| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 9/9/2029 |
| Caveat | Interim validation. When operated in approved mode. When installed, initialized and configured as specified Section 11 in the Security Policy. |
| Vendor | Canonical Ltd. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Physical Security | 7 |
| Non-Invasive Security | 8 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery<br/>update</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric encryption<br/>Symmetric decryption<br/>Symmetric encryption (for data storage)</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery<br/>update</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric encryption<br/>Symmetric decryption<br/>Symmetric encryption (for data storage)</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Canonical Ltd. Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module version 1.9.4-3ubuntu3+Fips1.2 Document version 1.1 Last updated: 2024-08-30 Prepared by: Prepared for: atsec information security corporation Canonical Ltd.
5th Floor Austin, TX 78759 London, SE1 0SU www.atsec.com www.canonical.com
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table of Contents © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module List of Tables Table 2: Tested Module Identification
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module List of Figures © 2024 Canonical Ltd. / atsec information security.
| Name | ISO Section | Level |
|---|---|---|
| 1 | 1 | 1 |
| 2 | 2 | 1 |
| 3 | 3 | 1 |
| 4 | 4 | 1 |
| 5 | 5 | 1 |
| 6 | 6 | 1 |
| 7 | 7 | N/A |
| 8 | 8 | N/A |
| 9 | 9 | 1 |
| 10 | 10 | 1 |
| 11 | 11 | 1 |
| 12 | 12 | 1 |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
This document is the non-proprietary FIPS 140-3 Security Policy for version 1.9.43ubuntu3+Fips1.2 of the Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module. It has a one-to-one mapping to the [SP 800-140B] standard, starting with Section B.2.1 named “General” that maps to Section 1 in this document and ending with Section B.2.12 named “Mitigation of Other Attacks” that maps to Section 12 in this document.
N/A N/A Table 1: Security Levels © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Not applicable. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Purpose and Use: The module is software library implementing general purpose cryptographic algorithms. The module provides cryptographic services to applications running in the user space of the underlying operating system through an application program interface (API). The module is implemented as a set of shared library / binary file; as shown in Figure 1. The shared library file constitutes the cryptographic boundary. Module Type: Software Module Embodiment: Multi-Chip standalone Module Characteristics: Cryptographic Boundary: The Tested Module Identification
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| libgcrypt.so.20.3.4 | 1.9.4- 3ubuntu3+Fips1.2 | N/A | libgcrypt.so.20.3.4 | HMAC-SHA2-256 | ||||||
| .libgcrypt.so.20.hmac | 1.9.4- 3ubuntu3+Fips1.2 | N/A | .libgcrypt.so.20.hmac | HMAC-SHA2-256 | ||||||
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | Supermicro SYS-1019P- WTR | 1.9.4- 3ubuntu3+Fips1.2 | Intel Xeon Gold 6226 | AESNI, SSSE3, SHLD | N/A | ||||
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | Amazon Web Services (AWS) c6g.metal | 1.9.4- 3ubuntu3+Fips1.2 | AWS Graviton2 | NEON | N/A | ||||
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | IBM z15 | 1.9.4- 3ubuntu3+Fips1.2 | IBM z15 | CPACF | N/A |
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| libgcrypt.so.20.3.4 | 1.9.4- 3ubuntu3+Fips1.2 | N/A | libgcrypt.so.20.3.4 | HMAC-SHA2-256 | ||||||
| .libgcrypt.so.20.hmac | 1.9.4- 3ubuntu3+Fips1.2 | N/A | .libgcrypt.so.20.hmac | HMAC-SHA2-256 | ||||||
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | Supermicro SYS-1019P- WTR | 1.9.4- 3ubuntu3+Fips1.2 | Intel Xeon Gold 6226 | AESNI, SSSE3, SHLD | N/A | ||||
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | Amazon Web Services (AWS) c6g.metal | 1.9.4- 3ubuntu3+Fips1.2 | AWS Graviton2 | NEON | N/A | ||||
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | IBM z15 | 1.9.4- 3ubuntu3+Fips1.2 | IBM z15 | CPACF | N/A |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Identification Tested Module Identification
| Name | Operating System | Hardware Platform | Software Version | Processor | Paa Pai | Hypervisor |
|---|---|---|---|---|---|---|
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | Supermicro SYS-1019P- WTR | 1.9.4- 3ubuntu3+Fips1.2 | Intel Xeon Gold 6226 | No | N/A |
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | Amazon Web Services (AWS) c6g.metal | 1.9.4- 3ubuntu3+Fips1.2 | AWS Graviton2 | No | N/A |
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | IBM z15 | 1.9.4- 3ubuntu3+Fips1.2 | IBM z15 | No | N/A |
| Ubuntu Core 22 | Ubuntu Core 22 | Supermicro SYS-1019P-WTR | ||||
| Ubuntu Core 22 | Ubuntu Core 22 | Amazon Web Services (AWS) c6g.metal |
| Name | Operating System | Hardware Platform | Software Version | Processor | Paa Pai | Hypervisor |
|---|---|---|---|---|---|---|
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | Supermicro SYS-1019P- WTR | 1.9.4- 3ubuntu3+Fips1.2 | Intel Xeon Gold 6226 | No | N/A |
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | Amazon Web Services (AWS) c6g.metal | 1.9.4- 3ubuntu3+Fips1.2 | AWS Graviton2 | No | N/A |
| Ubuntu 22.04 LTS 64-bit | Ubuntu 22.04 LTS 64-bit | IBM z15 | 1.9.4- 3ubuntu3+Fips1.2 | IBM z15 | No | N/A |
| Ubuntu Core 22 | Ubuntu Core 22 | Supermicro SYS-1019P-WTR | ||||
| Ubuntu Core 22 | Ubuntu Core 22 | Amazon Web Services (AWS) c6g.metal |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module SYS-1019PWTR N/A 1.9.43ubuntu3+Fips1.2 N/A 1.9.43ubuntu3+Fips1.2 N/A 1.9.43ubuntu3+Fips1.2 Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.
There are no excluded components from the module.
Modes List and Description: © 2024 Canonical Ltd. / atsec information security.
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- approved mode | Automatically entered whenever a non-approved service is requested | Equivalent to the indicator of the requested service | Non- Approved |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| HMAC-SHA-1 | A3699 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| SHA-1 | A3699 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| AES-CBC | A3700 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A3700 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A3700 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A3700 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A3700 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A3700 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A3700 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A3700 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A3700 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A3700 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A3700 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A3700 | Secret Generation Mode: Testing Candidate Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3700 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3700 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3700 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| Hash DRBG | A3700 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3700 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-224 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-256 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-384 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-512 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3700 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3700 | Key Generation Mode: B.3.3 Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3700 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA Signature Primitive (CVL) | A3700 | Private Key Format: standard Public Exponent Mode: random | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3700 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3700 | - Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A3700 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHAKE-128 | A3700 | Message Length - Message Length: 16- 65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A3700 | Message Length - Message Length: 16- 65536 Increment 8 | FIPS 202 |
| AES-CBC | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A3701 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A3701 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A3701 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A3701 | Secret Generation Mode: Testing Candidate Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3701 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3701 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3701 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| Hash DRBG | A3701 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3701 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-224 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-256 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-384 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-512 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3701 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3701 | Key Generation Mode: B.3.3 Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3701 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA Signature Primitive (CVL) | A3701 | Private Key Format: standard Public Exponent Mode: random | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3701 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3701 | - Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A3701 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHAKE-128 | A3701 | Message Length - Message Length: 16- 65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A3701 | Message Length - Message Length: 16- 65536 Increment 8 | FIPS 202 |
| HMAC-SHA-1 | A3702 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| SHA-1 | A3702 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| AES-CBC | A3703 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A3703 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A3703 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A3703 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A3703 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A3703 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A3703 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A3703 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A3703 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A3703 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A3703 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A3703 | Secret Generation Mode: Testing Candidate Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3703 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3703 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3703 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| Hash DRBG | A3703 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3703 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3703 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A3703 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A3703 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A3703 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A3703 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3703 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3703 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3703 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3703 | Key Generation Mode: B.3.3 Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3703 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA Signature Primitive (CVL) | A3703 | Private Key Format: standard | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3703 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3703 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3703 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3703 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3703 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3703 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3703 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3703 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| AES-CBC | A3704 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A3704 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A3704 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A3704 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A3704 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A3704 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A3704 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A3704 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A3704 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A3704 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A3704 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A3704 | Secret Generation Mode: Testing Candidate Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3704 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3704 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3704 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| Hash DRBG | A3704 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3704 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3704 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A3704 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A3704 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A3704 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A3704 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3704 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3704 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3704 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3704 | Key Generation Mode: B.3.3 Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3704 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA Signature Primitive (CVL) | A3704 | Private Key Format: standard Public Exponent Mode: random | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3704 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3704 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3704 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3704 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3704 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A3704 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3704 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3704 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| ECDSA KeyGen (FIPS186-4) | A3705 | Secret Generation Mode: Testing Candidate Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A3705 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A3705 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A3705 | Curves: P-224, P-256, P-384, P-521 | FIPS 186-4 |
| Hash DRBG | A3705 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A3705 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-224 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-256 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-384 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-512 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A3705 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132 |
| RSA KeyGen (FIPS186-4) | A3705 | Key Generation Mode: B.3.3 Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A3705 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA Signature Primitive (CVL) | A3705 | Private Key Format: standard Public Exponent Mode: random | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A3705 | Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096 Signature Type - PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| SHA-1 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A3705 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHAKE-128 | A3705 | Message Length - Message Length: 16- 65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A3705 | Message Length - Message Length: 16- 65536 Increment 8 | FIPS 202 |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Nonapproved NonApproved Table 5: Modes List and Description Mode Change Instructions and Status [O]: When the module starts up successfully, after passing all the pre-operational self-test, the module is operating in the approved mode of operation by default and can only be transitioned into the non-approved mode by calling one of the non-approved services listed in the Non-Approved Services table. See Section 4 for the details on service indicator provided by the module that identifies when an approved service is called. There is no degraded mode of operation implemented within the module.
