| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Firmware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 8/17/2030 |
| Caveat | When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs |
| Vendor | Ezurio |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A4712, A4716, A5002, A5003, A5004 |
| AES-CBC-CS1 | A5002, A5003, A5004 |
| AES-CBC-CS2 | A5002, A5003, A5004 |
| AES-CBC-CS3 | A4714, A4718, A5002, A5003, A5004 |
| AES-CCM | A4712, A4716, A5002, A5003, A5004 |
| AES-CFB1 | A5002, A5003, A5004 |
| AES-CFB128 | A5002, A5003, A5004 |
| AES-CFB8 | A5002, A5003, A5004 |
| AES-CMAC | A4712, A4716, A5002, A5003, A5004 |
| AES-CTR | A4712, A4716, A5002, A5003, A5004 |
| AES-ECB | A4711, A4712, A4715, A4716, A4717, A5002, A5003, A5004, A5019 |
| AES-GCM | A4712, A4715, A4717 |
| AES-GMAC | A4712, A5005, A5006, A5007, A5008 |
| AES-KW | A5002, A5003, A5004 |
| AES-KWP | A5002, A5003, A5004 |
| AES-OFB | A5002, A5003, A5004 |
| AES-XTS Testing Revision 2.0 | A4712, A4716, A5002, A5003, A5004 |
| Counter DRBG | A4711, A4712, A4715, A4717 |
| ECDSA KeyGen (FIPS186-5) | A4711 |
| ECDSA KeyVer (FIPS186-5) | A5009, A5018 |
| ECDSA SigGen (FIPS186-5) | A5009, A5018 |
| ECDSA SigVer (FIPS186-5) | A5009, A5018 |
| EDDSA KeyGen | A5016 |
| EDDSA SigGen | A5016 |
| EDDSA SigVer | A5016 |
| Hash DRBG | A5015 |
| HMAC DRBG | A5015 |
| HMAC-SHA-1 | A5009, A5018 |
| HMAC-SHA2- 224 | A5009, A5018 |
| HMAC-SHA2- 256 | A5009, A5010, A5018 |
| HMAC-SHA2- 384 | A5009, A5018 |
| HMAC-SHA2- 512 | A5009, A5018 |
| HMAC-SHA2- 512/224 | A5009, A5018 |
| HMAC-SHA2- 512/256 | A5009, A5018 |
| HMAC-SHA3- 224 | A5011, A5020 |
| HMAC-SHA3- 256 | A5011, A5020 |
| HMAC-SHA3- 384 | A5011, A5020 |
| HMAC-SHA3- 512 | A5011, A5020 |
| KAS-ECC-SSC Sp800-56Ar3 | A4711 |
| KAS-FFC-SSC Sp800-56Ar3 | A5014 |
| KAS-IFC-SSC | A5009, A5018 |
| KDA HKDF Sp800-56Cr1 | A5013 |
| KDA OneStep SP800-56Cr2 | A5012 |
| KDA TwoStep SP800-56Cr2 | A5012 |
| KDF ANS 9.42 (CVL) | A5009, A5018 |
| KDF ANS 9.63 (CVL) | A5009, A5018 |
| KDF KMAC Sp800-108r1 | A5017 |
| KDF SP800- 108 | A5017 |
| KDF SSH (CVL) | A5019 |
| KDF TLS (CVL) | A5009, A5018 |
| KTS-IFC | A5009, A5018 |
| PBKDF | A5009, A5011, A5018, A5020 |
| RSA KeyGen (FIPS186-5) | A5009, A5018 |
| RSA SigGen (FIPS186-5) | A5009, A5018 |
| RSA SigVer (FIPS186-5) | A5009, A5018 |
| SHA-1 | A5009, A5018 |
| SHA2-224 | A4711, A4712, A4716, A5009, A5018 |
| SHA2-256 | A4711, A4712, A4716, A5009, A5010, A5018 |
| SHA2-384 | A4711, A4712, A4716, A5009, A5018 |
| SHA2-512 | A4711, A4712, A4716, A5009, A5018 |
| SHA2- 512/224 | A5009, A5018 |
| SHA2- 512/256 | A5009, A5018 |
| SHA3-224 | A4713, A5011, A5020 |
| SHA3-256 | A4713, A5011, A5020 |
| SHA3-384 | A4713, A5011, A5020 |
| SHA3-512 | A4713, A5011, A5020 |
| SHAKE-128 | A5011, A5020 |
| SHAKE-256 | A5011, A5020 |
| TLS v1.2 KDF RFC7627 (CVL) | A5009, A5018 |
| TLS v1.3 KDF (CVL) | A5013 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Physical Security | 7 |
| Non-Invasive Security | 8 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for Summit Linux FIPS Core Crypto Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Error State</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Kernel AES-ECB<br/>Kernel AES-CTR<br/>Kernel AES-CBC</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Summit Linux FIPS Core Crypto Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Error State</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Kernel AES-ECB<br/>Kernel AES-CTR<br/>Kernel AES-CBC</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3 clueHigh;
class C5,C6 clueLow;Ezurio Summit Linux FIPS Core Crypto Module Document Version: 1.1 Last Modified: 04/04/2025 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com © 2025 Ezurio/atsec information security.
| # | Section | Page |
|---|---|---|
| 1 | General | 5 |
| 1.1 | Overview | 5 |
| 1.1.1 | How this Security Policy was prepared | 5 |
| 1.2 | Security Levels | 5 |
| 2 | Cryptographic Module Specification | 6 |
| 2.1 | Description | 6 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 8 |
| 2.3 | Excluded Components | 9 |
| 2.4 | Modes of Operation | 9 |
| 2.5 | Algorithms | 9 |
| 2.6 | Security Function Implementations | 15 |
| 2.7 | Algorithm Specific Information | 25 |
| 2.7.1 | AES GCM IV | 25 |
| 2.7.1.1 | TLS version 1.2 | 25 |
| 2.7.1.2 | TLS version 1.3 | 26 |
| 2.7.1.3 | IEEE 802.11 GCMP | 26 |
| 2.7.2 | AES XTS | 26 |
| 2.7.3 | Key derivation using SP 800-132 PBKDF2 | 26 |
| 2.7.4 | SP 800-56Ar3 Assurances | 27 |
| 2.7.5 | RSA Key Encapsulation | 27 |
| 2.7.6 | RSA Key Agreement | 28 |
| 2.7.7 | RSA SigGen and SigVer compliance | 28 |
| 2.7.8 | SHA-3 compliance | 28 |
| 2.8 | RBG and Entropy | 28 |
| 2.9 | Key Generation | 29 |
| 2.10 | Key Establishment | 29 |
| 2.11 | Industry Protocols | 30 |
| 3 | Cryptographic Module Interfaces | 31 |
| 3.1 | Ports and Interfaces | 31 |
| 4 | Roles, Services, and Authentication | 32 |
| 4.1 | Roles | 32 |
| 4.2 | Approved Services | 32 |
| 4.3 | Non-Approved Services | 49 |
| 4.4 | External Software/Firmware Loaded | 49 |
| 5 | Software/Firmware Security | 50 |
| 5.1 | Integrity Techniques | 50 |
| 5.2 | Initiate on Demand | 50 |
| 6 | Operational Environment | 51 |
| 6.1 | Operational Environment Type and Requirements | 51 |
| 6.2 | Configuration Settings and Restrictions | 51 |
| 7 | Physical Security | 52 |
| 7.1 | Mechanisms and Actions Required | 52 |
| 8 | Non-Invasive Security | 53 |
| 8.1 | Mitigation Techniques | 53 |
| 9 | Sensitive Security Parameters Management | 54 |
| 9.1 | Storage Areas | 54 |
| 9.2 | SSP Input-Output Methods | 54 |
| 9.3 | SSP Zeroization Methods | 54 |
| 9.4 | SSPs | 55 |
| 9.5 | Transitions | 76 |
| 10 | Self-Tests | 77 |
| 10.1 | Pre-Operational Self-Tests | 77 |
| 10.2 | Conditional Self-Tests | 77 |
| 10.3 | Periodic Self-Test Information | 81 |
| 10.4 | Error States | 84 |
| 10.5 | Operator Initiation of Self-Tests | 84 |
| 11 | Life-Cycle Assurance | 85 |
| 11.1 | Installation, Initialization, and Startup Procedures | 85 |
| 11.2 | Administrator Guidance | 85 |
| 11.3 | Non-Administrator Guidance | 85 |
| 11.4 | End of Life | 85 |
| 12 | Mitigation of Other Attacks | 86 |
| 12.1 | Attack List | 86 |
| Appendix A. Glossary and Abbreviations | 87 | |
| Appendix B. References | 88 |
© 2025 Ezurio/atsec information security.
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 3: Tested Operational Environments - Software, Firmware, Hybrid | 9 |
| Table 4: Modes List and Description | 9 |
| Table 5: Approved Algorithms | 14 |
| Table 6: Vendor-Affirmed Algorithms | 15 |
| Table 7: Non-Approved, Not Allowed Algorithms | 15 |
| Table 8: Security Function Implementations | 25 |
| Table 9: Entropy Certificates | 28 |
| Table 10: Entropy Sources | 29 |
| Table 11: Ports and Interfaces | 31 |
| Table 12: Roles | 32 |
| Table 13: Approved Services | 48 |
| Table 14: Non-Approved Services | 49 |
| Table 15: Storage Areas | 54 |
| Table 16: SSP Input-Output Methods | 54 |
| Table 17: SSP Zeroization Methods | 55 |
| Table 18: SSP Table 1 | 68 |
| Table 19: SSP Table 2 | 76 |
| Table 20: Pre-Operational Self-Tests | 77 |
| Table 21: Conditional Self-Tests | 81 |
| Table 22: Pre-Operational Periodic Information | 82 |
| Table 23: Conditional Periodic Information | 84 |
| Table 24: Error States | 84 |
| Figure 1: Physical configurations of the tested platform (top and bottom in order). | 7 |
| Figure 2: Block Diagram | 8 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | 1 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | 1 |
| Overall Level | Overall Level | 1 |
This document is the non-proprietary FIPS 140-3 Security Policy for the Summit Linux FIPS Core Crypto Module, firmware version 11.0. It contains the security rules under which the module must be operated and describes how this module meets the requirements as specified in FIPS 140-3 (Federal Information Processing Standards Publication 140-3) for a This Security Policy contains non-proprietary information. All other documentation submitted for FIPS 140-3 conformance testing and validation is proprietary and is releasable only under appropriate non-disclosure agreements.
which was further consolidated into this document by atsec information security together with other vendor-supplied documentation. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.
Table 1: Security Levels N/A © 2025 Ezurio/atsec information security.
Purpose and Use: The Summit Linux FIPS Core Crypto Module (hereafter referred to as the “module”) is a firmware module supporting FIPS 140-3 Approved cryptographic algorithms. The module is composed by firmware components comprised of a kernel and OpenSSL library. These firmware components provide a C language application program interface (API) for use by other processes that require cryptographic functionality. The module offers approved cryptographic functions in the approved mode for, among other uses:
Figure 1: Physical configurations of the tested platform (top and bottom in order). Figure 2 below shows the block diagram of the module. The cryptographic boundary is indicated with yellow blocks, distributed among firmware components. Blocks of another color do not belong to the cryptographic boundary. Users of the module interact through the API that are the logical interfaces data input, data output, control input, status output. A dotted line encompasses the module’s components that interface through the API. In Figure 2, users of the module are exemplified by applications. These applications may reside within the NAND Flash memory or may reside outside (but still within the physical perimeter), always interacting with the module’s API. The physical perimeter of the module is defined as the perimeter of the circuit board on which the module is installed. The filesystem and operating system reside on NAND Flash memory within the physical perimeter. © 2025 Ezurio/atsec information security.
