| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Historical |
| Caveat | Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. |
| Vendor | Amazon Web Services, Inc. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Sensitive Security Parameter Management | 1 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for Amazon Linux 2023 Kernel Cryptographic API
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Error State</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status<br/>Self-Test<br/>Error State</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Amazon Linux 2023 Kernel Cryptographic API
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Error State</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status<br/>Self-Test<br/>Error State</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3 clueHigh;
class C5,C6 clueLow;Amazon Linux 2023 Kernel Cryptographic API Versions: Kernel 6.1.41-64.118.amzn2023, 6.1.41-64.118.fips.amzn2023 Libkcapi 1.4.0-105.amzn2023 Document Version: 1.2 Document Date: 2024-09-20 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API Table of Contents © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API List of Tables List of Figures © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API Amazon is a registered trademark of Amazon Web Services, Inc. or its affiliates. © 2024 Amazon Web Services, Inc., atsec information security.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| Subsections | Subsections | ||
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 1 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | 1 |
| 7 | 7 | Physical Security | Not Applicable |
| 8 | 8 | Non-invasive Security | Not Applicable |
| 9 | 9 | Sensitive Security Parameter Management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle Assurance | 1 |
| 12 | 12 | Mitigation of Other Attacks | Not Applicable |
| Overall | Overall | 1 | |
| Integrity Test | Integrity Test | ||
| Package/File Names | Package/File Names | Software/ Firmware Version | |
| Implemented | Implemented | ||
| EC2 c7g.metal: /boot/vmlinuz-6.1.41-64.118.amzn2023.aarch64 | EC2 c7g.metal: /boot/vmlinuz-6.1.41-64.118.amzn2023.aarch64 | EC2 c7g.metal, EC2 c6i.metal: 6.1.41-64.118.amzn2023 AWS Snowball, AWS Snowblade, AWS Snowcone: 6.1.41-64.118.fips.amzn2023 | HMAC-SHA-512 |
| EC2 c6i.metal: /boot/vmlinuz-6.1.41-64.118.amzn2023.x86_64 | EC2 c6i.metal: /boot/vmlinuz-6.1.41-64.118.amzn2023.x86_64 | ||
| AWS Snowball, AWS Snowblade, AWS Snowcone: /boot/vmlinuz-6.1.41-64.118.fips.amzn2023.x86_64 | AWS Snowball, AWS Snowblade, AWS Snowcone: /boot/vmlinuz-6.1.41-64.118.fips.amzn2023.x86_64 | ||
| EC2 c7g.metal: *.ko and *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.amzn2023.aarch64/kernel/crypto/ *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.amzn2023.aarch64/kernel/arch/aarch64/crypto | EC2 c7g.metal: *.ko and *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.amzn2023.aarch64/kernel/crypto/ *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.amzn2023.aarch64/kernel/arch/aarch64/crypto | RSA Signature Verification | |
| EC2 c6i.metal: *.ko and *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.amzn2023.x86_64/kernel/crypto/ *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.amzn2023.x86_64/kernel/arch/x86/crypto/ | EC2 c6i.metal: *.ko and *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.amzn2023.x86_64/kernel/crypto/ *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.amzn2023.x86_64/kernel/arch/x86/crypto/ | ||
| AWS Snowball, AWS Snowblade, AWS Snowcone: *.ko and *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.fips.amzn2023.x86_64/kernel/crypto/ *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.fips.amzn2023.x86_64/kernel/arch/x86/crypto | AWS Snowball, AWS Snowblade, AWS Snowcone: *.ko and *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.fips.amzn2023.x86_64/kernel/crypto/ *.ko.xz files in /usr/lib/modules/6.1.41- 64.118.fips.amzn2023.x86_64/kernel/arch/x86/crypto | ||
| /usr/lib64/libkcapi.so.1.4.0 /usr/lib/sha512hmac | /usr/lib64/libkcapi.so.1.4.0 /usr/lib/sha512hmac | 1.4.0-105.amzn2023 | HMAC-SHA-512 |
Amazon Linux 2023 Kernel Cryptographic API 1.1 Overview This document is the non-proprietary FIPS 140-3 Security Policy for Amazon Linux 2023 Kernel Cryptographic API versions:
Amazon Linux 2023 Kernel Cryptographic API The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API Cryptographic Module Specification 2.1 Description Purpose and Use: The Amazon Linux 2023 Kernel Cryptographic API (hereafter referred to as “the module”) provides a C language application program interface (API) for use by other (kernel space and user space) processes that require cryptographic functionality. The module operates on a generalpurpose computer as part of the Linux kernel. Its cryptographic functionality can be accessed using the Linux Kernel Crypto API. Module Type: Software Module Embodiment: Multi-chip standalone Module Characteristics: N/A Cryptographic Boundary: The cryptographic boundary of the module is defined as the kernel binary and the kernel crypto object files, the libkcapi library, and the sha512hmac binary, which is used to verify the integrity of the software components. In addition, the cryptographic boundary contains the .hmac files which store the expected integrity values for each of the software components. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. Figure 1
| Name | Operating System | Hardware Platform | Software Version | Processor | Paa Pai |
|---|---|---|---|---|---|
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c7g.metal | 6.1.41-64.118.amzn2023 and 1.4.0-105.amzn2023 | AWS Graviton3 | Neon, Cryptography Extensions (PAA) |
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c6i.metal | Intel Xeon Platinum 8375C | AES-NI (PAA) | |
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowball | 6.1.41-64.118.fips.amzn2023 and 1.4.0-105.amzn2023 | AMD EPYC 7702 | |
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowblade | Intel Xeon Gold 6314U | ||
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowcone | Intel Atom C3558 | ||
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c7g.metal | 6.1.41-64.118.amzn2023 and 1.4.0-105.amzn2023 | AWS Graviton3 | None |
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c6i.metal | Intel Xeon Platinum 8375C | ||
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowball | 6.1.41-64.118.fips.amzn2023 and 1.4.0-105.amzn2023 | AMD EPYC 7702 | |
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowblade | Intel Xeon Gold 6314U | ||
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowcone | Intel Atom C3558 | ||
| Bottlerocket v1.20.0 | Bottlerocket v1.20.0 | EC2 c7g.metal with Intel Xeon Platinum 8375C (PAA: AES-NI) | |||
| Bottlerocket v1.20.0 | Bottlerocket v1.20.0 | EC2 c6i.metal with AWS Graviton3 processor (PAA: Neon, Cryptography Extensions) |