Approved Algorithms: © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table 6: Approved Algorithms The table above lists all implemented modes of operation for every security function employed for approved services by the module. Vendor-Affirmed Algorithms: © 2024 Canonical Ltd. / atsec information security.
| Name | Approved Functions | Properties | ||
|---|---|---|---|---|
| Cooperative Key Generation (CKG) | Key Type:Asymmetric RSA:2048, 3072, 4096 bits (112, 128, 149 bits) ECDSA:P-224, P-256, P- 384, P-521 (112, 128, 192, 256 bits) | N/A | FIPS 186-4, SP800-133r2 Section 4 example 1 | |
| MD5 | Message digest | |||
| ECDH | Shared secret computation | |||
| RSA | Encryption primitives; Decryption primitives; Signature verification primitives | |||
| RSA with non-approved public key flags | Key generation; Signature generation; Signature verification | |||
| ECDSA | Signature generation primitives | |||
| ECDSA with non-approved public key flags | Key generation; Signature generation; Signature verification |
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| Cooperative Key Generation (CKG) | Key Type:Asymmetric RSA:2048, 3072, 4096 bits (112, 128, 149 bits) ECDSA:P-224, P-256, P- 384, P-521 (112, 128, 192, 256 bits) | N/A | FIPS 186-4, SP800-133r2 Section 4 example 1 | |||
| MD5 | Message digest | |||||
| ECDH | Shared secret computation | |||||
| RSA | Encryption primitives; Decryption primitives; Signature verification primitives | |||||
| RSA with non-approved public key flags | Key generation; Signature generation; Signature verification | |||||
| ECDSA | Signature generation primitives | |||||
| ECDSA with non-approved public key flags | Key generation; Signature generation; Signature verification | |||||
| AES-GCM | Authenticated symmetric encryption; Authenticated symmetric decryption | |||||
| AES-OCB | Authenticated symmetric encryption; Authenticated symmetric decryption | |||||
| AES-EAX | Authenticated symmetric encryption; Authenticated symmetric decryption | |||||
| AES-SIV | Authenticated symmetric encryption; Authenticated symmetric decryption | |||||
| Message authentication code | Message authentication code | AES-CMAC AES-CMAC AES-CMAC AES-CMAC AES-CMAC AES-CMAC HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2- 224 HMAC-SHA2- 224 HMAC-SHA2- 224 | MAC | AES-CMAC:128, 192, 256-bit keys with 128-256 bits key strength HMAC-SHA- 1:112-524288 bit key size with 112 -256 bits key strength HMAC-SHA2- 224:112-524288 bit key size with 112-256 bits key strength HMAC-SHA2- 256:112-524288 bit key size with 112-256 bits key strength |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module N/A Table 7: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: © 2024 Canonical Ltd. / atsec information security.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| AES-GCM | Authenticated symmetric encryption; Authenticated symmetric decryption | |||
| AES-OCB | Authenticated symmetric encryption; Authenticated symmetric decryption | |||
| AES-EAX | Authenticated symmetric encryption; Authenticated symmetric decryption | |||
| AES-SIV | Authenticated symmetric encryption; Authenticated symmetric decryption | |||
| Message authentication code | Message authentication code | AES-CMAC AES-CMAC AES-CMAC AES-CMAC AES-CMAC AES-CMAC HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2- 224 HMAC-SHA2- 224 HMAC-SHA2- 224 | MAC | AES-CMAC:128, 192, 256-bit keys with 128-256 bits key strength HMAC-SHA- 1:112-524288 bit key size with 112 -256 bits key strength HMAC-SHA2- 224:112-524288 bit key size with 112-256 bits key strength HMAC-SHA2- 256:112-524288 bit key size with 112-256 bits key strength |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table 8: Non-Approved, Not Allowed Algorithms The table above lists non-approved algorithms that are not allowed in the approved mode of operation. These algorithms are used by the non-approved services listed in the Non-Approved Services table.
HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 © 2024 Canonical Ltd. / atsec information security.
| Name | Description | Approved Functions |
|---|---|---|
| HMAC-SHA2- 384:112-524288 bit key size with 112-256 bits key strength HMAC-SHA2- 512:112-524288 bit key size with 112-256 bits key strength HMAC-SHA2- 512/224:112- 524288 bit key size with 112-256 bits key strength HMAC-SHA2- 512/256:112- 524288 bit key size with 112-256 bits key strength HMAC-SHA3- 224:112-524288 bit key size with 112-256 bits key strength HMAC-SHA3- 256:112-524288 bit key size with 112-256 bits key strength HMAC-SHA3- 384:112-524288 bit key size with 112-256 bits key strength HMAC-SHA3- 512:112-524288 bit key size with 112-256 bits key strength | HMAC-SHA2- 384:112-524288 bit key size with 112-256 bits key strength HMAC-SHA2- 512:112-524288 bit key size with 112-256 bits key strength HMAC-SHA2- 512/224:112- 524288 bit key size with 112-256 bits key strength HMAC-SHA2- 512/256:112- 524288 bit key size with 112-256 bits key strength HMAC-SHA3- 224:112-524288 bit key size with 112-256 bits key strength HMAC-SHA3- 256:112-524288 bit key size with 112-256 bits key strength HMAC-SHA3- 384:112-524288 bit key size with 112-256 bits key strength HMAC-SHA3- 512:112-524288 bit key size with 112-256 bits key strength | HMAC-SHA2- 224 HMAC-SHA2- 224 HMAC-SHA2- 224 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 384 HMAC-SHA2- 384 HMAC-SHA2- 384 HMAC-SHA2- 384 HMAC-SHA2- 384 HMAC-SHA2- 512 HMAC-SHA2- 512 HMAC-SHA2- 512 HMAC-SHA2- 512 HMAC-SHA2- 512 HMAC-SHA2- 512 HMAC-SHA2- |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module HMAC-SHA3224 HMAC-SHA3224 HMAC-SHA3224 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3384 © 2024 Canonical Ltd. / atsec information security.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Message digest | Message digest | SHA-1 SHA-1 SHA-1 SHA-1 SHA-1 SHA-1 SHA-1 SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-384 SHA2-384 SHA2-384 SHA2-384 SHA2-384 SHA2-384 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512 | SHA XOF | SHA-1:N/A SHA2-224:N/A SHA2-256:N/A SHA2-384:N/A SHA2-512:N/A SHA2- 512/224:N/A SHA2- 512/256:N/A SHA3-224:N/A SHA3-256:N/A SHA3-384:N/A SHA3-512:N/A SHAKE-128:N/A SHAKE-256:N/A |
| Symmetric encryption | Symmetric encryption | AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC | BC-UnAuth | AES-CBC:128, 192, 256-bit keys with 128-256 bits key strength AES-CFB128:128, |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3512 HMAC-SHA3512 HMAC-SHA3512 HMAC-SHA3512 SHA2512/224:N/A SHA2512/256:N/A © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Type |
|---|---|---|---|---|
| Symmetric decryption | Symmetric decryption | AES-CBC:128, 192, 256-bit keys with 128-256 bits key strength AES-CFB128:128, 192, 256-bit keys with 128-256 bits key strength AES-CFB8:128, 192, 256-bit keys with 128-256 bits | AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 AES-CFB128 | BC-UnAuth |
| key strength AES-CTR:128, 192, 256-bit keys with 128-256 bits key strength AES-ECB:128, 192, 256-bit keys with 128-256 bits key strength AES-OFB:128, 192, 256-bit keys with 128-256 bits key strength | key strength AES-CTR:128, 192, 256-bit keys with 128-256 bits key strength AES-ECB:128, 192, 256-bit keys with 128-256 bits key strength AES-OFB:128, 192, 256-bit keys with 128-256 bits key strength | AES-CFB128 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8 AES-CFB8 AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-OFB AES-OFB AES-OFB AES-OFB AES-OFB AES-OFB | ||
| Authenticated symmetric encryption | Authenticated symmetric encryption | AES-CCM:128, 192, 256-bit keys with 128-256 bits key strength | AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM | BC-Auth |
| Authenticated symmetric decryption | Authenticated symmetric decryption | AES-CCM:128, 192, 256-bit keys with 128-256 bits key strength | AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM | BC-Auth |
| Key wrapping | SP800-38C and SP800- | AES-KW:128, 192, 256-bit keys with | AES-KW AES-KW | KTS-Wrap |
| 38F. KTS (Key wrapping) per IG D.G | 38F. KTS (Key wrapping) per IG D.G | 128-256 bits key strength AES-CCM:128, 192, 256-bit keys with 128-256 bits key strength | AES-KW AES-KW AES-KW AES-KW AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM | |
| Key unwrapping | SP800-38C and SP800- 38F. KTS (Key unwrapping) per IG D.G | AES-KW:128, 192, 256-bit keys with 128-256 bits key strength AES-CCM:128, 192, 256-bit keys with 128-256 bits key strength | AES-KW AES-KW AES-KW AES-KW AES-KW AES-KW AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM AES-CCM | KTS-Wrap |
| Symmetric encryption (for data storage) | Symmetric encryption (for data storage) | AES-XTS Testing Revision 2.0:128, 256-bit keys with 128-256 bits key strength | AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 | BC-UnAuth |
| Symmetric decryption (for data storage) | Symmetric decryption (for data storage) | AES-XTS Testing Revision 2.0:128, 256-bit keys with 128-256 bits key strength | AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 | BC-UnAuth |
| Random number generation | Random number generation | Counter DRBG:128, 192, 256-bit keys with 128-256 bits key strength HMAC DRBG:112- 256 bits key strength Hash DRBG:N/A | Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG | DRBG |
| Key pair generation | Key pair generation | ECDSA KeyGen (FIPS186-4):P- 224, P-256, P- 384, P-521 with 112-256 bits strength RSA KeyGen (FIPS186-4):2048, 3072, 4096 with 112-149 bits strength | ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) ECDSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) RSA KeyGen (FIPS186-4) | AsymKeyPair- KeyGen CKG |
| Public key verification | Public key verification | ECDSA KeyVer (FIPS186-4):P- 224, P-256, P- 384, P-521 with 112-256 bits strength | ECDSA KeyVer (FIPS186-4) ECDSA KeyVer (FIPS186-4) ECDSA KeyVer | AsymKeyPair- KeyVer |
| Digital signature generation | Digital signature generation | ECDSA SigGen (FIPS186-4):P- 224, P-256, P- 384, P-521 with 112-256 bits strength RSA SigGen (FIPS186-4):2048, 3072, 4096 with 112-149 bits strength | ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) ECDSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) RSA SigGen (FIPS186-4) | DigSig-SigGen |
| Digital signature verification | Digital signature verification | ECDSA SigVer (FIPS186-4):P- 224, P-256, P- 384, P-521 with 112-256 bits strength | ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) | DigSig-SigVer |
| RSA SigVer (FIPS186-4):2048, 3072, 4096 with 112-149 bits strength | RSA SigVer (FIPS186-4):2048, 3072, 4096 with 112-149 bits strength | ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) ECDSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) | ||
| Key derivation | Key derivation | PBKDF:Password; derived key with 112-512 bits key size and 112-256 bits key strength | PBKDF PBKDF PBKDF PBKDF PBKDF PBKDF | PBKDF |
| Digital signature generation primitive | Digital signature generation primitive | RSA Signature Primitive:2048 with 112 bits strength | RSA Signature Primitive RSA Signature Primitive RSA Signature Primitive RSA Signature Primitive RSA Signature Primitive RSA Signature Primitive | DigSig-SigGen |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module AsymKeyPairKeyGen AsymKeyPairKeyVer © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table 9: Security Function Implementations © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
The AES algorithm in XTS mode can be only used for the cryptographic protection of data on storage devices, as specified in [SP800-38E]. The AES-XTS shall not be used for other purposes, such as the encryption of data in transit. In addition, the length of a single data unit encrypted with the XTS-AES shall not exceed 2²⁰ AES blocks, that is 16MB of data. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical.