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| Image.Izma, fipscheck (application and library), fips.so | 11.0 | N/A | Image.Izma, fipscheck (application and library), fips.so | HMAC-SHA-256 | ||||||
| Summit Linux 11.0 | Summit Linux 11.0 | Laird WB5NBT wireless bridge | 11.0 | Microchip AT91SAM9G (ARM926EJ-S), ARMv5-based | No | N/A |
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| Image.Izma, fipscheck (application and library), fips.so | 11.0 | N/A | Image.Izma, fipscheck (application and library), fips.so | HMAC-SHA-256 | ||||||
| Summit Linux 11.0 | Summit Linux 11.0 | Laird WB5NBT wireless bridge | 11.0 | Microchip AT91SAM9G (ARM926EJ-S), ARMv5-based | No | N/A |
Tested Module Identification
| Name | Description | Type |
|---|---|---|
| Non- approved mode | Automatically entered whenever a non-approved service is requested | Non- Approved |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A4712, A4716, A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5002, A5003, A5004 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5002, A5003, A5004 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A4714, A4718, A5002, A5003, A5004 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A4712, A4716, A5002, A5003, A5004 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB1 | A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A4712, A4716, A5002, A5003, A5004 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A4712, A4716, A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4711, A4712, A4715, A4716, A4717, A5002, A5003, A5004, A5019 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-GCM | A4712, A4715, A4717 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GCM | A5005, A5006, A5007, A5008 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A4712, A5005, A5006, A5007, A5008 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-KW | A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A4712, A4716, A5002, A5003, A5004 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A4711, A4712, A4715, A4717 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Counter DRBG | A5015 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - No, Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-5) | A4711 | Curve - P-256, P-384 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A5009, A5018 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5009, A5018 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5009, A5018 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5011, A5020 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5009, A5018 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5011, A5020 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-5 |
| EDDSA KeyGen | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5 |
| EDDSA SigGen | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5 |
| EDDSA SigVer | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5 |
| Hash DRBG | A5015 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A5015 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A5009, A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5009, A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5009, A5010, A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5009, A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5009, A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5009, A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5009, A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 224 | A5011, A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 256 | A5011, A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 384 | A5011, A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 512 | A5011, A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A4711 | Domain Parameter Generation Methods - P- 256, P-384 | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A5009, A5018 | Domain Parameter Generation Methods - P- 224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-FFC-SSC Sp800-56Ar3 | A5014 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP- 3072, MODP-4096, MODP-6144, MODP- 8192 Scheme - dhEphem - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5009, A5018 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime- factor Scheme - KAS1 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KDA HKDF Sp800-56Cr1 | A5013 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev. 2 |
| KDA OneStep SP800-56Cr2 | A5012 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 | SP 800-56C Rev. 2 |
| KDA TwoStep SP800-56Cr2 | A5012 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 | SP 800-56C Rev. 2 |
| KDF ANS 9.42 (CVL) | A5009, A5018 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5011, A5020 | KDF Type - DER Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5009, A5018 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | SP 800-135 Rev. 1 |
Table 3: Tested Operational Environments - Software, Firmware, Hybrid CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.
There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.
Modes List and Description: NonAutomatically entered Table 4: Modes List and Description NonApproved After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode. Mode Change Instructions and Status: The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status indicator of the mode of
Approved Algorithms: © 2025 Ezurio/atsec information security.
© 2025 Ezurio/atsec information security.
HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3512 © 2025 Ezurio/atsec information security.
© 2025 Ezurio/atsec information security.
| Name | CAVP Cert | Key Size | Properties |
|---|---|---|---|
| KDF KMAC Sp800-108r1 | A5017 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 Rev. 1 |
| KDF SP800- 108 | A5017 | KDF Mode - Counter, Feedback Supported Lengths - Supported Lengths: 112, 128, 776, 3456, 4096 | SP 800-108 Rev. 1 |
| KDF SSH (CVL) | A5019 | Cipher - AES-128, AES-192, AES-256, TDES Hash Algorithm - SHA-1, SHA2-256, SHA2- 384, SHA2-512 | SP 800-135 Rev. 1 |
| KDF TLS (CVL) | A5009, A5018 | TLS Version - v1.0/1.1 | SP 800-135 Rev. 1 |
| KMAC-128 | A5011, A5020 | Message Length - Message Length: 0- 65536 Increment 8 Key Data Length - Key Data Length: 128- 1024 Increment 8 | SP 800-185 |
| KMAC-256 | A5011, A5020 | Message Length - Message Length: 0- 65536 Increment 8 Key Data Length - Key Data Length: 128- 1024 Increment 8 | SP 800-185 |
| KTS-IFC | A5009, A5018 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime- factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| PBKDF | A5009, A5011, A5018, A5020 | Iteration Count - Iteration Count: 1000- 10000 Increment 1 Password Length - Password Length: 14- 128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-5) | A5009, A5018 | Key Generation Mode - probableWithProbableAux Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5009, A5018 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5009, A5018 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| Safe Primes Key Generation | A5014 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP- 2048, MODP-3072, MODP-4096, MODP- 6144, MODP-8192 | SP 800-56A Rev. 3 |
| Safe Primes Key Verification | A5014 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP- 2048, MODP-3072, MODP-4096, MODP- 6144, MODP-8192 | SP 800-56A Rev. 3 |
| SHA-1 | A5009, A5018 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4711, A4712, A4716, A5009, A5018 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4711, A4712, A4716, A5009, A5010, A5018 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A4711, A4712, A4716, A5009, A5018 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A4711, A4712, A4716, A5009, A5018 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 180-4 |
| SHA2- 512/224 | A5009, A5018 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 180-4 |
| SHA2- 512/256 | A5009, A5018 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 180-4 |
| SHA3-224 | A4713, A5011, A5020 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 202 |
| SHA3-256 | A4713, A5011, A5020 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 202 |
| SHA3-384 | A4713, A5011, A5020 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 202 |
| SHA3-512 | A4713, A5011, A5020 | Message Length - Message Length: 0- 65536 Increment 8 | FIPS 202 |
| SHAKE-128 | A5011, A5020 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A5011, A5020 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| TLS v1.2 KDF RFC7627 (CVL) | A5009, A5018 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.3 KDF (CVL) | A5013 | HMAC Algorithm - SHA2-256, SHA2-384 KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 Rev. 1 |
KDF SP800108 © 2025 Ezurio/atsec information security.
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| Kernel ECDSA Key Generation | Curves:P-256, P-384 (128, 192 bits) | Summit Linux (ECDH_C) | FIPS 186-5, SP 800-133rev2 Section 5.1, 5.2 | |||
| FIPS provider Safe Primes Key Generation | Safe Primes:MODP-2048, MODP- 3072, MODP-4096, MODP-6144, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 with 112- 200 bits of key strength | FIPS provider (FFC_DH) | FIPS 186-5, SP 800-133rev2 Section 5.1, 5.2 | |||
| FIPS provider EDDSA Key Generation | Curves:ED-25519, ED-448 (128, 224 bits) | FIPS provider (EDDSA_3_2) | FIPS 186-5, SP 800-133rev2 Section 5.1 | |||
| FIPS provider RSA Key Generation | Keys:2048, 3072, 4096 (112, 128, 149 bits) | FIPS provider (SHA_ASM) | FIPS 186-5, SP 800-133rev2 Section 5.1, 5.2 | |||
| FIPS provider ECDSA Key Generation | Curves:P-224, P-256, P-384, P- 512 (112, 128, 192, 256 bits) | FIPS provider (SSH_ASM) | FIPS 186-5, SP 800-133rev2 Section 5.1, 5.2 | |||
| FIPS provider PBKDF with salt length less than 128 bits | Key derivation | |||||
| FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS | Key derivation | |||||
| FIPS provider TLSv1.2 KDF without using EMS | Key derivation | |||||
| Kernel AES-CCM (KTS-Wrap) | Key Unwrapping, Key Unwrapping | AES-CCM: (A4712, A4716) | KTS-Wrap | Keys: 128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES-GCM (KTS-Wrap) | Key Wrapping, Key Unwrapping | AES-GCM: (A4712, A4715, A4717) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES CBC with HMAC | Key Wrapping, Key Unwrapping | AES-CBC: (A4712, A4716) HMAC- SHA2-256: (A4711, A4712, A4716) HMAC- SHA2-384: (A4711, A4712, A4716) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
SHA2512/224 SHA2512/256 Table 5: Approved Algorithms Vendor-Affirmed Algorithms: © 2025 Ezurio/atsec information security.