| Name | Operating System | Hardware Platform | Software Version | Processor | Paa Pai |
|---|---|---|---|---|---|
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c7g.metal | 6.1.41-64.118.amzn2023 and 1.4.0-105.amzn2023 | AWS Graviton3 | Neon, Cryptography Extensions (PAA) |
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c6i.metal | Intel Xeon Platinum 8375C | AES-NI (PAA) | |
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowball | 6.1.41-64.118.fips.amzn2023 and 1.4.0-105.amzn2023 | AMD EPYC 7702 | |
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowblade | Intel Xeon Gold 6314U | ||
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowcone | Intel Atom C3558 | ||
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c7g.metal | 6.1.41-64.118.amzn2023 and 1.4.0-105.amzn2023 | AWS Graviton3 | None |
| Amazon Linux 2023 | Amazon Linux 2023 | EC2 c6i.metal | Intel Xeon Platinum 8375C | ||
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowball | 6.1.41-64.118.fips.amzn2023 and 1.4.0-105.amzn2023 | AMD EPYC 7702 | |
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowblade | Intel Xeon Gold 6314U | ||
| SnowOS 1.0 | SnowOS 1.0 | AWS Snowcone | Intel Atom C3558 | ||
| Bottlerocket v1.20.0 | Bottlerocket v1.20.0 | EC2 c7g.metal with Intel Xeon Platinum 8375C (PAA: AES-NI) | |||
| Bottlerocket v1.20.0 | Bottlerocket v1.20.0 | EC2 c6i.metal with AWS Graviton3 processor (PAA: Neon, Cryptography Extensions) |
Table 2 - Tested Module Identification Tested Operational Environments - Software, Firmware, Hybrid: The module has been tested on the following platforms with the corresponding module variants and configuration options with and without PAA: Table 3 - Tested Operational Environments Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: The vendor affirms the following platforms with the corresponding module variants and configuration options with and without PAA: Table 4 - Software, Hardware, Hybrid Vendor Affirmed Operational Environment 2.3 Excluded Components There are no components excluded from the requirements of the FIPS 140-3 standard. © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non-approved mode | Automatically entered whenever a non-approved service is requested | Equivalent to the indicator of the requested service | Non-approved |
| Name | CAVP Cert | Reference | Algorithm Capabilities | OE (Implementation) |
|---|---|---|---|---|
| AES-CBC | A4551, A4554, A4557, | FIPS 197 | Key size: 128, 192, 256 bits | Amazon Linux 2023 on EC2 c7g.metal Amazon Linux 2023 on EC2 |
| A4558, A4561, A4563, | A4558, A4561, A4563, | SP 800-38A | ||
| AES-CBC-CS3 | A4551, A4554, A4557, | FIPS 197 | Key size: 128, 192, 256 bits | c6i.metal SnowOS 1.0 on AWS Snowball SnowOS 1.0 on AWS Snowblade SnowOS 1.0 on AWS Snowcone |
| A4558, A4561, A4566 | A4558, A4561, A4566 | SP 800-38A | ||
| AES-CCM | A4551, A4554, A4557, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4558, A4566 | A4558, A4566 | SP 800-38C | ||
| AES-CFB128 | A4551, A4554, A4558, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4566 | A4566 | SP 800-38A | ||
| AES-CMAC | A4551, A4554, A4557, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4558, A4566 | A4558, A4566 | SP 800-38B | ||
| AES-CTR | A4551, A4554, A4557, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4558, A4561, A4563, | A4558, A4561, A4563, | SP 800-38A | ||
| AES-ECB | A4551, A4552, A4553, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4554, A4555, A4556, | A4554, A4555, A4556, | SP 800-38A | ||
| AES-GCM | A4551, A4552, A4553, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4554, A4555, A4556, | A4554, A4555, A4556, | SP 800-38D | IV Generation: Internal (encryption) & External | |
| A4558, A4559, A4560, | A4558, A4559, A4560, | (decryption) | ||
| A4563, A4564, A4565, | A4563, A4564, A4565, | IV Generation Mode: 8.2.2 | ||
| AES-GMAC | A4551, A4554, A4558, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4566 | A4566 | SP 800-38D | ||
| AES-KW | A4551, A4554, A4558, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4566 | A4566 | SP 800-38F | ||
| AES-OFB | A4551, A4554, A4558, | FIPS 197 | Key size: 128, 192, 256 bits | |
| A4566 | A4566 | SP 800-38A | ||
| AES-XTS | A4551, A4554, A4557, | FIPS 197 | Key size: 128, 256 bits | |
| A4558, A4561, A4563, | A4558, A4561, A4563, | SP 800-38E | ||
| CTR_DRBG | A4551, A4552, A4553, | SP 800-90Ar1 | Size: AES-128, AES-192, AES-256 | |
| A4554, A4555, A4556, | A4554, A4555, A4556, | Without derivation function | ||
| A4558, A4559, A4560, | A4558, A4559, A4560, | With/without prediction resistance | ||
| ECDSA | A4551 | FIPS 186-4 | Key Pair Generation | |
| Hash_DRBG | A4551, A4569, A4570, | SP 800-90Ar1 | Hashes: SHA-1, SHA-256, SHA-512 | |
| A4571 | A4571 | With/without prediction resistance | ||
| HMAC_DRBG | A4551, A4569, A4570, | SP 800-90Ar1 | Hashes: SHA-1, SHA-256, SHA-512 | |
| A4571 | A4571 | With/without prediction resistance | ||
| HMAC | A4551, A4557, A4569, | FIPS 198-1 | SHA-1 | |
| A4570, A4571 | A4570, A4571 | FIPS 180-4 | Key size: 112-524288 bits | |
| A4551, A4557, A4561, | A4551, A4557, A4561, | FIPS 198-1 | SHA-224, SHA-256 | |
| A4562, A4569, A4570, | A4562, A4569, A4570, | FIPS 180-4 | Key size: 112-524288 bits | |
| A4551, A4557, A4562, | A4551, A4557, A4562, | FIPS 198-1 | SHA-384, SHA-512 | |
| A4569, A4570, A4571 | A4569, A4570, A4571 | FIPS 180-4 | Key size: 112-524288 bits | |
| A4551, A4557 | A4551, A4557 | FIPS 198-1 | SHA3-224, SHA3-256, SHA3-384, SHA3-512 | |
| Key size: 112-524288 bits | FIPS 202 | Key size: 112-524288 bits | ||
| KAS-ECC-SSC | A4551 | SP 800-56Ar3 | Scheme: Ephemeral Unified Model | |
| KAS-FFC-SSC | A4551 | Scheme: dhEphem | ||
| RSA | A4551, A4569, A4570, | FIPS 186-4 | Signature Verification | |
| A4571 | A4571 | Padding: PKCS#1 v1.5 | ||
| Safe Primes | A4551 | SP 800-56Ar3 | Key Pair Generation | |
| SHA-1 | A4551, A4557, A4569, | FIPS 180-4 | N/A | |
| SHA-224 | A4551, A4557, A4561, | N/A | ||
| SHA-256 | A4562, A4569, A4570, A4571 | |||
| SHA-384 | A4551, A4557, A4562, | N/A | ||
| SHA-512 | A4569, A4570, A4571 | |||
| SHA3-224 | A4551, A4557 | FIPS 202 | N/A |
Amazon Linux 2023 Kernel Cryptographic API 2.4 Modes of Operation Modes List and Description: Table 5 - Modes List and Description After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode. No operator intervention is required to reach this point. Mode change instructions and status indicators: The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status Degraded Mode Description: The module does not implement a degraded mode of operation. 2.5 Algorithms Approved Algorithms: Table 6 lists all approved cryptographic algorithms of the module, including specific key lengths employed for approved services (Table 14), and implemented modes or methods of operation of the algorithms. © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API N/A © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Description | Approved Functions | Type | OE (Implementation) | References | SF Capabilities |
