All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Red Hat Enterprise Linux 9 Kernel Cryptographic API

Certificate#4796StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorRed Hat(R), Inc.
High review priority  ·  exposes kernel crypto consumer  ·  Linux kernel upstream has published 10212 CVEs since this module's initial validation  ·  last validated 22 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/10/2026
CaveatInterim validation. When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. The module generates random strings whose strengths are modified by available entropy.
VendorRed Hat(R), Inc.

Approved Algorithms (189)

AlgorithmACVP Cert
AES-CBCA3629
AES-CBCA3636
AES-CBCA3639
AES-CBCA3719
AES-CBCA3722
AES-CBCA4549
AES-CBC-CS3A3633
AES-CBC-CS3A3644
AES-CBC-CS3A3727
AES-CCMA3629
AES-CCMA3639
AES-CCMA3719
AES-CCMA3722
AES-CFB128A3631
AES-CFB128A3642
AES-CFB128A3725
AES-CMACA3629
AES-CMACA3639
AES-CMACA3719
AES-CMACA3722
AES-CTRA3629
AES-CTRA3636
AES-CTRA3639
AES-CTRA3719
AES-CTRA3722
AES-CTRA4549
AES-ECBA3629
AES-ECBA3634
AES-ECBA3635
AES-ECBA3636
AES-ECBA3637
AES-ECBA3638
AES-ECBA3639
AES-ECBA3640
AES-ECBA3641
AES-ECBA3719
AES-ECBA3720
AES-ECBA3721
AES-ECBA3722
AES-ECBA3723
AES-ECBA3724
AES-GCMA3629
AES-GCMA3634
AES-GCMA3635
AES-GCMA3636
AES-GCMA3637
AES-GCMA3638
AES-GCMA3639
AES-GCMA3640
AES-GCMA3641
AES-GCMA3719
AES-GCMA3720
AES-GCMA3721
AES-GCMA3722
AES-GCMA3723
AES-GCMA3724
AES-GMACA3629
AES-GMACA3639
AES-GMACA3719
AES-GMACA3722
AES-OFBA3632
AES-OFBA3643
AES-OFBA3726
AES-XTS Testing Revision 2.0A3629
AES-XTS Testing Revision 2.0A3636
AES-XTS Testing Revision 2.0A3639
AES-XTS Testing Revision 2.0A3719
AES-XTS Testing Revision 2.0A3722
AES-XTS Testing Revision 2.0A4549
Counter DRBGA3629
Counter DRBGA3634
Counter DRBGA3635
Counter DRBGA3636
Counter DRBGA3637
Counter DRBGA3638
Counter DRBGA3639
Counter DRBGA3640
Counter DRBGA3641
Counter DRBGA3719
Counter DRBGA3720
Counter DRBGA3721
Counter DRBGA3722
Counter DRBGA3723
Counter DRBGA3724
Hash DRBGA3629
Hash DRBGA3634
Hash DRBGA3635
Hash DRBGA3636
Hash DRBGA3637
Hash DRBGA3638
Hash DRBGA3639
Hash DRBGA3640
Hash DRBGA3641
Hash DRBGA3645
Hash DRBGA3646
Hash DRBGA3647
Hash DRBGA3720
Hash DRBGA3721
Hash DRBGA3722
Hash DRBGA3723
Hash DRBGA3724
HMAC DRBGA3629
HMAC DRBGA3634
HMAC DRBGA3635
HMAC DRBGA3636
HMAC DRBGA3637
HMAC DRBGA3638
HMAC DRBGA3639
HMAC DRBGA3640
HMAC DRBGA3641
HMAC DRBGA3645
HMAC DRBGA3646
HMAC DRBGA3647
HMAC DRBGA3720
HMAC DRBGA3721
HMAC DRBGA3722
HMAC DRBGA3723
HMAC DRBGA3724
HMAC-SHA-1A3629
HMAC-SHA-1A3645
HMAC-SHA-1A3646
HMAC-SHA-1A3647
HMAC-SHA-1A3722
HMAC-SHA2-224A3629
HMAC-SHA2-224A3645
HMAC-SHA2-224A3646
HMAC-SHA2-224A3647
HMAC-SHA2-224A3722
HMAC-SHA2-256A3629
HMAC-SHA2-256A3645
HMAC-SHA2-256A3646
HMAC-SHA2-256A3647
HMAC-SHA2-256A3722
HMAC-SHA2-384A3629
HMAC-SHA2-384A3645
HMAC-SHA2-384A3646
HMAC-SHA2-384A3647
HMAC-SHA2-384A3722
HMAC-SHA2-512A3629
HMAC-SHA2-512A3645
HMAC-SHA2-512A3646
HMAC-SHA2-512A3647
HMAC-SHA2-512A3722
HMAC-SHA3-224A3630
HMAC-SHA3-224A3728
HMAC-SHA3-256A3630
HMAC-SHA3-256A3728
HMAC-SHA3-384A3630
HMAC-SHA3-384A3728
HMAC-SHA3-512A3630
HMAC-SHA3-512A3728
RSA SigVer (FIPS186-4)A3629
RSA SigVer (FIPS186-4)A3645
RSA SigVer (FIPS186-4)A3646
RSA SigVer (FIPS186-4)A3647
RSA SigVer (FIPS186-4)A3722
SHA-1A3629
SHA-1A3645
SHA-1A3646
SHA-1A3647
SHA-1A3722
SHA2-224A3629
SHA2-224A3645
SHA2-224A3646
SHA2-224A3647
SHA2-224A3722
SHA2-256A3629
SHA2-256A3645
SHA2-256A3646
SHA2-256A3647
SHA2-256A3722
SHA2-384A3629
SHA2-384A3645
SHA2-384A3646
SHA2-384A3647
SHA2-384A3722
SHA2-512A3629
SHA2-512A3645
SHA2-512A3646
SHA2-512A3647
SHA2-512A3722
SHA3-224A3630
SHA3-224A3728
SHA3-256A3630
SHA3-256A3728
SHA3-384A3630
SHA3-384A3728
SHA3-512A3630
SHA3-512A3728

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Physical Security7
Non-Invasive Security8
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other Attacks1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Red Hat Enterprise Linux 9 Kernel Cryptographic API
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Encryption with AES<br/>Decryption with AES<br/>Show status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Red Hat Enterprise Linux 9 Kernel Cryptographic API
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Encryption with AES<br/>Decryption with AES<br/>Show status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Red Hat, Inc. Red Hat Enterprise Linux 9 Kernel Cryptographic API Document Version: 1.2 Last Modified: 09/03/2024 Prepared by: atsec information security corporation

4516 Seton Center Parkway, Suite 250

Austin, TX 78759 www.atsec.com © 2024 Red Hat, Inc./ atsec information security corporation.

Page 2
Table of Contents
#SectionPage
1General6
1.1Overview6
1.2Security Levels6
1.3Additional Information [O]6
2Cryptographic Module Specification7
2.1Description7
2.2Tested and Vendor Affirmed Module Version and Identification8
2.3Excluded Components9
2.4Modes of Operation9
2.5Algorithms10
2.6Security Function Implementations20
2.7Algorithm Specific Information28
2.8RBG and Entropy29
2.9Key Generation30
2.10Key Establishment30
2.11Industry Protocols30
2.12Additional Information [O]30
3Cryptographic Module Interfaces31
3.1Ports and Interfaces31
3.2Trusted Channel Specification [O]31
3.3Control Interface Not Inhibited [O]31
3.4Additional Information [O]31
4Roles, Services, and Authentication32
4.1Authentication Methods32
4.2Roles32
4.3Approved Services32
4.4Non-Approved Services37
4.5External Software/Firmware Loaded37
4.6Bypass Actions and Status [O]37
4.7Cryptographic Output Actions and Status [O]37
4.8Additional Information [O]37
5Software/Firmware Security38
5.1Integrity Techniques38
5.2Initiate on Demand38
5.3Open-Source Parameters [O]38
5.4Additional Information [O]38
6Operational Environment39
6.1Operational Environment Type and Requirements39
6.2Configuration Settings and Restrictions [O]39
6.3Additional Information [O]39
7Physical Security40
7.1Mechanisms and Actions Required40
7.2User Placed Tamper Seals [O]40
7.3Filler Panels [O]40
7.4Fault Induction Mitigation [O]40
7.5EFP/EFT Information [O]40
7.6Hardness Testing Temperature Ranges [O]40
7.7Additional Information [O]40
8Non-Invasive Security41
8.1Mitigation Techniques [O]41
8.2Effectiveness [O]41
8.3Additional Information [O]41
9Sensitive Security Parameters Management42
9.1Storage Areas42
9.2SSP Input-Output Methods42
9.3SSP Zeroization Methods42
9.4SSPs43
9.5Transitions [O]45
9.6Additional Information [O]45
10Self-Tests46
10.1Pre-Operational Self-Tests46
10.2Conditional Self-Tests46
10.3Periodic Self-Test Information86
10.4Error States96
10.5Operator Initiation of Self-Tests [O]97
10.6Additional Information [O]97
11Life-Cycle Assurance98
11.1Installation, Initialization, and Startup Procedures98
11.2Administrator Guidance98
11.3Non-Administrator Guidance98
11.4Design and Rules [O]98
11.5Maintenance Requirements [O]98
11.6End of Life [O]98
11.7Additional Information [O]99
12Mitigation of Other Attacks100
12.1Attack List [O]100
12.2Mitigation Effectiveness [O]100
12.3Guidance and Constraints [O]100
12.4Additional Information [O]100
Page 3

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 4

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 5
List of Tables
ItemPage
Table : Security Levels6
Table : Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)8
Table : Tested Operational Environments - Software, Firmware, Hybrid9
Table : Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid9
Table : Modes List and Description10
Table : Approved Algorithms20
Table : Non-Approved, Not Allowed Algorithms20
Table : Security Function Implementations28
Table : Entropy Certificates29
Table : Entropy Sources30
Table : Ports and Interfaces31
Table : Roles32
Table : Approved Services36
Table : Non-Approved Services37
Table : EFP/EFT Information40
Table : Hardness Testing Temperatures40
Table : Storage Areas42
Table : SSP Input-Output Methods42
Table : SSP Zeroization Methods43
Table : SSP Table 144
Table : SSP Table 245
Table : Pre-Operational Self-Tests46
Table : Conditional Self-Tests86
Table : Pre-Operational Periodic Information86
Table : Conditional Periodic Information96
Table : Error States96
Figure 1: Block Diagram8
Page 6
Security level
NameISO SectionLevel
111
221
331
441
551
661
77N/A
88N/A
991
10101
11111
1212N/A
1 General
1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for version 5.14.070.53.1.el9_0; libkcapi 1.3.1-3.el9 of the Red Hat Enterprise Linux 9 Kernel Cryptographic API module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module. intact and including this notice. Other documentation is proprietary to their authors.

1.1.1 How this Security Policy was prepared

In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.