The module provides password-based key derivation (PBKDF), compliant with SP800132. The module supports option 1a from Section 5.4 of [SP800-132], in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance with [SP800-132] and FIPS 140-3 IG D.N, the following requirements shall be met.
A portion of the salt, with a length of at least 128 bits, shall be generated randomly using the SP800-90A DRBG. The iteration count shall be selected as large as possible, as long as the time required to generate the key using the entered password is acceptable for the users. The module only allows minimum iteration count to be 1000. Passwords or passphrases, used as an input for the PBKDF, shall not be used as cryptographic keys. The minimum length of the password or passphrase accepted by the module is
scenario of all digits, is estimated to be at most 10-14. Combined with the minimum iteration count, this provides an acceptable trade-off between user experience and security against brute-force attacks. The calling application shall also observe the rest of the requirements and recommendations specified in [SP800-132]. © 2024 Canonical Ltd. / atsec information security.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Userspace CPU Time Jitter RNG Entropy Source (version 2.2.0) | Non- Physical | 64 | Ubuntu 22.04 LTS 64- bit on Supermicro SYS- 1019P-WTR with Intel Xeon Gold 6226; Ubuntu 22.04 LTS 64- bit on Amazon Web Services (AWS) c6g.metal with AWS Graviton2; Ubuntu 22.04 LTS 64-bit on IBM z15 with IBM z15 | Full entropy | AES-256-CTR- DRBG (A3814) |
| Cert | Vendor | ||
|---|---|---|---|
| Number | Name | ||
| E60 | Canonical Ltd. |
Table 10: Entropy Certificates 2.2.0) Table 11: Entropy Sources The module provides an SP800-90A-compliant Deterministic Random Bit Generator (DRBG) for creation of key components of asymmetric keys, and random number generation. The seeding (and automatic reseeding) of the DRBG is done with getrandom(). The DRBG supports the Hash_DRBG, HMAC_DRBG and CTR_DRBG mechanisms. The DRBG is initialized during module initialization; the module loads by default the DRBG using the HMAC_DRBG mechanism with SHA-256 and without prediction resistance. A different DRBG mechanism can be chosen by invoking the gcry_control(GCRYCTL_DRBG_REINIT) function. The module uses an [SP800-90B]-compliant entropy source specified in the table above. This entropy source is located within the module’s physical perimeter, but outside of the module’s cryptographic boundary. This is in compliance with IG 9.3.A Resolution 1(b). The module obtains 384 bits to seed the DRBG, and 256 bits to reseed it. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module The module performs the DRBG health tests as defined in Section 11.3 of [SP80090A].
The module provides an [SP800-90Arev1]-compliant Deterministic Random Bit Generator (DRBG) for the creation of key components of asymmetric keys and random number generation. The Cryptographic Key Generation (CKG) methods implemented in the module for Approved services in approved mode are compliant with Section 4 example 1 of [SP800-133rev2]. For generating RSA and ECDSA keys, the module implements asymmetric key generation services compliant with [FIPS186-4]. A seed (i.e., the random value) used in asymmetric key generation is directly obtained from the [SP800-90Arev1] DRBG. Additionally, the module implements the PBKDF2 key derivation method compliant with option 1a of SP 800-132. This implementation shall only be used to derive keys for use in storage applications.
The module provides the following key transport mechanisms:
The module does not support any industry protocols listed within the publication of SP 800-135rev1. Therefore, this section is not applicable.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API input parameters for data. |
| N/A | N/A | Data Output | API output parameters for data. |
| N/A | N/A | Control Input | API function calls, API input parameters for control input, /proc/sys/crypto/fips_enabled control file. |
| N/A | N/A | Status Output | API return codes, API output parameters for status output. |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
N/A N/A N/A N/A Table 12: Ports and Interfaces As a software-only module, the module does not have physical ports. The operator can only interact with the module through the API provided by the module. Thus, the physical ports are interpreted to be the physical ports of the hardware platform on which the module runs. All data output via data output interface is inhibited when the module is performing pre-operational test or zeroization or when the module enters error state.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symme tric encryp tion | Perfor m AES encryp tion | Crypt o Offic er - AES key: W,E | Symme tric encryp tion Symme tric encryp tion (for data storag e) | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_CIPHER) returns GPG_ERR_NO_ERROR | AES key, Plain text | Cipher text | |||
| Symme tric | Perfor m AES | Crypt o Offic er | Symme tric decryp tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_CIPHER) returns GPG_ERR_NO_ERROR | AES key, | Plaint ext |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symme tric encryp tion | Perfor m AES encryp tion | Crypt o Offic er - AES key: W,E | Symme tric encryp tion Symme tric encryp tion (for data storag e) | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_CIPHER) returns GPG_ERR_NO_ERROR | AES key, Plain text | Cipher text | |||
| Symme tric | Perfor m AES | Crypt o Offic er | Symme tric decryp tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_CIPHER) returns GPG_ERR_NO_ERROR | AES key, | Plaint ext | |||
| decryp tion | decryp tion | - AES key: W,E | Symme tric decryp tion (for data storag e) | Ciphe rtext | |||||
| Authen ticated symme tric encryp tion | Perfor m authen ticated AES encryp tion | Crypt o Offic er - AES key: W,E | Authen ticated symme tric encryp tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_CIPHER) returns GPG_ERR_NO_ERROR | AES key, IV, Plain text | Cipher text, MAC tag | |||
| Authen ticated symme tric decryp tion | Perfor m authen ticated AES decryp tion | Crypt o Offic er - AES key: W,E | Authen ticated symme tric decryp tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_CIPHER) returns GPG_ERR_NO_ERROR | AES key, Ciphe rtext, MAC tag | Plaint ext or failure | |||
| RSA key genera tion | Gener ate RSA key pairs | Crypt o Offic er - RSA privat e key: G,E - RSA publi c key: G,E | Key pair genera tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_PK_FLAGS) return GPG_ERR_NO_ERROR | Key size | RSA privat e key, RSA public key | |||
| ECDSA key genera tion | Gener ate ECDSA key pairs | Crypt o Offic er - ECDS A privat e key: G,E - ECDS A publi c key: G,E | Key pair genera tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_PK_FLAGS) return GPG_ERR_NO_ERROR | Key size | ECDS A privat e key, ECDS A public key | |||
| RSA Digital signatu re genera tion | RSA signat ure genera tion withou t pre- compu ted hash | Crypt o Offic er - RSA privat e key: W,E | Digital signatu re genera tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_PK_FLAGS) and gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_MD) return GPG_ERR_NO_ERROR | RSA priva te key, Mess age, Hash algori thm | Signat ure | |||
| RSA Digital signatu re genera tion (with pre- compu | RSA signat ure primiti ve | Crypt o Offic er - RSA privat e key: W,E | Digital signatu re genera tion primiti ve | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_PK_FLAGS) returns GPG_ERR_NO_ERROR | RSA priva te key, Mess age diges t | Signat ure | |||
| ECDSA Digital signatu re genera tion | ECDSA signat ure genera tion | Crypt o Offic er - ECDS A privat e key: W,E | Digital signatu re genera tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_PK_FLAGS) and gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_MD) return GPG_ERR_NO_ERROR | ECDS A priva te key, Mess age, Hash algori thm | Signat ure | |||
| RSA Digital signatu re verifica tion | RSA signat ure verific ation | Crypt o Offic er - RSA publi c key: W,E | Digital signatu re verifica tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_PK_FLAGS) and gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_MD) return GPG_ERR_NO_ERROR | RSA publi c key, Signa ture, Hash algori thm | Signat ure verific ation result (verifi ed/fail ) | |||
| ECDSA Digital signatu re verifica tion | ECDSA signat ure verific ation | Crypt o Offic er - ECDS A publi c key: W,E | Digital signatu re verifica tion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_PK_FLAGS) and gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_MD) return GPG_ERR_NO_ERROR | ECDS A publi c key, Signa ture, Hash algori thm | Signat ure verific ation result (verifi ed/fail ) | |||
| Public key verifica tion | Verify ECDSA public key | Crypt o Offic er - | Public key verifica tion | gcry_mpi_ec_curve_point() returns GPG_ERR_NO_ERROR | ECDS A publi c key | Key verific ation result (verifi | |||
| ed/fail ) | ECDS A publi c key: W,E | ed/fail ) | |||||||
