2 Digital signature verification using RSA Only for Legacy use | RSA SigVer (FIPS186-2) RSA SigVer (FIPS186-2) RSA SigVer (FIPS186-2) RSA SigVer (FIPS186-2) RSA SigVer (FIPS186-2) | DigSig-SigVer |
| Message authentication code with HMAC | Keys:112, 192, 256 bits with 112-256 bits of strength Hash:SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Message authentication code using HMAC | HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2- 224 HMAC-SHA2- 224 HMAC-SHA2- 224 HMAC-SHA2- 224 HMAC-SHA2- 224 HMAC-SHA2- | MAC |
Red Hat Enterprise Linux 9 libgcrypt AsymKeyPairKeyVer © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA3224 © 2024 Red Hat, Inc., atsec information security.
| Name | Description | Approved Functions | Type | |
|---|---|---|---|---|
| Key derivation with PBKDF | Key derivation using PBKDF | PBKDF PBKDF PBKDF PBKDF PBKDF | PBKDF | Derived key::112 to 256 bits HMAC:SHA-1, SHA- 224, SHA-256, SHA- 384, SHA-512, SHA2- 512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3- 384, SHA3-512 |
| Message digest with SHA-1 | Message digest using SHA-1 | SHA-1 SHA-1 SHA-1 SHA-1 SHA-1 SHA-1 | SHA | |
| Message digest with SHA-2 | Message digest using SHA-2 | SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-384 SHA2-384 SHA2-384 | SHA |
Red Hat Enterprise Linux 9 libgcrypt HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3512 HMAC-SHA3512 HMAC-SHA3512 © 2024 Red Hat, Inc., atsec information security.
| Name | Description | Approved Functions | Type |
|---|---|---|---|
| Message digest with SHA-3 | Message digest with SHA-3 | SHA3-224 SHA3-224 SHA3-224 SHA3-256 SHA3-256 SHA3-256 SHA3-384 SHA3-384 SHA3-384 SHA3-512 SHA3-512 SHA3-512 SHAKE-128 SHAKE-128 SHAKE-128 SHAKE-256 SHAKE-256 SHAKE-256 | SHA |
Red Hat Enterprise Linux 9 libgcrypt Table 9: Security Function Implementations
AES XTS The AES algorithm in XTS mode can be only used for the cryptographic protection of data on storage devices, as specified in [SP800-38E]. The length of a single data unit encrypted with the XTS-AES shall not exceed 2²⁰ AES blocks, that is 16MB of data. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. © 2024 Red Hat, Inc., atsec information security.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| RHEL Userspace CPU Time Jitter RNG Entropy Source | Non- Physical | 256-bits | Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel(R) Xeon(R) Silver 4216; Red Hat Enterprise Linux 9 running on IBM z16 3931-A01 with IBM z16; Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 running on | 225-bits | HMAC-SHA2- 512 DRBG |
| Cert | Vendor | ||
|---|---|---|---|
| Number | Name | ||
| E47 | Red Hat, Inc. |
The AES-XTS mode shall only be used for the cryptographic protection of data on storage devices. The AES-XTS shall not be used for other purposes, such as the encryption of data in transit. Key derivation using SP800-132 PBKDF The module provides password-based key derivation (PBKDF), compliant with SP800-132. The module supports option 1a from Section 5.4 of [SP800-132], in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance with [SP800-132] and FIPS 140-3 IG D.N, the following requirements shall be met.
Table 10: Entropy Certificates NonPhysical © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt Table 11: Entropy Sources The Module provides an SP800-90A-compliant Deterministic Random Bit Generator (DRBG) for creation of key components of asymmetric keys, and random number generation. The seeding (and automatic reseeding) of the DRBG is done with getrandom(). The module supports the Hash_DRBG, HMAC_DRBG and CTR_DRBG. The DRBG is initialized during module initialization; the module loads by default the DRBG using the HMAC_DRBG mechanism with SHA-256 and without prediction resistance. A different DRBG mechanism can be chosen by invoking the gcry_control(GCRYCTL_DRBG_REINIT) function. The module uses an [SP800-90B]-compliant entropy source specified in the above table. This entropy source is located within the module’s physical perimeter but outside of the module’s cryptographic boundary. The module obtains 384 bits to seed the DRBG and 256 bits to reseed it, respectivly corresponding to 337 bits of entropy for seeding and 225 bits for reseeding, which is not full entropy. Therefore, the module generates SSPs (e.g., keys) whose strengths are modified by available entropy. The module performs the DRBG health tests as defined in Section 11.3 of [SP800-90A].
KeyGenerationSubTable From Web Cryptik KeyGenerationSubTable The module provides an [SP800-90Arev1]-compliant Deterministic Random Bit Generator (DRBG) for the creation of key components of asymmetric keys, and random number generation. The Cryptographic Key Generation (CKG) methods implemented in the module for Approved services in approved mode are compliant with section 5.1 of [SP800-133rev2] and with IG D.H. For generating RSA and ECDSA keys the module implements asymmetric key © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt generation services compliant with [FIPS186-4]. A seed (i.e., the random value) used in asymmetric key generation is directly obtained from the [SP800-90Arev1] DRBG. Intermediate key generation values are not output from the module and are explicitly zeroized after processing the service
KeyAgreementSubTable From Web Cryptik KeyAgreementSubTable KeyTransportSubTable From Web Cryptik KeyTransportSubTable The module provides the following key transport mechanisms:
The module does not implement industry protocols, therefore this section is not applicable.
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API input parameters for data. |
| N/A | N/A | Data Output | API output parameters for data. |
| N/A | N/A | Control Input | API function calls, API input parameters for control input, /proc/sys/crypto/fips_enabled control file. |
| N/A | N/A | Status Output | API return codes, API output parameters for status output. |
Red Hat Enterprise Linux 9 libgcrypt
N/A N/A N/A N/A Table 12: Ports and Interfaces As a software-only module, the module does not have physical ports. The operator can only interact with the module through the API provided by the module. Thus, the physical ports are interpreted to be the physical ports of the hardware platform on which the module runs. All data output via data output interface is inhibited when the module is performing preoperational test or zeroization or when the module enters error state. The module does not implement a control output interface.