1.2 Security Levels
1.3 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 7
2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Red Hat Enterprise Linux 9 Kernel Cryptographic API (hereafter referred to as “the module”) provides a C language application program interface (API) for use by other (kernel space and user space) processes that require cryptographic functionality. The module operates on a general-purpose computer as part of the Linux kernel. Its cryptographic functionality can be accessed using the Linux Kernel Crypto API. Module Type: Software Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic boundary of the module is defined as the kernel binary and the kernel crypto object files, the libkcapi library, and the sha512hmac binary, which is used to verify the integrity of the software components. In addition, the cryptographic boundary contains the .hmac files which store the expected integrity values for each of the software components. Tested Operational Environment’s Physical Perimeter (TOEPP) [O]: The TOEPP of the module is defined as the general-purpose computer on which the module is installed. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 8
Module configuration
NameFirmware VersionFeaturesPackageIntegrity Test
/boot/vmlinuz-5.14.0-70.53.1.el9_0.x86_64; *.ko and *.ko.xz files in /usr/lib/modules/5.14.0- 70.53.1.el9_0.x86_64/kernel/crypto *.ko and *.ko.xz files in /usr/lib/modules/5.14.0- 70.53.1.el9_0.x86_64/kernel/arch/x86/crypto; /usr/lib64/libkcapi.so.1.3.1, /usr/bin/sha512hmac5.14.0- 70.53.1.el9_0; 1.3.1-3.el9N/A/boot/vmlinuz-5.14.0-70.53.1.el9_0.x86_64; *.ko and *.ko.xz files in /usr/lib/modules/5.14.0- 70.53.1.el9_0.x86_64/kernel/crypto *.ko and *.ko.xz files in /usr/lib/modules/5.14.0- 70.53.1.el9_0.x86_64/kernel/arch/x86/crypto; /usr/lib64/libkcapi.so.1.3.1, /usr/bin/sha512hmacHMAC-SHA- 512; RSA signature verification
2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 9
Module configuration
NameOperating SystemHardware PlatformSoftware VersionProcessorPaa PaiHypervisor
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9Dell PowerEdge R4405.14.0- 70.53.1.el9_0 1.3.1-3.el9Intel Xeon Silver 4216YesN/A
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9IBM z16 3931-A015.14.0- 70.53.1.el9_0 1.3.1-3.el9IBM z16YesN/A
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9Dell PowerEdge R4405.14.0- 70.53.1.el9_0 1.3.1-3.el9Intel Xeon Silver 4216NoN/A
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9IBM z16 3931-A015.14.0- 70.53.1.el9_0 1.3.1-3.el9IBM z16NoN/A
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9IBM 9080- HEX5.14.0- 70.53.1.el9_0 1.3.1-3.el9IBM POWER10NoPowerVM FW1040.00 with VIOS 3.1.3.00
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9Intel Xeon E5
Module configuration
NameOperating SystemHardware PlatformSoftware VersionProcessorPaa PaiHypervisor
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9Dell PowerEdge R4405.14.0- 70.53.1.el9_0 1.3.1-3.el9Intel Xeon Silver 4216YesN/A
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9IBM z16 3931-A015.14.0- 70.53.1.el9_0 1.3.1-3.el9IBM z16YesN/A
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9Dell PowerEdge R4405.14.0- 70.53.1.el9_0 1.3.1-3.el9Intel Xeon Silver 4216NoN/A
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9IBM z16 3931-A015.14.0- 70.53.1.el9_0 1.3.1-3.el9IBM z16NoN/A
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9IBM 9080- HEX5.14.0- 70.53.1.el9_0 1.3.1-3.el9IBM POWER10NoPowerVM FW1040.00 with VIOS 3.1.3.00
Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9Intel Xeon E5

N/A for this module. Tested Operational Environments - Software, Firmware, Hybrid: N/A 5.14.0Enterprise N/A 5.14.0Enterprise N/A 5.14.0Enterprise N/A 5.14.0Enterprise IBM 9080IBM 5.14.0Enterprise Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.

2.3 Excluded Components

There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.

2.4 Modes of Operation

Modes List and Description: © 2024 Red Hat, Inc./ atsec information security corporation.

Page 10
Service
NameDescriptionIndicatorType
Non- approved modeAutomatically entered whenever a non-approved service is requestedEquivalent to the indicator of the requested service as defined in section 4.3Non- Approved
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA3629Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA3629Key Length - 128, 192, 256SP 800-38C
AES-CMACA3629Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CTRA3629Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA3629Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3629Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-GMACA3629Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-XTS Testing Revision 2.0A3629Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA3629Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3629Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3629Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC-SHA-1A3629Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-224A3629Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-256A3629Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-384A3629Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-512A3629Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
RSA SigVer (FIPS186- 4)A3629Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096FIPS 186-4
SHA-1A3629Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-224A3629Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-256A3629Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-384A3629Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-512A3629Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
HMAC-SHA3-224A3630Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA3-256A3630Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA3-384A3630Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA3-512A3630Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
SHA3-224A3630Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 202
SHA3-256A3630Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 202
SHA3-384A3630Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 202
SHA3-512A3630Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 202
AES-CFB128A3631Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA3632Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A3633Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA3634Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3634Direction - Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3634Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3634Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3634Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
AES-ECBA3635Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3635Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3635Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3635Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3635Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
AES-CBCA3636Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA3636Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA3636Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3636Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-XTS Testing Revision 2.0A3636Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA3636Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3636Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3636Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
AES-ECBA3637Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3637Direction - Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3637Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3637Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3637Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
AES-ECBA3638Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3638Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3638Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3638Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3638Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
AES-CBCA3639Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA3639Key Length - 128, 192, 256SP 800-38C
AES-CMACA3639Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CTRA3639Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA3639Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3639Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-GMACA3639Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-XTS Testing Revision 2.0A3639Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA3639Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3639Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3639Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
AES-ECBA3640Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3640Direction - Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3640Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3640Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3640Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
AES-ECBA3641Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3641Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3641Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3641Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3641Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
AES-CFB128A3642Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA3643Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A3644Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
Hash DRBGA3645Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3645Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC-SHA-1A3645Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-224A3645Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-256A3645Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-384A3645Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-512A3645Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
RSA SigVer (FIPS186- 4)A3645Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096FIPS 186-4
SHA-1A3645Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-224A3645Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-256A3645Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-384A3645Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-512A3645Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
Hash DRBGA3646Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3646Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC-SHA-1A3646Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-224A3646Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-256A3646Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-384A3646Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-512A3646Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
RSA SigVer (FIPS186- 4)A3646Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096FIPS 186-4
SHA-1A3646Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-224A3646Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-256A3646Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-384A3646Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-512A3646Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
Hash DRBGA3647Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3647Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-384, SHA2-512SP 800-90A Rev. 1
HMAC-SHA-1A3647Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-224A3647Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-256A3647Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-384A3647Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-512A3647Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
RSA SigVer (FIPS186- 4)A3647Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096FIPS 186-4
SHA-1A3647Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-224A3647Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-256A3647Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-384A3647Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-512A3647Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
AES-CBCA3719Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA3719Key Length - 128, 192, 256SP 800-38C
AES-CMACA3719Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CTRA3719Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA3719Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3719Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-GMACA3719Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-XTS Testing Revision 2.0A3719Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA3719Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
AES-ECBA3720Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3720Direction - Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3720Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3720Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3720Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
AES-ECBA3721Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3721Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3721Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3721Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3721Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
AES-CBCA3722Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA3722Key Length - 128, 192, 256SP 800-38C
AES-CMACA3722Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CTRA3722Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA3722Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3722Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-GMACA3722Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-XTS Testing Revision 2.0A3722Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA3722Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3722Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3722Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC-SHA-1A3722Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-224A3722Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-256A3722Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-384A3722Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA2-512A3722Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
RSA SigVer (FIPS186- 4)A3722Signature Type - PKCS 1.5 Modulo - 2048, 3072, 4096FIPS 186-4
SHA-1A3722Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-224A3722Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-256A3722Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-384A3722Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
SHA2-512A3722Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 180-4
AES-ECBA3723Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3723Direction - Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3723Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3723Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3723Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
AES-ECBA3724Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA3724Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
Counter DRBGA3724Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
Hash DRBGA3724Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
HMAC DRBGA3724Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512SP 800-90A Rev. 1
AES-CFB128A3725Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA3726Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A3727Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
HMAC-SHA3-224A3728Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA3-256A3728Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA3-384A3728Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
HMAC-SHA3-512A3728Key Length - Key Length: 112- 524288 Increment 8FIPS 198-1
SHA3-224A3728Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 202
SHA3-256A3728Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 202
SHA3-384A3728Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 202
SHA3-512A3728Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2FIPS 202
AES-CBCA4549Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA4549Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-XTS Testing Revision 2.0A4549Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E

Nonapproved Table 5: Modes List and Description After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode. No operator intervention is required to reach this point. Mode Change Instructions and Status [O]: The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status indicator of the mode of The module does not implement a degraded mode of operation.

2.5 Algorithms

Approved Algorithms: © 2024 Red Hat, Inc./ atsec information security corporation.

Page 11

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 12

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 13

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 14

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 15

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 16

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 17

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 18

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 19

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 20
Service
NameApproved Functions
AES-GCM with external IVEncryption
KBKDF (libkcapi)Key derivation
HKDF (libkcapi)Key derivation
PBKDF2 (libkcapi)Password-based key derivation
RSAEncryption primitive; Decryption primitive
RSA with PKCS#1 v1.5 paddingSignature generation (pre-hashed message); Signature verification (pre-hashed message)

Table 6: Approved Algorithms Vendor-Affirmed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: Table 7: Non-Approved, Not Allowed Algorithms

2.6 Security Function Implementations

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 21
Service
NameDescriptionApproved FunctionsTypeProperties
Encryption with AESEncrypt a plaintext with AESAES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC-CS3 AES-CBC-CS3 AES-CBC-CS3 AES-CFB128 AES-CFB128 AES-CFB128 AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-OFB AES-OFB AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTSBC-UnAuthKey size(s):128, 192, 256 bits (XTS mode 128 and 256 bits only)
Decryption with AESDecrypt a ciphertext with AESAES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC-CS3 AES-CBC-CS3 AES-CBC-CS3 AES-CFB128 AES-CFB128 AES-CFB128 AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-ECB AES-OFB AES-OFB AES-OFB AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing Revision 2.0 AES-XTS Testing RevisionBC-UnAuthKey size(s):128, 192, 256 bits (XTS mode 128 and 256 bits only)
HashingCompute a message digestSHA-1 SHA-1 SHA-1 SHA-1 SHA-1 SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-224 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-256 SHA2-384 SHA2-384 SHA2-384 SHA2-384 SHA2-384 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA2-512 SHA3-224 SHA3-224 SHA3-256 SHA3-256 SHA3-384 SHA3-384 SHA3-512 SHA3-512SHASHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA3-224 SHA3-256 SHA3-384 SHA3-512
Message authenticationCompute a MAC tag for authenticationAES-CMAC AES-CMAC AES-CMAC AES-CMAC AES-GMAC AES-GMAC AES-GMAC AES-GMAC HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2- 224MACHMAC key size(s):112- 524288 bits (112-256 bits) AES key size(s):128, 192, 256 bits

2.0 2.0 2.0 2.0 2.0 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 22

2.0 2.0 2.0 2.0 2.0 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 23

2.0 2.0 HMAC-SHA2224 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 24

HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA3224 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3512 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 25
Service
NameDescriptionApproved FunctionsTypeProperties
Random number generation with DRBGsGenerate random numbers from DRBGsCounter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG Counter DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG HMAC DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBG Hash DRBGDRBGCounter DRBG: 128, 192, 256 bits HMAC DRBG: SHA-1, SHA2- 256, SHA2-384, SHA2-512 Hash DRBG: SHA-1, SHA2- 256, SHA2-384, SHA2-512
Signature verification with RSAVerify a signature with RSARSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4) RSA SigVer (FIPS186-4)DigSig-SigVerPadding:PKCS#1 v1.5 Hashes:SHA-256 Key size(s):3072, 4096 bits
Authenticated encryption with AESEncrypt and authenticate a plaintext with AESAES-CCM AES-CCM AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 384 HMAC-SHA2- 384 HMAC-SHA2-BC-AuthKey size(s):128, 192, 256 bits
Authenticated decryption with AESDecrypt and authenticate a ciphertext with AESAES-CCM AES-CCM AES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR AES-CTR HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2- 256 HMAC-SHA2-BC-AuthKey size(s):128, 192, 256 bits
Key wrappingKey wrappingAES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMKTS-WrapKey size(s):128, 192, 256 bits
Key unwrappingKey unwrappingAES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMKTS-WrapKey sizes(s):128, 192, 256 bits

HMAC-SHA3512 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 26

HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 27

HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 28

HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 Table 8: Security Function Implementations

2.7 Algorithm Specific Information

Legacy use: Digital Signature Verification with SHA-1 is allowed for legacy use only. The Crypto Officer shall consider the following requirements and restrictions when using the module. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 29
CertVendor
NumberName
E54Red Hat, Inc.