| Rando m numbe r genera tion | Gener ate rando m bitstri ngs | Crypt o Offic er - Entro py input: W,E - DRBG seed: G,W,E - DRBG inter nal state: (V value, C value ): G,W,E - DRBG inter nal state: (V value, key): G,W,E | Rando m numbe r genera tion | gcry_randomize(), gcry_random_bytes(), gcry_random_bytes_secure() return GPG_ERR_NO_ERROR | |||||
| Messa ge digest | Compu te SHA hashes | Crypt o Offic er | Messa ge digest | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_MD) returns GPG_ERR_NO_ERROR | Mess age | Messa ge digest | |||
| Hash- based Messa ge authen ticatio n code | Compu te HMAC | Crypt o Offic er - HMA C key: W,E | Messa ge authen ticatio n code | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_MAC) returns GPG_ERR_NO_ERROR | HMA C key, Mess age | MAC tag | |||
| AES- based Messa ge authen ticatio n code | Compu te AES- based CMAC | Crypt o Offic er - AES key: W,E | Messa ge authen ticatio n code | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_MAC) returns GPG_ERR_NO_ERROR | AES key, Mess age | MAC tag | |||
| Key wrappi ng | Perfor m AES- based key wrappi ng | Crypt o Offic er - AES key: W,E | Key wrappi ng | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_CIPHER) returns GPG_ERR_NO_ERROR | AES key, Key to be wrap ped | Wrapp ed key | |||
| Key unwra pping | Perfor m AES- based key unwra pping | Crypt o Offic er - AES key: W,E | Key unwra pping | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_CIPHER) returns GPG_ERR_NO_ERROR | AES key, Key to be unwr appe d | Unwra pped key | |||
| Key derivat ion | Perfor m key derivat ion | Crypt o Offic er - Pass word or passp hrase : W,E - Deriv ed key: G,R | Key derivat ion | gcry_control(GCRYCTL_FIPS_SE RVICE_INDICATOR_KDF) returns GPG_ERR_NO_ERROR | Pass word or passp hrase | Derive d key | |||
| Show status | Show modul e status | Crypt o Offic er | None | N/A | None | Modul e status | |||
| Zeroiza tion | Zeroiz e SSPs | Crypt o Offic er - AES key: Z - HMA C key: Z - RSA publi c key: Z - RSA privat e key: | None | N/A | None | None |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
N/A for this module. The module does not support authentication.
Table 13: Roles The module supports the Crypto Office role only. This sole role is implicitly assumed by the operator of the module when performing a service.
o e) s o © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module m
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module s t precompu precompu t A A
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module s A
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module s ) m r m A W,E m r
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module s o : W,E G,R e N/A e
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module s Z A Z A Z :Z Z (V C ): Z © 2024 Canonical Ltd. / atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output | Securi ty Functi ons |
|---|---|---|---|---|---|---|---|
| Self- tests | Perfor m self- tests | Crypt o Offic er | None | N/A | None | Result of self- test (pass/ fail) | |
| Show modul e name and version | Show modul e name and versio n | Crypt o Offic er | None | N/A | None | Modul e's name and versio n | |
| MD5 | Message digest | MD5 | CO | ||||
| ECDH | Shared secret computation | ECDH | CO | ||||
| RSA | Encryption primitives; Decryption primitives; Signature verification primitives | RSA | CO | ||||
| RSA with non- approved public key flags | Key generation; Signature generation; Signature verification | RSA with non- approved public key flags | CO | ||||
| ECDSA | Signature verification primitives | ECDSA | CO | ||||
| ECDSA with non- approved public key flags | Key generation; Signature generation; Signature verification | ECDSA with non- approved public key flags | CO | ||||
| AES-GCM | Authenticated symmetric encryption; Authenticated symmetric decryption | AES-GCM | CO | ||||
| AES-OCB | Authenticated symmetric encryption; Authenticated symmetric decryption | AES-OCB | CO | ||||
| AES-EAX | Authenticated symmetric encryption; Authenticated symmetric decryption | AES-EAX | CO | ||||
| AES-SIV | Authenticated symmetric encryption; Authenticated symmetric decryption | AES-SIV | CO |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module s (V Z Z Selftests m selftests N/A selftest o e n N/A e's n
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module • N/A: the calling application does not access any CSP or key during its operation. The details of the approved cryptographic algorithms including the CAVP certificate numbers can be found in the Approved Services table. In order to check whether it utilizes an approved security function or not, the operator is responsible to invoke the gcry_control() API along with dedicated controls in the form of API input parameters. The module implements the following controls depending on the requested service:
The list of public key flags allowed in approved mode of operation is described in 0. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table 15: Non-Approved Services The table above lists the non-approved services. The details of the non-approved cryptographic algorithms available in non-approved mode can be found in the NonApproved, Not Allowed Algorithms table.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Not applicable. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
The integrity of the module is verified comparing the HMAC-SHA2-256 value calculated at run time with the HMAC-SHA2-256 value stored in the .hmac file that was computed at build time for each software component of the module. If the HMAC values do not match, the test fails and the module enters the Error state.
Integrity tests are performed as part of the Pre-Operational Self-Tests. The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational self-test (i.e., integrity test) and cryptographic algorithm self-tests (CASTs). This service can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) API function call or by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output or input is possible. In addition, the integrity tests cannot be modified. In order to verify whether the self-tests have succeeded and the module is in the Operational state, the calling application may invoke the gcry_control(GCRYCTL_OPERATIONAL_P). The function will return TRUE if the module is in the operational state, FALSE if the module is in the Error state.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Type of Operational Environment: Modifiable How Requirements are Satisfied [O]: The module shall be installed as stated in Section 11. The operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented.
The application that requests cryptographic services is the single user of the module, even when the application is serving multiple clients. In the approved mode of operation, the ptrace(2) system call, the debugger (gdb(1)), and strace(1) shall be not used.
The module does not support multiple concurrent operators. © 2024 Canonical Ltd. / atsec information security.
| Temp/Voltage Type | Temperature or Voltage | EFP | Result |
|---|---|---|---|
| or | |||
| EFT | |||
| LowTemperature | |||
| HighTemperature | |||
| LowVoltage | |||
| HighVoltage |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
N/A for this module. The module is comprised of software only, and therefore this section is not applicable.
Number: Not applicable. Placement: Not applicable. Surface Preparation: Not applicable. Operator Responsible for Securing Unused Seals: Not applicable. Part Numbers: Not applicable.
Not applicable. Table 16: EFP/EFT Information Not applicable. © 2024 Canonical Ltd. / atsec information security.
| Temperature | Temperature | |
|---|---|---|
| Type | ||
| LowTemperature | ||
| HighTemperature |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Table 17: Hardness Testing Temperatures Not applicable.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
This module does not implement any non-invasive security mechanism, and therefore this section is not applicable.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs |
| Name | Approved Functions | Type | From | To | Distributi on Type |
|---|---|---|---|---|---|
| API input paramete rs | Electron ic | Plainte xt | Operator calling application (TOEPP) | Cryptograp hic module | Manual |
| API output paramete rs | Electron ic | Plainte xt | Cryptograp hic module | Operator calling application (TOEPP) | Manual |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Table 18: Storage Areas stored in the RAM in plaintext form. SSPs are provided to the module by the calling process and are destroyed when released by the appropriate zeroization function calls.
m Table 19: SSP Input-Output Methods output. The SSPs are provided to the module via API input parameters in plaintext form and output via API output parameters in plaintext form within the physical perimeter of the operational environment. This is allowed by [FIPS140-3_IG] 9.5.A, according to the “CM Software to/from App via TOEPP Path” entry on the Key Establishment Table. © 2024 Canonical Ltd. / atsec information security.