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| FIPS provider ECDSA Key Generation | Curves:P-224, P-256, P-384, P- 512 (112, 128, 192, 256 bits) | FIPS provider (SSH_ASM) | FIPS 186-5, SP 800-133rev2 Section 5.1, 5.2 | |||
| FIPS provider PBKDF with salt length less than 128 bits | Key derivation | |||||
| FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS | Key derivation | |||||
| FIPS provider TLSv1.2 KDF without using EMS | Key derivation | |||||
| Kernel AES-CCM (KTS-Wrap) | Key Unwrapping, Key Unwrapping | AES-CCM: (A4712, A4716) | KTS-Wrap | Keys: 128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES-GCM (KTS-Wrap) | Key Wrapping, Key Unwrapping | AES-GCM: (A4712, A4715, A4717) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES CBC with HMAC | Key Wrapping, Key Unwrapping | AES-CBC: (A4712, A4716) HMAC- SHA2-256: (A4711, A4712, A4716) HMAC- SHA2-384: (A4711, A4712, A4716) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| FIPS provider ECDSA Key Generation | Curves:P-224, P-256, P-384, P- 512 (112, 128, 192, 256 bits) | FIPS provider (SSH_ASM) | FIPS 186-5, SP 800-133rev2 Section 5.1, 5.2 | |||
| FIPS provider PBKDF with salt length less than 128 bits | Key derivation | |||||
| FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS | Key derivation | |||||
| FIPS provider TLSv1.2 KDF without using EMS | Key derivation | |||||
| Kernel AES-CCM (KTS-Wrap) | Key Unwrapping, Key Unwrapping | AES-CCM: (A4712, A4716) | KTS-Wrap | Keys: 128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES-GCM (KTS-Wrap) | Key Wrapping, Key Unwrapping | AES-GCM: (A4712, A4715, A4717) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES CBC with HMAC | Key Wrapping, Key Unwrapping | AES-CBC: (A4712, A4716) HMAC- SHA2-256: (A4711, A4712, A4716) HMAC- SHA2-384: (A4711, A4712, A4716) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES CTR with HMAC | Key Wrapping, Key Unwrapping | AES-CTR: (A4712, A4716) HMAC- SHA2-256: (A4711, A4712, A4716) HMAC- SHA2-384: (A4711, A4712, A4716) HMAC- SHA2-512: (A4711, A4712, A4716) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel KAS-ECC- SSC | Shared Secret Computation | KAS-ECC- SSC Sp800- 56Ar3: (A4711) | KAS-SSC | Curves:Curves : P- 256, P-384 elliptic curves with 128 and 192 bits of key strength Compliance : Compliant with IG D.F scenario 2(1) | ||
| Kernel AES-ECB | Encryption/Decryption | AES-ECB: (A4711, A4712, A4715, A4716, A4717) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| Kernel AES-CTR | Encryption/Decryption | AES-CTR: (A4712, A4716) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| Kernel AES-CBC | Encryption/Decryption | AES-CBC: (A4712, A4716) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| Kernel AES-CBC- CS3 | Encryption/Decryption | AES-CBC- CS3: (A4714, A4718) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| Kernel AES-XTS | Encryption/Decryption | AES-XTS Testing Revision 2.0: (A4712, A4716) | BC-UnAuth | Keys:128, 256 bits with 128 and 256 bits of key strength | ||
| Kernel AES-CCM (BC-Auth) | Authenticated Encryption/Decryption | AES-CCM: (A4712, A4716) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| Kernel AES-GCM (BC-Auth) | Authenticated Encryption/Decryption | AES-GCM: (A4712, A4715, A4717) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| Kernel AES-CMAC | Message authentication code (MAC) | AES-CMAC: (A4712, A4716) | MAC | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| Kernel AES-GMAC | Message authentication code (MAC) | AES-GMAC: (A4712) | MAC | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| Kernel Counter DRBG | Random Number Generation | Counter DRBG: (A4711, A4712, A4715, A4717) | DRBG | Compliance:Compliant with SP800-90ARev1 | ||
| Kernel ECDSA Key Generation | Key Generation | ECDSA KeyGen (FIPS186-5): (A4711) | CKG | Curves:P-256, P-384 | ||
| Kernel HMAC | Message authentication code (MAC) | HMAC- SHA2-224: (A4711, A4712, A4716) HMAC- SHA2-256: (A4711, A4712, A4716) HMAC- SHA2-384: (A4711, A4712, A4716) HMAC- SHA2-512: (A4711, A4712, A4716) HMAC- SHA3-224: (A4713) HMAC- SHA3-256: (A4713) HMAC- SHA3-384: (A4713) HMAC- | MAC | Keys:112-256 bits with 112-256 bits of key strength | ||
| Kernel Hashes | Hashing | SHA2-224: (A4711, A4712, A4716) SHA2-256: (A4711, A4712, A4716) SHA2-384: (A4711, A4712, A4716) SHA2-512: (A4711, A4712, A4716) SHA3-224: (A4713) SHA3-256: (A4713) SHA3-384: (A4713) SHA3-512: (A4713) | SHA | |||
| FIPS provider AES-CCM (KTS-Wrap) | Key Unwrapping, Key Unwrapping | AES-CCM: (A5002, A5003, A5004) | KTS-Wrap | Keys: 128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| FIPS provider AES-GCM (KTS-Wrap) | Key Wrapping, Key Unwrapping | AES-GCM: (A5005, A5006, A5007, A5008) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| FIPS provider KAS-IFC- SSC | Shared Secret Computation | KAS-IFC- SSC: (A5009, A5018) | KAS-SSC | Keys:2048, 3072, 4096, 6144, 8192-bit keys with 112-200 bits of key strength Compliance : Compliant with IG D.F scenario 1(1) | ||
| FIPS provider KTS-IFC | Key encapsulation, Key unencapsulation | KTS-IFC: (A5009, A5018) | KTS-Encap | Keys:2048, 3072, 4096, 6144, 8192-bit keys with 112-200 bits of key strength respectively Compliance:Compliant with IG D.G | ||
| FIPS provider Safe Primes Key Generation | Key Generation | Safe Primes Key Generation: (A5014) | CKG | Groups:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | ||
| FIPS provider Safe Primes Key Verification | Key Verification | Safe Primes Key Verification: (A5014) | AsymKeyPair- KeyVer | Groups:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 | ||
| FIPS provider KAS-FFC- SSC | Shared Secret Computation | KAS-FFC- SSC Sp800- 56Ar3: (A5014) | KAS-SSC | Keys:2048, 3072, 4096, 6144, 8192-bit keys with 112-200 bits of key strength Compliance : Compliant with IG D.F scenario 2(1) | ||
| FIPS provider KAS-ECC- SSC | Shared Secret Computation | KAS-ECC- SSC Sp800- 56Ar3: (A5009, A5018) | KAS-SSC | Curves:P-224, P-256, P-384, P-521 elliptic curves with 112-256 bits of key strength Compliance : Compliant with IG D.F scenario 2(1) | ||
| FIPS provider AES KW | Key Wrapping, Key Unwrapping | AES-KW: (A5002, A5003, A5004) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| FIPS provider AES KWP | Key Wrapping, Key Unwrapping | AES-KWP: (A5002, A5003, A5004) | KTS-Wrap | Keys:128, 192, 256- bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| FIPS provider AES-ECB | Encryption/Decryption | AES-ECB: (A5002, A5003, A5004, A5019) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-CTR | Encryption/Decryption | AES-CTR: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-CBC | Encryption/Decryption | AES-CBC: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-CBC- CS1 | Encryption/Decryption | AES-CBC- CS1: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-CBC- CS2 | Encryption/Decryption | AES-CBC- CS2: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-CBC- CS3 | Encryption/Decryption | AES-CBC- CS3: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-CFB1 | Encryption/Decryption | AES-CFB1: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-CFB8 | Encryption/Decryption | AES-CFB8: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES- CFB128 | Encryption/Decryption | AES- CFB128: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-XTS | Encryption/Decryption | AES-XTS Testing Revision 2.0: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 256 bits with 128 and 256 bits of key strength | ||
| FIPS provider AES-CCM (BC-Auth) | Authenticated Encryption/Decryption | AES-CCM: (A5002, A5003, A5004) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-GCM (BC-Auth) | Authenticated Encryption/Decryption | AES-GCM: (A5005, A5006, A5007, A5008) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-OFB | Encryption/Decryption | AES-OFB: (A5002, A5003, A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-CMAC | Message authentication code (MAC) | AES-CMAC: (A5002, A5003, A5004) | MAC | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider AES-GMAC | Message authentication code (MAC) | AES-GMAC: (A5005, A5006, A5007, A5008) | MAC | Keys:128, 192, 256 bits with 128-256 bits of key strength | ||
| FIPS provider Counter DRBG | Random Number Generation | Counter DRBG: (A5015) | DRBG | Compliance:Compliant with SP800-90ARev1 | ||
| FIPS provider Hash DRBG | Random Number Generation | Hash DRBG: (A5015) | DRBG | Compliance:Compliant with SP800-90ARev1 | ||
| FIPS provider HMAC DRBG | Random Number Generation | HMAC DRBG: (A5015) | DRBG | Compliance:Compliant with SP800-90ARev1 | ||
| FIPS provider ECDSA Key Generation | Key Generation | ECDSA KeyGen (FIPS186-5): (A5009, A5018) | CKG | Curves:P-224, P-256, P-384, P-521 | ||
| FIPS provider ECDSA Key Verification | Key Verification | ECDSA KeyVer (FIPS186-5): (A5009, A5018) | AsymKeyPair- KeyVer | Curves:P-224, P-256, P-384, P-521 | ||
| FIPS provider ECDSA Signature Generation | Signature Generation | ECDSA SigGen (FIPS186-5): (A5009, A5011, A5018, A5020) | DigSig- SigGen | Curves:P-224, P-256, P-384, P-521 | ||
| FIPS provider ECDSA Signature Verification | Signature Verification | ECDSA SigVer (FIPS186-5): (A5009, A5011, A5018, A5020) | DigSig-SigVer | Curves:P-224, P-256, P-384, P-521 | ||
| FIPS provider EDDSA Key Generation | Key Generation | EDDSA KeyGen: (A5016) | CKG | Curves:Ed25519, Ed448 | ||
| FIPS provider EDDSA Signature Generation | Signature Generation | EDDSA SigGen: (A5016) | DigSig- SigGen | Curves:Ed25519, Ed448 | ||
| FIPS provider EDDSA | Signature Verification | EDDSA SigVer: (A5016) | DigSig-SigVer | Curves:Ed25519, Ed448 | ||
| FIPS provider RSA Key Generation | Key Generation | RSA KeyGen (FIPS186-5): (A5009, A5018) | CKG | Keys:2048, 3072, 4096 keys with 112- 150 bits of key strength respectively | ||
| FIPS provider RSA Signature Generation | Signature Generation | RSA SigGen (FIPS186-5): (A5009, A5018) | DigSig- SigGen | Keys:2048, 3072, 4096 keys with 112- 150 bits of key strength respectively | ||
| FIPS provider RSA Signature Verification | Signature Verification | RSA SigVer (FIPS186-5): (A5009, A5018) | DigSig-SigVer | Keys:2048, 3072, 4096 keys with 112- 150 bits of key strength respectively | ||
| FIPS provider HMAC | Message authentication code (MAC) | HMAC-SHA- 1: (A5009, A5018) HMAC- SHA2-224: (A5009, A5018) HMAC- SHA2-256: (A5009, A5010, A5018) HMAC- SHA2-384: (A5009, A5018) HMAC- SHA2-512: (A5009, A5018) HMAC- SHA2- 512/224: (A5009, A5018) HMAC- SHA2- 512/256: (A5009, A5018) HMAC- SHA3-224: (A5011, A5020) HMAC- SHA3-256: (A5011, | MAC | Keys:112-256 bits with 112-256 bits of key strength | ||
| FIPS provider KMAC | Message authentication code (MAC) | KMAC-128: (A5011, A5020) KMAC-256: (A5011, A5020) | MAC | Keys:112-256 bits with 112-256 bits of key strength | ||
| FIPS provider Hashes | Hashing | SHA-1: (A5009, A5018) SHA2-224: (A5009, A5018) SHA2-256: (A5009, A5010, A5018) SHA2-384: (A5009, A5018) SHA2-512: (A5009, A5018) SHA2- 512/224: (A5009, A5018) SHA2- 512/256: (A5009, A5018) SHA3-224: (A5011, A5020) SHA3-256: (A5011, A5020) SHA3-384: (A5011, A5020) SHA3-512: (A5011, A5020) SHAKE-128: (A5011, A5020) | SHA | |||
| FIPS provider ANS 9.42 Key Derivation (CVL) | Key Derivation | KDF ANS 9.42: (A5009, A5011, A5018, A5020) | KAS-135KDF | OID:AES-128-KW, AES-192-KW, AES- 256-KW with 128, 192, 256 bits of key strength, respectively | ||
| FIPS provider ANS 9.63 Key Derivation (CVL) | Key Derivation | KDF ANS 9.63: (A5009, A5018) | KAS-135KDF | Key data length:128- 4096 bits | ||
| FIPS provider TLS 1.0 and 1.1 Key Derivation (CVL) | Key Derivation | KDF TLS: (A5009, A5018) | KAS-135KDF | Derived key:112-256 bits with 112-256 bits of key strength | ||
| FIPS provider TLS 1.2 Key Derivation (CVL) | Key Derivation | TLS v1.2 KDF RFC7627: (A5009, A5018) | KAS-135KDF | Derived key:112-256 bits with 112-256 bits of key strength | ||
| FIPS provider TLS 1.3 Key Derivation (CVL) | Key Derivation | TLS v1.3 KDF: (A5013) | KAS-135KDF | Derived key:112-256 bits with 112-256 bits of key strength | ||
| FIPS provider HKDF Key Derivation | Key Derivation | KDA HKDF Sp800- 56Cr1: (A5013) | KAS-56CKDF | Derived key:112-256 bits with 112-256 bits of key strength | ||
| FIPS provider Password- based Key Derivation | Key Derivation | PBKDF: (A5009, A5011, A5018, A5020) | PBKDF | Derived key:112-4096 bits with 112-150 bits of key strength | ||
| FIPS provider OneStep Key Derivation | Key Derivation | KDA OneStep SP800- 56Cr2: (A5012) | KAS-56CKDF | Derived key:2048 bits with 112 bits of key strength | ||
| FIPS provider TwoStep Key Derivation | Key Derivation | KDA TwoStep SP800- 56Cr2: (A5012) | KAS-56CKDF | Derived key:2048 bits with 112 bits of key strength | ||
| FIPS provider KMAC Key Derivation | Key Derivation | KDF KMAC Sp800- 108r1: (A5017) | KBKDF | Derived key:112-4096 bits with 112-150 bits of key strength | ||
| FIPS provider KBKDF Key Derivation | Key Derivation. | KDF SP800- 108: (A5017) | KBKDF | Derived key:112-4096 bits with 112-150 bits of key strength | ||
| FIPS provider SSH Key Derivation | Key Derivation | KDF SSH: (A5019) | KAS-135KDF | Keys:128, 192, 256 bits with 128-256 bits of key strength |
Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: Table 7: Non-Approved, Not Allowed Algorithms
HMACSHA2-256: HMACSHA2-384: © 2025 Ezurio/atsec information security.