For IPsec, the module offers the AES GCM implementation and uses the context of Scenario

1 of FIPS 140-3 IG C.H. The mechanism for IV generation is compliant with RFC 4106. IVs

generated using this mechanism may only be used in the context of AES GCM encryption within the IPsec protocol. The module does not implement IPsec. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. This application must use RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption keys are derived. The design of the IPsec protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the crypto_aead_encrypt API function with an AES GCM handle. When this is the case, the API will not set an approved service indicator, as described in section 4.3.

2.7.2 AES XTS

The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 220 AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check to ensure that the two AES keys used in AES XTS mode are not identical. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.

2.7.3 RSA

For RSA signature verification, the module supports modulus size 3072 and 4096 bits. The supported modulus size has been CAVP tested in compliance in IG C.F.

2.7.4 SHA-3

The module provides SHA-3 hash functions compliant with IG C.C. Every implementation of each SHA-3 function was tested and validated on all the module’s operating environments. SHAKE functions are not implemented. SHA-3 hash functions are also used as part of a higher-level algorithm for HMAC.

2.8 RBG and Entropy

Table 9: Entropy Certificates © 2024 Red Hat, Inc./ atsec information security corporation.

Page 30
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
RHEL Kernel CPU Time Jitter RNG Entropy SourceNon- Physical64 bitsRed Hat Enterprise Linux 9 on Dell PowerEdge R44059.62 bitsLinear-Feedback Shift Register (LFSR)

NonPhysical Table 10: Entropy Sources The module implements three different Deterministic Random Bit Generator (DRBG) implementations based on SP 800-90Ar1: CTR_DRBG, Hash_DRBG, and HMAC_DRBG. Each of these DRBG implementations can be instantiated by the operator of the module. When instantiated, these DRBGs can be used to generate random numbers for external usage. Additionally, the module employs a specific HMAC-SHA2-512 DRBG implementation for internal purposes (e.g. to generate initialization vectors). This DRBG is initially seeded with

384 output bits from the entropy source (357 bits of entropy) and reseeded with 256 output

bits from the entropy source (238 bits of entropy).

2.9 Key Generation

The module does not provide key generation.

2.10 Key Establishment

As permitted by IG D.G, the module provides key transport methods by using AES-GCM encryption mode in the context of IPsec protocol.

2.11 Industry Protocols

AES GCM with internal IV generation in the approved mode is compliant with RFC 4106 and shall only be used in conjunction with the IPsec protocol. No parts of this protocol, other than the AES GCM implementation, have been tested by the CAVP and CMVP.

2.12 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 31
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs.As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs.Data InputAPI data input parameters, AF_ALG type sockets
As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs.As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs.Data OutputAPI data output parameters, AF_ALG type sockets
As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs.As a software-only module, the module does not have physical ports. Physical ports are interpreted to be the physical ports of the hardware platform on which it runs.Control InputAPI function calls, API control input parameters, AF_ALG type sockets, kernel command line
As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs.As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs.Status OutputAPI return values, AF_ALG type sockets, kernel logs
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Table 11: Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design, AF_ALG type socket that allows the applications running in the user space to request cryptographic services from the module.

3.2 Trusted Channel Specification [O]

The module does not implement a trusted channel.

3.4 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 32
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORoleNone
Message digestCompute a message digestCrypt o Offic erHashingcrypto_shash_init returns 0Messag eDigest value
Key wrappingWrap a keyCrypt o Offic er - AES key: W,E - HMA C key: W,EKey wrappingcrypto_skcipher_set key returns 0; crypto_shash_init returns 0AES key, key to be wrappe dwrapped key
Key unwrappin gUnwrap a keyCrypt o Offic er - AES key: W,E - HMA CKey unwrappin gcrypto_skcipher_set key returns 0; crypto_shash_init returns 0AES key, key to be unwrap pedunwrapped key
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORoleNone
Message digestCompute a message digestCrypt o Offic erHashingcrypto_shash_init returns 0Messag eDigest value
Key wrappingWrap a keyCrypt o Offic er - AES key: W,E - HMA C key: W,EKey wrappingcrypto_skcipher_set key returns 0; crypto_shash_init returns 0AES key, key to be wrappe dwrapped key
Key unwrappin gUnwrap a keyCrypt o Offic er - AES key: W,E - HMA CKey unwrappin gcrypto_skcipher_set key returns 0; crypto_shash_init returns 0AES key, key to be unwrap pedunwrapped key
EncryptionEncrypt a plaintextCrypt o Offic er - AES key: W,EEncryption with AEScrypto_skcipher_set key returns 0AES key, plaintex tCiphertext
Decryptio nDecrypt a ciphertextCrypt o Offic er - AES key: W,EDecryptio n with AEScrypto_skcipher_set key returns 0AES key, cipherte xtPlaintext
Authentica ted encryptionEncrypt and authentic ate a plaintextCrypt o Offic er - AES key: W,EAuthentic ated encryption with AESFor all except AES GCM: crypto_aead_setkey returns 0; For AES GCM: crypto_aead_get_fla gs(tfm) has the CRYPTO_TFM_ FIPS_COMPLIANCE flag setAES key, plaintex tCiphertext, MAC tag
Authentica ted decryptionEncrypt and authentic ate a ciphertextCrypt o Offic er - AES key: W,EAuthentic ated decryption with AESFor all except AES GCM: crypto_aead_setkey returns 0; For AES GCM: crypto_aead_get_fla gs(tfm) has the CRYPTO_TFM_ FIPS_COMPLIANCE flag setAES key, cipherte xt, MAC tagPlaintext or failure
Message authentica tion generatio nCompute a MAC tagCrypt o Offic er - AES key: W,E - HMA C key: W,EMessage authentica tioncrypto_shash_init returns 0AES: AES key, messag e; HMAC: HMAC key, messag eMAC tag
Message authentica tion verificatio nCompute a MAC tagCrypt o Offic er - AES key: W,E - HMA C key: W,EMessage authentica tioncrypto_shash_init returns 0AES: AES key, messag e, MAC tag; HMAC: HMAC key, messag e, MAC tagSuccess/Fa ilure
Random number generatio nGenerate random bytesCrypt o Offic er - Entro py input: W,E - DRB G seed: G,E - DRB G Inter nal state (V, Key): G,W, E - DRB G Inter nal state (V, C): G,W, ERandom number generatio n with DRBGscrypto_rng_get_byt es returns 0Output lengthRandom bytes
Error detection codeCompute an EDC (crc32, crct10dif)Crypt o Offic erNoneNoneMessag eEDC
Compressi onCompress data (deflate, lz4, lz4hc, lzo, zlibdeflat e, zstd)Crypt o Offic erNoneNoneDataCompresse d data
Generic system callUse the kernel to perform various non- cryptogra phic operation sCrypt o Offic erNoneNoneIdentifie r, various argume ntsVarious return values
Show versionReturn the module name and version informatio nCrypt o Offic erNoneNoneN/AModule name and version
Show statusReturn the module statusCrypt o Offic erNoneNoneN/AModule status
Self-testPerform the CASTs and integrity testsCrypt o Offic erEncryption with AES Decryptio n with AES Hashing Message authentica tion Random number generatio n with DRBGs Signature verificatio n with RSA Authentic ated encryption with AES Authentic atedNoneN/APass/fail
Zeroizatio nZeroize all SSPsCrypt o Offic er - AES key: Z - HMA C key: Z - Entro py input: Z - DRB G Inter nal state (V, Key): Z - DRB G Inter nal state (V, C): Z - DRB G seed: ZNoneNoneAny SSPN/A
4 Roles, Services, and Authentication

N/A for this module. The module does not implement authentication.

4.2 Roles

Table 12: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module. No support is provided for multiple concurrent operators.

4.3 Approved Services

a g s e d g o

Page 33

s W,E

Page 34

n n s e

Page 35

noncryptogra s n s o r,

Page 36

n N/A s

Page 37
Service
NameDescriptionRolesApproved Functions
AES GCM external IV encryptionEncrypt a plaintext using AES GCM with an external IVCOAES-GCM with external IV
Key derivationDerive a key from a key- derivation key or a shared secretCOKBKDF (libkcapi) HKDF (libkcapi)
Password-based key derivationDerive a key from a passwordCOPBKDF2 (libkcapi)
RSA encryption primitiveCompute the raw RSA encryption of a plaintextCORSA
RSA decryption primitiveCompute the raw RSA decryption of a cipertextCORSA
RSA signature generation (pre-hashed message)Generate a digital signature for a pre-hashed messageCORSA with PKCS#1 v1.5 padding
RSA signature verification (pre-hashed message)Verify a digital signature for a pre-hashed messageCORSA with PKCS#1 v1.5 padding
4.4 Non-Approved Services

Table 14: Non-Approved Services

4.5 External Software/Firmware Loaded

The module does not load external software or firmware.

4.6 Bypass Actions and Status [O]

The module does not implement a bypass capability.

4.7 Cryptographic Output Actions and Status [O]

The module does not implement a self-initiated cryptographic output capability.

4.8 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 38
5 Software/Firmware Security
5.1 Integrity Techniques

The Linux kernel binary is integrity tested using an HMAC-SHA2-512 calculation performed by the sha512hmac utility (which utilizes the module’s HMAC and SHA-512 implementations). An HMAC-SHA2-512 calculation is also performed on the sha512hmac utility and the libkcapi library to verify their integrity. The kernel crypto object files listed in section 2.2 are loaded on start-up by the module and verified using RSA signature verification with PKCS#1 v1.5 padding, SHA-256, and a 3072-bit key.

5.2 Initiate on Demand

Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity tests can be invoked on demand by unloading and subsequently re-initializing the module, which will perform (among others) the software integrity tests.

5.3 Open-Source Parameters [O]
5.4 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 39
6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Modifiable How Requirements are Satisfied [O]: The operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented.

6.2 Configuration Settings and Restrictions [O]

The module shall be installed as stated in Section 11.1. Instrumentation tools like the ptrace system call, gdb and strace, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environments. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment.

6.3 Additional Information [O]

The Red Hat Enterprise Linux operating system is used as the basis of other products which include but are not limited to:

Page 40
Temp/Voltage TypeTemperature or VoltageEFPResult
or
EFT
LowTemperature
HighTemperature
LowVoltage
HighVoltage
TemperatureTemperature
Type
LowTemperature
HighTemperature
7 Physical Security
7.1 Mechanisms and Actions Required [O]

N/A for this module. The module is comprised of software only and therefore this section is not applicable.

7.2 User Placed Tamper Seals [O]
7.3 Filler Panels [O]
7.4 Fault Induction Mitigation [O]

Not applicable. Table 15: EFP/EFT Information Not applicable.

7.6 Hardness Testing Temperature Ranges [O]

Table 16: Hardness Testing Temperatures Not applicable.

7.7 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 41
8 Non-Invasive Security
8.1 Mitigation Techniques [O]

This module does not implement any non-invasive security mechanism and therefore this section is not applicable.