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Wipe and free memory block allocated | Zeroizes the SSPs contained within the cipher handle | Memory occupied by SSPs is overwritten with zeroes and then it is released, which renders the SSP values irretrievable. The completion of the zeroization routine indicates that the zeroization procedure succeeded. | By calling the cipher related zeroization API: gcry_cipher_close() and gcry_free() clears and frees symmetric ciphers context, gcry_mac_close() and gcry_free() clears and frees HMAC context, gcry_sexp_release() and gcry_mpi_release() and gcry_free() clears and frees RSA key structure, gcry_sexp_release() and gcry_mpi_release() and gcry_ctx_release() and gcry_mpi_point_release() and gcry_free() clears and frees ECDSA key structures, gcry_free() clears PBKDF context, gcry_ctrl(GCRYCTL_TERM_SECMEM) clears DRBG contexts | |
| Module Reset | De-allocates the volatile memory used to store SSPs | Volatile memory used by the module is overwritten within nanoseconds when power is removed. | By unloading and reloading the module |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table 20: SSP Zeroization Methods system calls. The application that is acting as the CO is responsible for calling the appropriate zeroization functions provided in the module's API and listed in the table above. Calling gcry_free(), which will zeroize the SSPs and also invoke the corresponding API functions listed above to zeroize SSPs. The zeroization functions the regular memory deallocation operating system call. In case of abnormal © 2024 Canonical Ltd. / atsec information security.
| Name | Type | Description | Strength | Generation | Use | Size - Strengt h |
|---|---|---|---|---|---|---|
| AES key | Symmet ric key - CSP | Used for symmetric encryption, symmetric decryption, authenticate d symmetric encryption, authenticate d symmetric decryption, message authenticati on, key wrapping and unwrapping | 128, 192, 256 - 128, 192, 256 | Symmetric encryption Symmetric decryption Symmetric encryption (for data storage) Symmetric decryption (for data storage) Authenticat ed symmetric encryption Authenticat ed symmetric decryption Key wrapping Key unwrapping Message authenticati on code | ||
| HMAC key | Symmet ric key - CSP | Used for hash-based message | 112-256 - 112- 256 | Message authenticati on code | ||
| RSA public key | Public key - PSP | Used for digital signature verification | 2048, 3072, 4096 - 112, 128, 149 | Key pair generati on | Digital signature verification | |
| RSA private key | Private key - CSP | Used for digital signature generation | 2048, 3072, 4096 - 112, 128, 149 | Key pair generati on | Digital signature generation | |
| ECDSA public key | Public key - PSP | Used for digital signature verification, and public key verification | P-224, P-256, P-384, P-521 - 112, 128, 192, 256 | Key pair generati on | Digital signature verification Public key verification | |
| ECDSA private key | Private key - CSP | Used for digital signature generation and public key verification | P-224, P-256, P-384, P-521 - 112, 128, 192, 256 | Key pair generati on | Digital signature generation Public key verification | |
| Passwor d or passphra se | Passwor d - CSP | Used for key derivation | At least 14 characte rs - N/A | Key derivation | ||
| Derived key | Symmet ric key - CSP | Used for key derivation | 112-256 - 112- 256 | Key derivation | ||
| Entropy input | Entropy Input - CSP | Used for random number generation (compliant with IG D.L) | 256 - 256 | Random number generation | ||
| DRBG internal state: (V value, C value) | Internal state - CSP | Used for random number generation (compliant with IG D.L) | 112-256 - 112- 256 | Random number generati on | Random number generation | |
| DRBG internal state: (V value, key) | Internal state - CSP | Used for random number generation (compliant with IG D.L) | 112-256 - 112- 256 | Random number generati on | Random number generation | |
| DRBG seed | Seed - CSP | Used for random number generation (compliant with IG D.L) | 256 - 256 | Random number generati on | Random number generation | |
| AES key | From service invocation to service | API input parameter s | Wipe and free memory block allocated | RAM:Plainte xt | ||
| completio n | completio n | Module Reset | ||||
| HMAC key | From service invocation to service completio n | API input parameter s | Wipe and free memory block allocated Module Reset | RAM:Plainte xt | ||
| RSA public key | From service invocation to service completio n | API input parameter s API output parameter s | Wipe and free memory block allocated Module Reset | RSA private key:Paired With DRBG internal state: (V value, C value):Generated From DRBG internal state: (V value, key):Generated From | RAM:Plainte xt | |
| RSA private key | From service invocation to service completio n | API input parameter s API output parameter s | Wipe and free memory block allocated Module Reset | RSA public key:Paired With DRBG internal state: (V value, C value):Generated From DRBG internal state: (V value, key):Generated From | RAM:Plainte xt | |
| ECDSA public key | From service invocation to service completio n | API input parameter s API output parameter s | Wipe and free memory block allocated Module Reset | ECDSA private key:Paired With DRBG internal state: (V value, C value):Generated From DRBG internal state: (V value, | RAM:Plainte xt | |
| ECDSA private key | From service invocation to service completio n | API input parameter s API output parameter s | Wipe and free memory block allocated Module Reset | ECDSA public key:Paired With DRBG internal state: (V value, C value):Generated From DRBG internal state: (V value, key):Generated From | RAM:Plainte xt | |
| Password or passphras e | From service invocation to service completio n | API input parameter s | Wipe and free memory block allocated Module Reset | Derived key:Derives | RAM:Plainte xt | |
| Derived key | From service invocation to service completio n | API output parameter s | Wipe and free memory block allocated Module Reset | Password or passphrase:Deriv ed From | RAM:Plainte xt | |
| Entropy input | From service invocation to service completio n | Wipe and free memory block allocated Module Reset | DRBG seed:Generates | RAM:Plainte xt |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module termination, or swap in/out of a physical memory page of a process, the keys in physical memory are overwritten by the Linux kernel before the physical memory is allocated to another process. The completion of a zeroization routine(s) will indicate that a zeroization procedure succeeded. All data output is inhibited during zeroization.
h y - 112256 © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module h y - 112256 © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module h y - 112256 - 112256 Table 21: SSP Table 1 s n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module n n s n s s n s s n s s n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module n s s n e s n s n n © 2024 Canonical Ltd. / atsec information security.
| Name | Storage | Zeroization | Related SSPs | |
|---|---|---|---|---|
| DRBG internal state: (V value, C value) | RAM:Plainte xt | Wipe and free memory block allocated Module Reset | From service invocation to service completio n | DRBG seed:Generated From |
| DRBG internal state: (V value, key) | RAM:Plainte xt | Wipe and free memory block allocated Module Reset | From service invocation to service completio n | DRBG seed:Generated From |
| DRBG seed | RAM:Plainte xt | Wipe and free memory block allocated Module Reset | From service invocation to service completio n | Entropy input:Generated From DRBG internal state: (V value, C value):Generates DRBG internal state: (V value, key):Generates |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module n n n n Table 22: SSP Table 2 The tables above summarize the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module.
The SHA-1 algorithm, as implemented by the module, will be non-approved for all purposes starting January 1, 2030. The RSA algorithm as implemented by the module conforms to FIPS 186-4, which has been superseded by FIPS 186-5. FIPS 186-4 has been withdrawn since February 3, 2024. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Not applicable. © 2024 Canonical Ltd. / atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Test Properties | Condition s | |
|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A3700) | HMAC- SHA2-256 (A3700) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||
| HMAC- SHA2-256 (A3701) | HMAC- SHA2-256 (A3701) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||
| HMAC- SHA2-256 (A3703) | HMAC- SHA2-256 (A3703) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||
| HMAC- SHA2-256 (A3704) | HMAC- SHA2-256 (A3704) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||
| HMAC- SHA2-256 (A3705) | HMAC- SHA2-256 (A3705) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||
| AES-ECB (A3700) | AES-ECB (A3700) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Encrypt with 128, 192, 256 bit keys | Test runs at power- on before the |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Test Properties | Condition s | |
|---|---|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A3700) | HMAC- SHA2-256 (A3700) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||||
| HMAC- SHA2-256 (A3701) | HMAC- SHA2-256 (A3701) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||||
| HMAC- SHA2-256 (A3703) | HMAC- SHA2-256 (A3703) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||||
| HMAC- SHA2-256 (A3704) | HMAC- SHA2-256 (A3704) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||||
| HMAC- SHA2-256 (A3705) | HMAC- SHA2-256 (A3705) | Message authenticatio n | SW/FW Integrit y | Integrity test for libgcrypt.so.20.3. 4 | Key size: 232 bits | Module is operationa l | ||||
| AES-ECB (A3700) | AES-ECB (A3700) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Encrypt with 128, 192, 256 bit keys | Test runs at power- on before the | |||
| AES-ECB (A3701) | AES-ECB (A3701) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Encrypt with 128, 192, 256 bit keys | Test runs at power- on before the integrity test | |||
| AES-ECB (A3703) | AES-ECB (A3703) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Encrypt with 128, 192, 256 bit keys | Test runs at power- on before the integrity test | |||
| AES-ECB (A3704) | AES-ECB (A3704) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Encrypt with 128, 192, 256 bit keys | Test runs at power- on before the integrity test | |||
| AES-ECB (A3700) | AES-ECB (A3700) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Decrypt with 128, 192, 256 bit keys | Test runs at power- on before the integrity test | |||
| AES-ECB (A3701) | AES-ECB (A3701) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Decrypt with 128, 192, 256 bit keys | Test runs at power- on before the integrity test | |||
| AES-ECB (A3703) | AES-ECB (A3703) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Decrypt with 128, 192, 256 bit keys | Test runs at power- on before the integrity test | |||
| AES-ECB (A3704) | AES-ECB (A3704) | KAT | CAS T | Symmetric operation | Module becomes operationa l | Decrypt with 128, 192, 256 bit keys | Test runs at power- on before the integrity test | |||
| AES- CMAC (A3700) | AES- CMAC (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | 128, 192, 256 bit keys, MAC generation , encrypt | Test runs at power- on before the integrity test | |||
| AES- CMAC (A3701) | AES- CMAC (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | 128, 192, 256 bit keys, MAC generation , encrypt | Test runs at power- on before the integrity test | |||
| AES- CMAC (A3703) | AES- CMAC (A3703) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | 128, 192, 256 bit keys, MAC generation , encrypt | Test runs at power- on before the integrity test | |||
| AES- CMAC (A3704) | AES- CMAC (A3704) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | 128, 192, 256 bit keys, MAC | Test runs at power- on before the | |||
| generation , encrypt | generation , encrypt | integrity test | ||||||||
| Counter DRBG (A3700) | Counter DRBG (A3700) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | AES with 128-bit key with DF, with and without PR | Test runs at power- on before the integrity test | |||
| Counter DRBG (A3701) | Counter DRBG (A3701) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | AES with 128-bit key with DF, with and without PR | Test runs at power- on before the integrity test | |||
| Counter DRBG (A3703) | Counter DRBG (A3703) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | AES with 128-bit key with DF, with and without PR | Test runs at power- on before the integrity test | |||
| Counter DRBG (A3704) | Counter DRBG (A3704) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | AES with 128-bit key with DF, with and without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3700) | Hash DRBG (A3700) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA-1 without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3701) | Hash DRBG (A3701) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA-1 without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3703) | Hash DRBG (A3703) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA-1 without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3704) | Hash DRBG (A3704) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA-1 without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3705) | Hash DRBG (A3705) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA-1 without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3700) | Hash DRBG (A3700) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3701) | Hash DRBG (A3701) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA2-256 with and without PR | Test runs at power- on before the | |||