KAS-ECCSSC AES-CBCCS3 HMACSHA2-512: HMACSHA2-256: HMACSHA2-384: HMACSHA2-512: KAS-ECCSSC Sp80056Ar3: AES-CBCCS3: © 2025 Ezurio/atsec information security.
HMACSHA2-224: HMACSHA2-256: HMACSHA2-384: HMACSHA2-512: HMACSHA3-224: HMACSHA3-256: HMACSHA3-384: © 2025 Ezurio/atsec information security.
KAS-IFCSSC KAS-IFCSSC: © 2025 Ezurio/atsec information security.
AsymKeyPairKeyVer KAS-FFCSSC KAS-ECCSSC KAS-FFCSSC Sp80056Ar3: KAS-ECCSSC Sp80056Ar3: © 2025 Ezurio/atsec information security.
AES-CBCCS1 AES-CBCCS2 AES-CBCCS3 AESCFB128 AES-CBCCS1: AES-CBCCS2: AES-CBCCS3: AESCFB128: © 2025 Ezurio/atsec information security.
AsymKeyPairKeyVer DigSigSigGen DigSigSigGen © 2025 Ezurio/atsec information security.
DigSigSigGen HMACSHA2-224: HMACSHA2-256: HMACSHA2-384: HMACSHA2-512: HMACSHA2512/224: HMACSHA2512/256: HMACSHA3-224: HMACSHA3-256: © 2025 Ezurio/atsec information security.
HMACSHA3-384: HMACSHA3-512: SHA2512/224: SHA2512/256: © 2025 Ezurio/atsec information security.
Passwordbased Key Sp80056Cr1: SP80056Cr2: SP80056Cr2: © 2025 Ezurio/atsec information security.
Table 8: Security Function Implementations Sp800108r1: KDF SP800108:
AES-GCM encryption and decryption are used in the context of the TLS protocol version 1.2 and 1.3 using the FIPS provider component (corresponding to Scenario 1 and 5 of IG C.H), and in the context of IEEE 802.11 GCMP using the kernel/hardware components (corresponding to Scenario 5 of IG C.H). For IPsec, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The mechanism for IV generation is compliant with RFC 4106. IVs generated using this mechanism may only be used in the context of AES GCM encryption within the IPsec protocol. Alternatively, the Crypto Officer can use the module’s API to perform AES GCM encryption using internal IV generation. These IVs are always 96 bits and generated using the approved DRBG internal to the module’s boundary, compliant with Scenario 2 of FIPS 140-3 IG C.H. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the EVP_EncryptInit_ex2 API function with a non-NULL iv value. When this is the case, the API will set a non-approved service indicator.
For TLS v1.2, the module uses the context of Scenario 1 of IG C.H. The module is compliant with SP 800-52 section 3.3.1 and the mechanism for IV generation is compliant with RFC5288. For this compliance, the module’s implementation of the AES-GCM shall be used together with an application that negotiates the protocol session’s keys and the 32-bit nonce value of the IV. The setting of the counter portion of the IV is performed within the cryptographic boundary. The nonce explicit part of the IV does not exhaust the maximum number of possible values for a given session key. This condition is implicitly ensured by the design of the TLS protocol, in which the nonce_explicit is denied exhaustion by the control exerted by the protocol’s management logic (wherein the nonce_explicit is incremented per each TLS record). This management logic also implies that the probability of an exhaustion of all 264
In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established.
For TLS 1.3, the AES GCM implementation uses the context of Scenario 5 of FIPS 140-3 IG C.H. The protocol that provides this compliance is TLS 1.3, defined in RFC8446 of August 2018, using the cipher-suites that explicitly select AES GCM as the encryption/decryption cipher (Appendix B.4 of RFC8446). The module supports acceptable AES GCM cipher suites from Section 3.3.1 of SP800-52r2. TLS 1.3 employs separate 64-bit sequence numbers, one for protocol records that are received, and one for protocol records that are sent to a peer. These sequence numbers are set at zero at the beginning of a TLS 1.3 connection and each time when the AES-GCM key is changed. After reading or writing a record, the respective sequence number is incremented by one. The protocol specification determines that the sequence number should not wrap, and if this condition is observed, then the protocol implementation must either trigger a re-key of the session (i.e., a new key for AES-GCM), or terminate the connection. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established.
The kernel component is in compliance with FIPS 140-3 IG C.H scenario 5 for the WPA2 protocol. Specifically, GCMP is defined in IEEE 802.11ac-2013. For IEEE 802.11 GCMP, the module implements an internal production unit logic that constructs the IV deterministically upon the initialization of a GCMP connection, and therefore the initialization of a GCM encryption context." and "In case the module's power is lost and then restored, the key used for AES GCM encryption or decryption shall be re-distributed.
The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 220 AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check to ensure that the two AES keys used in AES XTS mode are not identical. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.
The module provides password-based key derivation (PBKDF2), compliant with SP 800-132. The module supports option 1a from Section 5.4 of SP 800-132, in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance to SP 800-132 and FIPS 140-3 IG D.N, the following requirements shall be met:
Kernel Component: The module offers ECDH shared secret computation services compliant to the SP 800-56ARev3. In order to meet the required assurances listed in section
5.6 of SP 800-56ARev3, the module shall be used together with an application that
implements the "IPsec protocol" and the following steps shall be performed.
5.6.2 of SP 800-56Ar3, the operator must use the module together with an application that
implements the TLS protocol. Additionally, the module’s approved key pair generation service must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the full public key validation of the generated public key. The module’s shared secret computation service will internally perform the full public key validation of the peer public key, complying with Sections 5.6.2.2.1 and 5.6.2.2.2 of SP 800-56Ar3.
To comply with SP800-56Br2 assurances found in its Section 6 (specifically SP800-56Br2 Section 6.4 Required Assurances) the entity using the module must obtain required assurances listed in section 6.4 of SP 800-56Br2 by performing the following steps:
| Cert | Vendor | ||
|---|---|---|---|
| Number | Name | ||
| E119 | Ezurio |
a. verify the validity of the peer’s public key using the public key validation service of the module (EVP_PKEY_check() API). b. confirm the peer’s possession of private key by using any method specified in section 6.4.2.3 of the SP 800-56Br2. Only after the above assurances are successfully met, shall the entity use the peer’s public key to perform the RSA key encapsulation service of the module.
To comply with the assurances found in Section 6.4 of SP 800-56Br2, the module’s approved RSA key pair generation service must be used to generate the RSA key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the key pair validity and the pairwise consistency according to section 6.4.1.1 of SP 800-56Br2. Additionally, the entity requesting the shared secret computation service shall verify the validity of the peer’s public key using the public key validation service of the module (EVP_PKEY_check() API). This service will perform the full public key validation of the peer’s public key, complying with Section 6.4.2.1 of SP 800-56Br2.
The module provides RSA signature generation and signature verification compliant with IG C.F. The module supports RSA modulus lengths of 2048, 3072, and 4096 bits for signature generation and 1024, 2048, 3072, and 4096 for signature verification. The RSA signature generation and signature verification implementations have been tested for all implemented RSA modulus lengths. The number of Miller-Rabin tests is consistent with the bit sizes of p and q from Table B.1 of FIPS 186-4.
The module provides SHA-3 hash functions compliant with IG C.C. Every implementation of each SHA-3 function was tested and validated on all of the module’s operating environments. SHAKE functions are not implemented. SHA-3 hash functions are also used as part of a higher-level algorithm for HMAC.
Table 9: Entropy Certificates © 2025 Ezurio/atsec information security.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Summit CPU Time Jitter RNG Entropy Source | Non- Physical | 64 bits | Summit Linux 11.0 | 64 bits | A4713 (SHA3- 256) |
Table 10: Entropy Sources A4713 (SHA3256) The module provides DRBG’s compliant with SP800-90A for random number generation and the creation of key components of asymmetric keys. The kernel component DRBG implements a CTR_DRBG mechanism with AES-128, AES-192 or AES-256, with selectable enabling of derivation function and prediction resistance. The FIPS provider component DRBG’s implements a CTR_DRBG mechanism with AES-128, AES-192 or AES-256 with selectable enabling of derivation function and prediction resistance. Additionally, a Hash_DRBG and HMAC_DRBG mechanism with SHA-1, SHA-256 or SHA-512 with selectable enabling of derivation function and prediction resistance is implemented. Lastly the kernel and FIPS Provider DRBG’s are seeded with 320 bits and assessed to be full entropy in the ESV certificate #E119 at 1 bit/bit or 256 bits of entropy.
For generating RSA, ECDSA, Diffie-Hellman, EC Diffie-Hellman keys for the FIPS Provider component and ECDSA keys for Kernel component, the module implements asymmetric key generation services compliant with FIPS186-5 or SP800-56Arev3 as applicable and using a DRBG compliant with SP800-90A. The random value used in asymmetric key generation is obtained from the DRBG. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per Section 4 of SP800-133rev2 (vendor affirmed). Additionally, the module implements the following key derivation methods according to section 6.2 of SP 800-133r2:
The module implements following key establishments methods that are listed in the Security Function Implementations table: - shared secret computation for KAS-IFC-SSC, KAS-FFC-SSC KAS-ECC-SSC © 2025 Ezurio/atsec information security.