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmetric encryption and decryption | Encrypt a plaintext / Decrypt a ciphertext | Crypto Officer - AES keys: W,E | Symme tric encrypti on and decrypti on Authent icated symmet ric encrypti on and decrypti on Symme tric encrypti on and decrypti on with AES XTS (for data storage ) | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_CIPHE R, ...) returns GPG_ERR_NO_E RROR | AES key, plaintext/ci phertext | Cipher text/ plaint ext |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmetric encryption and decryption | Encrypt a plaintext / Decrypt a ciphertext | Crypto Officer - AES keys: W,E | Symme tric encrypti on and decrypti on Authent icated symmet ric encrypti on and decrypti on Symme tric encrypti on and decrypti on with AES XTS (for data storage ) | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_CIPHE R, ...) returns GPG_ERR_NO_E RROR | AES key, plaintext/ci phertext | Cipher text/ plaint ext | |||
| Key Pair Generation with RSA | Generate a key pair | Crypto Officer - RSA Private Key: G,R - RSA Public Key: G,R - Interm ediate key genera tion value: G,E,Z | Key pair generat ion with RSA | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_PK_FLA GS, ...) returns GPG_ERR_NO_E RROR | Modulus bits | RSA public key, RSA privat e key | |||
| Key Pair Generation with ECDSA | Generate a key pair | Crypto Officer - ECDSA Private Key: G,R - ECDSA Public Key: G,R - Interm ediate key genera tion value: G,E,Z | Key pair generat ion with ECDSA | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_PK_FLA GS, ...) returns GPG_ERR_NO_E RROR | Curve | ECDS A public key, ECDS A privat e key | |||
| Digital signature generation with RSA | Generate a signature | Crypto Officer - RSA Private Key: W,E | Digital signatur e generat ion with RSA | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_PK_FLA GS, ...) and gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_MD, ...) return | RSA private key, message | Signat ure | |||
| Digital signature generation with ECDSA | Generate a signature | Crypto Officer - ECDSA Private Key: W,E | Digital signatur e generat ion with ECDSA | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_PK_FLA GS, ...) and gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_MD, ...) return GPG_ERR_NO_E RROR | ECDSA private key, message | Signat ure | |||
| Digital signature verification with RSA | Verify a signature | Crypto Officer - RSA Public Key: W,E | FIPS 186-4 Digital signatur e verificat ion with RSA FIPS 186-2 Digital signatur e verificat ion with RSA | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_PK_FLA GS, ...) and gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_MD, ...) return GPG_ERR_NO_E RROR | RSA public key, message, signature | Pass/f ail | |||
| Digital signature verification with ECDSA | Verify a signature | Crypto Officer - ECDSA Public Key: W,E | Digital signatur e verificat ion with ECDSA | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_PK_FLA GS, ...) and gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_MD, ...) return GPG_ERR_NO_E RROR | ECDSA public key, message, signature | Pass/f ail | |||
| Public key verification | Verify ECDSA public key | Crypto Officer - ECDSA Public | Public key verificat ion with ECDSA | gcry_mpi_ec_cu rve_point() returns GPG_ERR_NO_E RROR | ECDSA public key | Pass/f ail | |||
| Random Number Generation with CTR_DRBG/H MAC_DRBG | Generate random bitstrings from CTR_DRBG/H MAC_DRBG | Crypto Officer - Entrop y Input: W,E - DRBG seed: G,E - DRBG interna l state (V value, Key): G,W,E | Random number generat ion with CTR_DR BG Random number generat ion with HMAC_ DRBG | gcry_randomize (), gcry_random_by tes(), gcry_random_by tes_secure() return GPG_ERR_NO_E RROR | Output length | Rando m bytes | |||
| Random Number Generation with Hash_DRBG | Generate random bitstrings from Hash_DRBG | Crypto Officer - Entrop y Input: W,E - DRBG seed: G,E - DRBG interna l state (V value, C value): G,W,E | Random number generat ion with Hash_D RBG | gcry_randomize (), gcry_random_by tes(), gcry_random_by tes_secure() return GPG_ERR_NO_E RROR | Output length | Rando m bytes | |||
| Message digest | Compute SHA hashes | Crypto Officer | Messag e digest with SHA-3 Messag e digest with SHA-1 Messag e digest | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_MD, ...) returns GPG_ERR_NO_E RROR | Message | Digest value | |||
| Message authenticatio n code (MAC) with HMAC | Compute HMAC | Crypto Officer - HMAC keys: W,E | Messag e authent ication code with HMAC | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_MAC, .. .) returns GPG_ERR_NO_E RROR | HMAC key | MAC tag | |||
| Message authenticatio n code (MAC) with CMAC | Compute AES-based CMAC | Crypto Officer - AES keys: W,E | Messag e authent ication generat ion with AES- CMAC | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_MAC, .. .) returns GPG_ERR_NO_E RROR | AES key | MAC tag | |||
| Key wrapping | Perform AES- based key wrapping | Crypto Officer - AES keys: W,E | Key wrappin g with AES | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_CIPHE R, ...) returns GPG_ERR_NO_E RROR | AES key, any CSP | Wrapp ed CSP | |||
| Key unwrapping | Perform AES- based key unwrapping | Crypto Officer - AES keys: W,E | Key unwrap ping with AES | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_CIPHE R, ...) returns GPG_ERR_NO_E RROR | AES key, wrapped CSP | Unwra pped CSP | |||
| Key derivation | Perform key derivation | Crypto Officer - Passwo rd or passph rase: W,E - Derive d key: G,R | Key derivati on with PBKDF | gcry_control(GC RYCTL_FIPS_ SERVICE_INDICA TOR_KDF, ... ) returns GPG_ERR_NO_E RROR | Password, salt, iteration count | Derive d key | |||
| On-demand Integrity test | Perform on- demand integrity test | Crypto Officer | Messag e authent ication | N/A | N/A | Pass/f ail |
Red Hat Enterprise Linux 9 libgcrypt
N/A for this module. The module does not support authentication.
Table 13: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module.
y ) s W,E © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt y A A e s G,R G,R G,E,Z G,R G,R G,E,Z W,E © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt y s e W,E e e W,E e W,E © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt (), (), y m m s W,E y W,E G,E (V G,W,E y W,E G,E (V C G,W,E © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt y e e AESCMAC s W,E W,E W,E W,E Perform ondemand N/A W,E G,R N/A e © 2024 Red Hat, Inc., atsec information security.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|
| Show status | Show module status | None | Crypto Officer | N/A | N/A | Modul e status | |
| Self-tests | Perform self- tests | None | Crypto Officer | N/A | N/A | Pass/f ail | |
| Show module name and version | Show module name and version | None | Crypto Officer | N/A | N/A | Modul e name and versio n inform ation | |
| Symmetric encryption/decryption | CO | AES encryption/decryption using non-approved AES modes | AES-GCM, AES- GCM-SIV, AES- OCB, AES-EAX | ||||
| Message digest | CO | Non-approved message digest | MD5 | ||||
| Shared Secret Computation | CO | ECDH Shared Secret Computation | ECDH | ||||
| Key generation with RSA | CO | Generate RSA key pairs using public key flags not listed in section 4.8. | RSA using public key flags not listed in section 4.8 RSA using public key flags not listed in section 4.8 | ||||
| Key generation with ECDSA | CO | Generate ECDSA key pairs using public key flags not listed in section 4.8. | ECDSA using public key flags not listed in section 4.8 ECDSA using public key flags not listed in section 4.8 | ||||
| Digital signature generation/verification with RSA | CO | Generate/verify a signature using RSA Signature generation/verification primitives | RSA | ||||
| Digital signature generation/verification with ECDSA | CO | Generate/verify a signature using ECDSA Signature generation/verification primitives | ECDSA | ||||
| Asymmetric encryption/decryption | CO | Perform encryption/decryption using RSA encryption/decryption primitives | RSA |
Red Hat Enterprise Linux 9 libgcrypt y N/A N/A e N/A N/A N/A N/A N/A e n Perform selftests N/A s Table 14: Approved Services The table above lists the approved services. For each service, the table lists the associated cryptographic algorithm(s), the role to perform the service, the cryptographic keys or CSPs involved, and their access type(s). The following convention is used to specify access rights to a CSP: • G = Generate: The module generates or derives the SSP. • R = Read: The SSP is read from the module (e.g., the SSP is output). • W = Write: The SSP is updated, imported, or written to the module. • E = Execute: The module uses the SSP in performing a cryptographic operation. • Z = Zeroise: The module zeroises the SSP. • N/A: the calling application does not access any CSP or key during its operation. The details of the approved cryptographic algorithms including the CAVP certificate numbers can be found in the Approved Algorithm table. In order to check whether it utilizes an approved security function or not, the operator is responsible to invoke the gcry_control() API along with dedicated controls in the form of API input parameters. The module implements the following controls depending on the requested service:
Red Hat Enterprise Linux 9 libgcrypt
1 The list of public key flags allowed in approved mode of operation is described in Section 4.8 Additional
Information. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt Table 15: Non-Approved Services
The module does not have the capability of loading software or firmware from an external source.
Below are listed the approved public key flags for an input s-expression: d e n q r s © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
The integrity of the module is verified comparing the HMAC-SHA-256 value calculated at run time with the HMAC-SHA-256 value embedded in the module’s ELF header that was computed at build time for each software component of the module. If the HMAC values do not match, the test fails and the module enters the error state.