8.2 Effectiveness [O]
8.3 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 42
Sensitive security parameter
NameTypeDescription
RAMDynamicTemporary storage for SSPs used by the module as part of service execution
Service
NameApproved FunctionsTypeFromToDistributio n Type
API input parameters; AF_ALG_typ e sockets (input)Electroni cPlaintex tOperator calling applicatio n (TOEPP)Cryptographi c moduleManual
ZeroizationDescriptionRationaleOperator Initiation
Method
Free cipher handleZeroizes the SSPs contained within the cipher handleMemory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. The completion of the zeroization routine indicates that the zeroization procedure succeeded.By calling the appropriate zeroization functions: AES key: crypto_free_skcipher and crypto_free_aead; HMAC key: crypto_free_shash and crypto_free_ahash; Entropy input: crypto_free_rng; DRBG seed: crypto_free_rng; DRBG internal state (V, Key): crypto_free_rng; DRBG internal state (V, C): crypto_free_rng;
Remove power from the moduleDe-allocates the volatile memory used to store SSPsVolatile memory used by the module is overwritten within nanoseconds when power is removed. Module power off indicates that the zeroization procedureBy removing power
9 Sensitive Security Parameters Management
9.1 Storage Areas

Table 17: Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in the RAM in plaintext form. SSPs are provided to the module by the calling process and are destroyed when released by the appropriate zeroization function calls.

9.2 SSP Input-Output Methods

t m c Table 18: SSP Input-Output Methods © 2024 Red Hat, Inc./ atsec information security corporation.

Page 43
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseInputSize - Strengt h
AES keySymmetric Key - CSPAES key used for encryption, decryption, and computing MAC tags.128, 192, 256 bits - 128, 192, 256 bitsEncryption with AES Decryption with AES Authenticate d encryption with AES Authenticate d decryption with AES Key wrapping Key unwrapping
HMAC keyAuthenticatio n key - CSPHMAC key.112- 524288 bits - 112-256 bitsMessage authenticatio n
Entrop y inputEntropy input - CSPEntropy input used to seed the DRBGs. Compliant with IG D.L.128-384 bits - 117-357 bitsRandom number generation with DRBGs
DRBG seedSeed - CSPDRBG seed derived from entropy input. Compliant with IG D.L.Counter DRBG: 128, 192, 256 bits; Hash DRBG: 128, 256 bits; HMACRandom number generation with DRBGsRandom number generation with DRBGs
nnStrengt
DRBG Interna l state (V, Key)Internal state - CSPInternal state of Counter DRBG and HMAC DRBG instances. Compliant with IG D.L.Counter DRBG: 128, 192, 256 bits; HMAC DRBG: 128, 256 bits - Counter DRBG: 128, 192, 256 bits; HMAC DRBG: 128, 256 bitsRandom number generation with DRBGsRandom number generation with DRBGs
DRBG Interna l state (V, C)Internal state - CSPInternal state of Hash DRBG instances. Compliant with IG D.L.Hash DRBG: 128, 256 bits - Hash DRBG: 128, 256 bitsRandom number generation with DRBGsRandom number generation with DRBGs
AES keyRAM:PlaintextFree cipher handle RemoveAPI input parameters; AF_ALG_typeUntil cipher handle is freed or
ZeroizationDescriptionRationaleOperator Initiation
Method
succeeded. The successful removal of power implicitly indicates that the zeroization is complete.

Table 19: SSP Zeroization Methods All data output is inhibited during zeroization.

9.4 SSPs

n h 112524288 n © 2024 Red Hat, Inc./ atsec information security corporation.

Page 44
Sensitive security parameter
NameTypeDescriptionStrengthGenerationStorageZeroizationUseInputSize - Strengt h
nnStrengt
DRBG Interna l state (V, Key)Internal state - CSPInternal state of Counter DRBG and HMAC DRBG instances. Compliant with IG D.L.Counter DRBG: 128, 192, 256 bits; HMAC DRBG: 128, 256 bits - Counter DRBG: 128, 192, 256 bits; HMAC DRBG: 128, 256 bitsRandom number generation with DRBGsRandom number generation with DRBGs
DRBG Interna l state (V, C)Internal state - CSPInternal state of Hash DRBG instances. Compliant with IG D.L.Hash DRBG: 128, 256 bits - Hash DRBG: 128, 256 bitsRandom number generation with DRBGsRandom number generation with DRBGs
AES keyRAM:PlaintextFree cipher handle RemoveAPI input parameters; AF_ALG_typeUntil cipher handle is freed or

n (V, (V, C) h Table 20: SSP Table 1 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 45
Sensitive security parameter
NameStorageZeroizationInputModule powered off
HMAC keyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parameters; AF_ALG_type sockets (input)Until cipher handle is freed or module powered off
Entropy inputRAM:PlaintextFree cipher handle Remove power from the moduleFrom generation until DRBG seed/reseedDRBG seed:Derives
DRBG seedRAM:PlaintextFree cipher handle Remove power from the moduleWhile the DRBG is being instantiatedEntropy input:Derived From DRBG Internal state (V, Key):Derives DRBG Internal state (V, C):Derives
DRBG Internal state (V, Key)RAM:PlaintextFree cipher handle Remove power from the moduleFrom DRBG instantiation until DRBG terminationDRBG seed:Derived From
DRBG Internal state (V, C)RAM:PlaintextFree cipher handle Remove power from the moduleFrom DRBG instantiation until DRBG terminationDRBG seed:Derived From
9.5 Transitions [O]

The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2030. The RSA algorithm as implemented by the module conforms to FIPS 186-4, which has been superseded by FIPS 186-5. FIPS 186-4 will be withdrawn on February 3, 2024.

9.6 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 46
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
HMAC- SHA2-512 (A3647)HMAC- SHA2-512 (A3647)Message AuthenticationSW/FW IntegrityIntegrity test for vmlinuz, libkcapi components and sha512hmac binary128-bit keyModule becomes operational and services are available for use.
RSA SigVer (FIPS186-4) (A3629)RSA SigVer (FIPS186-4) (A3629)Signature VerificationSW/FW IntegrityIntegrity test for kernel object files3072-bit key with SHA- 256Module becomes operational and services are available for use.
SHA-1 (A3629)SHA-1 (A3629)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA-1 (A3645)SHA-1 (A3645)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
HMAC- SHA2-512 (A3647)HMAC- SHA2-512 (A3647)Message AuthenticationSW/FW IntegrityIntegrity test for vmlinuz, libkcapi components and sha512hmac binary128-bit keyModule becomes operational and services are available for use.
RSA SigVer (FIPS186-4) (A3629)RSA SigVer (FIPS186-4) (A3629)Signature VerificationSW/FW IntegrityIntegrity test for kernel object files3072-bit key with SHA- 256Module becomes operational and services are available for use.
SHA-1 (A3629)SHA-1 (A3629)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA-1 (A3645)SHA-1 (A3645)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
10 Self-Tests
10.1 Pre-Operational Self-Tests

HMACSHA2-512 with SHA256 Table 22: Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is powered on, before the module transitions into the operational state. The algorithms used CASTs before the integrity test is performed. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the pre-operational software integrity self-tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully.

10.2 Conditional Self-Tests

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 47
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
SHA-1 (A3646)SHA-1 (A3646)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA-1 (A3647)SHA-1 (A3647)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA-1 (A3722)SHA-1 (A3722)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-224 (A3629)SHA2-224 (A3629)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-224 (A3645)SHA2-224 (A3645)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-224 (A3646)SHA2-224 (A3646)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-224 (A3647)SHA2-224 (A3647)KATCASTMessage digest0-8184 bit messagesModule becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 48
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationSHA2-224 (A3722)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services are available for use.Module initializationSHA2-256 (A3629)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services are available for use.Module initializationSHA2-256 (A3645)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services are available for use.Module initializationSHA2-256 (A3646)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services are available for use.Module initializationSHA2-256 (A3647)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services areModule initializationSHA2-256 (A3722)CAST0-8184 bit messagesKATMessage digest

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 49
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
SHA2-384 (A3629)SHA2-384 (A3629)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-384 (A3645)SHA2-384 (A3645)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-384 (A3646)SHA2-384 (A3646)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-384 (A3647)SHA2-384 (A3647)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-384 (A3722)SHA2-384 (A3722)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-512 (A3629)SHA2-512 (A3629)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-512 (A3645)SHA2-512 (A3645)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-512 (A3646)SHA2-512 (A3646)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-512 (A3647)SHA2-512 (A3647)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA2-512 (A3722)SHA2-512 (A3722)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA3-224 (A3630)SHA3-224 (A3630)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA3-224 (A3728)SHA3-224 (A3728)KATCASTMessage digest0-8184 bit messagesModule becomes operational and services are available for use.Module initialization
SHA3-256 (A3630)SHA3-256 (A3630)KATCASTMessage digest0-8184 bit messagesModule becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 50

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 51
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationSHA3-256 (A3728)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services are available for use.Module initializationSHA3-384 (A3630)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services are available for use.Module initializationSHA3-384 (A3728)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services are available for use.Module initializationSHA3-512 (A3630)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services are available for use.Module initializationSHA3-512 (A3728)CAST0-8184 bit messagesKATMessage digest
Module becomes operational and services areModule initializationAES-ECB (A3629)CASTEncrypt with 128, 192, 256 bit keysKATEncryption, Decryption

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 52
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
AES-ECB (A3634)AES-ECB (A3634)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3635)AES-ECB (A3635)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3636)AES-ECB (A3636)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3637)AES-ECB (A3637)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3638)AES-ECB (A3638)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3639)AES-ECB (A3639)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3640)AES-ECB (A3640)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3641)AES-ECB (A3641)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3719)AES-ECB (A3719)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3720)AES-ECB (A3720)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3721)AES-ECB (A3721)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3722)AES-ECB (A3722)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3723)AES-ECB (A3723)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 53

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 54
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationAES-ECB (A3724)CASTEncrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-ECB (A3629)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-ECB (A3634)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-ECB (A3635)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-ECB (A3636)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services areModule initializationAES-ECB (A3637)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 55
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
AES-ECB (A3638)AES-ECB (A3638)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3639)AES-ECB (A3639)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3640)AES-ECB (A3640)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3641)AES-ECB (A3641)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3719)AES-ECB (A3719)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3720)AES-ECB (A3720)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3721)AES-ECB (A3721)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3722)AES-ECB (A3722)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3723)AES-ECB (A3723)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-ECB (A3724)AES-ECB (A3724)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC (A3629)AES-CBC (A3629)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC (A3636)AES-CBC (A3636)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC (A3639)AES-CBC (A3639)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 56

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 57
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationAES-CBC (A3719)CASTEncrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-CBC (A3722)CASTEncrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-CBC (A4549)CASTEncrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-CBC (A3629)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-CBC (A3636)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services areModule initializationAES-CBC (A3639)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 58
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
AES-CBC (A3719)AES-CBC (A3719)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC (A3722)AES-CBC (A3722)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC (A4549)AES-CBC (A4549)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC- CS3 (A3633)AES-CBC- CS3 (A3633)KATCASTEncryption, DecryptionEncrypt with 128 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC- CS3 (A3644)AES-CBC- CS3 (A3644)KATCASTEncryption, DecryptionEncrypt with 128 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC- CS3 (A3727)AES-CBC- CS3 (A3727)KATCASTEncryption, DecryptionEncrypt with 128 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC- CS3 (A3633)AES-CBC- CS3 (A3633)KATCASTEncryption, DecryptionDecrypt with 128 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC- CS3 (A3644)AES-CBC- CS3 (A3644)KATCASTEncryption, DecryptionDecrypt with 128 bit keysModule becomes operational and services are available for use.Module initialization
AES-CBC- CS3 (A3727)AES-CBC- CS3 (A3727)KATCASTEncryption, DecryptionDecrypt with 128 bit keysModule becomes operational and services are available for use.Module initialization
AES-OFB (A3643)AES-OFB (A3643)KATCASTEncryption, Decryption128 bit keysModule becomes operational and services are available for use.Module initialization
AES- CFB128 (A3631)AES- CFB128 (A3631)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES- CFB128 (A3642)AES- CFB128 (A3642)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES- CFB128 (A3725)AES- CFB128 (A3725)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operationalModule initialization

AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 59

AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AESCFB128 AESCFB128 AESCFB128 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 60
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationAES- CFB128 (A3631)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES- CFB128 (A3642)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES- CFB128 (A3725)CASTDecrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-CTR (A3629)CASTEncrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-CTR (A3636)CASTEncrypt with 128, 192, 256 bit keysKATEncryption, Decryption
Module becomes operational and services areModule initializationAES-CTR (A3639)CASTEncrypt with 128, 192, 256 bit keysKATEncryption, Decryption

AESCFB128 AESCFB128 AESCFB128 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 61
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
AES-CTR (A3719)AES-CTR (A3719)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CTR (A3722)AES-CTR (A3722)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CTR (A4549)AES-CTR (A4549)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CTR (A3629)AES-CTR (A3629)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CTR (A3636)AES-CTR (A3636)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CTR (A3639)AES-CTR (A3639)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CTR (A3719)AES-CTR (A3719)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CTR (A3722)AES-CTR (A3722)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CTR (A4549)AES-CTR (A4549)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CCM (A3629)AES-CCM (A3629)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; 128-bit IVsModule becomes operational and services are available for use.Module initialization
AES-CCM (A3639)AES-CCM (A3639)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; 128-bit IVsModule becomes operational and services are available for use.Module initialization
AES-CCM (A3719)AES-CCM (A3719)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; 128-bit IVsModule becomes operational and services are available for use.Module initialization
AES-CCM (A3722)AES-CCM (A3722)KATCASTEncryption, DecryptionEncrypt with 128, 192,Module becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 62

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 63
Service
NameRole AccessCsps AccessedApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationDecrypt with 128, 192, 256 bit keys; 128-bit IVsAES-CCM (A3629)CASTKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationDecrypt with 128, 192, 256 bit keys; 128-bit IVsAES-CCM (A3639)CASTKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationDecrypt with 128, 192, 256 bit keys; 128-bit IVsAES-CCM (A3719)CASTKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationDecrypt with 128, 192, 256 bit keys; 128-bit IVsAES-CCM (A3722)CASTKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsAES-GCM (A3629)CASTKATEncryption, Decryption
Module becomes operational and services areModule initializationEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsAES-GCM (A3634)CASTKATEncryption, Decryption

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 64
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
AES-GCM (A3635)AES-GCM (A3635)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3636)AES-GCM (A3636)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3637)AES-GCM (A3637)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3638)AES-GCM (A3638)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3639)AES-GCM (A3639)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3640)AES-GCM (A3640)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3641)AES-GCM (A3641)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3719)AES-GCM (A3719)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3720)AES-GCM (A3720)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3721)AES-GCM (A3721)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3722)AES-GCM (A3722)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3723)AES-GCM (A3723)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys; Internal 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3724)AES-GCM (A3724)KATCASTEncryption, DecryptionEncrypt with 128, 192, 256 bit keys;Module becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 65

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 66
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationAES-GCM (A3629)CASTDecrypt with 128, 192, 256 bit keys; external 96- bit IVsKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-GCM (A3634)CASTDecrypt with 128, 192, 256 bit keys; external 96- bit IVsKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-GCM (A3635)CASTDecrypt with 128, 192, 256 bit keys; external 96- bit IVsKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-GCM (A3636)CASTDecrypt with 128, 192, 256 bit keys; external 96- bit IVsKATEncryption, Decryption
Module becomes operational and services are available for use.Module initializationAES-GCM (A3637)CASTDecrypt with 128, 192, 256 bit keys; external 96- bit IVsKATEncryption, Decryption
Module becomes operational and services areModule initializationAES-GCM (A3638)CASTDecrypt with 128, 192, 256 bit keys; external 96- bit IVsKATEncryption, Decryption

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 67
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
AES-GCM (A3639)AES-GCM (A3639)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3640)AES-GCM (A3640)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3641)AES-GCM (A3641)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3719)AES-GCM (A3719)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3720)AES-GCM (A3720)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3721)AES-GCM (A3721)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3722)AES-GCM (A3722)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3723)AES-GCM (A3723)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-GCM (A3724)AES-GCM (A3724)KATCASTEncryption, DecryptionDecrypt with 128, 192, 256 bit keys; external 96- bit IVsModule becomes operational and services are available for use.Module initialization
AES-CMAC (A3629)AES-CMAC (A3629)KATCASTMessage authenticationEncrypt with 128 and 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CMAC (A3639)AES-CMAC (A3639)KATCASTMessage authenticationEncrypt with 128 and 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CMAC (A3719)AES-CMAC (A3719)KATCASTMessage authenticationEncrypt with 128 and 256 bit keysModule becomes operational and services are available for use.Module initialization
AES-CMAC (A3722)AES-CMAC (A3722)KATCASTMessage authenticationEncrypt with 128 and 256 bit keysModule becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 68

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 69
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationAES-CMAC (A3629)CASTDecrypt with 128 and 256 bit keysKATMessage authentication
Module becomes operational and services are available for use.Module initializationAES-CMAC (A3639)CASTDecrypt with 128 and 256 bit keysKATMessage authentication
Module becomes operational and services are available for use.Module initializationAES-CMAC (A3719)CASTDecrypt with 128 and 256 bit keysKATMessage authentication
Module becomes operational and services are available for use.Module initializationAES-CMAC (A3722)CASTDecrypt with 128 and 256 bit keysKATMessage authentication
Module becomes operational and services are available for use.Module initializationHMAC- SHA-1 (A3629)CASTSHA-1, 32-64 bit keysKATMessage authentication
Module becomes operational and services areModule initializationHMAC- SHA-1 (A3645)CASTSHA-1, 32-64 bit keysKATMessage authentication

HMACSHA-1 HMACSHA-1 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 70
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
HMAC- SHA-1 (A3646)HMAC- SHA-1 (A3646)KATCASTMessage authenticationSHA-1, 32-64 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA-1 (A3647)HMAC- SHA-1 (A3647)KATCASTMessage authenticationSHA-1, 32-64 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA-1 (A3722)HMAC- SHA-1 (A3722)KATCASTMessage authenticationSHA-1, 32-64 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-224 (A3629)HMAC- SHA2-224 (A3629)KATCASTMessage authenticationSHA2-224, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-224 (A3645)HMAC- SHA2-224 (A3645)KATCASTMessage authenticationSHA2-224, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-224 (A3646)HMAC- SHA2-224 (A3646)KATCASTMessage authenticationSHA2-224, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-224 (A3647)HMAC- SHA2-224 (A3647)KATCASTMessage authenticationSHA2-224, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-224 (A3722)HMAC- SHA2-224 (A3722)KATCASTMessage authenticationSHA2-224, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-256 (A3629)HMAC- SHA2-256 (A3629)KATCASTMessage authenticationSHA2-256, 32-64 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-256 (A3645)HMAC- SHA2-256 (A3645)KATCASTMessage authenticationSHA2-256, 32-64 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-256 (A3646)HMAC- SHA2-256 (A3646)KATCASTMessage authenticationSHA2-256, 32-64 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-256 (A3647)HMAC- SHA2-256 (A3647)KATCASTMessage authenticationSHA2-256, 32-64 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA2-256 (A3722)HMAC- SHA2-256 (A3722)KATCASTMessage authenticationSHA2-256, 32-64 bit keysModule becomes operationalModule initialization

HMACSHA-1 HMACSHA-1 HMACSHA-1 HMACSHA2-224 HMACSHA2-224 HMACSHA2-224 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 71

HMACSHA2-224 HMACSHA2-224 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 72
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationHMAC- SHA2-384 (A3629)CASTSHA2-384, 32-1048 bit keysKATMessage authentication
Module becomes operational and services are available for use.Module initializationHMAC- SHA2-384 (A3645)CASTSHA2-384, 32-1048 bit keysKATMessage authentication
Module becomes operational and services are available for use.Module initializationHMAC- SHA2-384 (A3646)CASTSHA2-384, 32-1048 bit keysKATMessage authentication
Module becomes operational and services are available for use.Module initializationHMAC- SHA2-384 (A3647)CASTSHA2-384, 32-1048 bit keysKATMessage authentication
Module becomes operational and services are available for use.Module initializationHMAC- SHA2-384 (A3722)CASTSHA2-384, 32-1048 bit keysKATMessage authentication
Module becomes operational and services areModule initialization. Before integrity test.HMAC- SHA2-512 (A3629)CASTSHA2-512, 32-1048 bit keysKATMessage authentication

HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 HMACSHA2-384 HMACSHA2-512 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 73
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator available for use.Conditions
HMAC- SHA2-512 (A3645)HMAC- SHA2-512 (A3645)KATCASTMessage authenticationSHA2-512, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization. Before integrity test.
HMAC- SHA2-512 (A3646)HMAC- SHA2-512 (A3646)KATCASTMessage authenticationSHA2-512, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization. Before integrity test.
HMAC- SHA2-512 (A3647)HMAC- SHA2-512 (A3647)KATCASTMessage authenticationSHA2-512, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization. Before integrity test.
HMAC- SHA2-512 (A3722)HMAC- SHA2-512 (A3722)KATCASTMessage authenticationSHA2-512, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization. Before integrity test.
HMAC- SHA3-224 (A3630)HMAC- SHA3-224 (A3630)KATCASTMessage authenticationSHA3-224, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA3-224 (A3728)HMAC- SHA3-224 (A3728)KATCASTMessage authenticationSHA3-224, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA3-256 (A3630)HMAC- SHA3-256 (A3630)KATCASTMessage authenticationSHA3-256, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA3-256 (A3728)HMAC- SHA3-256 (A3728)KATCASTMessage authenticationSHA3-256, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA3-384 (A3630)HMAC- SHA3-384 (A3630)KATCASTMessage authenticationSHA3-384, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA3-384 (A3728)HMAC- SHA3-384 (A3728)KATCASTMessage authenticationSHA3-384, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA3-512 (A3630)HMAC- SHA3-512 (A3630)KATCASTMessage authenticationSHA3-512, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
HMAC- SHA3-512 (A3728)HMAC- SHA3-512 (A3728)KATCASTMessage authenticationSHA3-512, 32-1048 bit keysModule becomes operational and services are available for use.Module initialization
Counter DRBG (A3629)Counter DRBG (A3629)KATCASTSeed, Generate128, 192, 256 bit keys With/withoutModule becomes operationalModule initialization

HMACSHA2-512 HMACSHA2-512 HMACSHA2-512 HMACSHA2-512 HMACSHA3-224 HMACSHA3-224 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 74

HMACSHA3-256 HMACSHA3-256 HMACSHA3-384 HMACSHA3-384 HMACSHA3-512 HMACSHA3-512 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 75
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3634)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3635)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3636)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3637)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3638)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services areModule initializationCounter DRBG (A3639)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3KATSeed, Generate