| Hash DRBG (A3703) | Hash DRBG (A3703) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3704) | Hash DRBG (A3704) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| Hash DRBG (A3705) | Hash DRBG (A3705) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| HMAC DRBG (A3700) | HMAC DRBG (A3700) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | HMAC- SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| HMAC DRBG (A3701) | HMAC DRBG (A3701) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | HMAC- SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| HMAC DRBG (A3703) | HMAC DRBG (A3703) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | HMAC- SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| HMAC DRBG (A3704) | HMAC DRBG (A3704) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | HMAC- SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| HMAC DRBG (A3705) | HMAC DRBG (A3705) | KAT | CAS T | Compliant with SP 800- 90Ar1 | Module becomes operationa l | HMAC- SHA2-256 with and without PR | Test runs at power- on before the integrity test | |||
| RSA SigGen (FIPS186- 4) (A3700) | RSA SigGen (FIPS186- 4) (A3700) | KAT | CAS T | Digital signature generation | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| RSA SigGen (FIPS186- 4) (A3701) | RSA SigGen (FIPS186- 4) (A3701) | KAT | CAS T | Digital signature generation | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| RSA SigGen (FIPS186- 4) (A3703) | RSA SigGen (FIPS186- 4) (A3703) | KAT | CAS T | Digital signature generation | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit | Test runs at power- on before the | |||
| key and SHA2-256 | key and SHA2-256 | integrity test | ||||||||
| RSA SigGen (FIPS186- 4) (A3704) | RSA SigGen (FIPS186- 4) (A3704) | KAT | CAS T | Digital signature generation | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| RSA SigGen (FIPS186- 4) (A3705) | RSA SigGen (FIPS186- 4) (A3705) | KAT | CAS T | Digital signature generation | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| RSA SigVer (FIPS186- 4) (A3700) | RSA SigVer (FIPS186- 4) (A3700) | KAT | CAS T | Digital signature verification | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| RSA SigVer (FIPS186- 4) (A3701) | RSA SigVer (FIPS186- 4) (A3701) | KAT | CAS T | Digital signature verification | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| RSA SigVer (FIPS186- 4) (A3703) | RSA SigVer (FIPS186- 4) (A3703) | KAT | CAS T | Digital signature verification | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| RSA SigVer (FIPS186- 4) (A3704) | RSA SigVer (FIPS186- 4) (A3704) | KAT | CAS T | Digital signature verification | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| RSA SigVer (FIPS186- 4) (A3705) | RSA SigVer (FIPS186- 4) (A3705) | KAT | CAS T | Digital signature verification | Module becomes operationa l | PKCS#1 v1.5 with 2048 bit key and SHA2-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigGen (FIPS186- 4) (A3700) | ECDSA SigGen (FIPS186- 4) (A3700) | KAT | CAS T | Digital signature generation | Module becomes operationa l | P-256 with SHA-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigGen (FIPS186- 4) (A3701) | ECDSA SigGen (FIPS186- 4) (A3701) | KAT | CAS T | Digital signature generation | Module becomes operationa l | P-256 with SHA-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigGen (FIPS186- 4) (A3703) | ECDSA SigGen (FIPS186- 4) (A3703) | KAT | CAS T | Digital signature generation | Module becomes operationa l | P-256 with SHA-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigGen (FIPS186- 4) (A3704) | ECDSA SigGen (FIPS186- 4) (A3704) | KAT | CAS T | Digital signature generation | Module becomes operationa l | P-256 with SHA-256 | Test runs at power- on before the | |||
| ECDSA SigGen (FIPS186- 4) (A3705) | ECDSA SigGen (FIPS186- 4) (A3705) | KAT | CAS T | Digital signature generation | Module becomes operationa l | P-256 with SHA-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigVer (FIPS186- 4) (A3700) | ECDSA SigVer (FIPS186- 4) (A3700) | KAT | CAS T | Digital signature verification | Module becomes operationa l | P-256 with SHA2-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigVer (FIPS186- 4) (A3701) | ECDSA SigVer (FIPS186- 4) (A3701) | KAT | CAS T | Digital signature verification | Module becomes operationa l | P-256 with SHA2-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigVer (FIPS186- 4) (A3703) | ECDSA SigVer (FIPS186- 4) (A3703) | KAT | CAS T | Digital signature verification | Module becomes operationa l | P-256 with SHA2-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigVer (FIPS186- 4) (A3704) | ECDSA SigVer (FIPS186- 4) (A3704) | KAT | CAS T | Digital signature verification | Module becomes operationa l | P-256 with SHA2-256 | Test runs at power- on before the integrity test | |||
| ECDSA SigVer (FIPS186- 4) (A3705) | ECDSA SigVer (FIPS186- 4) (A3705) | KAT | CAS T | Digital signature verification | Module becomes operationa l | P-256 with SHA2-256 | Test runs at power- on before the integrity test | |||
| HMAC- SHA-1 (A3699) | HMAC- SHA-1 (A3699) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA-1 | Test runs at power- on before the integrity test | |||
| HMAC- SHA-1 (A3700) | HMAC- SHA-1 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA-1 | Test runs at power- on before the integrity test | |||
| HMAC- SHA-1 (A3701) | HMAC- SHA-1 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA-1 | Test runs at power- on before the integrity test | |||
| HMAC- SHA-1 (A3702) | HMAC- SHA-1 (A3702) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA-1 | Test runs at power- on before the integrity test | |||
| HMAC- SHA-1 (A3703) | HMAC- SHA-1 (A3703) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA-1 | Test runs at power- on before the | |||
| HMAC- SHA-1 (A3704) | HMAC- SHA-1 (A3704) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA-1 | Test runs at power- on before the integrity test | |||
| HMAC- SHA-1 (A3705) | HMAC- SHA-1 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA-1 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-224 (A3700) | HMAC- SHA2-224 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-224 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-224 (A3701) | HMAC- SHA2-224 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-224 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-224 (A3703) | HMAC- SHA2-224 (A3703) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-224 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-224 (A3704) | HMAC- SHA2-224 (A3704) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-224 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-224 (A3705) | HMAC- SHA2-224 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-224 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-256 (A3700) | HMAC- SHA2-256 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-256 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-256 (A3701) | HMAC- SHA2-256 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-256 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-256 (A3703) | HMAC- SHA2-256 (A3703) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-256 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-256 (A3704) | HMAC- SHA2-256 (A3704) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-256 | Test runs at power- on before the | |||
| HMAC- SHA2-256 (A3705) | HMAC- SHA2-256 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-256 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-384 (A3700) | HMAC- SHA2-384 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-384 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-384 (A3701) | HMAC- SHA2-384 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-384 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-384 (A3703) | HMAC- SHA2-384 (A3703) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-384 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-384 (A3704) | HMAC- SHA2-384 (A3704) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-384 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-384 (A3705) | HMAC- SHA2-384 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-384 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-512 (A3700) | HMAC- SHA2-512 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-512 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-512 (A3701) | HMAC- SHA2-512 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-512 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-512 (A3703) | HMAC- SHA2-512 (A3703) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-512 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-512 (A3704) | HMAC- SHA2-512 (A3704) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-512 | Test runs at power- on before the integrity test | |||
| HMAC- SHA2-512 (A3705) | HMAC- SHA2-512 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA2-512 | Test runs at power- on before the | |||
| HMAC- SHA3-224 (A3700) | HMAC- SHA3-224 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-224 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-224 (A3701) | HMAC- SHA3-224 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-224 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-224 (A3705) | HMAC- SHA3-224 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-224 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-256 (A3700) | HMAC- SHA3-256 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-256 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-256 (A3701) | HMAC- SHA3-256 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-256 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-256 (A3705) | HMAC- SHA3-256 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-256 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-384 (A3700) | HMAC- SHA3-384 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-384 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-384 (A3701) | HMAC- SHA3-384 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-384 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-384 (A3705) | HMAC- SHA3-384 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-384 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-512 (A3700) | HMAC- SHA3-512 (A3700) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-512 | Test runs at power- on before the integrity test | |||
| HMAC- SHA3-512 (A3701) | HMAC- SHA3-512 (A3701) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-512 | Test runs at power- on before the | |||
| HMAC- SHA3-512 (A3705) | HMAC- SHA3-512 (A3705) | KAT | CAS T | Message authenticatio n | Module becomes operationa l | SHA3-512 | Test runs at power- on before the integrity test | |||
| PBKDF (A3700) | PBKDF (A3700) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power- on before the integrity test | |||
| PBKDF (A3701) | PBKDF (A3701) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power- on before the integrity test | |||
| PBKDF (A3703) | PBKDF (A3703) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-1 password length 24 characters, | Test runs at power- on before the | |||
| master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | integrity test | ||||||||
| PBKDF (A3704) | PBKDF (A3704) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power- on before the integrity test | |||
| PBKDF (A3705) | PBKDF (A3705) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power- on before the integrity test | |||
| PBKDF (A3700) | PBKDF (A3700) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-256 password length 24 characters, master key | Test runs at power- on before the | |||
| length of 320 bits, iteration count of 4096, and salt length of 288 bits | length of 320 bits, iteration count of 4096, and salt length of 288 bits | integrity test | ||||||||
| PBKDF (A3701) | PBKDF (A3701) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power- on before the integrity test | |||
| PBKDF (A3703) | PBKDF (A3703) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power- on before the integrity test | |||
| PBKDF (A3704) | PBKDF (A3704) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-256 password length 24 characters, master key length of | Test runs at power- on before the integrity test | |||
| PBKDF (A3705) | PBKDF (A3705) | KAT | CAS T | Password- based key derivation | Module becomes operationa l | SHA-256 password length 24 characters, master key length of 320 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power- on before the integrity test | |||
| RSA KeyGen (FIPS186- 4) (A3700) | RSA KeyGen (FIPS186- 4) (A3700) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| RSA KeyGen (FIPS186- 4) (A3701) | RSA KeyGen (FIPS186- 4) (A3701) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| RSA KeyGen (FIPS186- 4) (A3703) | RSA KeyGen (FIPS186- 4) (A3703) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| RSA KeyGen (FIPS186- 4) (A3704) | RSA KeyGen (FIPS186- 4) (A3704) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| RSA KeyGen (FIPS186- 4) (A3705) | RSA KeyGen (FIPS186- 4) (A3705) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186- 4) (A3700) | ECDSA KeyGen (FIPS186- 4) (A3700) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186- 4) (A3701) | ECDSA KeyGen (FIPS186- 4) (A3701) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186- 4) (A3703) | ECDSA KeyGen (FIPS186- 4) (A3703) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186- 4) (A3704) | ECDSA KeyGen (FIPS186- 4) (A3704) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification | Key pair generation | |||
| ECDSA KeyGen (FIPS186- 4) (A3705) | ECDSA KeyGen (FIPS186- 4) (A3705) | PCT | PCT | Signature generation & verification | Successful key pair generation | Signature generation and verification with SHA2- 256 | Key pair generation | |||
| HMAC-SHA2- 256 (A3700) | HMAC-SHA2- 256 (A3700) | Message authentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on | |||||
| HMAC-SHA2- 256 (A3701) | HMAC-SHA2- 256 (A3701) | Message authentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
s HMACSHA2-256 n y l HMACSHA2-256 n y l HMACSHA2-256 n y l HMACSHA2-256 n y l HMACSHA2-256 n y l Table 23: Pre-Operational Self-Tests The module performs the integrity test using HMAC-SHA-256. Further details of the integrity test are provided in Section 5.1.