Integrity tests are performed as part of the Pre-Operational Self-Tests. The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational tests (i.e., integrity test) and cryptographic algorithm self-tests (CASTs). This service can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) API function call or by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output or input is possible. In order to verify whether the self-tests have succeeded and the module is in the Operational state, the calling application may invoke the gcry_control(GCRYCTL_OPERATIONAL_P). The function will return TRUE if the module is in the operational state, FALSE if the module is in the Error state.
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
Type of Operational Environment: Modifiable How Requirements are Satisfied: The module should be compiled and installed as stated in section 11. The user should confirm that the module is installed correctly by running: 1. fips-mode-setup --check command to verify that the system is operating in Approved mode 2. check the output of the gcry_get_config() API, which should output Red Hat Enterprise Linux 9 libgcrypt 1.10.0-8b6840b590cedd43 The module does not support concurrent operators.
Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment.
The module shall be installed as stated in Section 11. If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. © 2024 Red Hat, Inc., atsec information security.
| Temp/Voltage Type | Temperature or Voltage | EFP | Result |
|---|---|---|---|
| or | |||
| EFT | |||
| LowTemperature | |||
| HighTemperature | |||
| LowVoltage | |||
| HighVoltage |
| Temperature | Temperature | |
|---|---|---|
| Type | ||
| LowTemperature | ||
| HighTemperature |
Red Hat Enterprise Linux 9 libgcrypt
The module is comprised of software only and therefore this section is not applicable.
Not Applicable. N/A for this module.
Not Applicable. Number: Placement: Surface Preparation: Operator Responsible for Securing Unused Seals: Part Numbers:
Not Applicable. Not Applicable. Table 16: EFP/EFT Information
Not Applicable. Table 17: Hardness Testing Temperatures © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
This module does not implement any non-invasive security mechanism, and therefore this Section is not applicable.
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs |
| Name | Approved Functions | Type | From | To | Distributio n Type |
|---|---|---|---|---|---|
| API input parameter s (plaintext) | Electroni c | Plaintex t | Calling application within TOEPP | Cryptographi c module | Manual |
| API output parameter s (plaintext) | Electroni c | Plaintex t | Cryptographi c module | Calling application within TOEPP | Manual |
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Wipe and Free memory block allocated | Zeroizes the SSPs contained within the cipher handle. | Memory occupied by SSPs is overwritten with zeroes and then it is released, which renders the SSP values irretrievable. The completion of the zeroization routine | By calling the cipher related zeroization API which are the following: gcry_free(), gcry_cipher_close(), gcry_mac_close(), gcry_sexp_release(), gcry_mpi_release(), gcry_ctx_release(), gcry_mpi_point_release(), |
Red Hat Enterprise Linux 9 libgcrypt
Table 18: Storage Areas destroyed when released by the appropriate zeroization function calls. s s t c t c m Table 19: SSP Input-Output Methods API output parameters in plaintext form within the physical perimeter of the operational environment. This is allowed by [FIPS140-3_IG] 9.5.A, according to the “CM Software to/from App via TOEPP Path” entry on the Key Establishment Table. © 2024 Red Hat, Inc., atsec information security.
| Name | Algorithm Or Test | Test Method | Details | Operator Initiation gcry ctrl(GCRYCTL TE RM SECMEM) |
|---|---|---|---|---|
| Automatic | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. | Automatic | Automatically zeroized by the module when no longer needed | N/A |
| Module Reset | Volatile memory used by the module is overwritten within nanoseconds when power is removed. | Module Reset | De-allocates the volatile memory used to store SSPs | By unloading and reloading the module |
| Name | Type | Description | Strength | Use |
|---|---|---|---|---|
| AES keys | Symmetri c key - CSP | AES key used for encryptio n, decryptio n, and computin g MAC tags | AES-XTS: 128, 256; Other modes: 128, 192, 256 - AES- XTS: 128, 256; Other modes: 128, 192, 256 | Symmetric encryption and decryption Message authenticat ion generation with AES- CMAC Authenticat ed symmetric encryption and decryption Symmetric encryption |
Red Hat Enterprise Linux 9 libgcrypt N/A Table 20: SSP Zeroization Methods The memory occupied by SSPs is allocated by regular memory allocation operating system calls. The application that is acting as the CO is responsible for calling the appropriate zeroization functions provided in the module's API and listed in the above table. Calling gcry_free(), which will zeroize the SSPs and also invoke the corresponding API functions listed in the above table to zeroize SSPs. The zeroization functions overwrite the memory deallocation operating system call. In case of abnormal termination, or swap in/out of a physical memory page of a process, the keys in physical memory are overwritten by the Linux kernel before the physical memory is allocated to another process. The completion of a zeroization routine(s) will indicate that a zeroization procedure succeeded. n, with AESCMAC © 2024 Red Hat, Inc., atsec information security.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Input | |
|---|---|---|---|---|---|---|---|---|
| HMAC keys | Symmetri c key - CSP | HMAC key used for computin g MAC tags | 112-256 bits - 112-256 bits | Message authenticat ion code with HMAC | ||||
| RSA Private Key | Private key - CSP | Private key used for RSA signature generatio n | 2048, 3072, 4096 bits - 112, 128, 149 bits | Key pair generatio n with RSA | Digital signature generation with RSA | |||
| RSA Public Key | Public key - PSP | Public key used for RSA signature verificatio n | 2048, 3072, 4096 bits bits - 112, 128, 149 bits | Key pair generatio n with RSA | FIPS 186-4 Digital signature verification with RSA FIPS 186-2 Digital signature verification with RSA | |||
| ECDSA Private Key | Private key - CSP | Private key used for ECDSA signature generatio n | P-224, P-256, P-384, P-521 - 112, 128, 192, 256 bits | Key pair generatio n with ECDSA | Public key verification with ECDSA Digital signature generation with ECDSA | |||
| ECDSA Public Key | Public key - PSP | Public key used for ECDSA signature verificatio n | P-224, P-256, P-384, P-521 - 112, 128, 192, 256 bits | Key pair generatio n with ECDSA | Digital signature verification with ECDSA | |||
| Intermedi ate key generatio n value | Intermedi ate value - CSP | Intermedi ate key pair generatio n value generated during key generatio | 112-256 - 112-256 bits | Key pair generatio n with RSA Key pair generatio n with ECDSA | Key pair generation with RSA Key pair generation with ECDSA | |||
| Password or passphras e | Password - CSP | Password used to derive symmetri c keys | Minimum of 8 character - N/A | Key derivation with PBKDF | ||||
| Derived key | Symmetri c key - CSP | Symmetri c key derived from a key derivation key, shared secret, or password | 112-4096 bits - 112- 256 bits | Key derivation with PBKDF | ||||
| Entropy Input | Entropy input - CSP | Entropy input used to seed the DRBG (IG D.L compliant ) | 128-384 bits - 112-337 bits | Random number generation with CTR_DRBG Random number generation with HMAC_DRB G Random number generation with Hash_DRB G | ||||
| DRBG internal state (V value, C value) | Internal state - CSP | Internal state of the Hash_DRB G (IG D.L compliant ) | 880, 1776 bits - 128, 256 bits | Random number generatio n with Hash_DRB G | Random number generation with Hash_DRB G | |||
| DRBG internal state (V value, Key) | Internal state - CSP | Internal state of the CTR_DRB G and HMAC_DR BG (IG D.L compliant ) | CTR_DRBG: 256, 320, 384 bits; HMAC_DRBG: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bits | Random number generatio n with CTR_DRB G Random number generatio n with HMAC_DR BG | Random number generation with CTR_DRBG Random number generation with HMAC_DRB G | |||
| DRBG seed | Seed - CSP | DRBG seed derived from entropy input as defined in SP 800- 90Ar1 (IG D.L compliant ) | CTR_DRBG: 256, 320, 384 bits; HMAC_DBRG: 440, 880 bits;Hash_DR BG: 440, 880 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bits; Hash_DRBG: 128, 256 bits; | Random number generatio n with CTR_DRB G Random number generatio n with HMAC_DR BG Random number generatio n with Hash_DRB G | Random number generation with CTR_DRBG Random number generation with HMAC_DRB G Random number generation with Hash_DRB G | |||