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 76
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsOf SP 800- 90 Arev1Indicator available for use.Conditions
Counter DRBG (A3640)Counter DRBG (A3640)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3641)Counter DRBG (A3641)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3719)Counter DRBG (A3719)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3720)Counter DRBG (A3720)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3721)Counter DRBG (A3721)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3722)Counter DRBG (A3722)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3723)Counter DRBG (A3723)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3724)Counter DRBG (A3724)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3629)Counter DRBG (A3629)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3634)Counter DRBG (A3634)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3635)Counter DRBG (A3635)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3636)Counter DRBG (A3636)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3637)Counter DRBG (A3637)KATCASTSeed, Generate128, 192, 256 bit keys With/withoutModule becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 77

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 78
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3638)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3639)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3640)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3641)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationCounter DRBG (A3719)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services areModule initializationCounter DRBG (A3720)CAST128, 192, 256 bit keys With/without PR; Health test per section 11.3KATSeed, Generate

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 79
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsOf SP 800- 90 Arev1Indicator available for use.Conditions
Counter DRBG (A3721)Counter DRBG (A3721)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3722)Counter DRBG (A3722)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3723)Counter DRBG (A3723)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Counter DRBG (A3724)Counter DRBG (A3724)KATCASTSeed, Generate128, 192, 256 bit keys With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3629)Hash DRBG (A3629)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3634)Hash DRBG (A3634)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3635)Hash DRBG (A3635)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3636)Hash DRBG (A3636)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3637)Hash DRBG (A3637)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3638)Hash DRBG (A3638)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3639)Hash DRBG (A3639)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3640)Hash DRBG (A3640)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3641)Hash DRBG (A3641)KATCASTSeed, GenerateSHA-256 With/without PR; HealthModule becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 80

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 81
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationHash DRBG (A3645)CASTSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationHash DRBG (A3646)CASTSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationHash DRBG (A3647)CASTSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationHash DRBG (A3720)CASTSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationHash DRBG (A3721)CASTSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services areModule initializationHash DRBG (A3722)CASTSHA-256 With/without PR; Health test per section 11.3KATSeed, Generate

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 82
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsOf SP 800- 90 Arev1Indicator available for use.Conditions
Hash DRBG (A3723)Hash DRBG (A3723)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
Hash DRBG (A3724)Hash DRBG (A3724)KATCASTSeed, GenerateSHA-256 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3629)HMAC DRBG (A3629)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3634)HMAC DRBG (A3634)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3635)HMAC DRBG (A3635)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3636)HMAC DRBG (A3636)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3637)HMAC DRBG (A3637)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3638)HMAC DRBG (A3638)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3639)HMAC DRBG (A3639)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3640)HMAC DRBG (A3640)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3641)HMAC DRBG (A3641)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3645)HMAC DRBG (A3645)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1Module becomes operational and services are available for use.Module initialization
HMAC DRBG (A3646)HMAC DRBG (A3646)KATCASTSeed, GenerateHMAC-SHA- 256, SHA512 With/withoutModule becomes operationalModule initialization

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 83

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 84
Service
NameRole AccessApproved FunctionsTypePropertiesDetails
Module becomes operational and services are available for use.Module initializationHMAC DRBG (A3647)CASTHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationHMAC DRBG (A3720)CASTHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationHMAC DRBG (A3721)CASTHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationHMAC DRBG (A3722)CASTHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services are available for use.Module initializationHMAC DRBG (A3723)CASTHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3 of SP 800- 90Arev1KATSeed, Generate
Module becomes operational and services areModule initializationHMAC DRBG (A3724)CASTHMAC-SHA- 256, SHA512 With/without PR; Health test per section 11.3KATSeed, Generate

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 85
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsOf SP 800- 90 Arev1Indicator available for use.Conditions
RSA SigVer (FIPS186- 4) (A3629)RSA SigVer (FIPS186- 4) (A3629)KATCASTVerify4096-bit key with SHA- 256Module becomes operational and services are available for use.Module initialization. Before integrity test.
RSA SigVer (FIPS186- 4) (A3645)RSA SigVer (FIPS186- 4) (A3645)KATCASTVerify4096-bit key with SHA- 256Module becomes operational and services are available for use.Module initialization. Before integrity test.
RSA SigVer (FIPS186- 4) (A3646)RSA SigVer (FIPS186- 4) (A3646)KATCASTVerify4096-bit key with SHA- 256Module becomes operational and services are available for use.Module initialization. Before integrity test.
RSA SigVer (FIPS186- 4) (A3647)RSA SigVer (FIPS186- 4) (A3647)KATCASTVerify4096-bit key with SHA- 256Module becomes operational and services are available for use.Module initialization. Before integrity test.
RSA SigVer (FIPS186- 4) (A3722)RSA SigVer (FIPS186- 4) (A3722)KATCASTVerify4096-bit key with SHA- 256Module becomes operational and services are available for use.Module initialization. Before integrity test.
Entropy SourceEntropy SourceRCTCASTEntropy source start- up test1024 samplesModule becomes operational and services are available for use.Entropy source initialization
Entropy SourceEntropy SourceAPTCASTEntropy source start- up test1024 samplesModule becomes operational and services are available for use.Entropy source initialization
Entropy SourceEntropy SourceRCTCASTEntropy source continuous testCutoff C = 61Entropy source is operationalContinuously
Entropy SourceEntropy SourceAPTCASTEntropy source continuous testCutoff C = 355Entropy source is operationalContinuously
HMAC-SHA2- 512 (A3647)HMAC-SHA2- 512 (A3647)Message AuthenticationSW/FW IntegrityOn demandManually
RSA SigVer (FIPS186-4) (A3629)RSA SigVer (FIPS186-4) (A3629)Signature VerificationSW/FW IntegrityOn demandManually
SHA-1 (A3629)SHA-1 (A3629)KATCASTOn demandManually
SHA-1 (A3645)SHA-1 (A3645)KATCASTOn demandManually
SHA-1 (A3646)SHA-1 (A3646)KATCASTOn demandManually
SHA-1 (A3647)SHA-1 (A3647)KATCASTOn demandManually
SHA-1 (A3722)SHA-1 (A3722)KATCASTOn demandManually
SHA2-224 (A3629)SHA2-224 (A3629)KATCASTOn demandManually
SHA2-224 (A3645)SHA2-224 (A3645)KATCASTOn demandManually
SHA2-224 (A3646)SHA2-224 (A3646)KATCASTOn demandManually

(FIPS1864) (A3629) with SHA256 (FIPS1864) (A3645) with SHA256 (FIPS1864) (A3646) with SHA256 (FIPS1864) (A3647) with SHA256 (FIPS1864) (A3722) with SHA256 © 2024 Red Hat, Inc./ atsec information security corporation.