|---|---|---|---|---|---|---|
| Cryptographic Key Generation (CKG) | Key Pair Generation using Safe Primes and EC | Amazon Linux 2023 on EC2 c7g.metal | SP 800-133r2 Section 4, 5.1, and 5.2 | |||
| AES GCM with external IV | Encryption | |||||
| KBKDF (libkcapi) | Key Derivation | |||||
| HKDF (libkcapi) | Key Derivation | |||||
| PBKDF2 (libkcapi) | Password-Based Key Derivation | |||||
| RSA | Encryption Primitive Decryption Primitive | |||||
| RSA with PKCS#1 v1.5 padding | Signature Generation (pre-hashed message) Signature Verification (pre-hashed message) | |||||
| Key Encapsulation Key Un-encapsulation | Key Encapsulation Key Un-encapsulation | |||||
| KAS-ECC-SSC | EC Diffie-Hellman Shared Secret Computation | KAS-ECC-SSC (SP 800- 56Ar3) | KAS | Security strength: 128, 192 bits Compliant with SP 800-56Ar3 and Scenario 2 (1) of FIPS 140-3 IG D.F | ||
| KAS-FFC-SSC | Diffie-Hellman Shared Secret Computation | KAS-FFC-SSC (SP 800- 56Ar3) | KAS | Security strength: 112-200 bits Compliant with SP 800-56Ar3 and Scenario 2 (1) of FIPS 140-3 IG D.F | ||
| AES-KW | Key wrapping/unwrapping | AES-KW (SP 800-38F) | KTS | Security strength: 128, 192, 256 bits | ||
| AES-CCM | Key wrapping/unwrapping using authenticated encryption (as permitted by IG D.G) | AES-CCM (SP 800-38C) | KTS | Security strength: 128, 192, 256 bits | ||
| AES-GCM/WRAP | Key wrapping using authenticated encryption | AES-GCM (SP 800-38D) | KTS | IV generated internally Security strength: 128, 192, 256 bits |
| Name | Description | Approved Functions | Type | OE (Implementation) | References | SF Capabilities |
|---|---|---|---|---|---|---|
| Cryptographic Key Generation (CKG) | Key Pair Generation using Safe Primes and EC | Amazon Linux 2023 on EC2 c7g.metal | SP 800-133r2 Section 4, 5.1, and 5.2 | |||
| AES GCM with external IV | Encryption | |||||
| KBKDF (libkcapi) | Key Derivation | |||||
| HKDF (libkcapi) | Key Derivation | |||||
| PBKDF2 (libkcapi) | Password-Based Key Derivation | |||||
| RSA | Encryption Primitive Decryption Primitive | |||||
| RSA with PKCS#1 v1.5 padding | Signature Generation (pre-hashed message) Signature Verification (pre-hashed message) | |||||
| Key Encapsulation Key Un-encapsulation | Key Encapsulation Key Un-encapsulation | |||||
| KAS-ECC-SSC | EC Diffie-Hellman Shared Secret Computation | KAS-ECC-SSC (SP 800- 56Ar3) | KAS | Security strength: 128, 192 bits Compliant with SP 800-56Ar3 and Scenario 2 (1) of FIPS 140-3 IG D.F | ||
| KAS-FFC-SSC | Diffie-Hellman Shared Secret Computation | KAS-FFC-SSC (SP 800- 56Ar3) | KAS | Security strength: 112-200 bits Compliant with SP 800-56Ar3 and Scenario 2 (1) of FIPS 140-3 IG D.F | ||
| AES-KW | Key wrapping/unwrapping | AES-KW (SP 800-38F) | KTS | Security strength: 128, 192, 256 bits | ||
| AES-CCM | Key wrapping/unwrapping using authenticated encryption (as permitted by IG D.G) | AES-CCM (SP 800-38C) | KTS | Security strength: 128, 192, 256 bits | ||
| AES-GCM/WRAP | Key wrapping using authenticated encryption | AES-GCM (SP 800-38D) | KTS | IV generated internally Security strength: 128, 192, 256 bits |
| Name | Description | Approved Functions | Type | OE (Implementation) | References | SF Capabilities |
|---|---|---|---|---|---|---|
| Cryptographic Key Generation (CKG) | Key Pair Generation using Safe Primes and EC | Amazon Linux 2023 on EC2 c7g.metal | SP 800-133r2 Section 4, 5.1, and 5.2 | |||
| AES GCM with external IV | Encryption | |||||
| KBKDF (libkcapi) | Key Derivation | |||||
| HKDF (libkcapi) | Key Derivation | |||||
| PBKDF2 (libkcapi) | Password-Based Key Derivation | |||||
| RSA | Encryption Primitive Decryption Primitive | |||||
| RSA with PKCS#1 v1.5 padding | Signature Generation (pre-hashed message) Signature Verification (pre-hashed message) | |||||
| Key Encapsulation Key Un-encapsulation | Key Encapsulation Key Un-encapsulation | |||||
| KAS-ECC-SSC | EC Diffie-Hellman Shared Secret Computation | KAS-ECC-SSC (SP 800- 56Ar3) | KAS | Security strength: 128, 192 bits Compliant with SP 800-56Ar3 and Scenario 2 (1) of FIPS 140-3 IG D.F | ||
| KAS-FFC-SSC | Diffie-Hellman Shared Secret Computation | KAS-FFC-SSC (SP 800- 56Ar3) | KAS | Security strength: 112-200 bits Compliant with SP 800-56Ar3 and Scenario 2 (1) of FIPS 140-3 IG D.F | ||
| AES-KW | Key wrapping/unwrapping | AES-KW (SP 800-38F) | KTS | Security strength: 128, 192, 256 bits | ||
| AES-CCM | Key wrapping/unwrapping using authenticated encryption (as permitted by IG D.G) | AES-CCM (SP 800-38C) | KTS | Security strength: 128, 192, 256 bits | ||
| AES-GCM/WRAP | Key wrapping using authenticated encryption | AES-GCM (SP 800-38D) | KTS | IV generated internally Security strength: 128, 192, 256 bits | ||
| AES-GCM/UNWRAP | Key unwrapping using authenticated encryption (as permitted by IG D.G) | AES-GCM (SP 800-38D) | KTS | IV provided externally Security strength: 128, 192, 256 bits | ||
| AES-CBC with HMAC | Key wrapping/unwrapping using “combination” mode encryption (as permitted by IG D.G) | AES-CBC (SP 800-38A) HMAC (FIPS 198-1) | KTS | Security strength: 128, 192, 256 bits Hashes: SHA-1, SHA-256, SHA-384, SHA-512 | ||
| AES-CTR with HMAC | AES-CTR (SP 800-38A) HMAC (FIPS 198-1) | KTS |
Table 6 - Approved Algorithms Vendor Affirmed Algorithms: Table 7 - Vendor Affirmed Algorithms Non-Approved, Allowed Algorithms: The module does not implement non-approved algorithms allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: The module does not implement non-approved algorithms allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: Table 8 lists all non-approved cryptographic algorithms of the module employed by the non-approved services in Table 15. Table 8 - Non-Approved, Not Allowed Algorithms 2.6 © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API Table 9 - Security Function Implementations 2.7 Algorithm Specific Information The Crypto Officer shall consider the following requirements and restrictions when using the module. For IPsec, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The mechanism for IV generation is compliant with RFC 4106. IVs generated using this mechanism may only be used in the context of AES GCM encryption within the IPsec protocol. The module does not implement IPsec. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. This application must use RFC
7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption
keys are derived. The design of the IPsec protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the crypto_aead_encrypt API function with an AES GCM handle. When this is the case, the API will not set an approved service indicator, as described in Table 14.
In accordance with IG C.I, the module implements a check to ensure that the two AES keys used in the AES-XTS algorithm are not identical. The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 2 20 AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.