| AES keys | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) | From service invocation until cipherhandl e is freed | ||||
| HMAC keys | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) | From service invocation until cipherhandl e is freed |
Red Hat Enterprise Linux 9 libgcrypt n n n n © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt e (SP 800133r2 5.2) D.L ) ) bits - 112256 bits G G G G © 2024 Red Hat, Inc., atsec information security.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Input | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|
| DRBG internal state (V value, Key) | Internal state - CSP | Internal state of the CTR_DRB G and HMAC_DR BG (IG D.L compliant ) | CTR_DRBG: 256, 320, 384 bits; HMAC_DRBG: 320, 512, 1024 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bits | Random number generatio n with CTR_DRB G Random number generatio n with HMAC_DR BG | Random number generation with CTR_DRBG Random number generation with HMAC_DRB G | ||||
| DRBG seed | Seed - CSP | DRBG seed derived from entropy input as defined in SP 800- 90Ar1 (IG D.L compliant ) | CTR_DRBG: 256, 320, 384 bits; HMAC_DBRG: 440, 880 bits;Hash_DR BG: 440, 880 bits - CTR_DRBG: 128, 192, 256 bits; HMAC_DRBG: 128, 256 bits; Hash_DRBG: 128, 256 bits; | Random number generatio n with CTR_DRB G Random number generatio n with HMAC_DR BG Random number generatio n with Hash_DRB G | Random number generation with CTR_DRBG Random number generation with HMAC_DRB G Random number generation with Hash_DRB G | ||||
| AES keys | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) | From service invocation until cipherhandl e is freed | |||||
| HMAC keys | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) | From service invocation until cipherhandl e is freed | |||||
| RSA Private Key | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) API output parameter s (plaintext) | From service invocation until cipherhandl e is freed | RSA Public Key:Paired With DRBG internal state (V value, Key):Generated from Intermediate key generation value:Generated from | ||||
| RSA Public Key | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) API output parameter s (plaintext) | From service invocation until cipherhandl e is freed | RSA Private Key:Paired With DRBG internal state (V value, C value):Generated from Intermediate key generation value:Generated from | ||||
| ECDSA Private Key | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) API output parameter s (plaintext) | From service invocation until cipherhandl e is freed | ECDSA Public Key:Paired With DRBG internal state (V value, C value):Generated from Intermediate key generation value:Generated from | ||||
| ECDSA Public Key | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) API output parameter s (plaintext) | From service invocation until cipherhandl e is freed | ECDSA Private Key:Paired With DRBG internal state (V value, C value):Generated from Intermediate key generation value:Generated from | ||||
| Intermediat e key generation value | RAM:Plaintex t | Automatic | From service invocation until cipherhandl e is freed | RSA Private Key:Generates RSA Public Key:Generates ECDSA Private Key:Generates ECDSA Public Key:Generates | |||||
| Password or passphrase | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API input parameter s (plaintext) | From service invocation until cipherhandl e is freed | Derived key:Derivation of | ||||
| Derived key | RAM:Plaintex t | Wipe and Free memory block allocated Module Reset | API output parameter s (plaintext) | From service invocation until cipherhandl e is freed | Password or passphrase:Derive d From | ||||
| Entropy Input | RAM:Plaintex t | Automatic | From service invocation until cipherhandl e is freed | DRBG seed:Derivation of | |||||
| DRBG internal state (V value, C value) | RAM:Plaintex t | Automatic | From service invocation until cipherhandl e is freed | DRBG seed:Generated from | |||||
| DRBG internal state (V value, Key) | RAM:Plaintex t | Automatic | From service invocation until cipherhandl e is freed | DRBG seed:Generated from | |||||
| DRBG seed | RAM:Plaintex t | Automatic | From service invocation until cipherhandl e is freed | Entropy Input:Derived From DRBG internal state (V value, C value):Generation of DRBG internal state (V value, Key):Generation of |
Red Hat Enterprise Linux 9 libgcrypt ) D.L ) G G G G G G Table 21: SSP Table 1 s s t t n © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt s s s s s s s s n t t t t t © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt s s t t t t t t n Table 22: SSP Table 2 The tables above summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2030.
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A3760) | HMAC- SHA2-256 (A3760) | Message authenticatio n | SW/FW Integrit y | Integrity test for /usr/lib64/libgcrypt.so.20.4 .0 | 256-bit key | Module becomes operation al and services are available for use | |
| AES-ECB (A3757) | AES-ECB (A3757) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test |
| AES-ECB (A3759) | AES-ECB (A3759) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test |
| AES-ECB (A3760) | AES-ECB (A3760) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test |
| AES-ECB (A3762) | AES-ECB (A3762) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A3760) | HMAC- SHA2-256 (A3760) | Message authenticatio n | SW/FW Integrit y | Integrity test for /usr/lib64/libgcrypt.so.20.4 .0 | 256-bit key | Module becomes operation al and services are available for use | |||
| AES-ECB (A3757) | AES-ECB (A3757) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A3759) | AES-ECB (A3759) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A3760) | AES-ECB (A3760) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A3762) | AES-ECB (A3762) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4675) | AES-ECB (A4675) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4676) | AES-ECB (A4676) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A3757) | AES-ECB (A3757) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A3759) | AES-ECB (A3759) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A3760) | AES-ECB (A3760) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A3762) | AES-ECB (A3762) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4675) | AES-ECB (A4675) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A4676) | AES-ECB (A4676) | KAT | CAST | Symmetric operation | 128, 192, 256-bit keys, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-CMAC (A3757) | AES-CMAC (A3757) | KAT | CAST | Message authentication | 128-bit key MAC generation, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-CMAC (A3759) | AES-CMAC (A3759) | KAT | CAST | Message authentication | 128-bit key MAC | Module becomes operational | Test runs at power-on before the | ||
| generation, encrypt | generation, encrypt | integrity test | |||||||
| AES-CMAC (A3760) | AES-CMAC (A3760) | KAT | CAST | Message authentication | 128-bit key MAC generation, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-CMAC (A3762) | AES-CMAC (A3762) | KAT | CAST | Message authentication | 128-bit key MAC generation, encrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| Counter DRBG (A3757) | Counter DRBG (A3757) | KAT | CAST | Compliant with SP 800- 90Ar1 | AES 128-bit key with DF, with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Counter DRBG (A3759) | Counter DRBG (A3759) | KAT | CAST | Compliant with SP 800- 90Ar1 | AES 128-bit key with DF, with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Counter DRBG (A3760) | Counter DRBG (A3760) | KAT | CAST | Compliant with SP 800- 90Ar1 | AES 128-bit key with DF, with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Counter DRBG (A3762) | Counter DRBG (A3762) | KAT | CAST | Compliant with SP 800- 90Ar1 | AES 128-bit key with DF, with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3757) | Hash DRBG (A3757) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA2-256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3759) | Hash DRBG (A3759) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA2-256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3760) | Hash DRBG (A3760) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA2-256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3761) | Hash DRBG (A3761) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA2-256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3762) | Hash DRBG (A3762) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA2-256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3757) | Hash DRBG (A3757) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA-1 without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3759) | Hash DRBG (A3759) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA-1 without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3760) | Hash DRBG (A3760) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA-1 without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3761) | Hash DRBG (A3761) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA-1 without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A3762) | Hash DRBG (A3762) | KAT | CAST | Compliant with SP 800- 90Ar1 | SHA-1 without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC DRBG (A3757) | HMAC DRBG (A3757) | KAT | CAST | Compliant with SP 800- 90Ar1 | HMAC-SHA2- 256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC DRBG (A3759) | HMAC DRBG (A3759) | KAT | CAST | Compliant with SP 800- 90Ar1 | HMAC-SHA2- 256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC DRBG (A3760) | HMAC DRBG (A3760) | KAT | CAST | Compliant with SP 800- 90Ar1 | HMAC-SHA2- 256 with and without PR | Module becomes operational | Test runs at power-on before the | ||