Page 86
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsOf SP 800- 90 Arev1Indicator available for use.Conditions
Entropy SourceEntropy SourceAPTCASTEntropy source start- up test1024 samplesModule becomes operational and services are available for use.Entropy source initialization
Entropy SourceEntropy SourceRCTCASTEntropy source continuous testCutoff C = 61Entropy source is operationalContinuously
Entropy SourceEntropy SourceAPTCASTEntropy source continuous testCutoff C = 355Entropy source is operationalContinuously
HMAC-SHA2- 512 (A3647)HMAC-SHA2- 512 (A3647)Message AuthenticationSW/FW IntegrityOn demandManually
RSA SigVer (FIPS186-4) (A3629)RSA SigVer (FIPS186-4) (A3629)Signature VerificationSW/FW IntegrityOn demandManually
SHA-1 (A3629)SHA-1 (A3629)KATCASTOn demandManually
SHA-1 (A3645)SHA-1 (A3645)KATCASTOn demandManually
SHA-1 (A3646)SHA-1 (A3646)KATCASTOn demandManually
SHA-1 (A3647)SHA-1 (A3647)KATCASTOn demandManually
SHA-1 (A3722)SHA-1 (A3722)KATCASTOn demandManually
SHA2-224 (A3629)SHA2-224 (A3629)KATCASTOn demandManually
SHA2-224 (A3645)SHA2-224 (A3645)KATCASTOn demandManually
SHA2-224 (A3646)SHA2-224 (A3646)KATCASTOn demandManually
SHA2-224 (A3647)SHA2-224 (A3647)KATCASTOn demandManually
SHA2-224 (A3722)SHA2-224 (A3722)KATCASTOn demandManually
SHA2-256 (A3629)SHA2-256 (A3629)KATCASTOn demandManually
SHA2-256 (A3645)SHA2-256 (A3645)KATCASTOn demandManually
SHA2-256 (A3646)SHA2-256 (A3646)KATCASTOn demandManually
SHA2-256 (A3647)SHA2-256 (A3647)KATCASTOn demandManually
SHA2-256 (A3722)SHA2-256 (A3722)KATCASTOn demandManually
SHA2-384 (A3629)SHA2-384 (A3629)KATCASTOn demandManually
SHA2-384 (A3645)SHA2-384 (A3645)KATCASTOn demandManually
SHA2-384 (A3646)SHA2-384 (A3646)KATCASTOn demandManually
SHA2-384 (A3647)SHA2-384 (A3647)KATCASTOn demandManually
SHA2-384 (A3722)SHA2-384 (A3722)KATCASTOn demandManually
SHA2-512 (A3629)SHA2-512 (A3629)KATCASTOn demandManually
SHA2-512 (A3645)SHA2-512 (A3645)KATCASTOn demandManually
SHA2-512 (A3646)SHA2-512 (A3646)KATCASTOn demandManually
SHA2-512 (A3647)SHA2-512 (A3647)KATCASTOn demandManually
SHA2-512 (A3722)SHA2-512 (A3722)KATCASTOn demandManually
SHA3-224 (A3630)SHA3-224 (A3630)KATCASTOn demandManually
SHA3-224 (A3728)SHA3-224 (A3728)KATCASTOn demandManually
SHA3-256 (A3630)SHA3-256 (A3630)KATCASTOn demandManually
SHA3-256 (A3728)SHA3-256 (A3728)KATCASTOn demandManually
SHA3-384 (A3630)SHA3-384 (A3630)KATCASTOn demandManually
SHA3-384 (A3728)SHA3-384 (A3728)KATCASTOn demandManually
SHA3-512 (A3630)SHA3-512 (A3630)KATCASTOn demandManually
SHA3-512 (A3728)SHA3-512 (A3728)KATCASTOn demandManually
AES-ECB (A3629)AES-ECB (A3629)KATCASTOn demandManually
AES-ECB (A3634)AES-ECB (A3634)KATCASTOn demandManually
AES-ECB (A3635)AES-ECB (A3635)KATCASTOn demandManually
AES-ECB (A3636)AES-ECB (A3636)KATCASTOn demandManually
AES-ECB (A3637)AES-ECB (A3637)KATCASTOn demandManually
AES-ECB (A3638)AES-ECB (A3638)KATCASTOn demandManually
AES-ECB (A3639)AES-ECB (A3639)KATCASTOn demandManually
AES-ECB (A3640)AES-ECB (A3640)KATCASTOn demandManually
AES-ECB (A3641)AES-ECB (A3641)KATCASTOn demandManually
AES-ECB (A3719)AES-ECB (A3719)KATCASTOn demandManually
AES-ECB (A3720)AES-ECB (A3720)KATCASTOn demandManually
AES-ECB (A3721)AES-ECB (A3721)KATCASTOn demandManually
AES-ECB (A3722)AES-ECB (A3722)KATCASTOn demandManually
AES-ECB (A3723)AES-ECB (A3723)KATCASTOn demandManually
AES-ECB (A3724)AES-ECB (A3724)KATCASTOn demandManually
AES-ECB (A3629)AES-ECB (A3629)KATCASTOn demandManually
AES-ECB (A3634)AES-ECB (A3634)KATCASTOn demandManually
AES-ECB (A3635)AES-ECB (A3635)KATCASTOn demandManually
AES-ECB (A3636)AES-ECB (A3636)KATCASTOn demandManually
AES-ECB (A3637)AES-ECB (A3637)KATCASTOn demandManually
AES-ECB (A3638)AES-ECB (A3638)KATCASTOn demandManually
AES-ECB (A3639)AES-ECB (A3639)KATCASTOn demandManually
AES-ECB (A3640)AES-ECB (A3640)KATCASTOn demandManually
AES-ECB (A3641)AES-ECB (A3641)KATCASTOn demandManually
AES-ECB (A3719)AES-ECB (A3719)KATCASTOn demandManually
AES-ECB (A3720)AES-ECB (A3720)KATCASTOn demandManually
AES-ECB (A3721)AES-ECB (A3721)KATCASTOn demandManually
AES-ECB (A3722)AES-ECB (A3722)KATCASTOn demandManually
AES-ECB (A3723)AES-ECB (A3723)KATCASTOn demandManually
AES-ECB (A3724)AES-ECB (A3724)KATCASTOn demandManually
AES-CBC (A3629)AES-CBC (A3629)KATCASTOn demandManually
AES-CBC (A3636)AES-CBC (A3636)KATCASTOn demandManually
AES-CBC (A3639)AES-CBC (A3639)KATCASTOn demandManually
AES-CBC (A3719)AES-CBC (A3719)KATCASTOn demandManually
AES-CBC (A3722)AES-CBC (A3722)KATCASTOn demandManually
AES-CBC (A4549)AES-CBC (A4549)KATCASTOn demandManually
AES-CBC (A3629)AES-CBC (A3629)KATCASTOn demandManually
AES-CBC (A3636)AES-CBC (A3636)KATCASTOn demandManually
AES-CBC (A3639)AES-CBC (A3639)KATCASTOn demandManually
AES-CBC (A3719)AES-CBC (A3719)KATCASTOn demandManually
AES-CBC (A3722)AES-CBC (A3722)KATCASTOn demandManually
AES-CBC (A4549)AES-CBC (A4549)KATCASTOn demandManually
AES-CBC-CS3 (A3633)AES-CBC-CS3 (A3633)KATCASTOn demandManually
AES-CBC-CS3 (A3644)AES-CBC-CS3 (A3644)KATCASTOn demandManually
AES-CBC-CS3 (A3727)AES-CBC-CS3 (A3727)KATCASTOn demandManually
AES-CBC-CS3 (A3633)AES-CBC-CS3 (A3633)KATCASTOn demandManually
AES-CBC-CS3 (A3644)AES-CBC-CS3 (A3644)KATCASTOn demandManually
AES-CBC-CS3 (A3727)AES-CBC-CS3 (A3727)KATCASTOn demandManually
AES-OFB (A3643)AES-OFB (A3643)KATCASTOn demandManually
AES-CFB128 (A3631)AES-CFB128 (A3631)KATCASTOn demandManually
AES-CFB128 (A3642)AES-CFB128 (A3642)KATCASTOn demandManually
AES-CFB128 (A3725)AES-CFB128 (A3725)KATCASTOn demandManually
AES-CFB128 (A3631)AES-CFB128 (A3631)KATCASTOn demandManually
AES-CFB128 (A3642)AES-CFB128 (A3642)KATCASTOn demandManually
AES-CFB128 (A3725)AES-CFB128 (A3725)KATCASTOn demandManually
AES-CTR (A3629)AES-CTR (A3629)KATCASTOn demandManually
AES-CTR (A3636)AES-CTR (A3636)KATCASTOn demandManually
AES-CTR (A3639)AES-CTR (A3639)KATCASTOn demandManually
AES-CTR (A3719)AES-CTR (A3719)KATCASTOn demandManually
AES-CTR (A3722)AES-CTR (A3722)KATCASTOn demandManually
AES-CTR (A4549)AES-CTR (A4549)KATCASTOn demandManually
AES-CTR (A3629)AES-CTR (A3629)KATCASTOn demandManually
AES-CTR (A3636)AES-CTR (A3636)KATCASTOn demandManually
AES-CTR (A3639)AES-CTR (A3639)KATCASTOn demandManually
AES-CTR (A3719)AES-CTR (A3719)KATCASTOn demandManually
AES-CTR (A3722)AES-CTR (A3722)KATCASTOn demandManually
AES-CTR (A4549)AES-CTR (A4549)KATCASTOn demandManually
AES-CCM (A3629)AES-CCM (A3629)KATCASTOn demandManually
AES-CCM (A3639)AES-CCM (A3639)KATCASTOn demandManually
AES-CCM (A3719)AES-CCM (A3719)KATCASTOn demandManually
AES-CCM (A3722)AES-CCM (A3722)KATCASTOn demandManually
AES-CCM (A3629)AES-CCM (A3629)KATCASTOn demandManually
AES-CCM (A3639)AES-CCM (A3639)KATCASTOn demandManually
AES-CCM (A3719)AES-CCM (A3719)KATCASTOn demandManually
AES-CCM (A3722)AES-CCM (A3722)KATCASTOn demandManually
AES-GCM (A3629)AES-GCM (A3629)KATCASTOn demandManually
AES-GCM (A3634)AES-GCM (A3634)KATCASTOn demandManually
AES-GCM (A3635)AES-GCM (A3635)KATCASTOn demandManually
AES-GCM (A3636)AES-GCM (A3636)KATCASTOn demandManually
AES-GCM (A3637)AES-GCM (A3637)KATCASTOn demandManually
AES-GCM (A3638)AES-GCM (A3638)KATCASTOn demandManually
AES-GCM (A3639)AES-GCM (A3639)KATCASTOn demandManually
AES-GCM (A3640)AES-GCM (A3640)KATCASTOn demandManually
AES-GCM (A3641)AES-GCM (A3641)KATCASTOn demandManually
AES-GCM (A3719)AES-GCM (A3719)KATCASTOn demandManually
AES-GCM (A3720)AES-GCM (A3720)KATCASTOn demandManually
AES-GCM (A3721)AES-GCM (A3721)KATCASTOn demandManually
AES-GCM (A3722)AES-GCM (A3722)KATCASTOn demandManually
AES-GCM (A3723)AES-GCM (A3723)KATCASTOn demandManually
AES-GCM (A3724)AES-GCM (A3724)KATCASTOn demandManually
AES-GCM (A3629)AES-GCM (A3629)KATCASTOn demandManually
AES-GCM (A3634)AES-GCM (A3634)KATCASTOn demandManually
AES-GCM (A3635)AES-GCM (A3635)KATCASTOn demandManually
AES-GCM (A3636)AES-GCM (A3636)KATCASTOn demandManually
AES-GCM (A3637)AES-GCM (A3637)KATCASTOn demandManually
AES-GCM (A3638)AES-GCM (A3638)KATCASTOn demandManually
AES-GCM (A3639)AES-GCM (A3639)KATCASTOn demandManually
AES-GCM (A3640)AES-GCM (A3640)KATCASTOn demandManually
AES-GCM (A3641)AES-GCM (A3641)KATCASTOn demandManually
AES-GCM (A3719)AES-GCM (A3719)KATCASTOn demandManually
AES-GCM (A3720)AES-GCM (A3720)KATCASTOn demandManually
AES-GCM (A3721)AES-GCM (A3721)KATCASTOn demandManually
AES-GCM (A3722)AES-GCM (A3722)KATCASTOn demandManually
AES-GCM (A3723)AES-GCM (A3723)KATCASTOn demandManually
AES-GCM (A3724)AES-GCM (A3724)KATCASTOn demandManually
AES-CMAC (A3629)AES-CMAC (A3629)KATCASTOn demandManually
AES-CMAC (A3639)AES-CMAC (A3639)KATCASTOn demandManually
AES-CMAC (A3719)AES-CMAC (A3719)KATCASTOn demandManually
AES-CMAC (A3722)AES-CMAC (A3722)KATCASTOn demandManually
AES-CMAC (A3629)AES-CMAC (A3629)KATCASTOn demandManually
AES-CMAC (A3639)AES-CMAC (A3639)KATCASTOn demandManually
AES-CMAC (A3719)AES-CMAC (A3719)KATCASTOn demandManually
AES-CMAC (A3722)AES-CMAC (A3722)KATCASTOn demandManually
HMAC-SHA-1 (A3629)HMAC-SHA-1 (A3629)KATCASTOn demandManually
HMAC-SHA-1 (A3645)HMAC-SHA-1 (A3645)KATCASTOn demandManually
HMAC-SHA-1 (A3646)HMAC-SHA-1 (A3646)KATCASTOn demandManually
HMAC-SHA-1 (A3647)HMAC-SHA-1 (A3647)KATCASTOn demandManually
HMAC-SHA-1 (A3722)HMAC-SHA-1 (A3722)KATCASTOn demandManually
HMAC-SHA2- 224 (A3629)HMAC-SHA2- 224 (A3629)KATCASTOn demandManually
HMAC-SHA2- 224 (A3645)HMAC-SHA2- 224 (A3645)KATCASTOn demandManually
HMAC-SHA2- 224 (A3646)HMAC-SHA2- 224 (A3646)KATCASTOn demandManually
HMAC-SHA2- 224 (A3647)HMAC-SHA2- 224 (A3647)KATCASTOn demandManually
HMAC-SHA2- 224 (A3722)HMAC-SHA2- 224 (A3722)KATCASTOn demandManually
HMAC-SHA2- 256 (A3629)HMAC-SHA2- 256 (A3629)KATCASTOn demandManually
HMAC-SHA2- 256 (A3645)HMAC-SHA2- 256 (A3645)KATCASTOn demandManually
HMAC-SHA2- 256 (A3646)HMAC-SHA2- 256 (A3646)KATCASTOn demandManually
HMAC-SHA2- 256 (A3647)HMAC-SHA2- 256 (A3647)KATCASTOn demandManually
HMAC-SHA2- 256 (A3722)HMAC-SHA2- 256 (A3722)KATCASTOn demandManually
HMAC-SHA2- 384 (A3629)HMAC-SHA2- 384 (A3629)KATCASTOn demandManually
HMAC-SHA2- 384 (A3645)HMAC-SHA2- 384 (A3645)KATCASTOn demandManually
HMAC-SHA2- 384 (A3646)HMAC-SHA2- 384 (A3646)KATCASTOn demandManually
HMAC-SHA2- 384 (A3647)HMAC-SHA2- 384 (A3647)KATCASTOn demandManually
HMAC-SHA2- 384 (A3722)HMAC-SHA2- 384 (A3722)KATCASTOn demandManually
HMAC-SHA2- 512 (A3629)HMAC-SHA2- 512 (A3629)KATCASTOn demandManually
HMAC-SHA2- 512 (A3645)HMAC-SHA2- 512 (A3645)KATCASTOn demandManually
HMAC-SHA2- 512 (A3646)HMAC-SHA2- 512 (A3646)KATCASTOn demandManually
HMAC-SHA2- 512 (A3647)HMAC-SHA2- 512 (A3647)KATCASTOn demandManually
HMAC-SHA2- 512 (A3722)HMAC-SHA2- 512 (A3722)KATCASTOn demandManually
HMAC-SHA3- 224 (A3630)HMAC-SHA3- 224 (A3630)KATCASTOn demandManually
HMAC-SHA3- 224 (A3728)HMAC-SHA3- 224 (A3728)KATCASTOn demandManually
HMAC-SHA3- 256 (A3630)HMAC-SHA3- 256 (A3630)KATCASTOn demandManually
HMAC-SHA3- 256 (A3728)HMAC-SHA3- 256 (A3728)KATCASTOn demandManually
HMAC-SHA3- 384 (A3630)HMAC-SHA3- 384 (A3630)KATCASTOn demandManually
HMAC-SHA3- 384 (A3728)HMAC-SHA3- 384 (A3728)KATCASTOn demandManually
HMAC-SHA3- 512 (A3630)HMAC-SHA3- 512 (A3630)KATCASTOn demandManually
HMAC-SHA3- 512 (A3728)HMAC-SHA3- 512 (A3728)KATCASTOn demandManually
Counter DRBG (A3629)Counter DRBG (A3629)KATCASTOn demandManually
Counter DRBG (A3634)Counter DRBG (A3634)KATCASTOn demandManually
Counter DRBG (A3635)Counter DRBG (A3635)KATCASTOn demandManually
Counter DRBG (A3636)Counter DRBG (A3636)KATCASTOn demandManually
Counter DRBG (A3637)Counter DRBG (A3637)KATCASTOn demandManually
Counter DRBG (A3638)Counter DRBG (A3638)KATCASTOn demandManually
Counter DRBG (A3639)Counter DRBG (A3639)KATCASTOn demandManually
Counter DRBG (A3640)Counter DRBG (A3640)KATCASTOn demandManually
Counter DRBG (A3641)Counter DRBG (A3641)KATCASTOn demandManually
Counter DRBG (A3719)Counter DRBG (A3719)KATCASTOn demandManually
Counter DRBG (A3720)Counter DRBG (A3720)KATCASTOn demandManually
Counter DRBG (A3721)Counter DRBG (A3721)KATCASTOn demandManually
Counter DRBG (A3722)Counter DRBG (A3722)KATCASTOn demandManually
Counter DRBG (A3723)Counter DRBG (A3723)KATCASTOn demandManually
Counter DRBG (A3724)Counter DRBG (A3724)KATCASTOn demandManually
Counter DRBG (A3629)Counter DRBG (A3629)KATCASTOn demandManually
Counter DRBG (A3634)Counter DRBG (A3634)KATCASTOn demandManually
Counter DRBG (A3635)Counter DRBG (A3635)KATCASTOn demandManually
Counter DRBG (A3636)Counter DRBG (A3636)KATCASTOn demandManually
Counter DRBG (A3637)Counter DRBG (A3637)KATCASTOn demandManually
Counter DRBG (A3638)Counter DRBG (A3638)KATCASTOn demandManually
Counter DRBG (A3639)Counter DRBG (A3639)KATCASTOn demandManually
Counter DRBG (A3640)Counter DRBG (A3640)KATCASTOn demandManually
Counter DRBG (A3641)Counter DRBG (A3641)KATCASTOn demandManually
Counter DRBG (A3719)Counter DRBG (A3719)KATCASTOn demandManually
Counter DRBG (A3720)Counter DRBG (A3720)KATCASTOn demandManually
Counter DRBG (A3721)Counter DRBG (A3721)KATCASTOn demandManually
Counter DRBG (A3722)Counter DRBG (A3722)KATCASTOn demandManually
Counter DRBG (A3723)Counter DRBG (A3723)KATCASTOn demandManually
Counter DRBG (A3724)Counter DRBG (A3724)KATCASTOn demandManually
Hash DRBG (A3629)Hash DRBG (A3629)KATCASTOn demandManually
Hash DRBG (A3634)Hash DRBG (A3634)KATCASTOn demandManually
Hash DRBG (A3635)Hash DRBG (A3635)KATCASTOn demandManually
Hash DRBG (A3636)Hash DRBG (A3636)KATCASTOn demandManually
Hash DRBG (A3637)Hash DRBG (A3637)KATCASTOn demandManually
Hash DRBG (A3638)Hash DRBG (A3638)KATCASTOn demandManually
Hash DRBG (A3639)Hash DRBG (A3639)KATCASTOn demandManually
Hash DRBG (A3640)Hash DRBG (A3640)KATCASTOn demandManually
Hash DRBG (A3641)Hash DRBG (A3641)KATCASTOn demandManually
Hash DRBG (A3645)Hash DRBG (A3645)KATCASTOn demandManually
Hash DRBG (A3646)Hash DRBG (A3646)KATCASTOn demandManually
Hash DRBG (A3647)Hash DRBG (A3647)KATCASTOn demandManually
Hash DRBG (A3720)Hash DRBG (A3720)KATCASTOn demandManually
Hash DRBG (A3721)Hash DRBG (A3721)KATCASTOn demandManually
Hash DRBG (A3722)Hash DRBG (A3722)KATCASTOn demandManually
Hash DRBG (A3723)Hash DRBG (A3723)KATCASTOn demandManually
Hash DRBG (A3724)Hash DRBG (A3724)KATCASTOn demandManually
HMAC DRBG (A3629)HMAC DRBG (A3629)KATCASTOn demandManually
HMAC DRBG (A3634)HMAC DRBG (A3634)KATCASTOn demandManually
HMAC DRBG (A3635)HMAC DRBG (A3635)KATCASTOn demandManually
HMAC DRBG (A3636)HMAC DRBG (A3636)KATCASTOn demandManually
HMAC DRBG (A3637)HMAC DRBG (A3637)KATCASTOn demandManually
HMAC DRBG (A3638)HMAC DRBG (A3638)KATCASTOn demandManually
HMAC DRBG (A3639)HMAC DRBG (A3639)KATCASTOn demandManually
HMAC DRBG (A3640)HMAC DRBG (A3640)KATCASTOn demandManually
HMAC DRBG (A3641)HMAC DRBG (A3641)KATCASTOn demandManually
HMAC DRBG (A3645)HMAC DRBG (A3645)KATCASTOn demandManually
HMAC DRBG (A3646)HMAC DRBG (A3646)KATCASTOn demandManually
HMAC DRBG (A3647)HMAC DRBG (A3647)KATCASTOn demandManually
HMAC DRBG (A3720)HMAC DRBG (A3720)KATCASTOn demandManually
HMAC DRBG (A3721)HMAC DRBG (A3721)KATCASTOn demandManually
HMAC DRBG (A3722)HMAC DRBG (A3722)KATCASTOn demandManually
HMAC DRBG (A3723)HMAC DRBG (A3723)KATCASTOn demandManually
HMAC DRBG (A3724)HMAC DRBG (A3724)KATCASTOn demandManually
RSA SigVer (FIPS186-4) (A3629)RSA SigVer (FIPS186-4) (A3629)KATCASTOn demandManually
RSA SigVer (FIPS186-4) (A3645)RSA SigVer (FIPS186-4) (A3645)KATCASTOn demandManually
RSA SigVer (FIPS186-4) (A3646)RSA SigVer (FIPS186-4) (A3646)KATCASTOn demandManually
RSA SigVer (FIPS186-4) (A3647)RSA SigVer (FIPS186-4) (A3647)KATCASTOn demandManually
RSA SigVer (FIPS186-4) (A3722)RSA SigVer (FIPS186-4) (A3722)KATCASTOn demandManually
Entropy SourceEntropy SourceRCTCASTOn demandManually
Entropy SourceEntropy SourceAPTCASTOn demandManually
Entropy SourceEntropy SourceRCTCASTOn demandManually
Entropy SourceEntropy SourceAPTCASTOn demandManually