- key transport for KTS-IFC and KTS-Wrap
For DH, the module supports the use of the safe primes defined in RFC 3526 (IKE) and RFC
7919 (TLS) as listed in Approved Services table. Note that the module only implements key
pair generation, key pair verification, and shared secret computation. No other part of the IKE or TLS protocols is implemented (with the exception of the TLS 1.2 and 1.3 KDFs). SSH KDF, TLS 1.0/1.1 KDF, TLS 1.2 KDF (RFC 7627), TLS 1.3 KDF implementations shall only be used to generate secret keys in the context of the SSH, TLS 1.0/1.1, TLS 1.2, or TLS 1.3 protocols, respectively. Note that TLS 1.2 KDF must be compliant with RFC 7627 to be considered approved. ANS X9.42 KDF and ANS X9.63 KDF implementations shall only be used to generate secret keys in the context of an ANS X9.42-2001 resp. ANS X9.63-2001 key agreement scheme. © 2025 Ezurio/atsec information security.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API data input parameters, AF_ALG type sockets (kernel component) |
| N/A | N/A | Data Output | API output parameters, AF_ALG type sockets (kernel component) |
| N/A | N/A | Control Input | API function calls, API control input parameters, AF_ALG type sockets (kernel component), kernel command line (kernel component) |
| N/A | N/A | Status Output | API return values, error queue, AF_ALG type sockets (kernel component), kernel logs (kernel component) |
| N/A | N/A | Power | The hardware on which the module runs receives power from the circuit board on which the hardware resides. |
N/A N/A N/A N/A N/A Table 11: Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design. © 2025 Ezurio/atsec information security.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | Crypto Officer | Role | None | ||||||
| Kernel Encryptio n | Encrypti on | Crypto Officer - Kernel AES key: W,E | Kernel AES- ECB Kernel AES- CTR Kernel AES- CBC Kernel AES- CBC- CS3 Kernel AES- XTS | crypto_skcipher_setkey returns 0 | AES key, plaintex t | cipherte xt | |||
| Kernel Decrypti on | Decrypt ion | Crypto Officer - Kernel AES key: W,E | Kernel AES- ECB Kernel AES- CTR Kernel AES- CBC Kernel AES- CBC- CS3 Kernel AES- XTS | crypto_skcipher_setkey returns 0 | AES key, cipherte xt | plaintext |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | Crypto Officer | Role | None | ||||||
| Kernel Encryptio n | Encrypti on | Crypto Officer - Kernel AES key: W,E | Kernel AES- ECB Kernel AES- CTR Kernel AES- CBC Kernel AES- CBC- CS3 Kernel AES- XTS | crypto_skcipher_setkey returns 0 | AES key, plaintex t | cipherte xt | |||
| Kernel Decrypti on | Decrypt ion | Crypto Officer - Kernel AES key: W,E | Kernel AES- ECB Kernel AES- CTR Kernel AES- CBC Kernel AES- CBC- CS3 Kernel AES- XTS | crypto_skcipher_setkey returns 0 | AES key, cipherte xt | plaintext | |||
| Kernel Authenti cated Encryptio n | Encrypti on | Crypto Officer - Kernel AES key: W,E | Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | crypto_aead_setkey returns 0 | AES key, IV, plaintex t | cipherte xt, MAC tag | |||
| Kernel Authenti cated Decrypti on | Decrypt ion | Crypto Officer - Kernel AES key: W,E | Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | crypto_aead_setkey returns 0 | AES key, IV, MAC tag, cipherte xt | plaintext or fail | |||
| Kernel key wrapping | Wrap a key | Crypto Officer - Kernel AES key: W,E | Kernel AES- CCM (KTS- Wrap) Kernel AES- GCM (KTS- Wrap) Kernel AES CBC with HMAC Kernel AES CTR with HMAC | crypto_skcipher_setkey returns 0; crypto_aead_setkey returns 0; crypto_shash_init returns 0 | AES key, key to be wrappe d | wrapped key | |||
| Kernel key unwrappi ng | unwrap a key | Crypto Officer - Kernel AES key: W,E | Kernel AES- CCM (KTS- Wrap) Kernel AES- GCM (KTS- Wrap) Kernel | crypto_skcipher_setkey returns 0; crypto_aead_setkey returns 0; crypto_shash_init returns 0 | AES key, key to be unwrap ped | unwrapp ed key | |||
| Kernel AES Message Authenti cation | comput e a MAC tag | Crypto Officer - Kernel AES key: W,E | Kernel AES- CMAC Kernel AES- GMAC | crypto_shash_init returns 0 | AES key, messag e | MAC tag | |||
| Kernel HMAC Message Authenti cation | comput e a MAC tag | Crypto Officer - Kernel HMAC key: W,E | Kernel HMAC | crypto_shash_init returns 0 | HMAC key, messag e | MAC tag | |||
| Kernel Message Digest | comput e a messag e digest | Crypto Officer | Kernel Hashes | crypto_shash_init returns 0 | messag e | digest value | |||
| Kernel ECC Shared Secret Computa tion | comput e a shared secret | Crypto Officer - Kernel EC public key: W,E - Kernel EC private key: W,E - Kernel shared secret: W,E | Kernel KAS- ECC- SSC | crypto_kpp_compute_sh ared_secret returns 0 | EC public key, EC private key | Shared Secret | |||
| Kernel Random Number Generati on | generat e random bytes | Crypto Officer - Entropy input: W,E - Kernel DRBG seed: G,E - DRBG Internal State (V, Key): W,E - DRBG Internal state (V, C): W,E | Kernel Counte r DRBG | crypto_rng_get_bytes returns 0 | output length | random data | |||
| Kernel EC Key generati on | generat e key pair | Crypto Officer - Kernel EC public key: G,R - Kernel EC private key: G,R - Kernel Intermedi ate Key Generatio n Value: G,E,Z | Kernel ECDSA Key Genera tion | crypto_kpp_set_secret and crypto_kpp_generate_pu blic_key return 0 | Curve | EC keys | |||
| FIPS provider Message Digest | comput e a mesage digest | Crypto Officer | FIPS provid er Hashes | _SUMMIT_FIPS_INDICAT OR_APPROVED | messag e | digest value | |||
| FIPS provider Encryptio n | Encrypt plaintex t | Crypto Officer - FIPS provider AES Key: W,E | FIPS provid er AES- CTR FIPS provid er AES- CBC FIPS provid er AES- ECB FIPS provid er AES- CBC- CS1 FIPS provid er AES- CBC- CS2 FIPS provid er AES- CBC- CS3 FIPS provid er AES- CFB1 FIPS provid | _SUMMIT_FIPS_INDICAT OR_APPROVED | AES key, plaintex t | cipherte xt | |||
| FIPS provider Decrypti on | Decrypt cipherte xt | Crypto Officer - FIPS provider AES Key: W,E | FIPS provid er AES- CTR FIPS provid er AES- CBC FIPS provid er AES- ECB FIPS provid er AES- CBC- CS1 FIPS provid er AES- CBC- CS2 FIPS provid er AES- CBC- CS3 FIPS provid er AES- CFB1 FIPS provid er AES- CFB8 FIPS | _SUMMIT_FIPS_INDICAT OR_APPROVED | AES key, cipherte xt | plaintext | |||
| FIPS provider Authenti cated Encryptio n | Encrypt plaintex t | Crypto Officer - FIPS provider AES Key: W,E | FIPS provid er AES- CCM (BC- Auth) FIPS provid er AES- GCM (BC- Auth) | _SUMMIT_FIPS_INDICAT OR_APPROVED | AES key, IV, plaintex t | cipherte xt, MAC tag | |||
| FIPS provider Authenti cated Decrypti on | Decrypt cipherte xt | Crypto Officer - FIPS provider AES Key: W,E | FIPS provid er AES- CCM (BC- Auth) FIPS provid er AES- GCM (BC- Auth) | _SUMMIT_FIPS_INDICAT OR_APPROVED | AES key, IV, MAC tag, cipherte xt | plaintext | |||
| FIPS provider AES Message Authenti cation | comput e a MAC tag | Crypto Officer - FIPS provider AES Key: W,E | FIPS provid er AES- CMAC FIPS provid er AES- GMAC | _SUMMIT_FIPS_INDICAT OR_APPROVED | AES key, messag e | MAC tag | |||
| FIPS provider HMAC Message Authenti cation | comput e a MAC tag | Crypto Officer - FIPS provider HMAC key: W,E | FIPS provid er HMAC | _SUMMIT_FIPS_INDICAT OR_APPROVED | HMAC key, messag e | MAC tag | |||
| FIPS provider FFC Shared Secret Computa tion | comput e a shared secret | Crypto Officer - FIPS provider DH public key: W,E - FIPS provider DH private key: W,E | FIPS provid er KAS- FFC- SSC | _SUMMIT_FIPS_INDICAT OR_APPROVED | DH private key, DH public key | Shared Secret | |||
| FIPS provider ECC Shared Secret Computa tion | comput e a shared secret | Crypto Officer - FIPS provider EC public key: W,E - FIPS provider EC private key: W,E - FIPS provider shared secret: W,E | FIPS provid er KAS- ECC- SSC | _SUMMIT_FIPS_INDICAT OR_APPROVED | EC public key, EC private key | Shared Secret | |||
| FIPS provider IFC Shared Secret Computa tion | comput e a shared secret | Crypto Officer - FIPS provider RSA public key: W,E - FIPS provider RSA private key: W,E - FIPS provider shared secret: W,E | FIPS provid er KAS- IFC- SSC | _SUMMIT_FIPS_INDICAT OR_APPROVED | RSA public key, RSA private key | Shared Secret | |||
| FIPS provider Key Derivatio n | derive a key | Crypto Officer - FIPS provider shared secret: W,E - FIPS provider derived | FIPS provid er ANS 9.42 Key Derivat ion (CVL) FIPS provid | _SUMMIT_FIPS_INDICAT OR_APPROVED | Shared secret | derived key | |||
| er ANS 9.63 Key Derivat ion (CVL) FIPS provid er TLS 1.0 and 1.1 Key Derivat ion (CVL) FIPS provid er TLS 1.2 Key Derivat ion (CVL) FIPS provid er TLS 1.3 Key Derivat ion (CVL) FIPS provid er HKDF Key Derivat ion FIPS provid er OneSte p Key Derivat ion FIPS provid er TwoSte p Key | key: G,R - FIPS provider key- derivation key: W,E - FIPS provider AES Derived Key: G,R - FIPS provider HMAC Derived Key : G,R - FIPS provider 802.11 Pre- shared key (PSK): W,E - FIPS provider 802.11 Pairwise Master Key (PMK): W,E - FIPS provider 802.11 KDF Internal State: R - FIPS provider 802.11 Temporal Keys: W,E - FIPS provider 802.11 MIC keys (KCK): W,E - FIPS provider 802.11 Key | er ANS 9.63 Key Derivat ion (CVL) FIPS provid er TLS 1.0 and 1.1 Key Derivat ion (CVL) FIPS provid er TLS 1.2 Key Derivat ion (CVL) FIPS provid er TLS 1.3 Key Derivat ion (CVL) FIPS provid er HKDF Key Derivat ion FIPS provid er OneSte p Key Derivat ion FIPS provid er TwoSte p Key | |||||||
| Derivat ion FIPS provid er KMAC Key Derivat ion FIPS provid er KBKDF Key Derivat ion FIPS provid er SSH Key Derivat ion | Encryption Key (KEK): W,E - FIPS provider 802.11 Group Temporal Key (GTK): W,E | Derivat ion FIPS provid er KMAC Key Derivat ion FIPS provid er KBKDF Key Derivat ion FIPS provid er SSH Key Derivat ion | |||||||
| FIPS provider Password -based key derivatio n | derive a key from a passwor d | Crypto Officer - FIPS provider derived key: G,R - FIPS provider Password: W,E | FIPS provid er Passw ord- based Key Derivat ion | _SUMMIT_FIPS_INDICAT OR_APPROVED | passwor d | derived key | |||
| FIPS provider SafePrim e key generati on | generat e a key pair | Crypto Officer - FIPS provider module generated DH public key: G,R - FIPS provider module generated DH private key: G,R - FIPS provider Intermedi ate Key Generatio | FIPS provid er Safe Primes Key Genera tion | _SUMMIT_FIPS_INDICAT OR_APPROVED | DH- Group | Module generat ed DH private key, Module generat ed DH public key | |||
| FIPS provider EC Key generati on | generat e a key pair | Crypto Officer - FIPS provider module generated EC public key: G,R - FIPS provider module generated EC private key: G,R - FIPS provider Intermedi ate Key Generatio n Value: G,E,Z | FIPS provid er ECDSA Key Genera tion FIPS provid er EDDSA Key Genera tion | _SUMMIT_FIPS_INDICAT OR_APPROVED | Curve | Module Generat ed EC Private Key, Module Generat ed EC Public Key | |||