| HMAC DRBG (A3761) | HMAC DRBG (A3761) | KAT | CAST | Compliant with SP 800- 90Ar1 | HMAC-SHA2- 256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC DRBG (A3762) | HMAC DRBG (A3762) | KAT | CAST | Compliant with SP 800- 90Ar1 | HMAC-SHA2- 256 with and without PR | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186- 4) (A3757) | ECDSA SigGen (FIPS186- 4) (A3757) | KAT | CAST | Digital signature generation | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186- 4) (A3759) | ECDSA SigGen (FIPS186- 4) (A3759) | KAT | CAST | Digital signature generation | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186- 4) (A3760) | ECDSA SigGen (FIPS186- 4) (A3760) | KAT | CAST | Digital signature generation | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186- 4) (A3761) | ECDSA SigGen (FIPS186- 4) (A3761) | KAT | CAST | Digital signature generation | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186- 4) (A3762) | ECDSA SigGen (FIPS186- 4) (A3762) | KAT | CAST | Digital signature generation | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3757) | ECDSA SigVer (FIPS186- 4) (A3757) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3759) | ECDSA SigVer (FIPS186- 4) (A3759) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3760) | ECDSA SigVer (FIPS186- 4) (A3760) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3761) | ECDSA SigVer (FIPS186- 4) (A3761) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3762) | ECDSA SigVer (FIPS186- 4) (A3762) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3757) | ECDSA SigVer (FIPS186- 4) (A3757) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3759) | ECDSA SigVer (FIPS186- 4) (A3759) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3760) | ECDSA SigVer (FIPS186- 4) (A3760) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3761) | ECDSA SigVer (FIPS186- 4) (A3761) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186- 4) (A3762) | ECDSA SigVer (FIPS186- 4) (A3762) | KAT | CAST | Digital signature verification | P-256 and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC-SHA- 1 (A3757) | HMAC-SHA- 1 (A3757) | KAT | CAST | Message authentication | SHA-1 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC-SHA- 1 (A3758) | HMAC-SHA- 1 (A3758) | KAT | CAST | Message authentication | SHA-1 | Module becomes operational | Test runs at power-on before the | ||
| HMAC-SHA- 1 (A3759) | HMAC-SHA- 1 (A3759) | KAT | CAST | Message authentication | SHA-1 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC-SHA- 1 (A3760) | HMAC-SHA- 1 (A3760) | KAT | CAST | Message authentication | SHA-1 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC-SHA- 1 (A3761) | HMAC-SHA- 1 (A3761) | KAT | CAST | Message authentication | SHA-1 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC-SHA- 1 (A3762) | HMAC-SHA- 1 (A3762) | KAT | CAST | Message authentication | SHA-1 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-224 (A3757) | HMAC- SHA2-224 (A3757) | KAT | CAST | Message authentication | SHA2-224 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-224 (A3759) | HMAC- SHA2-224 (A3759) | KAT | CAST | Message authentication | SHA2-224 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-224 (A3760) | HMAC- SHA2-224 (A3760) | KAT | CAST | Message authentication | SHA2-224 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-224 (A3761) | HMAC- SHA2-224 (A3761) | KAT | CAST | Message authentication | SHA2-224 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-224 (A3762) | HMAC- SHA2-224 (A3762) | KAT | CAST | Message authentication | SHA2-224 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A3757) | HMAC- SHA2-256 (A3757) | KAT | CAST | Message authentication | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A3759) | HMAC- SHA2-256 (A3759) | KAT | CAST | Message authentication | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A3760) | HMAC- SHA2-256 (A3760) | KAT | CAST | Message authentication | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A3761) | HMAC- SHA2-256 (A3761) | KAT | CAST | Message authentication | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A3762) | HMAC- SHA2-256 (A3762) | KAT | CAST | Message authentication | SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-384 (A3757) | HMAC- SHA2-384 (A3757) | KAT | CAST | Message authentication | SHA2-384 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-384 (A3759) | HMAC- SHA2-384 (A3759) | KAT | CAST | Message authentication | SHA2-384 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-384 (A3760) | HMAC- SHA2-384 (A3760) | KAT | CAST | Message authentication | SHA2-384 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-384 (A3761) | HMAC- SHA2-384 (A3761) | KAT | CAST | Message authentication | SHA2-384 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-384 (A3762) | HMAC- SHA2-384 (A3762) | KAT | CAST | Message authentication | SHA2-384 | Module becomes operational | Test runs at power-on before the | ||
| HMAC- SHA2-512 (A3757) | HMAC- SHA2-512 (A3757) | KAT | CAST | Message authentication | SHA2-512 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-512 (A3759) | HMAC- SHA2-512 (A3759) | KAT | CAST | Message authentication | SHA2-512 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-512 (A3760) | HMAC- SHA2-512 (A3760) | KAT | CAST | Message authentication | SHA2-512 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-512 (A3761) | HMAC- SHA2-512 (A3761) | KAT | CAST | Message authentication | SHA2-512 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-512 (A3762) | HMAC- SHA2-512 (A3762) | KAT | CAST | Message authentication | SHA2-512 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-224 (A3757) | HMAC- SHA3-224 (A3757) | KAT | CAST | Message authentication | SHA3-224 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-224 (A3761) | HMAC- SHA3-224 (A3761) | KAT | CAST | Message authentication | SHA3-224 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-224 (A3762) | HMAC- SHA3-224 (A3762) | KAT | CAST | Message authentication | SHA3-224 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-256 (A3757) | HMAC- SHA3-256 (A3757) | KAT | CAST | Message authentication | SHA3-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-256 (A3761) | HMAC- SHA3-256 (A3761) | KAT | CAST | Message authentication | SHA3-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-256 (A3762) | HMAC- SHA3-256 (A3762) | KAT | CAST | Message authentication | SHA3-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-384 (A3757) | HMAC- SHA3-384 (A3757) | KAT | CAST | Message authentication | SHA3-384 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-384 (A3761) | HMAC- SHA3-384 (A3761) | KAT | CAST | Message authentication | SHA3-384 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-384 (A3762) | HMAC- SHA3-384 (A3762) | KAT | CAST | Message authentication | SHA3-384 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-512 (A3757) | HMAC- SHA3-512 (A3757) | KAT | CAST | Message authentication | SHA3-512 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-512 (A3761) | HMAC- SHA3-512 (A3761) | KAT | CAST | Message authentication | SHA3-512 | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA3-512 (A3762) | HMAC- SHA3-512 (A3762) | KAT | CAST | Message authentication | SHA3-512 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186- 4) (A3757) | RSA SigGen (FIPS186- 4) (A3757) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen | RSA SigGen | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with 2048-bit | Module becomes operational | Test runs at power-on before the | ||