For RSA signature verification, all supported, approved modulus sizes have been CAVP tested
To comply with the assurances found in Section 5.6.2 of SP 800-56Ar3, the operator must use the DiffieHellman and elliptic curve Diffie-Hellman shared secret computation algorithms with the NVMe and Bluetooth related protocols. Additionally, the module’s approved key pair generation service (see Table 14) must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the full public key validation of the generated public key. The module’s shared secret computation service will internally perform the full public key validation of the peer DH public key, and the partial public key validation of the peer EC public key, complying with Section 5.6.2.2.2 of SP 800-56Ar3. © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Type | Strength | Operational Environment | Entropy Per Sample | Conditioning Component |
|---|---|---|---|---|---|
| Amazon Kernel CPU Time Jitter RNG Entropy Source | Non- physical | 256 bits | See Table 3 | 256 bits | SHA3-256 (A4551) |
| Vendor Name | Certificate Number |
|---|---|
| Amazon | Cert. E105 |
Amazon Linux 2023 Kernel Cryptographic API
Digital signature verification using SHA-1 is allowed for legacy use only. 2.8 RBG and Entropy Table 10 - Entropy Certificates Nonphysical The module implements three different Deterministic Random Bit Generator (DRBG) implementations based on SP 800-90Ar1: CTR_DRBG, Hash_DRBG, and HMAC_DRBG. Each of these DRBG implementations can be instantiated by the operator of the module, using the parameters listed in Table 6. When instantiated, these DRBGs can be used to generate random numbers for external usage. Additionally, the module employs a specific HMAC-SHA-512 DRBG implementation for internal purposes (e.g. to generate asymmetric key pairs). This DRBG is initially seeded with 384 output bits from the entropy source (corresponding to 384 bits of entropy) and reseeded with 256 output bits from the entropy source (corresponding to 256 bits of entropy). The module complies with the Public Use Document for ESV certificate E105 seeding the aforementioned DRBG using the jent_kcapi_random function, which corresponds to the GetEntropy() function. The operational environment of the module is identical to the one listed on the ESV certificate. There are no maintenance requirements for the entropy source. The following is the link to the Public Use Document of Amazon Kernel CPU Time Jitter RNG Entropy https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validationprogram/documents/entropy/E105_PublicUse.pdf 2.9 Key Generation The module implements Cryptographic Key Generation (CKG, vendor affirmed), compliant with SP 800133r2. When random values are required, they are directly obtained as output from the SP 800-90Ar1 approved DRBG, compliant with Section 4 of SP 800-133r2 (without XOR). The following methods are implemented:
Amazon Linux 2023 Kernel Cryptographic API
The module implements SSP agreement and SSP transport methods as listed in Table 9. The module implements the P-256 and P-384 curves. For P-256, N is 256 bits and s is 128 bits. For P-384, N is 384 bits and s is 192 bits. The module implements the ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, and ffdhe8192 safe prime groups. For ffdhe2048, N is 2048 bits and s is 112 bits For ffdhe3072, N is 3072 bits and s is 128 bits For ffdhe4096, N is 4096 bits and s is 152 bits For ffdhe6144, N is 6144 bits and s is 176 bits For ffdhe8192, N is 8192 bits and s is 200 bits (N is the bit length of the private key and s is the maximum security strength supported)
AES-GCM with internal IV generation in the approved mode is compliant with RFC 4106 and shall only be used in conjunction with the IPsec protocol. Diffie-Hellman and EC Diffie-Hellman shall only be used with the NVMe and Bluetooth related protocols. No other parts of the NVMe, Bluetooth, or IPSec protocols, other than those mentioned above, have been tested by the CAVP and CMVP. © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs. | As a software-only module, the module does not have physical ports. Physical Ports are interpreted to be the physical ports of the hardware platform on which it runs. | Data Input | API data input parameters, AF_ALG type sockets |
| Data Output | Data Output | API output parameters, AF_ALG type sockets | |
| Control Input | Control Input | API function calls, API control input parameters, AF_ALG type sockets, kernel command line | |
| Status Output | Status Output | API return values, AF_ALG type sockets, kernel logs |
Amazon Linux 2023 Kernel Cryptographic API Cryptographic Module Interfaces 3.1 Ports and Interfaces Table 12 - Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design. The module does not implement a © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Description | Roles | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | N/A | |||||||
| Message Digest | Compute a message digest | CO | N/A | SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | crypto_shash_init returns 0 | Message | Digest value | |||
| Encryption | Encrypt a plaintext | AES key: W, E | AES CBC, CBC-CS3, CFB128, CTR, ECB, KW, OFB, XTS | crypto_skcipher_setkey returns 0 | AES key, IV, plaintext | Ciphertext | ||||
| Decryption | Decrypt a ciphertext | AES key, IV, ciphertext | Plaintext | |||||||
| Authenticated Encryption | Encrypt a plaintext | AES key: W, E HMAC key: W, E | AES CCM, GCM (internal IV) AES CBC or CTR with HMAC-SHA-1, HMAC- SHA-256, HMAC-SHA- 384, or HMAC-SHA- 512 | For all except AES GCM: crypto_aead_setkey returns 0 For AES GCM: crypto_aead_get_flags(tf m) has the CRYPTO_TFM_FIPS_COMP LIANCE flag set | AES key, IV, plaintext | Ciphertext, MAC tag | ||||
| Authenticated Decryption | Decrypt a ciphertext | AES CCM, GCM (external IV) AES CBC or CTR with HMAC-SHA-1, HMAC- SHA-256, HMAC-SHA- 384, or HMAC-SHA- 512 | AES key, IV, ciphertext, MAC tag | Plaintext | ||||||
| Message Authentication | Compute a MAC tag | AES key: W, E | AES CMAC, GMAC | crypto_shash_init returns 0 | AES key, message | MAC tag | ||||
| HMAC key, message | HMAC key: W, E | HMAC-SHA-1, HMAC- SHA-224, HMAC-SHA- 256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 | HMAC key, message | |||||||
| Shared Secret Computation | Compute a shared secret | DH private key: W, E DH public key: W, E Shared secret: G, R | KAS-FFC-SSC | crypto_kpp_compute_sha red_secret returns 0 | DH private key, DH public key | Shared secret | ||||
| EC private key, EC public key | EC private key: W, E EC public key: W, E Shared secret: G, R | KAS-ECC-SSC | EC private key, EC public key | |||||||
| Key Pair Generation | Generate a key pair | DH private key: G, R DH public key: G, R Intermediate key generation value: G, | Safe Primes Key Pair Generation | crypto_kpp_set_secret and crypto_kpp_generate_pu blic_key return 0 | Group | DH private key, DH public key |
| Name | Description | Roles | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | N/A | |||||||
| Message Digest | Compute a message digest | CO | N/A | SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | crypto_shash_init returns 0 | Message | Digest value | |||
| Encryption | Encrypt a plaintext | AES key: W, E | AES CBC, CBC-CS3, CFB128, CTR, ECB, KW, OFB, XTS | crypto_skcipher_setkey returns 0 | AES key, IV, plaintext | Ciphertext | ||||
| Decryption | Decrypt a ciphertext | AES key, IV, ciphertext | Plaintext | |||||||