d e T l s © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s T l T l T l T l T l © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e AESCMAC s T l T l T l n AESCMAC T l n AESCMAC T l n AESCMAC T l n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s T l T l T l T l T l © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s T l T l T l T l T l T l © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s T l T l T l HMACSHA2-256 T l HMACSHA2-256 T l © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e HMACSHA2-256 HMACSHA2-256 s T l T l HMACSHA2-256 T l (FIPS1864) (A3700) T l (FIPS1864) (A3701) T l T l © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s (FIPS1864) (A3704) T l (FIPS1864) (A3705) T l (FIPS1864) (A3700) T l (FIPS1864) (A3701) T l (FIPS1864) (A3703) T l © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e (FIPS1864) (A3704) (FIPS1864) (A3705) s T l T l (FIPS1864) (A3700) T l (FIPS1864) (A3701) T l (FIPS1864) (A3703) T l (FIPS1864) (A3704) T l © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s (FIPS1864) (A3705) T l (FIPS1864) (A3700) T l (FIPS1864) (A3701) T l (FIPS1864) (A3703) T l (FIPS1864) (A3704) T l © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e (FIPS1864) (A3705) HMACSHA-1 HMACSHA-1 s T l T l n T l n HMACSHA-1 T l n HMACSHA-1 T l n HMACSHA-1 T l n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s HMACSHA-1 T l n HMACSHA-1 T l n HMACSHA2-224 T l n HMACSHA2-224 T l n HMACSHA2-224 T l n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e HMACSHA2-224 HMACSHA2-224 HMACSHA2-256 s T l n T l n T l n HMACSHA2-256 T l n HMACSHA2-256 T l n HMACSHA2-256 T l n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s HMACSHA2-256 T l n HMACSHA2-384 T l n HMACSHA2-384 T l n HMACSHA2-384 T l n HMACSHA2-384 T l n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e HMACSHA2-384 HMACSHA2-512 HMACSHA2-512 s T l n T l n T l n HMACSHA2-512 T l n HMACSHA2-512 T l n HMACSHA2-512 T l n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s HMACSHA3-224 T l n HMACSHA3-224 T l n HMACSHA3-224 T l n HMACSHA3-256 T l n HMACSHA3-256 T l n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e HMACSHA3-256 HMACSHA3-384 HMACSHA3-384 s T l n T l n T l n HMACSHA3-384 T l n HMACSHA3-512 T l n HMACSHA3-512 T l n © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s HMACSHA3-512 T l n T l Passwordbased key T l Passwordbased key T l Passwordbased key © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s T l Passwordbased key T l Passwordbased key T l Passwordbased key © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s T l Passwordbased key T l Passwordbased key T l Passwordbased key © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s T l Passwordbased key (FIPS1864) (A3700) with SHA2256 (FIPS1864) (A3701) with SHA2256 (FIPS1864) (A3703) with SHA2256 © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d (FIPS1864) (A3704) with SHA2256 (FIPS1864) (A3705) e s with SHA2256 (FIPS1864) (A3700) with SHA2256 (FIPS1864) (A3701) with SHA2256 (FIPS1864) (A3703) with SHA2256 (FIPS1864) (A3704) © 2024 Canonical Ltd. / atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Test Properties | Indicator | Condition s |
|---|---|---|---|---|---|---|---|---|---|
| ECDSA KeyGen (FIPS186- 4) (A3705) | ECDSA KeyGen (FIPS186- 4) (A3705) | PCT | PCT | Signature generation & verification | Signature generation and verification with SHA2- 256 | Successful key pair generation | Key pair generation | ||
| HMAC-SHA2- 256 (A3700) | HMAC-SHA2- 256 (A3700) | Message authentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on | ||||
| HMAC-SHA2- 256 (A3701) | HMAC-SHA2- 256 (A3701) | Message authentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on | ||||
| HMAC-SHA2- 256 (A3703) | HMAC-SHA2- 256 (A3703) | Message authentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on | ||||
| HMAC-SHA2- 256 (A3704) | HMAC-SHA2- 256 (A3704) | Message authentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on | ||||
| HMAC-SHA2- 256 (A3705) | HMAC-SHA2- 256 (A3705) | Message authentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on | ||||
| AES-ECB (A3700) | AES-ECB (A3700) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3701) | AES-ECB (A3701) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3703) | AES-ECB (A3703) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3704) | AES-ECB (A3704) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3700) | AES-ECB (A3700) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3701) | AES-ECB (A3701) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3703) | AES-ECB (A3703) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A3704) | AES-ECB (A3704) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3700) | AES-CMAC (A3700) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3701) | AES-CMAC (A3701) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3703) | AES-CMAC (A3703) | KAT | CAST | On Demand | Manually | ||||
| AES-CMAC (A3704) | AES-CMAC (A3704) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A3700) | Counter DRBG (A3700) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A3701) | Counter DRBG (A3701) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A3703) | Counter DRBG (A3703) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A3704) | Counter DRBG (A3704) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3700) | Hash DRBG (A3700) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3701) | Hash DRBG (A3701) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3703) | Hash DRBG (A3703) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3704) | Hash DRBG (A3704) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3705) | Hash DRBG (A3705) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3700) | Hash DRBG (A3700) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3701) | Hash DRBG (A3701) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3703) | Hash DRBG (A3703) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3704) | Hash DRBG (A3704) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A3705) | Hash DRBG (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3700) | HMAC DRBG (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3701) | HMAC DRBG (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3703) | HMAC DRBG (A3703) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3704) | HMAC DRBG (A3704) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A3705) | HMAC DRBG (A3705) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3700) | RSA SigGen (FIPS186-4) (A3700) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3701) | RSA SigGen (FIPS186-4) (A3701) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3703) | RSA SigGen (FIPS186-4) (A3703) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3704) | RSA SigGen (FIPS186-4) (A3704) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-4) (A3705) | RSA SigGen (FIPS186-4) (A3705) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3700) | RSA SigVer (FIPS186-4) (A3700) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3701) | RSA SigVer (FIPS186-4) (A3701) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3703) | RSA SigVer (FIPS186-4) (A3703) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3704) | RSA SigVer (FIPS186-4) (A3704) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-4) (A3705) | RSA SigVer (FIPS186-4) (A3705) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3700) | ECDSA SigGen (FIPS186-4) (A3700) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3701) | ECDSA SigGen (FIPS186-4) (A3701) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3703) | ECDSA SigGen (FIPS186-4) (A3703) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3704) | ECDSA SigGen (FIPS186-4) (A3704) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-4) (A3705) | ECDSA SigGen (FIPS186-4) (A3705) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3700) | ECDSA SigVer (FIPS186-4) (A3700) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3701) | ECDSA SigVer (FIPS186-4) (A3701) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3703) | ECDSA SigVer (FIPS186-4) (A3703) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3704) | ECDSA SigVer (FIPS186-4) (A3704) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-4) (A3705) | ECDSA SigVer (FIPS186-4) (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3699) | HMAC-SHA-1 (A3699) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3700) | HMAC-SHA-1 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3701) | HMAC-SHA-1 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3702) | HMAC-SHA-1 (A3702) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3703) | HMAC-SHA-1 (A3703) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3704) | HMAC-SHA-1 (A3704) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA-1 (A3705) | HMAC-SHA-1 (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3700) | HMAC-SHA2- 224 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3701) | HMAC-SHA2- 224 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3703) | HMAC-SHA2- 224 (A3703) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3704) | HMAC-SHA2- 224 (A3704) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 224 (A3705) | HMAC-SHA2- 224 (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3700) | HMAC-SHA2- 256 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3701) | HMAC-SHA2- 256 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3703) | HMAC-SHA2- 256 (A3703) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3704) | HMAC-SHA2- 256 (A3704) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A3705) | HMAC-SHA2- 256 (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3700) | HMAC-SHA2- 384 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3701) | HMAC-SHA2- 384 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3703) | HMAC-SHA2- 384 (A3703) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3704) | HMAC-SHA2- 384 (A3704) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 384 (A3705) | HMAC-SHA2- 384 (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3700) | HMAC-SHA2- 512 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3701) | HMAC-SHA2- 512 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3703) | HMAC-SHA2- 512 (A3703) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3704) | HMAC-SHA2- 512 (A3704) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 512 (A3705) | HMAC-SHA2- 512 (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 224 (A3700) | HMAC-SHA3- 224 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 224 (A3701) | HMAC-SHA3- 224 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 224 (A3705) | HMAC-SHA3- 224 (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 256 (A3700) | HMAC-SHA3- 256 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 256 (A3701) | HMAC-SHA3- 256 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 256 (A3705) | HMAC-SHA3- 256 (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 384 (A3700) | HMAC-SHA3- 384 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 384 (A3701) | HMAC-SHA3- 384 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 384 (A3705) | HMAC-SHA3- 384 (A3705) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 512 (A3700) | HMAC-SHA3- 