| (FIPS186- 4) (A3759) | (FIPS186- 4) (A3759) | key and SHA2-256 | integrity test | ||||||
| RSA SigGen (FIPS186- 4) (A3760) | RSA SigGen (FIPS186- 4) (A3760) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186- 4) (A3761) | RSA SigGen (FIPS186- 4) (A3761) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186- 4) (A3762) | RSA SigGen (FIPS186- 4) (A3762) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186- 4) (A3757) | RSA SigVer (FIPS186- 4) (A3757) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186- 4) (A3759) | RSA SigVer (FIPS186- 4) (A3759) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186- 4) (A3760) | RSA SigVer (FIPS186- 4) (A3760) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186- 4) (A3761) | RSA SigVer (FIPS186- 4) (A3761) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186- 4) (A3762) | RSA SigVer (FIPS186- 4) (A3762) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A3757) | SHA-1 (A3757) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A3758) | SHA-1 (A3758) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A3759) | SHA-1 (A3759) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A3760) | SHA-1 (A3760) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A3761) | SHA-1 (A3761) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A3762) | SHA-1 (A3762) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-224 (A3757) | SHA2-224 (A3757) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-224 (A3759) | SHA2-224 (A3759) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-224 (A3760) | SHA2-224 (A3760) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-224 (A3761) | SHA2-224 (A3761) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-224 (A3762) | SHA2-224 (A3762) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the | ||
| SHA2-256 (A3757) | SHA2-256 (A3757) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-256 (A3759) | SHA2-256 (A3759) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-256 (A3760) | SHA2-256 (A3760) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-256 (A3761) | SHA2-256 (A3761) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-256 (A3762) | SHA2-256 (A3762) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-256 (A4675) | SHA2-256 (A4675) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-256 (A4676) | SHA2-256 (A4676) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-384 (A3757) | SHA2-384 (A3757) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-384 (A3759) | SHA2-384 (A3759) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-384 (A3760) | SHA2-384 (A3760) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-384 (A3761) | SHA2-384 (A3761) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-384 (A3762) | SHA2-384 (A3762) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A3757) | SHA2-512 (A3757) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A3759) | SHA2-512 (A3759) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A3760) | SHA2-512 (A3760) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A3761) | SHA2-512 (A3761) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A3762) | SHA2-512 (A3762) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A4675) | SHA2-512 (A4675) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A4676) | SHA2-512 (A4676) | KAT | CAST | Message digest | Message digest | Module becomes operational | Test runs at power-on before the | ||
| PBKDF (A3757) | PBKDF (A3757) | KAT | CAST | Password- based key derivation | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A3759) | PBKDF (A3759) | KAT | CAST | Password- based key derivation | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A3760) | PBKDF (A3760) | KAT | CAST | Password- based key derivation | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A3761) | PBKDF (A3761) | KAT | CAST | Password- based key derivation | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A3762) | PBKDF (A3762) | KAT | CAST | Password- based key derivation | SHA-1 password length 24 | Module becomes operational | Test runs at power-on before the | ||
| characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | integrity test | |||||||
| PBKDF (A3757) | PBKDF (A3757) | KAT | CAST | Password- based key derivation | SHA2-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A3759) | PBKDF (A3759) | KAT | CAST | Password- based key derivation | SHA2-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A3760) | PBKDF (A3760) | KAT | CAST | Password- based key derivation | SHA2-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A3761) | PBKDF (A3761) | KAT | CAST | Password- based key derivation | SHA2-256 password length 24 characters, master key length of 320 bits, iteration count of | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A3762) | PBKDF (A3762) | KAT | CAST | Password- based key derivation | SHA2-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA KeyGen (FIPS186- 4) (A3757) | RSA KeyGen (FIPS186- 4) (A3757) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA2- 256 | Key pair generation is successful | Key pair generation | ||
| RSA KeyGen (FIPS186- 4) (A3759) | RSA KeyGen (FIPS186- 4) (A3759) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA2- 256 | Key pair generation is successful | Key pair generation | ||
| RSA KeyGen (FIPS186- 4) (A3760) | RSA KeyGen (FIPS186- 4) (A3760) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA2- 256 | Key pair generation is successful | Key pair generation | ||
| RSA KeyGen (FIPS186- 4) (A3761) | RSA KeyGen (FIPS186- 4) (A3761) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA2- 256 | Key pair generation is successful | Key pair generation | ||
| RSA KeyGen (FIPS186- 4) (A3762) | RSA KeyGen (FIPS186- 4) (A3762) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA2- 256 | Key pair generation is successful | Key pair generation | ||
| ECDSA KeyGen (FIPS186- 4) (A3757) | ECDSA KeyGen (FIPS186- 4) (A3757) | PCT | PCT | Signature generation and verification | SHA2-256 | Key pair generation is successful | Key pair generation | ||
| ECDSA KeyGen (FIPS186- 4) (A3759) | ECDSA KeyGen (FIPS186- 4) (A3759) | PCT | PCT | Signature generation and verification | SHA2-256 | Key pair generation is successful | Key pair generation | ||
| ECDSA KeyGen (FIPS186- 4) (A3760) | ECDSA KeyGen (FIPS186- 4) (A3760) | PCT | PCT | Signature generation and verification | SHA2-256 | Key pair generation is successful | Key pair generation | ||
| ECDSA KeyGen | ECDSA KeyGen | PCT | PCT | Signature generation | SHA2-256 | Key pair generation | Key pair generation | ||
| (FIPS186- 4) (A3761) | (FIPS186- 4) (A3761) | and verification | is successful | ||||||
| ECDSA KeyGen (FIPS186- 4) (A3762) | ECDSA KeyGen (FIPS186- 4) (A3762) | PCT | PCT | Signature generation and verification | SHA2-256 | Key pair generation is successful | Key pair generation | ||
| HMAC-SHA2- 256 (A3760) | HMAC-SHA2- 256 (A3760) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| AES-ECB (A3757) | AES-ECB (A3757) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3759) | AES-ECB (A3759) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3760) | AES-ECB (A3760) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3762) | AES-ECB (A3762) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4675) | AES-ECB (A4675) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4676) | AES-ECB (A4676) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3757) | AES-ECB (A3757) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3759) | AES-ECB (A3759) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3760) | AES-ECB (A3760) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3762) | AES-ECB (A3762) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4675) | AES-ECB (A4675) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4676) | AES-ECB (A4676) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3757) | AES-CMAC (A3757) | KAT | CAST | On Demand | Manually |
Red Hat Enterprise Linux 9 libgcrypt
HMACSHA2-256 s n y .0 Table 23: Pre-Operational Self-Tests The module performs pre-operational self-tests automatically when the module is becoming available for the consuming application. Pre-operational self-tests ensure that the module is not corrupted. While the module is executing the pre-operational self-tests, services are not available, input and output are inhibited. The module is not available for use by the calling application until the pre-operational self-tests are completed successfully. After the preoperational self-tests and the CASTs succeed, the module becomes operational. If any of the pre-operational self-tests or any of the CASTs fail an error message is returned, and the module transitions to the error state.