| Authenticated Encryption | Encrypt a plaintext | AES key: W, E HMAC key: W, E | AES CCM, GCM (internal IV) AES CBC or CTR with HMAC-SHA-1, HMAC- SHA-256, HMAC-SHA- 384, or HMAC-SHA- 512 | For all except AES GCM: crypto_aead_setkey returns 0 For AES GCM: crypto_aead_get_flags(tf m) has the CRYPTO_TFM_FIPS_COMP LIANCE flag set | AES key, IV, plaintext | Ciphertext, MAC tag | ||||
| Authenticated Decryption | Decrypt a ciphertext | AES CCM, GCM (external IV) AES CBC or CTR with HMAC-SHA-1, HMAC- SHA-256, HMAC-SHA- 384, or HMAC-SHA- 512 | AES key, IV, ciphertext, MAC tag | Plaintext | ||||||
| Message Authentication | Compute a MAC tag | AES key: W, E | AES CMAC, GMAC | crypto_shash_init returns 0 | AES key, message | MAC tag | ||||
| HMAC key, message | HMAC key: W, E | HMAC-SHA-1, HMAC- SHA-224, HMAC-SHA- 256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 | HMAC key, message | |||||||
| Shared Secret Computation | Compute a shared secret | DH private key: W, E DH public key: W, E Shared secret: G, R | KAS-FFC-SSC | crypto_kpp_compute_sha red_secret returns 0 | DH private key, DH public key | Shared secret | ||||
| EC private key, EC public key | EC private key: W, E EC public key: W, E Shared secret: G, R | KAS-ECC-SSC | EC private key, EC public key | |||||||
| Key Pair Generation | Generate a key pair | DH private key: G, R DH public key: G, R Intermediate key generation value: G, | Safe Primes Key Pair Generation | crypto_kpp_set_secret and crypto_kpp_generate_pu blic_key return 0 | Group | DH private key, DH public key | ||||
| Curve | EC private key: G, R EC public key: G, R Intermediate key generation value: G, E, Z | EC Key Pair Generation | Curve | EC private key, EC public key | ||||||
| Random Number Generation | Generate random bytes | Entropy input: W, E DRBG seed: E, G Internal state: E, G | CTR_DRBG, Hash_DRBG, HMAC_DRBG | crypto_rng_get_bytes returns 0 | Output length | Random bytes | ||||
| Error Detection Code | Compute an EDC (crc32, crct10dif) | N/A | N/A | None | Message | EDC | ||||
| Compression | Compress data (deflate, lz4, lz4hc, lzo, zlib- deflate, zstd) | N/A | N/A | None | Data | Compressed data | ||||
| Generic System Call | Use the kernel to perform various non- cryptographic operations | N/A | N/A | None | Identifier, various arguments | Various return values | ||||
| Show Version | Return the module name and version information | N/A | N/A | None | N/A | Module name and version | ||||
| Show Status | Return the module status | N/A | N/A | None | N/A | Module status | ||||
| Self-Test | Perform the CASTs and integrity tests | N/A | SHA, SHA-3, AES, HMAC, KAS-FFC-SSC, KAS-ECC-SSC, CTR_DRBG, Hash_DRBG, HMAC_DRBG, RSA See Table 22 for specifics | None | N/A | Pass/fail |
Amazon Linux 2023 Kernel Cryptographic API 4.1 The module does not implement authentication. 4.2 N/A Table 13 - Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module. No support is provided for multiple concurrent operators. 4.3 Approved Services N/A HMAC-SHA-1, HMACSHA-256, HMAC-SHA384, or HMAC-SHA512 HMAC-SHA-1, HMACSHA-256, HMAC-SHA384, or HMAC-SHA512 © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Description | Security Function | Role |
|---|---|---|---|
| AES GCM External IV Encryption | Encrypt a plaintext using AES GCM with an external IV | AES GCM (external IV) | CO |
| Key Derivation | Derive a key from a key-derivation key or a shared secret | KBKDF (libkcapi) | |
| Password-Based Key Derivation | Derive a key from a password | PBKDF2 (libkcapi) | |
| Encryption Primitive | Compute the raw RSA encryption of a plaintext/ciphertext | RSA | |
| Decryption Primitive | Compute the raw RSA decryption of a plaintext/ciphertext | ||
| Signature Generation (pre-hashed message) | Generate a digital signature for a pre-hashed message | RSA with PKCS#1 v1.5 padding | |
| Signature Verification (pre-hashed message) | Verify a digital signature for a pre-hashed message | ||
| Key Encapsulation | Encapsulate a secret key using RSA with PKCS#1 v1.5 padding | ||
| Key Un-encapsulation | Un-encapsulate a secret key using RSA with PKCS#1 v1.5 padding |
Amazon Linux 2023 Kernel Cryptographic API E, Z E, Z N/A N/A N/A N/A various noncryptographic N/A N/A N/A N/A N/A N/A N/A N/A N/A Table 14 - Approved Services The following convention is used to specify access rights to SSPs:
Amazon Linux 2023 Kernel Cryptographic API Table 15 - Non-Approved Services 4.5 External Software/Firmware Loaded The module does not load external software or firmware. © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API Software/Firmware Security 5.1 Integrity Techniques The Linux kernel binary is integrity tested using an HMAC-SHA-512 calculation performed by the sha512hmac utility (which utilizes the module’s HMAC and SHA-512 implementations) which compares the computed HMAC value with a precomputed HMAC value. An HMAC-SHA-512 calculation is also performed on the sha512hmac utility and the libkcapi library to verify their integrity by comparing the computed HMAC value with a precomputed HMAC value. The kernel crypto object files listed in Table 3. are loaded on start-up by the module and verified using RSA signature verification with PKCS#1 v1.5 padding, SHA-512, and a 4096-bit key. 5.2 Initiate On-Demand Integrity Test Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity tests can be invoked on demand by unloading and subsequently reinitializing the module, which will perform (among others) the software integrity tests. © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API Operational Environment 6.1 Operational Environment Type and Requirements Type of Operating Environment: The module operates in a modifiable operational environment. The module runs on commercially available general-purpose operating systems (Amazon Linux 2023 and SnowOS 1.0), which allows modification, loading, and execution of software that is not part of the validated module. How Requirements are Satisfied: The operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. 6.2 Configurable Settings and Restrictions The module shall be installed as stated in Section 11. Instrumentation tools like the ptrace system call, gdb and strace, user space live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API Physical Security The module is comprised of software only and therefore this section is not applicable. © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API Non-Invasive Security This module does not implement any non-invasive security mechanism and therefore this section is not applicable. © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Type | Description | Strength | Generation | Establishment | Strength |
|---|---|---|---|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution | ||||
| AES Key | Symmetric key | AES key used for encryption, decryption, and computing MAC tags | XTS: 256, 512 bits Other modes: 128, 192, 256 bits | N/A | N/A | XTS: 128, 256 bits Other modes: 128, 192, 256 bits |
| Name | Type | From | To | Distribution Type | Entry Type |
|---|---|---|---|---|---|
| API input parameters | Plaintext | Operator calling application (TOEPP) | Cryptographic module | Manual | Electronic |
| API output parameters | Cryptographic module | Operator calling application (TOEPP) |
| Name | Type | Description | Strength | Generation | Establishment | Storage | Zeroization | Use | Input | Strength | Temporary Storage Duration | Category | Related SSPs |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution | |||||||||||
| AES Key | Symmetric key | AES key used for encryption, decryption, and computing MAC tags | XTS: 256, 512 bits Other modes: 128, 192, 256 bits | N/A | N/A | XTS: 128, 256 bits Other modes: 128, 192, 256 bits | |||||||