| FIPS provider RSA key generati on | generat e a key pair | Crypto Officer - FIPS provider module generated RSA private key: G,R - FIPS provider module generated RSA public key: G,R - FIPS provider Intermedi ate Key Generatio n Value: G,E,Z | FIPS provid er RSA Key Genera tion | _SUMMIT_FIPS_INDICAT OR_APPROVED | Modulus | Module Generat ed RSA Private Key, Module Generat ed RSA Public Key | |||
| FIPS provider SafePrim e Key Verificati on | verify key pair | Crypto Officer - FIPS provider DH public key: W | FIPS provid er Safe Primes Key | _SUMMIT_FIPS_INDICAT OR_APPROVED | DH Private key, DH public key | Pass/fail | |||
| Verific ation | - FIPS provider DH private key: W | Verific ation | |||||||
| FIPS provider EC Key Verificati on | verify key pair | Crypto Officer - FIPS provider EC public key: W - FIPS provider EC private key: W | FIPS provid er ECDSA Key Verific ation | _SUMMIT_FIPS_INDICAT OR_APPROVED | EC public key, EC private key | Pass/fail | |||
| FIPS provider Key wrapping | wrap a key | Crypto Officer - FIPS provider AES Key: W,E | FIPS provid er AES- CCM (KTS- Wrap) FIPS provid er AES- GCM (KTS- Wrap) FIPS provid er AES KW FIPS provid er AES KWP | _SUMMIT_FIPS_INDICAT OR_APPROVED | AES key, key to be wrappe d | wrapped key | |||
| FIPS provider Key unwrappi ng | unwrap a key | Crypto Officer - FIPS provider AES Key: W,E | FIPS provid er AES- CCM (KTS- Wrap) FIPS provid er AES- GCM (KTS- Wrap) FIPS provid er AES KW FIPS | _SUMMIT_FIPS_INDICAT OR_APPROVED | AES key, key to be unwrap ped | unwrapp ed key | |||
| FIPS provider RSA Signatur e Verificati on | verify digital signatur e | Crypto Officer - FIPS provider RSA public key: W,E | FIPS provid er RSA Signat ure Verific ation | _SUMMIT_FIPS_INDICAT OR_APPROVED | RSA public key, signatur e, hash algorith m | Pass/fail | |||
| FIPS provider EC Signatur e Verificati on | verify digital signatur e | Crypto Officer - FIPS provider EC public key: W,E | FIPS provid er ECDSA Signat ure Verific ation FIPS provid er EDDSA Signat ure Verific ation | _SUMMIT_FIPS_INDICAT OR_APPROVED | Messag e, EC public key, signatur e, hash algorith m (ECDSA only) | Pass/fail | |||
| FIPS provider EC Signatur e Generati on | generat e digital signatur e | Crypto Officer - FIPS provider EC private key: W,E | FIPS provid er ECDSA Signat ure Genera tion FIPS provid er EDDSA Signat ure Genera tion | _SUMMIT_FIPS_INDICAT OR_APPROVED | Messag e, EC public key, signatur e, hash algorith m (ECDSA only) | signatur e | |||
| FIPS provider RSA Signatur e Generati on | generat e digital signatur e | Crypto Officer - FIPS provider RSA private key: W,E | FIPS provid er RSA Signat ure Genera tion | _SUMMIT_FIPS_INDICAT OR_APPROVED | Messag e,RSA public key, signatur e, hash algorith m | signatur e | |||
| FIPS provider Random Number Generati on | generat e random bytes | Crypto Officer - Entropy input: W,E - FIPS provider DRBG seed: G,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal state (V, C): G,W,E | FIPS provid er Counte r DRBG FIPS provid er Hash DRBG FIPS provid er HMAC DRBG | _SUMMIT_FIPS_INDICAT OR_APPROVED | output length | random bytes | |||
| FIPS provider key encapsul ation | KTS | Crypto Officer - FIPS provider RSA public key: W,E | FIPS provid er KTS- IFC | _SUMMIT_FIPS_INDICAT OR_APPROVED | RSA public key | Encapsu lated key | |||
| FIPS provider key un- encapsul ation | KTS | Crypto Officer - FIPS provider RSA private key: W,E | FIPS provid er KTS- IFC | _SUMMIT_FIPS_INDICAT OR_APPROVED | RSA private key | Decapsu lated key | |||
| FIPS provider KMAC Message Authenti cation | MAC | Crypto Officer - FIPS Provider KMAC Key: W,E | FIPS provid er KMAC | _SUMMIT_FIPS_INDICAT OR_APPROVED | KMAC key | Mac tag | |||
| Show version | Return the module name and version informa tion | Unauthent icated | None | None | N/A | module name and version | |||
| Show status | return module status | Unauthent icated | None | None | N/A | module status | |||
| Self- Tests | perform CASTs and | Unauthent icated | None | None | N/A | Pass/Fail | |||
| Zeroizati on | zeroize all SSPs | Crypto Officer - Kernel AES key: Z - FIPS provider AES Key: Z - Kernel shared secret: Z - Kernel HMAC key: Z - FIPS provider shared secret: Z - Entropy input: Z - Kernel DRBG seed: Z - DRBG Internal State (V, Key): Z - DRBG Internal state (V, C): Z - FIPS provider DH public key: Z - FIPS provider DH private key: Z - Kernel EC public key: Z - Kernel EC private key: Z - FIPS provider EC public key: Z | None | None | Any SSP | N/A |
Table 12: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module. No support is provided for multiple concurrent operators.
s n t AESECB AESCTR AESCBC AESCBCCS3 AESXTS AESECB AESCTR AESCBC AESCBCCS3 AESXTS W,E W,E © 2025 Ezurio/atsec information security.
s n t d AESCCM (BCAuth) AESGCM (BCAuth) AESCCM (BCAuth) AESGCM (BCAuth) AESCCM (KTSWrap) AESGCM (KTSWrap) AESCCM (KTSWrap) AESGCM (KTSWrap) W,E W,E W,E W,E © 2025 Ezurio/atsec information security.
s e e ea ea e KASECCSSC e AESCMAC AESGMAC W,E W,E C): W,E © 2025 Ezurio/atsec information security.
s n ea t e t er AESCTR er AESCBC er AESECB er AESCBCCS1 er AESCBCCS2 er AESCBCCS3 er AESCFB1 G,E,Z W,E © 2025 Ezurio/atsec information security.
s er AESCFB8 er AESCFB12 er AESXTS er AESOFB er AESCTR er AESCBC er AESECB er AESCBCCS1 er AESCBCCS2 er AESCBCCS3 er AESCFB1 er AESCFB8 W,E © 2025 Ezurio/atsec information security.
s n t t e e er AESCFB12 er AESXTS er AESOFB er AESCCM (BCAuth) er AESGCM (BCAuth) er AESCCM (BCAuth) er AESGCM (BCAuth) er AESCMAC er AESGMAC W,E W,E W,E © 2025 Ezurio/atsec information security.
s er KASFFCSSC ea ea er KASECCSSC ea er KASIFCSSC n W,E W,E W,E © 2025 Ezurio/atsec information security.
s 1.0 1.1 1.2 1.3 keyderivation Preshared W,E W,E © 2025 Ezurio/atsec information security.
s n d d DHGroup ordbased W,E W,E W,E © 2025 Ezurio/atsec information security.
s G,E,Z G,E,Z G,E,Z © 2025 Ezurio/atsec information security.
s d er AESCCM (KTSWrap) er AESGCM (KTSWrap) er AESCCM (KTSWrap) er AESGCM (KTSWrap) W,E W,E © 2025 Ezurio/atsec information security.
s e e e e m m e e m e e e m e © 2025 Ezurio/atsec information security.
s e er KTSIFC key unencapsul er KTSIFC N/A N/A N/A SelfTests G,W,E C): G,W,E © 2025 Ezurio/atsec information security.
s N/A Z C): Z © 2025 Ezurio/atsec information security.
s © 2025 Ezurio/atsec information security.
s keyderivation Z Z © 2025 Ezurio/atsec information security.
Table 13: Approved Services s Z The table above lists the approved services. The following convention is used to specify access rights to SSPs:
| Name | Description | Roles | Approved Functions |
|---|---|---|---|
| FIPS provider PBKDF with salt length less than 128 bits | Key derivation | CO | FIPS provider PBKDF with salt length less than 128 bits |
| FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS | Key derivation | CO | FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS |
| FIPS provider TLSv1.2 KDF without using EMS | Key derivation | CO | FIPS provider TLSv1.2 KDF without using EMS |
Table 14: Non-Approved Services
The module does not load external software or firmware. © 2025 Ezurio/atsec information security.
The integrity of the module’s firmware components (the kernel, the FIPS Provider components and fipscheck application and library) is individually verified by the fipscheck integrity test tool using HMAC-SHA2-256 implemented in the FIPS Provider. The FIPS Provider component executes its CASTs (which include the KAT for the integrity technique using HMAC-SHA2-256) before the fipscheck integrity test tool executes to verify the integrity of the module. The HMAC value of each firmware component is computed at build time and stored in the .hmac file for each component. The value is recalculated at runtime for the image of the kernel, FIPS Provider binary and fipscheck application and library, and then compared against the stored value in the file. If the comparison succeeds, then the remaining CASTs (consisting of the Known Answer Tests) for the kernel are performed.
Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity tests can be invoked on demand by unloading and subsequently re-initializing the module, which will perform (among others) the firmware integrity tests. © 2025 Ezurio/atsec information security.
Type of Operational Environment: Limited How Requirements are Satisfied: The operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented.
The module shall be installed as stated in Section 11.1. Instrumentation tools like the ptrace system call, gdb and strace, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environments. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2025 Ezurio/atsec information security.
N/A for this module. The module is enclosed within a production-grade enclosure with components that include standard passivation techniques (e.g., a conformal coating applied over the module's circuitry to protect against environmental or other physical damage) conformant to the Level 1 requirements for physical security. © 2025 Ezurio/atsec information security.
This module does not implement any non-invasive security mechanism and therefore this section is not applicable. © 2025 Ezurio/atsec information security.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs. |
| Name | Approved Functions | Type | From | To | Distributio n Type |
|---|---|---|---|---|---|
| API input parameters | Electroni c | Plaintex t | Operating calling application (TOEPP) | Cryptographi c module | Manual |
| Kernel AF_ALG_typ e sockets (input) | Electroni c | Plaintex t | Operating calling application (TOEPP) | Cryptographi c module | Manual |
| API output parameters | Electroni c | Plaintex t | Cryptographi c module | Operator calling application (TOEPP) | Manual |
| Kernel AF_ALG type sockets (output) | Electroni c | Plaintex t | Cryptographi c module | Operator calling application (TOEPP) | Manual |
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Kernel free cipher handle | Zeroizes the SSPs contained within the cipher handle | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. The completion of | By calling the appropriate zeroization functions:- AES key: crypto_free_skcipher and crypto_free_aead; - DRBG Internal state: crypto_free_rng; - EC public |
Table 15: Storage Areas the RAM in plaintext form. SSPs are provided to the module by the calling process and are destroyed when released by the appropriate zeroization function calls. t c t c t c t c Table 16: SSP Input-Output Methods m © 2025 Ezurio/atsec information security.