Table 23: Conditional Self-Tests The module performs self-tests on all approved cryptographic algorithms as part of the approved services supported in the approved mode of operation, using the tests shown in the table above. Services are not available, and data output (via the data output interface) is inhibited during the conditional self-tests. If any of these tests fails, the module transitions to the Error State.

10.3 Periodic Self-Test Information

Table 24: Pre-Operational Periodic Information © 2024 Red Hat, Inc./ atsec information security corporation.

Page 87

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 88

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 89

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 90

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 91

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 92

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 93

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 94

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 95

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 96
Service
NameDescriptionRole AccessIndicator
Error StateThe Linux kernel immediately stops executingAny self-test failureKernel PanicRestart of the module

Table 25: Conditional Periodic Information

10.4 Error States

Table 26: Error States © 2024 Red Hat, Inc./ atsec information security corporation.

Page 97

In the Error State, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running).

10.5 Operator Initiation of Self-Tests [O]

All self-tests, with the exception of the continuous health tests, can be invoked on demand by unloading and subsequently re-initializing the module.

10.6 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 98
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module is distributed as a part of the Red Hat Enterprise Linux 9 (RHEL 9) package in the form of the kernel-5.14.0-70.53.1.el9_0, libkcapi-1.3.1-3.el9, and libkcapi-hmaccalc1.3.1-3.el9 RPM packages. The module can achieve the approved mode by:

11.2 Administrator Guidance

After installation of the kernel-5.14.0-70.53.1.el9_0, libkcapi-1.3.1-3.el9, and libkcapihmaccalc-1.3.1-3.el9 RPM packages, the Crypto Officer must execute the “cat /proc/sys/crypto/fips_name” command. The Crypto Officer must ensure that the proper name is listed in the output as follows: Red Hat Enterprise Linux 9 - Kernel Cryptographic API Then, the Crypto Officer must execute the “cat /proc/sys/crypto/fips_version” and “rpm -q libkcapi” commands. These commands must output the following (one line per output): 5.14.0-70.53.1.el9_0.x86_64 libkcapi-1.3.1-3.el9.x86_64

11.3 Non-Administrator Guidance

There is no non-administrator guidance.

11.4 Design and Rules [O]

Not applicable for this module.

11.5 Maintenance Requirements [O]

There are no maintenance requirements.

11.6 End of Life [O]

© 2024 Red Hat, Inc./ atsec information security corporation.

Page 99

As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the kernel-5.14.0-70.53.1.el9_0, libkcapi-1.3.1-3.el9, and libkcapi-hmaccalc-1.3.1-3.el9 RPM packages can be uninstalled from the RHEL 9 system.

11.7 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 100
12 Mitigation of Other Attacks
12.1 Attack List [O]

The module does not offer mitigation of other attacks and therefore this section is not applicable.

12.2 Mitigation Effectiveness [O]
12.3 Guidance and Constraints [O]
12.4 Additional Information [O]

Not applicable. © 2024 Red Hat, Inc./ atsec information security corporation.

Page 101

Appendix A. Glossary and Abbreviations AES API CAST CAVP CBC CCM CFB CMAC CMVP CTR DRBG ECB FIPS GCM GMAC HMAC IPsec KAT MAC NIST PKCS RSA SHA SSP XTS Advanced Encryption Standard Application Programming Interface Cryptographic Algorithm Self-Test Cryptographic Algorithm Validation Program Cipher Block Chaining Counter with Cipher Block Chaining-Message Authentication Code Cipher Feedback Cipher-based Message Authentication Code Cryptographic Module Validation Program Counter Deterministic Random Bit Generator Electronic Code Book Federal Information Processing Standards Galois Counter Mode Galois Counter Mode Message Authentication Code Keyed-Hash Message Authentication Code Internet Protocol Security Known Answer Test Message Authentication Code National Institute of Science and Technology Public-Key Cryptography Standards Rivest, Shamir, Addleman Secure Hash Algorithm Sensitive Security Parameter XEX-based Tweaked-codebook mode with cipher text Stealing © 2024 Red Hat, Inc./ atsec information security corporation.

Page 102

Appendix B. References FIPS 140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips140-3-ig-announcements FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-5 Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication80038c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf © 2024 Red Hat, Inc./ atsec information security corporation.

Page 103

SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf © 2024 Red Hat, Inc./ atsec information security corporation.

Referenced URLs