| HMAC Key | Symmetric key | HMAC key used for computing MAC tags | 112-524288 bits | N/A | N/A | 112-256 bits | |||||||
| Shared Secret | Shared secret | Shared secret generated by (EC) Diffie-Hellman | P-256, P-384 | N/A | SP 800-56Ar3 (KAS- ECC-SSC) | 128, 192 bits | |||||||
| ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | SP 800-56Ar3 (KAS- FFC-SSC) | 112-200 bits | ||||||||||
| Entropy input | Entropy input | Entropy input used to seed the DRBGs (IG D.L) | 256-384 bits | Entropy Source See Table 11 | N/A | 256-384 bits | |||||||
| DRBG Seed | Seed | DRBG seed derived from entropy input (IG D.L) | CTR_DRBG: 256, 320, 384 bits Hash_DRBG: 440, 888 bits HMAC_DRBG: 160, 256, 512 bits | CTR_DRBG, Hash_DRBG, HMAC_DRBG | N/A | CTR_DRBG: 128, 192, 256 bits Hash_DRBG: 128, 256 bits HMAC_DRBG: 128, 256 bits | |||||||
| Internal State (V, Key) | Internal state | Internal state of CTR_DRBG and HMAC_DRBG instances (IG D.L) | CTR_DRBG: 256, 320, 348 bits HMAC_DRBG: 320, 512, 1024 bits | CTR_DRBG, HMAC_DRBG | N/A | ||||||||
| Internal State (V, C) | Internal state | Internal state of Hash_DRBG instances (IG D.L) | Hash_DRBG: 880, 1776 bits | Hash_DRBG | N/A | ||||||||
| DH Public Key | Public key | Public key used for Diffie-Hellman | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | SP 800-56Ar3 (Safe Primes) Section 5.6.1.1.4 Testing Candidates | N/A | 112-200 bits | |||||||
| DH Private Key | Private key | Private key used for Diffie-Hellman | 112-200 bits | ||||||||||
| EC Public Key | Public key | Public key used for ECDH | P-256, P-384 | FIPS 186-4 Appendix B.4.2 Testing Candidates | N/A | 128, 192 bits | |||||||
| EC Private Key | Private key | Private key used for ECDH | |||||||||||
| Intermediate Key Generation Value | Intermediate value | Temporary value generated during Key Pair Generation services | 2048-8192 bits | CKG | N/A | 112-200 bits | |||||||
| AES Key | RAM | Free cipher handle Remove power from the module | Encryption Decryption Authenticated Encryption Authenticated Decryption Message Authentication | API input parameters AF_ALG type sockets (input) No output | For the duration of the service | CSP | None | ||||||
| HMAC Key | Message Authentication Authenticated Encryption Authenticated Decryption | CSP | None | ||||||||||
| Shared Secret | Automatic Remove power from the module | Shared Secret Computation | No input API output parameters, AF_ALG type sockets (output) | CSP | DH Public Key, DH Private Key, EC Public Key, EC Private Key | ||||||||
| Entropy Input | Random Number Generation | No input No output | From generation until DRBG Seed is created | CSP | DRBG Seed |
| Method | Description | Rationale | Operator Initiation Capability |
|---|---|---|---|
| Free cipher handle | Zeroizes the SSPs contained within the cipher handle | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. | By calling the appropriate zeroization functions: AES Key: crypto_free_skcipher and crypto_free_aead HMAC Key: crypto_free_shash and crypto_free_ahash Internal State (V, Key), Internal State (V, C): crypto_free_rng DH Public Key & DH Private Key: crypto_free_kpp EC Public Key & EC Private Key: crypto_free_kpp RSA Public Key: public_key_free |
| Automatic | Automatically zeroized by the module when no longer needed | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. | N/A |
| Remove power from the module | De-allocates the volatile memory used to store SSPs | Volatile memory used by the module is overwritten within nanoseconds when power is removed | By removing power |
Amazon Linux 2023 Kernel Cryptographic API Sensitive Security Parameters Management 9.1 Storage Areas Table 16 - Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in the RAM in released by the appropriate zeroization function calls. 9.2 Table 17 - SSP Input-Output Methods 9.3 N/A Table 18 - SSP Zeroization Methods All data output is inhibited during zeroization. 9.4 N/A © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Type | Description | Strength | Generation | Establishment | Storage | Zeroization | Use | Input | Strength | Temporary Storage Duration | Category | Related SSPs |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| HMAC Key | Symmetric key | HMAC key used for computing MAC tags | 112-524288 bits | N/A | N/A | 112-256 bits | |||||||
| Shared Secret | Shared secret | Shared secret generated by (EC) Diffie-Hellman | P-256, P-384 | N/A | SP 800-56Ar3 (KAS- ECC-SSC) | 128, 192 bits | |||||||
| ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | SP 800-56Ar3 (KAS- FFC-SSC) | 112-200 bits | ||||||||||
| Entropy input | Entropy input | Entropy input used to seed the DRBGs (IG D.L) | 256-384 bits | Entropy Source See Table 11 | N/A | 256-384 bits | |||||||
| DRBG Seed | Seed | DRBG seed derived from entropy input (IG D.L) | CTR_DRBG: 256, 320, 384 bits Hash_DRBG: 440, 888 bits HMAC_DRBG: 160, 256, 512 bits | CTR_DRBG, Hash_DRBG, HMAC_DRBG | N/A | CTR_DRBG: 128, 192, 256 bits Hash_DRBG: 128, 256 bits HMAC_DRBG: 128, 256 bits | |||||||
| Internal State (V, Key) | Internal state | Internal state of CTR_DRBG and HMAC_DRBG instances (IG D.L) | CTR_DRBG: 256, 320, 348 bits HMAC_DRBG: 320, 512, 1024 bits | CTR_DRBG, HMAC_DRBG | N/A | ||||||||
| Internal State (V, C) | Internal state | Internal state of Hash_DRBG instances (IG D.L) | Hash_DRBG: 880, 1776 bits | Hash_DRBG | N/A | ||||||||
| DH Public Key | Public key | Public key used for Diffie-Hellman | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | SP 800-56Ar3 (Safe Primes) Section 5.6.1.1.4 Testing Candidates | N/A | 112-200 bits | |||||||
| DH Private Key | Private key | Private key used for Diffie-Hellman | 112-200 bits | ||||||||||
| EC Public Key | Public key | Public key used for ECDH | P-256, P-384 | FIPS 186-4 Appendix B.4.2 Testing Candidates | N/A | 128, 192 bits | |||||||
| EC Private Key | Private key | Private key used for ECDH | |||||||||||
| Intermediate Key Generation Value | Intermediate value | Temporary value generated during Key Pair Generation services | 2048-8192 bits | CKG | N/A | 112-200 bits | |||||||
| AES Key | RAM | Free cipher handle Remove power from the module | Encryption Decryption Authenticated Encryption Authenticated Decryption Message Authentication | API input parameters AF_ALG type sockets (input) No output | For the duration of the service | CSP | None | ||||||
| HMAC Key | Message Authentication Authenticated Encryption Authenticated Decryption | CSP | None | ||||||||||
| Shared Secret | Automatic Remove power from the module | Shared Secret Computation | No input API output parameters, AF_ALG type sockets (output) | CSP | DH Public Key, DH Private Key, EC Public Key, EC Private Key | ||||||||
| Entropy Input | Random Number Generation | No input No output | From generation until DRBG Seed is created | CSP | DRBG Seed |
Amazon Linux 2023 Kernel Cryptographic API N/A D.L) D.L) (V, C) N/A N/A N/A N/A N/A N/A N/A Table 19 - SSP Information First © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Use Function | |||||
|---|---|---|---|---|---|---|
| DRBG Seed | DRBG Seed | No input No output | While the DRBG is instantiated | CSP | Entropy Input, Internal State | |
| Internal State (V, Key) | Internal State (V, Key) | No input No output | From DRBG instantiation until DRBG termination | CSP | DRBG Seed | Free cipher handle Remove power from the module |
| Internal State (V, C) | Internal State (V, C) | No input No output | CSP | DRBG Seed | ||