© 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt (FIPS1864) (A3757) (FIPS1864) (A3759) (FIPS1864) (A3760) (FIPS1864) (A3761) (FIPS1864) (A3762) (FIPS1864) (A3757) (FIPS1864) (A3759) © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt (FIPS1864) (A3760) (FIPS1864) (A3761) (FIPS1864) (A3762) (FIPS1864) (A3757) (FIPS1864) (A3759) (FIPS1864) (A3760) (FIPS1864) (A3761) (FIPS1864) (A3762) © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMACSHA2-224 HMACSHA2-224 HMACSHA2-224 HMACSHA2-224 HMACSHA2-224 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMACSHA2-512 HMACSHA2-512 HMACSHA2-512 HMACSHA2-512 HMACSHA2-512 HMACSHA3-224 HMACSHA3-224 HMACSHA3-224 HMACSHA3-256 © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt HMACSHA3-256 HMACSHA3-256 HMACSHA3-384 HMACSHA3-384 HMACSHA3-384 HMACSHA3-512 HMACSHA3-512 HMACSHA3-512 (FIPS1864) (A3757) © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt (FIPS1864) (A3759) (FIPS1864) (A3760) (FIPS1864) (A3761) (FIPS1864) (A3762) (FIPS1864) (A3757) (FIPS1864) (A3759) (FIPS1864) (A3760) (FIPS1864) (A3761) (FIPS1864) (A3762) © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt Passwordbased key Passwordbased key Passwordbased key Passwordbased key Passwordbased key © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt Passwordbased key Passwordbased key Passwordbased key Passwordbased key © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt (FIPS1864) (A3757) (FIPS1864) (A3759) (FIPS1864) (A3760) (FIPS1864) (A3761) (FIPS1864) (A3762) (FIPS1864) (A3757) (FIPS1864) (A3759) (FIPS1864) (A3760) Passwordbased key with SHA2256 with SHA2256 with SHA2256 with SHA2256 with SHA2256 © 2024 Red Hat, Inc., atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| (FIPS186- 4) (A3761) | (FIPS186- 4) (A3761) | and verification | is successful | ||||||
| ECDSA KeyGen (FIPS186- 4) (A3762) | ECDSA KeyGen (FIPS186- 4) (A3762) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | ||
| HMAC-SHA2- 256 (A3760) | HMAC-SHA2- 256 (A3760) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| AES-ECB (A3757) | AES-ECB (A3757) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3759) | AES-ECB (A3759) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3760) | AES-ECB (A3760) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3762) | AES-ECB (A3762) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4675) | AES-ECB (A4675) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4676) | AES-ECB (A4676) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3757) | AES-ECB (A3757) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3759) | AES-ECB (A3759) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3760) | AES-ECB (A3760) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3762) | AES-ECB (A3762) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4675) | AES-ECB (A4675) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A4676) | AES-ECB (A4676) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3757) | AES-CMAC (A3757) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3759) | AES-CMAC (A3759) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3760) | AES-CMAC (A3760) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3762) | AES-CMAC (A3762) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A3757) | Counter DRBG (A3757) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A3759) | Counter DRBG (A3759) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A3760) | Counter DRBG (A3760) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A3762) | Counter DRBG (A3762) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3757) | Hash DRBG (A3757) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3759) | Hash DRBG (A3759) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3760) | Hash DRBG (A3760) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3761) | Hash DRBG (A3761) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3762) | Hash DRBG (A3762) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3757) | Hash DRBG (A3757) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3759) | Hash DRBG (A3759) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3760) | Hash DRBG (A3760) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3761) | Hash DRBG (A3761) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3762) | Hash DRBG (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3757) | HMAC DRBG (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3759) | HMAC DRBG (A3759) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3760) | HMAC DRBG (A3760) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3761) | HMAC DRBG (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3762) | HMAC DRBG (A3762) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3757) | ECDSA SigGen (FIPS186-4) (A3757) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3759) | ECDSA SigGen (FIPS186-4) (A3759) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3760) | ECDSA SigGen (FIPS186-4) (A3760) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3761) | ECDSA SigGen (FIPS186-4) (A3761) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3762) | ECDSA SigGen (FIPS186-4) (A3762) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3757) | ECDSA SigVer (FIPS186-4) (A3757) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3759) | ECDSA SigVer (FIPS186-4) (A3759) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3760) | ECDSA SigVer (FIPS186-4) (A3760) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3761) | ECDSA SigVer (FIPS186-4) (A3761) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3762) | ECDSA SigVer (FIPS186-4) (A3762) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3757) | ECDSA SigVer (FIPS186-4) (A3757) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3759) | ECDSA SigVer (FIPS186-4) (A3759) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3760) | ECDSA SigVer (FIPS186-4) (A3760) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3761) | ECDSA SigVer (FIPS186-4) (A3761) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3762) | ECDSA SigVer (FIPS186-4) (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3757) | HMAC-SHA-1 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3758) | HMAC-SHA-1 (A3758) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3759) | HMAC-SHA-1 (A3759) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3760) | HMAC-SHA-1 (A3760) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3761) | HMAC-SHA-1 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3762) | HMAC-SHA-1 (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3757) | HMAC-SHA2- 224 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3759) | HMAC-SHA2- 224 (A3759) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3760) | HMAC-SHA2- 224 (A3760) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3761) | HMAC-SHA2- 224 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3762) | HMAC-SHA2- 224 (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3757) | HMAC-SHA2- 256 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3759) | HMAC-SHA2- 256 (A3759) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3760) | HMAC-SHA2- 256 (A3760) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3761) | HMAC-SHA2- 256 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3762) | HMAC-SHA2- 256 (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3757) | HMAC-SHA2- 384 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3759) | HMAC-SHA2- 384 (A3759) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3760) | HMAC-SHA2- 384 (A3760) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3761) | HMAC-SHA2- 384 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3762) | HMAC-SHA2- 384 (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3757) | HMAC-SHA2- 512 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3759) | HMAC-SHA2- 512 (A3759) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3760) | HMAC-SHA2- 512 (A3760) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3761) | HMAC-SHA2- 512 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3762) | HMAC-SHA2- 512 (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 224 (A3757) | HMAC-SHA3- 224 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 224 (A3761) | HMAC-SHA3- 224 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 224 (A3762) | HMAC-SHA3- 224 (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 256 (A3757) | HMAC-SHA3- 256 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 256 (A3761) | HMAC-SHA3- 256 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 256 (A3762) | HMAC-SHA3- 256 (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 384 (A3757) | HMAC-SHA3- 384 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 384 (A3761) | HMAC-SHA3- 384 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 384 (A3762) | HMAC-SHA3- 384 (A3762) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 512 (A3757) | HMAC-SHA3- 512 (A3757) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 512 (A3761) | HMAC-SHA3- 512 (A3761) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 512 (A3762) | HMAC-SHA3- 512 (A3762) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3757) | RSA SigGen (FIPS186-4) (A3757) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3759) | RSA SigGen (FIPS186-4) (A3759) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3760) | RSA SigGen (FIPS186-4) (A3760) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3761) | RSA SigGen (FIPS186-4) (A3761) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3762) | RSA SigGen (FIPS186-4) (A3762) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3757) | RSA SigVer (FIPS186-4) (A3757) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3759) | RSA SigVer (FIPS186-4) (A3759) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3760) | RSA SigVer (FIPS186-4) (A3760) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3761) | RSA SigVer (FIPS186-4) (A3761) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3762) | RSA SigVer (FIPS186-4) (A3762) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A3757) | SHA-1 (A3757) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A3758) | SHA-1 (A3758) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A3759) | SHA-1 (A3759) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A3760) | SHA-1 (A3760) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A3761) | SHA-1 (A3761) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A3762) | SHA-1 (A3762) | KAT | CAST | On Demand | Manually | ||||
| SHA2-224 (A3757) | SHA2-224 (A3757) | KAT | CAST | On Demand | Manually | ||||
| SHA2-224 (A3759) | SHA2-224 (A3759) | KAT | CAST | On Demand | Manually | ||||