| Name | Type | Description | Strength | Zeroization | Use | Rationale the zeroization routine(s) indicate that the zeroization procedure succeeded |
|---|---|---|---|---|---|---|
| By calling the appropriate zeroization functions: - EVP_CIPHER_CTX_free(): clears and frees symmetric cipher context; - EVP_MAC_CTX_free(): clears and frees MAC context; - EVP_KDF_CTX_free(): clears and frees KDF context; - EVP_RAND_CTX_free(): clears and frees DRBG context; - EVP_PKEY_free(): clears and frees asymmetric key pair structures | Zeroizes the SSPs | FIPS provider calling the zeroization API | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. All data output is inhibited during zeroization. The completion of the zeroization routine(s) indicate that the zeroization procedure succeeded | |||
| Intermediate key generation value: zeroized automatically by the module (after the requested service completed) | Zeroizes the SSPs | FIPS provider Automatic | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. All data output is inhibited during zeroization. | |||
| By removing power | De-allocates the volatile memory used to store SSPs | Remove power from the module | Volatile memory used by the module is overwritten within nanoseconds when power is removed. Module power off indicates that the zeroization procedure succeeded. | |||
| Kernel AES key | Symmetric Key - CSP | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits - 128, | Kernel AES-CCM (KTS- Wrap) Kernel |
| Name | Type | Description | Strength | Generation | Establishment | Storage | Zeroization | Use | Input | Rationale the zeroization routine(s) indicate that the zeroization procedure succeeded | Size - Strengt h | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| By calling the appropriate zeroization functions: - EVP_CIPHER_CTX_free(): clears and frees symmetric cipher context; - EVP_MAC_CTX_free(): clears and frees MAC context; - EVP_KDF_CTX_free(): clears and frees KDF context; - EVP_RAND_CTX_free(): clears and frees DRBG context; - EVP_PKEY_free(): clears and frees asymmetric key pair structures | Zeroizes the SSPs | FIPS provider calling the zeroization API | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. All data output is inhibited during zeroization. The completion of the zeroization routine(s) indicate that the zeroization procedure succeeded | ||||||||||
| Intermediate key generation value: zeroized automatically by the module (after the requested service completed) | Zeroizes the SSPs | FIPS provider Automatic | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. All data output is inhibited during zeroization. | ||||||||||
| By removing power | De-allocates the volatile memory used to store SSPs | Remove power from the module | Volatile memory used by the module is overwritten within nanoseconds when power is removed. Module power off indicates that the zeroization procedure succeeded. | ||||||||||
| Kernel AES key | Symmetric Key - CSP | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits - 128, | Kernel AES-CCM (KTS- Wrap) Kernel | |||||||||
| 192, 256 bits | 192, 256 bits | AES- GCM (KTS- Wrap) Kernel AES CBC with HMAC Kernel AES CTR with HMAC Kernel AES-ECB Kernel AES-CTR Kernel AES-CBC Kernel AES- CBC-CS3 Kernel AES-XTS Kernel AES-CCM (BC- Auth) Kernel AES- GCM (BC- Auth) Kernel AES- CMAC Kernel AES- GMAC | |||||||||||
| Kernel HMAC key | Authenticat ion key - CSP | HMAC key | 112-256 bits - 112-256 bits | Kernel AES CBC with HMAC Kernel AES CTR with HMAC Kernel HMAC | |||||||||
| Kernel Intermedi ate Key | Intermediat e value - CSP | Intermediate key generation value | P-256, P-384 - 128, 192 bits | Kernel ECDSA Key | Kernel ECDSA Key | ||||||||
| Generatio n Value | Generati on | Generati on | |||||||||||
| Kernel shared secret | Shared secret - CSP | Shared secret generated by ECDH | P-256, P-384 - 128 and 192 bits | Kernel KAS-ECC- SSC | |||||||||
| Kernel DRBG seed | Seed - CSP | DRBG seed derived from entropy input | 128, 192, 256 bits - 128, 192, 256 bits | Kernel Counter DRBG | Kernel Counter DRBG | ||||||||
| Kernel EC public key | Public key - PSP | Public key used for ECDH | P-256, P-384 - 128, 192 bits | Kernel ECDSA Key Generati on | Kernel KAS- ECC-SSC | ||||||||
| Kernel EC private key | Private key - CSP | Private key used for ECDH | P-256, P-384 - 128, 192 bits | Kernel ECDSA Key Generati on | Kernel KAS- ECC-SSC | ||||||||
| Entropy input | Entropy input - CSP | Entropy input used to seed the DRBGs | 320 bits - 256 bits | Kernel Counter DRBG FIPS provider Counter DRBG FIPS provider Hash DRBG FIPS provider HMAC DRBG | |||||||||
| DRBG Internal State (V, Key) | DRBG Internal state - CSP | Internal state of Counter DRBG | Counter DRBG: 128, 192, 256 bits; HMAC DRBG: 160-512 bits - 128-256 bits | Kernel Counter DRBG FIPS provider Counter DRBG FIPS provider HMAC DRBG | Kernel Counter DRBG FIPS provider Counter DRBG FIPS provider HMAC DRBG | ||||||||
| DRBG Internal state (V, C) | DRBG Internal state - CSP | Internal state of Hash and HMAC DRBG | 440, 888 bits - 256 bits | FIPS provider Hash DRBG | FIPS provider Hash DRBG | ||||||||
| FIPS provider AES Key | Symmetric Key - CSP | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits - 128, 192, 256 bits | FIPS provider AES-CCM (KTS- Wrap) FIPS provider AES- GCM (KTS- Wrap) FIPS provider AES KWP FIPS provider AES-ECB FIPS provider AES-CTR FIPS provider AES-CBC FIPS provider AES- CBC-CS1 FIPS provider AES- CBC-CS2 FIPS provider AES- CBC-CS3 FIPS provider AES- CFB1 FIPS provider AES- CFB8 FIPS provider AES-XTS FIPS provider | |||||||||
| FIPS provider HMAC key | Authenticat ion key - CSP | HMAC key | 112-256 bits - 112-256 bits | FIPS provider HMAC | |||||||||
| FIPS provider shared secret | Shared secret - CSP | Shared secret generated by KAS-FFC-SSC, KAS-ECC-SSC, or KAS-IFC-SSC | 224- 8192 bits - 112-256 bits | FIPS provider KTS-IFC FIPS provider KAS-FFC- SSC FIPS provider KAS-ECC- SSC | FIPS provider ANS 9.42 Key Derivatio n (CVL) FIPS provider ANS 9.63 Key Derivatio n (CVL) FIPS provider TLS 1.0 and 1.1 | ||||||||
| FIPS provider DRBG seed | Seed - CSP | DRBG seed derived from entropy input | 128,192 , 256 bits - 128, 192, 256 bits | FIPS provider Counter DRBG FIPS provider Hash DRBG FIPS provider HMAC DRBG | |||||||||
| FIPS provider | Public key - PSP | Public key used for DH | 2048, 3072, | FIPS provider | |||||||||
| DH public key | 4096, 6144, 8192 bits - 112-200 bits | KAS-FFC- SSC | |||||||||||
| FIPS provider DH private key | Private key - CSP | Private key used for DH | 2048, 3072, 4096, 6144, 8192 bits - 112-200 bits | FIPS provider KAS-FFC- SSC | |||||||||
| FIPS provider EC public key | Public key - PSP | Public key used for ECDH and ECDSA | P-224, P-256, P-384, P-521; Ed2551 9, Ed448 - 112, 128, 192, 256 bits | FIPS provider KAS- ECC-SSC FIPS provider ECDSA Key Verificati on FIPS provider ECDSA Signatur e Verificati on FIPS provider EDDSA Signatur e Verificati on | |||||||||
| FIPS provider EC private key | Private key - CSP | Private key used for ECDH and ECDSA | P-224, P-256, P-384, P-521; Ed2551 9, Ed448 - 112, 128, 192, 256 bits | FIPS provider KAS- ECC-SSC FIPS provider ECDSA Signatur e Generati on FIPS provider EDDSA | |||||||||
| FIPS provider module generated DH public key | Public key - PSP | DH public key generated by the module | 2048, 3072, 4096, 6144, 8192 bits - 112-200 bits | FIPS provider Safe Primes Key Generati on | |||||||||
| FIPS provider module generated DH private key | Private key - CSP | DH private key generated by the module | 2048, 3072, 4096, 6144, 8192 bits - 112-200 bits | FIPS provider Safe Primes Key Generati on | |||||||||
| FIPS provider module generated EC public key | Public key - PSP | EC public key generated by the module | P-224, P-256, P-384, P-521; Ed2551 9, Ed448 - 128-256 bits | FIPS provider ECDSA Key Generati on FIPS provider EDDSA Key Generati on | |||||||||
| FIPS provider module generated EC private key | Private key - CSP | EC private key generated by the module | P-224, P-256, P-384, P-521; Ed2551 9, Ed448 (128, 192 bits) - 128-256 bits | FIPS provider ECDSA Key Generati on FIPS provider EDDSA Key Generati on | |||||||||
| FIPS provider RSA public key | Public key - PSP | Public key used for RSA signature generation | 2048, 3072, 4096 bits - 112, 128, 150 bits | FIPS provider KAS-IFC- SSC FIPS provider KTS-IFC FIPS | |||||||||
| FIPS provider RSA private key | Private key - CSP | Private key used for RSA signature generation | 2048, 3072, 4096 bits - 112, 128, 150 bits | FIPS provider KAS-IFC- SSC FIPS provider KTS-IFC FIPS provider RSA Signatur e Generati on | |||||||||
| FIPS provider module generated RSA public key | Public key - PSP | RSA public key generated by the module | 2048, 3072, 4096 bits - 112, 128, 150 bits | FIPS provider RSA Key Generati on | |||||||||
| FIPS provider module generated RSA private key | Private key - CSP | RSA private key generated by the module | 2048, 3072, 4096 bits - 112, 128, 150 bits | FIPS provider RSA Key Generati on | |||||||||
| FIPS provider Intermedi ate Key Generatio n Value | Intermediat e value - CSP | Intermediate key generation value | 224- 4096 bits - 112-256 bits | FIPS provider Safe Primes Key Generati on FIPS provider ECDSA Key Generati on FIPS provider EDDSA Key Generati | FIPS provider Safe Primes Key Generati on FIPS provider ECDSA Key Generati on FIPS provider EDDSA Key Generati | ||||||||
| on FIPS provider RSA Key Generati on | on FIPS provider RSA Key Generati on | on FIPS provider RSA Key Generati on | |||||||||||
| FIPS provider derived key | Symmetric key - CSP | Symmetric key derived from a key-derivation key , shared secret, or password | 112- 4096 bits - 112-256 bits | FIPS provider ANS 9.42 Key Derivatio n (CVL) FIPS provider ANS 9.63 Key Derivatio n (CVL) FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) FIPS provider HKDF Key Derivatio n FIPS provider Password -based Key Derivatio n FIPS provider | |||||||||
| FIPS provider key- derivation key | Symmetric key - CSP | Symmetric key used to derive symmetric keys | 112- 4096 bits - 112-256 bits | FIPS provider KMAC Key Derivatio n FIPS provider KBKDF Key Derivatio n | |||||||||
| FIPS provider Password | Password - CSP | Password used to derive symmetric keys | 8-128 charact ers - N/A | FIPS provider Passwor d-based Key Derivatio n | |||||||||
| FIPS provider AES Derived Key | Symmetric Key - CSP | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits - 128, 192, 256 bits | FIPS provider TLS 1.0 and 1.1 Key Derivatio | |||||||||
| FIPS provider HMAC Derived Key | Authenticat ion Key - CSP | HMAC key | 112-256 bits - 112-256 bits | FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) FIPS provider KBKDF Key Derivatio n | |||||||||
| FIPS provider 802.11 Pre- shared key (PSK) | Pre-shared key - CSP | Used for pre- shared key authentication and session key establishment, as well as for 802.11 KDF | Up to 256 bits of length - Up to 256 bits | FIPS provider KBKDF Key Derivatio n | |||||||||
| FIPS provider 802.11 Pairwise Master Key (PMK) | Pairwise Master Key - CSP | Used for pre- shared key authentication and session key establishment, as well as for 802.11 KDF | 256 or 384 bits - 256 bits | FIPS provider KBKDF Key Derivatio n | |||||||||
| FIPS provider 802.11 KDF Internal State | Internal state - CSP | Used for SP800- 108 KDF to calculate the WPA2 session keys | N/A - N/A | FIPS provider KBKDF Key Derivatio n | FIPS provider KBKDF Key Derivatio n | ||||||||
| FIPS provider 802.11 Temporal Keys | Temporal Keys - CSP | AES-CCM or AES- GCM keys used for session encryption/decry ption | 128 or 256 bits - 128 or 256 bits | FIPS provider KBKDF Key Derivatio n | Kernel AES-CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | ||||||||
| FIPS provider 802.11 MIC keys (KCK) | MIC keys - CSP | Key confirmation keys (KCK) used for message authentication during session establishment | 128 or 192 bits - 128 or 192 bits | FIPS provider KBKDF Key Derivatio n | |||||||||
| FIPS provider 802.11 Key Encryptio n Key (KEK) | Key Encryption Key - CSP | Used for AES Key Wrapping of the 802.11 Group Temporal Key (GTK) | 128 or 256 bits - 128 or 256 bits | Kernel AES-CBC Kernel AES-CCM (BC-Auth) Kernel AES-GCM (BC-Auth) | Kernel AES-CBC Kernel AES-CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | ||||||||
| FIPS provider 802.11 Group Temporal Key (GTK) | Group Temporal Key - CSP | 802.11 session key for broadcast communications | 128 to 256 bits - 128 to 256 bits | Kernel AES-CBC Kernel AES-CCM (BC-Auth) Kernel AES-GCM (BC-Auth) | Kernel AES-CBC Kernel AES-CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | ||||||||
| Strengt | ed By | Strengt | |||||||||||
| FIPS Provider KMAC Key | Authenticat ion key - CSP | KMAC key | 112-256 bits - 112-256 bits | FIPS provider KMAC | |||||||||
| Kernel AES key | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_typ e sockets (input) | For the duration of the service | |||||||||
| Kernel HMAC key | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_typ e sockets (input) | For the duration of the service | |||||||||
| Kernel Intermediat e Key Generation Value | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | For the duration of the service | Kernel EC public key:Generates Kernel EC private key:Generates | |||||||||
| Kernel shared secret | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API output parameters Kernel AF_ALG type sockets (output) | For the duration of the service | Kernel EC public key:Used With Kernel EC private key:Used With | ||||||||
| Kernel DRBG seed | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | While the DRBG is being instantiated | Entropy input:Derived From DRBG Internal State (V, Key):Generates | |||||||||
| Kernel EC public key | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_typ e sockets (input) API output parameters Kernel AF_ALG type | For the duration of the service | Kernel EC private key:Paired With Kernel Intermediate Key Generation Value:Generated from |
Table 17: SSP Zeroization Methods h (KTSWrap) © 2025 Ezurio/atsec information security.
h AESGCM (KTSWrap) AESCBC-CS3 (BCAuth) AESGCM (BCAuth) AESCMAC AESGMAC © 2025 Ezurio/atsec information security.
h KAS-ECCSSC KASECC-SSC KASECC-SSC © 2025 Ezurio/atsec information security.