| Shared Secret Computation Key Pair Generation | DH public Key | API input parameters AF_ALG type sockets (input) API output parameters AF_ALG type sockets (output) | For the duration of the service | PSP | DH Private Key, Shared Secret | |
| Shared Secret Computation Key Pair Generation | DH private Key | CSP | DH Public Key, Shared Secret | |||
| Shared Secret Computation Key Pair Generation | EC Public Key | PSP | EC Private Key, Shared Secret | |||
| Shared Secret Computation Key Pair Generation | EC Private Key | CSP | EC Public Key, Shared Secret | |||
| Key Pair Generation | Intermediate Key Generation Value | No input No output | CSP | DH Private Key, DH Public Key, EC Private Key, EC Public Key | Automatic |
Amazon Linux 2023 Kernel Cryptographic API (V, C) Table 20 - SSP Information Second 9.5 Transitions The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2030. The RSA algorithm as implemented by the module conforms to FIPS 186-4, which has been superseded by FIPS 186-5. FIPS 186-4 will be withdrawn on February 3, 2024. © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Implementation | Test Properties | Indicator | Test Method | Condition |
|---|---|---|---|---|---|---|---|---|---|
| HMAC-SHA-512 | HMAC-SHA-512 | Message Authentication | Software integrity | Integrity test for vmlinuz and libkcapi components | AVX2, C, CE | 128-bit key | Module becomes operational | ||
| RSA | RSA | Signature Verification | Integrity test for kernel object files | C | PKCS#1 v1.5 with SHA-512 4096-bit key | ||||
| AES-CBC | AES-CBC | 128, 192, 256-bit keys | CAST | Encryption Decryption | AESNI, C, CE, NEON | Module is operational | KAT | Module initialization | |
| AES-CBC-CS3 | AES-CBC-CS3 | 128-bit keys | AESNI, C, CE, NEON | ||||||
| AES-CCM | AES-CCM | 128, 192, 256-bit keys 128-bit IVs | AESNI, C, CE | ||||||
| AES-CFB128 | AES-CFB128 | 128, 192, 256-bit keys | AESNI, C, CE | ||||||
| AES-CMAC | AES-CMAC | 128, 256-bit keys | Message Authentication | AESNI, C, CE, NEON | |||||
| AES-CTR | AES-CTR | 128, 192, 256-bit keys | Encryption Decryption | AESNI, C, CE, NEON | |||||
| AES-ECB | AES-ECB | 128, 192, 256-bit keys | AESNI, C, CE, NEON | ||||||
| AES-GCM (internal IV) | AES-GCM (internal IV) | 128, 192, 256-bit keys 96-bit IVs | Encryption | AESNI, C | |||||
| AES-GCM (external IV) | AES-GCM (external IV) | 128, 192, 256-bit keys | Decryption | AESNI, C | |||||
| AES-OFB | AES-OFB | 128-bit keys | Encryption Decryption | AESNI, C, CE | |||||
| AES-XTS | AES-XTS | 128, 256-bit keys | AESNI, C, CE, NEON | ||||||
| CTR_DRBG | CTR_DRBG | AES-128, AES-192, AES-256 without prediction resistance AES-128 with prediction resistance | Instantiate Seed Reseed Generate (compliant to SP 800-90A Section 11.3) | C | |||||
| Hash_DRBG | Hash_DRBG | SHA-256 with/without prediction resistance | C | ||||||
| HMAC_DRBG | HMAC_DRBG | SHA-256, SHA-512 without prediction resistance SHA-256 with prediction resistance | C | ||||||
| HMAC-SHA-1 | HMAC-SHA-1 | 32-64-bit keys | Message Authentication | C, CE | |||||
| HMAC-SHA-224 | HMAC-SHA-224 | 32-1048-bit keys | C, CE | ||||||
| HMAC-SHA-256 | HMAC-SHA-256 | 32-64-bit keys | C, CE | Before integrity test | |||||
| HMAC-SHA-384 | HMAC-SHA-384 | 32-1048-bit keys | AVX2, C, CE | Module |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Implementation | Test Properties | Indicator | Test Method | Condition |
|---|---|---|---|---|---|---|---|---|---|
| HMAC-SHA-512 | HMAC-SHA-512 | Message Authentication | Software integrity | Integrity test for vmlinuz and libkcapi components | AVX2, C, CE | 128-bit key | Module becomes operational | ||
| RSA | RSA | Signature Verification | Integrity test for kernel object files | C | PKCS#1 v1.5 with SHA-512 4096-bit key | ||||
| AES-CBC | AES-CBC | 128, 192, 256-bit keys | CAST | Encryption Decryption | AESNI, C, CE, NEON | Module is operational | KAT | Module initialization | |
| AES-CBC-CS3 | AES-CBC-CS3 | 128-bit keys | AESNI, C, CE, NEON | ||||||
| AES-CCM | AES-CCM | 128, 192, 256-bit keys 128-bit IVs | AESNI, C, CE | ||||||
| AES-CFB128 | AES-CFB128 | 128, 192, 256-bit keys | AESNI, C, CE | ||||||
| AES-CMAC | AES-CMAC | 128, 256-bit keys | Message Authentication | AESNI, C, CE, NEON | |||||
| AES-CTR | AES-CTR | 128, 192, 256-bit keys | Encryption Decryption | AESNI, C, CE, NEON | |||||
| AES-ECB | AES-ECB | 128, 192, 256-bit keys | AESNI, C, CE, NEON | ||||||
| AES-GCM (internal IV) | AES-GCM (internal IV) | 128, 192, 256-bit keys 96-bit IVs | Encryption | AESNI, C | |||||
| AES-GCM (external IV) | AES-GCM (external IV) | 128, 192, 256-bit keys | Decryption | AESNI, C | |||||
| AES-OFB | AES-OFB | 128-bit keys | Encryption Decryption | AESNI, C, CE | |||||
| AES-XTS | AES-XTS | 128, 256-bit keys | AESNI, C, CE, NEON | ||||||
| CTR_DRBG | CTR_DRBG | AES-128, AES-192, AES-256 without prediction resistance AES-128 with prediction resistance | Instantiate Seed Reseed Generate (compliant to SP 800-90A Section 11.3) | C | |||||
| Hash_DRBG | Hash_DRBG | SHA-256 with/without prediction resistance | C | ||||||
| HMAC_DRBG | HMAC_DRBG | SHA-256, SHA-512 without prediction resistance SHA-256 with prediction resistance | C | ||||||
| HMAC-SHA-1 | HMAC-SHA-1 | 32-64-bit keys | Message Authentication | C, CE | |||||
| HMAC-SHA-224 | HMAC-SHA-224 | 32-1048-bit keys | C, CE | ||||||
| HMAC-SHA-256 | HMAC-SHA-256 | 32-64-bit keys | C, CE | Before integrity test | |||||
| HMAC-SHA-384 | HMAC-SHA-384 | 32-1048-bit keys | AVX2, C, CE | Module | |||||
| HMAC-SHA-512 | HMAC-SHA-512 | 32-1048-bit keys | AVX2, C, CE, SSSE3 | initialization | |||||
| HMAC-SHA3-224 | HMAC-SHA3-224 | 32-1048-bit keys | C, CE | ||||||
| HMAC-SHA3-256 | HMAC-SHA3-256 | 32-1048-bit keys | C, CE | ||||||
| HMAC-SHA3-384 | HMAC-SHA3-384 | 32-1048-bit keys | C, CE | ||||||
| HMAC-SHA3-512 | HMAC-SHA3-512 | 32-1048-bit keys | C, CE | ||||||
| KAS-ECC-SSC | KAS-ECC-SSC | P-256, P-384 | Shared Secret Computation | C | |||||
| KAS-FFC-SSC | KAS-FFC-SSC | ffdhe2048 | C | ||||||
| SHA-1 | SHA-1 | 0–8184-bit messages | Message Digest | AVX, AVX2, C, CE, SSSE3 | |||||
| SHA-224 | SHA-224 | ARM64, AVX, AVX2, C, CE, NEON, SSSE3 | |||||||
| SHA-384 | SHA-384 | ARM64, AVX, AVX2, C, CE, SSSE3 | |||||||
| SHA3-224 | SHA3-224 | C, CE | |||||||
| SHA3-256 | SHA3-256 | C, CE | |||||||
| SHA3-384 | SHA3-384 | C, CE | |||||||
| SHA3-512 | SHA3-512 | C, CE | |||||||
| RSA | RSA | PKCS#1 v1.5 with SHA-256 4096-bit key | Signature Verification | C | |||||
| Safe Primes | Safe Primes | N/A | PCT | SP 800-56Ar3 Section 5.6.2.1.4 | C | Key Pair Generation is successful | PCT | Key Pair Generation | |
| EC | EC | N/A | C | ||||||
| Entropy Source | Entropy Source | Cutoff C = 61 1024 samples | CAST | Entropy source start-up test | C | Entropy source is operational | RCT | Entropy source initialization | |
| Cutoff C = 355 Window W = 512 1024 samples | Cutoff C = 355 Window W = 512 1024 samples | APT | |||||||
| Intermittent cutoff C = 31 Permanent cutoff C = 61 | Intermittent cutoff C = 31 Permanent cutoff C = 61 | Entropy source continuous test | jent_kcapi_ran dom returns 0 | RCT | Continuously | ||||
| Intermittent cutoff C = 325 Permanent cutoff C = 355 Window W = 512 | Intermittent cutoff C = 325 Permanent cutoff C = 355 Window W = 512 | APT |
Amazon Linux 2023 Kernel Cryptographic API
C Table 21 - Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is powered on, before the module transitions into the operational state. While the module is executing the selftests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the preoperational self-tests are passed successfully.