512 (A3700) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 512 (A3701) | HMAC-SHA3- 512 (A3701) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA3- 512 (A3705) | HMAC-SHA3- 512 (A3705) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3700) | PBKDF (A3700) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3701) | PBKDF (A3701) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3703) | PBKDF (A3703) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3704) | PBKDF (A3704) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3705) | PBKDF (A3705) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3700) | PBKDF (A3700) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3701) | PBKDF (A3701) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3703) | PBKDF (A3703) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3704) | PBKDF (A3704) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A3705) | PBKDF (A3705) | KAT | CAST | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3700) | RSA KeyGen (FIPS186-4) (A3700) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3701) | RSA KeyGen (FIPS186-4) (A3701) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3703) | RSA KeyGen (FIPS186-4) (A3703) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3704) | RSA KeyGen (FIPS186-4) (A3704) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-4) (A3705) | RSA KeyGen (FIPS186-4) (A3705) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3700) | ECDSA KeyGen (FIPS186-4) (A3700) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3701) | ECDSA KeyGen (FIPS186-4) (A3701) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3703) | ECDSA KeyGen (FIPS186-4) (A3703) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3704) | ECDSA KeyGen (FIPS186-4) (A3704) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-4) (A3705) | ECDSA KeyGen (FIPS186-4) (A3705) | PCT | PCT | On Demand | Manually |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module d e s with SHA2256 (FIPS1864) (A3705) with SHA2256 Table 24: Conditional Self-Tests The table above lists the CASTs and PCTs performed by the module. All CASTs performed are in the form of the Known Answer Tests (KATs) and are run prior to performing the integrity test. The details of the integrity test are provided in Section 5.1. The KAT includes comparison of the calculated output with the expected known answer, hard coded as part of the test vectors used in the test. If the values do not match, the KAT fails. The module also performs the Pair-wise Consistency Tests (PCT) shown in the table above. If at least one of the tests fails, the module returns an error code and enters the Error state. When the module is in the Error state, no data is output, and cryptographic operations are not allowed.
© 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table 25: Pre-Operational Periodic Information © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module © 2024 Canonical Ltd. / atsec information security.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error state | The module immediately stops | Software integrity test failure | An error message related to the | Restart of the module |
| functioning due to a self-test failure | functioning due to a self-test failure | CAST failure PCT failure | cause of the failure | |
| Fatal Error state | The module immediately halts all cryptographic operations and transits to shutdown | Random numbers are requested in the Error state Cipher operations are requested on a deallocated handle | The module is aborted and is not available for use | Restart of the module |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table 26: Conditional Periodic Information The module does not implement periodic self-tests.
© 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Table 27: Error States When the module fails any pre-operational self-test or conditional test, the module will return an error code to indicate the error and will enter the Error state. Any further cryptographic operation is inhibited. The calling application can obtain the module state by calling the gcry_control(GCRYCTL_OPERATIONAL_P) API function. The function returns FALSE if the module is in the Error state, TRUE if the module is in the Operational state. In the Error state, all data output is inhibited, and no cryptographic operation is allowed. The error can be recovered by a restart (i.e., The table above shows the error codes and their corresponding condition.
On-Demand self-tests can be performed by powering-off and reloading the module, which cause the module to run the pre-operational tests again. Invoking the gcry_control(GCRYCTL_SELFTEST) API function will run the pre-operational self-test and CASTs on demand. Information on the execution of these tests are detailed in Section 5.2.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
Once the operating environment is configured following the instructions provided below, the Crypto Officer can install the Ubuntu packages containing the module listed in Section 11.2 using the Advanced Package Tool (APT) with the following command line: $ sudo apt-get install libcgrypt20 libgcrypt20-hmac All the Ubuntu packages are associated with hashes for integrity check. The integrity of the Ubuntu package is automatically verified by the packing tool during the installation of the module. The Crypto Officer shall not install the package if the integrity fails. Once the Debian packages have been installed, the operator needs to check the output of the gcry_version() API, which should show the following name and version: Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module 1.9.4-3ubuntu3+Fips1.2 FIPS configuration can be enabled automatically via the Ubuntu Advantage tool after attaching your subscription. (1) To install the tool type the following commands: $ sudo apt update $ sudo apt install ubuntu-advantage-tools (2) To activate the Ubuntu Pro subscription run: $ sudo pro attach <your_pro_token> (3) To enable approved mode run: $ sudo pro enable fips (4) To verify that approved mode is enabled run: $ sudo pro status The pro client will install the necessary packages for the approved mode, including the kernel and the bootloader. After this step you MUST reboot to put the system into approved mode. The reboot will boot into FIPS supported kernel and create the /proc/sys/crypto/fips_enabled entry which tells the FIPS certified modules to run in approved mode. If you do not reboot after installing and configuring the bootloader, approved mode is not yet enabled. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
The binaries of the module are contained in the Ubuntu packages for delivery. The Crypto Officer shall follow this Security Policy (Section 11.1) to configure the operational environment and install the module to be operated as a FIPS 140-3 validated module. The following Ubuntu packages contain the FIPS validated module:
There is no non-administrator guidance.
The user must not call malloc/free to create/release space for keys, let libgcrypt manage space for keys, which will ensure that the key memory is overwritten before it is released. gcry_control(GCRYCTL_TERM_SECMEM) needs to be called before the process is terminated.
There are no maintenance requirements.
For secure sanitization of the cryptographic module, the module must first be powered off, which will zeroize all keys and CSPs in volatile memory. Then, for actual deprecation, the module shall be upgraded to a newer version that is FIPS 140-3 validated. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module The module does not possess persistent storage of SSPs, so further sanitization steps are not required.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module
The module implements blinding against RSA Timing Attacks. RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack.
By default, the module uses the following blinding technique: instead of using the RSA decryption directly, a blinded value y = x re mod n is decrypted and the unblinded value x' = y' r−1 mod n returned.
The blinding value r is a random value with the size of the modulus n.
Not applicable. © 2024 Canonical Ltd. / atsec information security.
| Name | Key Size | ||||
|---|---|---|---|---|---|
| d | curve | data | e | ecdsa | flags |
| hash | genkey | hash-algo | n | nbits | pkcs1 |
| pss | private-key | public-key | q | r | raw |
| rsa-use-e | rsa | s | salt-length | sig-val | value |
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Below are listed the approved public key flags for an input s-expression: d e n q r s © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Appendix B. Glossary and Abbreviations AES Advanced Encryption Standard AES-NI Advanced Encryption Standard New Instructions CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter Mode DF Derivation Function DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECDSA Elliptic Curve Digital Signature Algorithm FIPS Federal Information Processing Standards Publication FSM Finite State Model GCM Galois Counter Mode HMAC Hash Message Authentication Code KAS Key Agreement Schema KAT Known Answer Test KW AES Key Wrap MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PR Prediction Resistance PSS Probabilistic Signature Scheme RNG Random Number Generator RSA Rivest, Shamir, Adleman SHA Secure Hash Algorithm © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module SHS Secure Hash Standard XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module Appendix C. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS1403_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program September 2020 https://csrc.nist.gov/Projects/cryptographic-module-validationprogram/fips-140-3-ig-announcements FIPS180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt SP80038A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module SP80038B NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/detail/sp/800-38b/final SP80038C NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication80038c.pdf SP800-38E NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-80038E.pdf SP800-38F NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038F.pdf SP800-57 NIST Special Publication 800-57 Part 1 Revision 5 Recommendation for Key Management Part 1: General May 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80057pt1r5.pdf SP80090A NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090Ar1.pdf SP80090B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090B.pdf © 2024 Canonical Ltd. / atsec information security.
Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module SP800-108 NIST Special Publication 800-108 - Recommendation for Key Derivation Using Pseudorandom Functions (Revised) October 2009 https://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf SP800-132 NIST Special Publication 800-132 - Recommendation for PasswordBased Key Derivation - Part 1: Storage Applications December 2010 https://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf SP800-133 NIST Special Publication 800-133 - Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800133r2.pdf SP800140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800140B.pdf © 2024 Canonical Ltd. / atsec information security.