| SHA2-224 (A3760) | SHA2-224 (A3760) | KAT | CAST | On Demand | Manually | ||||
| SHA2-224 (A3761) | SHA2-224 (A3761) | KAT | CAST | On Demand | Manually | ||||
| SHA2-224 (A3762) | SHA2-224 (A3762) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A3757) | SHA2-256 (A3757) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A3759) | SHA2-256 (A3759) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A3760) | SHA2-256 (A3760) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A3761) | SHA2-256 (A3761) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A3762) | SHA2-256 (A3762) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A4675) | SHA2-256 (A4675) | KAT | CAST | On Demand | Manually | ||||
| SHA2-256 (A4676) | SHA2-256 (A4676) | KAT | CAST | On Demand | Manually | ||||
| SHA2-384 (A3757) | SHA2-384 (A3757) | KAT | CAST | On Demand | Manually | ||||
| SHA2-384 (A3759) | SHA2-384 (A3759) | KAT | CAST | On Demand | Manually | ||||
| SHA2-384 (A3760) | SHA2-384 (A3760) | KAT | CAST | On Demand | Manually | ||||
| SHA2-384 (A3761) | SHA2-384 (A3761) | KAT | CAST | On Demand | Manually | ||||
| SHA2-384 (A3762) | SHA2-384 (A3762) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A3757) | SHA2-512 (A3757) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A3759) | SHA2-512 (A3759) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A3760) | SHA2-512 (A3760) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A3761) | SHA2-512 (A3761) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A3762) | SHA2-512 (A3762) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4675) | SHA2-512 (A4675) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A4676) | SHA2-512 (A4676) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3757) | PBKDF (A3757) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3759) | PBKDF (A3759) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3760) | PBKDF (A3760) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3761) | PBKDF (A3761) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3762) | PBKDF (A3762) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3757) | PBKDF (A3757) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3759) | PBKDF (A3759) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3760) | PBKDF (A3760) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3761) | PBKDF (A3761) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3762) | PBKDF (A3762) | KAT | CAST | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3757) | RSA KeyGen (FIPS186-4) (A3757) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3759) | RSA KeyGen (FIPS186-4) (A3759) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3760) | RSA KeyGen (FIPS186-4) (A3760) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3761) | RSA KeyGen (FIPS186-4) (A3761) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3762) | RSA KeyGen (FIPS186-4) (A3762) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3757) | ECDSA KeyGen (FIPS186-4) (A3757) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3759) | ECDSA KeyGen (FIPS186-4) (A3759) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3760) | ECDSA KeyGen (FIPS186-4) (A3760) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3761) | ECDSA KeyGen (FIPS186-4) (A3761) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3762) | ECDSA KeyGen (FIPS186-4) (A3762) | PCT | PCT | On Demand | Manually |
Red Hat Enterprise Linux 9 libgcrypt (FIPS1864) (A3761) (FIPS1864) (A3762) Table 24: Conditional Self-Tests
Table 25: Pre-Operational Periodic Information © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt © 2024 Red Hat, Inc., atsec information security.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error State | The module will return an error code to indicate the error and will enter the Error state. Any further cryptographic operation is inhibited. | Failure of pre- operational tests or conditional tests. | An error message related to the cause of the failure. | The error can be recovered by a restart (i.e., powering off and powering on) of the module. |
| Fatal Error state | The module will abort and will not be available. | Random numbers are requested in the error state or cipher operations | The module is aborted | The error can be recovered by a restart (i.e., powering off and |
| are requested on a deallocated handle. | are requested on a deallocated handle. | powering on) of the module. |
Red Hat Enterprise Linux 9 libgcrypt Table 26: Conditional Periodic Information This information can be found in Section 5.2.
© 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt Table 27: Error States After the pre-operational self-tests and the CASTs succeed, the module becomes operational. If any of the pre-operational self-tests or any of the CASTs fail an error message is returned, and the module transitions to the error state. When the module fails any pre-operational self-test or conditional test, the module will return an error code to indicate the error and will enter the Error state. Any further cryptographic operation is inhibited. The calling application can obtain the module state by calling the gcry_control(GCRYCTL_OPERATIONAL_P) API function. The function returns FALSE if the module is in the Error state, TRUE if the module is in the Operational state. In the Error state, all data output is inhibited, and no cryptographic operation is allowed. The error can be recovered by a restart (i.e., powering off and powering on) of the module. If random numbers are requested while the module is in Error state, or if cipher operations are requested on a deallocated handle the module will transition to Fatal Error state, the module will abort and will not be available.
The software integrity tests and the CASTs can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) API function call or by powering-off and reloading the module. The PCTs can be invoked on demand by requesting the Key Generation service.
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
The Crypto Officer can install the RPM package of the Module (i.e. libgcrypt-1.10.010.el9_0.rpm or libgcrypt-1.10.0-10.el9_2.rpm) using standard tools recommended for the installation of RPM packages on a Red Hat Enterprise Linux system (for example, dnf, rpm, and the RHN remote management tool). The integrity of the RPM package is automatically verified during the installation, and the Crypto Officer shall not install the RPM package if there is any integrity error. Before the RPM package of the module is installed, the RHEL 9 system must operate in FIPSvalidated configuration. This can be achieved by:
All the functions, ports and logical interfaces described in this document are available to the Crypto Officer. The user must not call malloc/free to create/release space for keys, let libgcrypt manage space for keys, which will ensure that the key memory is overwritten before it is released. gcry_control(GCRYCTL_TERM_SECMEM) needs to be called before the process is terminated.
The module implements only the Crypto Officer. There are no requirements for nonadministrator guidance.
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
For secure sanitization of the cryptographic module, the module must first to be powered off, which will zeroize all keys and CSPs in volatile memory. Then, for actual deprecation, the module shall be upgraded to a newer version that is FIPS 140-3 validated. The module does not possess persistent storage of SSPs, so further sanitization steps are not required.
Not Applicable. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt
RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack. By default, the module uses the following blinding technique: instead of using the RSA decryption directly, a blinded value y = x re mod n is decrypted and the unblinded value x' = y' r−1 mod n returned. The blinding value r is a random value with the size of the modulus n. © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt Appendix A. Glossary and Abbreviations AES API CAST CAVP CBC CCM CFB CKG CMAC CMVP CSP CTR DF DRBG ECB ECC ECDSA FIPS GCM HMAC KAT KW MAC NIST OFB PAA PAI PBKDF2 PCT PKCS PR PSS RNG RSA SHA SHS SSP XOF XTS Advanced Encryption Standard Application Programming Interface Cryptographic Algorithm Self-Test Cryptographic Algorithm Validation Program Cipher Block Chaining Counter with Cipher Block Chaining-Message Authentication Code Cipher Feedback Cryptographic Key Generation Cipher-based Message Authentication Code Cryptographic Module Validation Program Critical Security Parameter Counter Mode Derivation Function Deterministic Random Bit Generator Electronic Code Book Elliptic Curve Cryptography Elliptic Curve Digital Signature Algorithm Federal Information Processing Standards Publication Galois Counter Mode Hash Message Authentication Code Known Answer Test AES Key Wrap Message Authentication Code National Institute of Science and Technology Output Feedback Processor Algorithm Acceleration Processor Algorithm Implementation Password-based Key Derivation Function v2 Pair-wise Consistency Test Public-Key Cryptography Standards Prediction Resistance Probabilistic Signature Scheme Random Number Generator Rivest, Shamir, Addleman Secure Hash Algorithm Secure Hash Standard Sensitive Security Parameter Extendable Output Function XEX-based Tweaked-codebook mode with cipher text Stealing © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt Appendix B. References FIPS140-3 FIPS140-3_IG FIPS140-3_MM FIPS180-4 FIPS186-4 FIPS186-2 FIPS197 FIPS198-1 FIPS202 PKCS#1 SP800-38A SP800-38B SP800-38C SP800-38E FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program March 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS%20140-3%20IG.pdf FIPS 140-3 Cryptographic Module Validation Program - Management Manual (Draft) December 2022 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/Draft%20FIPS-140-3CMVP%20Management%20Manual%20v1.2%20%5BDec%2023%202022%5D.p df Secure Hash Standard (SHS) August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf Digital Signature Standard (DSS) January 2000 https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf © 2024 Red Hat, Inc., atsec information security.
Red Hat Enterprise Linux 9 libgcrypt SP800-38F SP800-90Arev1 SP800-90B SP800-132 SP800-133rev2 SP800-140Br1 NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf NIST Special Publication 800-90A Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf NIST Special Publication 800-132 - Recommendation for PasswordBased Key Derivation - Part 1: Storage Applications December 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf NIST Special Publication 800-133 - Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf NIST Special Publication 800-140B