C C C © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API C C C C N/A C N/A C 5.6.2.1.4 Table 22 - Conditional Self-Tests The module performs self-tests on all approved cryptographic algorithms as part of the approved services supported in the approved mode of operation, using the tests shown in Table 22. Upon generation of a DH or EC key pair, the module will perform a pair-wise consistency test (PCT) as shown in Table 22, which provides some assurance that the generated key pair is well formed. This test consists of the PCT described in Section 5.6.2.1.4 of SP 800-56Ar3. Data output through the data output interface is inhibited during the conditional self-tests. The module does not return control to the calling application until the tests are completed. If any of these tests fails, the module transitions to the error state (Section 10.4).
The module does not implement periodic self-tests. © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Description | Role Access | Indicator | Recovery Method |
|---|---|---|---|---|
| Error State | The Linux kernel immediately stops executing | Any self-test failure | Kernel panic | Restart of the module |
Amazon Linux 2023 Kernel Cryptographic API
Table 23 - Error States If the module fails any of the self-tests, the module enters the error state. In the error state, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running).
The software integrity tests, CASTs and entropy source start-up tests can be invoked on demand by unloading and subsequently re-initializing the module. The PCTs can be invoked on demand by requesting the Key Pair Generation service. © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API
The module is distributed as a part of the Amazon Linux 2023 and SnowOS 1.0 package in the form of the kernel-6.1.41-64.118.amzn2023.rpm, kernel-6.1.41-64.118.fips.amzn2023.rpm, and libkcapihmaccalc-1.4.0-105.amzn2023.0.1.rpm packages.
Before the RPM packages are installed, the Amazon Linux 2023 or SnowOS 1.0 system must operate in the approved mode. This can be achieved by switching the system into the approved mode after the installation. Execute the fips-mode-setup --enable command. Restart the system. More information can be found at the vendor documentation. The Crypto Officer must verify the Amazon Linux 2023 or SnowOS 1.0 system operates in the approved mode by executing the fips-mode-setup --check command, which should output “FIPS mode is enabled.” After installation of the RPM packages, the Crypto Officer must execute the “cat /proc/sys/crypto/fips_name” command. The Crypto Officer must ensure that the proper name is listed in the output as follows: Amazon Linux 2023 Kernel Cryptographic API Then, the Crypto Officer must execute the “cat /proc/sys/crypto/fips_version” and “rpm -q libkcapihmaccalc” commands. These commands must output the following (one line per output): EC2 c7g.metal: 6.1.41-64.118.amzn2023.aarch64 libkcapi-hmaccalc-1.4.0-105.amzn2023.0.1.aarch64 EC2 c6i.metal: 6.1.41-64.118.amzn2023.x86_64 libkcapi-hmaccalc-1.4.0-105.amzn2023.0.1.x86_64 AWS Snowball, AWS Snowblade, AWS Snowcone: 6.1.41-64.118.fips.amzn2023.x86_64 libkcapi-hmaccalc-1.4.0-105.amzn2023.0.1.x86_64
There is no non-administrator guidance.
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the RPM packages can be uninstalled from the Amazon Linux 2023 or SnowOS 1.0 system. © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API
The module does not offer mitigation of other attacks and therefore this section is not applicable. © 2024 Amazon Web Services, Inc., atsec information security.
| AES | Advanced Encryption Standard |
|---|---|
| AES-NI | Advanced Encryption Standard New Instructions |
| API | Application Programming Interface |
| CAST | Cryptographic Algorithm Self-Test |
| CAVP | Cryptographic Algorithm Validation Program |
| CBC | Cipher Block Chaining |
| CCM | Counter with Cipher Block Chaining-Message Authentication Code |
| CE | Cryptography Extensions |
| CFB | Cipher Feedback |
| CKG | Cryptographic Key Generation |
| CMAC | Cipher-based Message Authentication Code |
| CMVP | Cryptographic Module Validation Program |
| CSP | Critical Security Parameter |
| CTR | Counter |
| CTS | Ciphertext Stealing |
| DH | Diffie-Hellman |
| DRBG | Deterministic Random Bit Generator |
| ECB | Electronic Code Book |
| ECDH | Elliptic Curve Diffie-Hellman |
| ECDSA | Elliptic Curve Digital Signature Algorithm |
| FIPS | Federal Information Processing Standards |
| GCM | Galois Counter Mode |
| GMAC | Galois Counter Mode Message Authentication Code |
| HKDF | HMAC-based Key Derivation Function |
| HMAC | Keyed-Hash Message Authentication Code |
| IPsec | Internet Protocol Security |
| KAS | Key Agreement Scheme |
| KAT | Known Answer Test |
| KBKDF | Key-based Key Derivation Function |
| KTS | Key Transport Scheme |
Amazon Linux 2023 Kernel Cryptographic API Appendix A. Glossary and Abbreviations © 2024 Amazon Web Services, Inc., atsec information security.
| MAC | Message Authentication Code |
|---|---|
| NIST | National Institute of Science and Technology |
| OFB | Output Feedback |
| PAA | Processor Algorithm Acceleration |
| PBKDF2 | Password-based Key Derivation Function v2 |
| PCT | Pair-Wise Consistency Test |
| PKCS | Public-Key Cryptography Standards |
| RSA | Rivest, Shamir, Adleman |
| SHA | Secure Hash Algorithm |
| SSC | Shared Secret Computation |
| SSP | Sensitive Security Parameter |
| XTS | XEX-based Tweaked-codebook mode with cipher text Stealing |
Amazon Linux 2023 Kernel Cryptographic API KW Key Wrap © 2024 Amazon Web Services, Inc., atsec information security.
| Name | Use Function |
|---|---|
| FIPS 140-3 | FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf |
| FIPS 140-3 IG | Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig- announcements |
| FIPS 180-4 | Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf |
| FIPS 186-4 | Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf |
| FIPS 186-5 | Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf |
| FIPS 197 | Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf |
| FIPS 198-1 | The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf |
| FIPS 202 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf |
| PKCS#1 | Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt |
| RFC 4106 | The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) June 2005 https://datatracker.ietf.org/doc/html/rfc4106 |
| SP 800-38A | Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf |
| SP 800-38A Addendum | Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf |
| SP 800-38B | Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf |
| SP 800-38C | Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf |
| SP 800-38D | Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf |
| SP 800-38E | Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf |
| SP 800-38F | Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf |
| SP 800-56Ar3 | Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf |
| SP 800-90Ar1 | Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf |
| SP 800-90B | Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf |
| SP 800-108r1 | NIST Special Publication 800-108 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf |
| SP 800-131Ar2 | Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf |
| SP 800-133r2 | Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf |
| SP 800-140Br1 | CMVP Security Policy Requirements November 2023 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Br1.pdf |
Amazon Linux 2023 Kernel Cryptographic API Appendix B. References © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API © 2024 Amazon Web Services, Inc., atsec information security.
Amazon Linux 2023 Kernel Cryptographic API © 2024 Amazon Web Services, Inc., atsec information security.