C) h (KTSWrap) AESGCM (KTSWrap) AESCBC-CS1 AESCBC-CS2 AESCBC-CS3 AESCFB1 AESCFB8 © 2025 Ezurio/atsec information security.
h 2248192 (BCAuth) AESGCM (BCAuth) AESCMAC AESGMAC n KAS-FFCSSC KAS-ECCSSC © 2025 Ezurio/atsec information security.
h n n n n © 2025 Ezurio/atsec information security.
h 9, 9, KAS-FFCSSC KAS-FFCSSC KASECC-SSC e e KASECC-SSC e © 2025 Ezurio/atsec information security.
h 9, 9, e KAS-IFCSSC © 2025 Ezurio/atsec information security.
h 2244096 e KAS-IFCSSC e © 2025 Ezurio/atsec information security.
h 1124096 n n © 2025 Ezurio/atsec information security.
h keyderivation 1124096 n n n n n n n n © 2025 Ezurio/atsec information security.
h Preshared n n n © 2025 Ezurio/atsec information security.
h N/A N/A n n n n (BCAuth) AESGCM (BCAuth) n (BCAuth) AESGCM (BCAuth) (BCAuth) AESGCM (BCAuth) © 2025 Ezurio/atsec information security.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | Size - Strengt h | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Strengt | ed By | Strengt | |||||||||
| FIPS Provider KMAC Key | Authenticat ion key - CSP | KMAC key | 112-256 bits - 112-256 bits | FIPS provider KMAC | |||||||
| Kernel AES key | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_typ e sockets (input) | For the duration of the service | |||||||
| Kernel HMAC key | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_typ e sockets (input) | For the duration of the service | |||||||
| Kernel Intermediat e Key Generation Value | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | For the duration of the service | Kernel EC public key:Generates Kernel EC private key:Generates | |||||||
| Kernel shared secret | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API output parameters Kernel AF_ALG type sockets (output) | For the duration of the service | Kernel EC public key:Used With Kernel EC private key:Used With | ||||||
| Kernel DRBG seed | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | While the DRBG is being instantiated | Entropy input:Derived From DRBG Internal State (V, Key):Generates | |||||||
| Kernel EC public key | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_typ e sockets (input) API output parameters Kernel AF_ALG type | For the duration of the service | Kernel EC private key:Paired With Kernel Intermediate Key Generation Value:Generated from |
Table 18: SSP Table 1 h t t t t t t n © 2025 Ezurio/atsec information security.
| Name | Storage | Zeroization | Output | Related SSPs | |
|---|---|---|---|---|---|
| Kernel EC private key | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_typ e sockets (input) API output parameters Kernel AF_ALG type sockets (output) | For the duration of the service | Kernel EC public key:Paired With Kernel Intermediate Key Generation Value:Generated from |
| Entropy input | RAM:Plaintex t | Kernel free cipher handle FIPS provider calling the zeroization API Remove power from the module | From generation until DRBG seed is created | Kernel DRBG seed:Derives FIPS provider DRBG seed:Derives | |
| DRBG Internal State (V, Key) | RAM:Plaintex t | Kernel free cipher handle FIPS provider calling the zeroization API Remove power from the module | From DRBG instantiatio n until DRBG termination | Kernel DRBG seed:Generated from FIPS provider DRBG seed:Generated from | |
| DRBG Internal state (V, C) | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | From DRBG instantiatio n until DRBG termination | Kernel DRBG seed:Generated from FIPS provider DRBG seed:Generated from | |
| FIPS provider AES Key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | |
| FIPS provider HMAC key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | |
| FIPS provider shared secret | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider DH public key:Established by FIPS provider DH private key:Established by FIPS provider EC public key:Established by FIPS provider EC private key:Established by FIPS provider derived key:Derives FIPS provider RSA public key:Established by FIPS provider RSA private key:Established by |
| FIPS provider DRBG seed | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | While the DRBG is being instantiated | Entropy input:Derived From DRBG Internal State (V, Key):Generates DRBG Internal state (V, C):Generates | |
| FIPS provider DH public key | RAM:Plaintex t | FIPS provider calling the zeroization API | API input parameters | For the duration of the service | FIPS provider DH private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from |
| FIPS provider DH private key | RAM:Plaintex t | FIPS provider calling the zeroization API | API input parameters | For the duration of the service | FIPS provider DH public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from |
| FIPS provider EC public key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider EC private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from |
| FIPS provider EC private key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider EC public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from |
| FIPS provider module generated DH public key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider module generated DH private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from |
| FIPS provider module generated DH private key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider module generated DH public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from |
| FIPS provider module generated EC public key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider module generated EC private key:Paired With FIPS provider Intermediate Key Generation |
| FIPS provider module generated EC private key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider module generated EC public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from |
| FIPS provider RSA public key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider RSA private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from FIPS provider shared secret:Establishe s |
| FIPS provider RSA private key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider RSA public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from FIPS provider shared secret:Establishe s |
| FIPS provider module generated RSA public key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider module generated RSA private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from |
| FIPS provider module generated RSA private key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove | API output parameters | For the duration of the service | FIPS provider module generated RSA public key:Paired With FIPS provider Intermediate Key |
n t t t t t © 2025 Ezurio/atsec information security.
t t t t n © 2025 Ezurio/atsec information security.
n t t t t t t © 2025 Ezurio/atsec information security.
n t t t t t s s © 2025 Ezurio/atsec information security.
| Name | Generation | Storage | Zeroization | |
|---|---|---|---|---|
| FIPS provider Intermediat e Key Generation Value | FIPS provider module generated DH public key:Generates FIPS provider DH private key:Generates FIPS provider module generated DH public key:Generates FIPS provider module generated DH private key:Generates FIPS provider EC public key:Generates FIPS provider EC private key:Generates FIPS provider module generated EC public key:Generates FIPS provider module generated EC private key:Generates FIPS provider RSA public key:Generates FIPS provider RSA private key:Generates FIPS provider module generated RSA public key:Generates FIPS provider module generated RSA private key:Generates | RAM:Plaintex t | FIPS provider Automatic | For the duration of the service |
t n © 2025 Ezurio/atsec information security.
| Name | Storage | Zeroization | Input | Related SSPs | |
|---|---|---|---|---|---|
| FIPS provider derived key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider key-derivation key:Derived From FIPS provider shared secret:Derived From FIPS provider password:Derive d From |
| FIPS provider key- derivation key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider derived key:Derives |
| FIPS provider Password | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider derived key:Derives |
| FIPS provider AES Derived Key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider derived key:Derives |
| FIPS provider HMAC Derived Key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider derived key:Derives |
| FIPS provider 802.11 Pre- shared key (PSK) | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider derived key:Used With |
| FIPS provider 802.11 Pairwise Master Key (PMK) | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider derived key:Used With |
| FIPS provider 802.11 KDF Internal State | FIPS provider calling the zeroization API Remove power from the module | For the duration of the service | |||
| FIPS provider 802.11 Temporal Keys | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | Kernel AES key:Encrypts Kernel AES key:Decrypts |
| FIPS provider 802.11 MIC keys (KCK) | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | |
| FIPS provider 802.11 Key Encryption Key (KEK) | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API input parameters | For the duration of the service | Kernel AES key:Encrypts |
| FIPS provider 802.11 Group Temporal Key (GTK) | RAM:Plaintex t | Kernel free cipher handle Remove power from the module | API output parameters | For the duration of the service | Kernel AES key:Encrypts Kernel AES key:Decrypts |
| FIPS Provider KMAC Key | RAM:Plaintex t | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
n keyderivation t t t t t t © 2025 Ezurio/atsec information security.
t t t t t t n © 2025 Ezurio/atsec information security.
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2030. © 2025 Ezurio/atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Test Propertie s | Condition s | |
|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A5009) | HMAC- SHA2-256 (A5009) | Message Authentication | SW/FW Integrity | Integrity test for fips.so; Integrity test for kernel binary; Integrity test for fipsheck binary; Integrity test for fipscheck library | 256-bit key | Module becomes operational and services are available for use | ||
| ECDSA KeyGen (FIPS186- 5) (A4711) | ECDSA KeyGen (FIPS186- 5) (A4711) | PCT | PCT | SP 800- 56Ar3 Section 5.6.2.1.4 | crypto_kpp_g enerate_public_k ey returns 0 | N/A | Key pair generation | |
| SHA2-224 (A4711) | SHA2-224 (A4711) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA2-256 (A4711) | SHA2-256 (A4711) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA2-384 (A4711) | SHA2-384 (A4711) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA2-512 (A4711) | SHA2-512 (A4711) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA3-224 (A4713) | SHA3-224 (A4713) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA3-256 (A4713) | SHA3-256 (A4713) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Test Propertie s | Condition s | |
|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A5009) | HMAC- SHA2-256 (A5009) | Message Authentication | SW/FW Integrity | Integrity test for fips.so; Integrity test for kernel binary; Integrity test for fipsheck binary; Integrity test for fipscheck library | 256-bit key | Module becomes operational and services are available for use | ||
| ECDSA KeyGen (FIPS186- 5) (A4711) | ECDSA KeyGen (FIPS186- 5) (A4711) | PCT | PCT | SP 800- 56Ar3 Section 5.6.2.1.4 | crypto_kpp_g enerate_public_k ey returns 0 | N/A | Key pair generation | |
| SHA2-224 (A4711) | SHA2-224 (A4711) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA2-256 (A4711) | SHA2-256 (A4711) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA2-384 (A4711) | SHA2-384 (A4711) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA2-512 (A4711) | SHA2-512 (A4711) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA3-224 (A4713) | SHA3-224 (A4713) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n | |
| SHA3-256 (A4713) | SHA3-256 (A4713) | KAT | CAS T | Message digest | Module is operational | 0-8184 bit messages | Module initializatio n |
HMACSHA2-256 Table 20: Pre-Operational Self-Tests The pre-operational firmware integrity tests are performed automatically when the module is powered on, before the module transitions into the operational state. The algorithm used for the integrity test (i.e., HMAC-SHA2-256) is self-tested before the firmware integrity test is performed. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully.
(FIPS1865) s N/A d e s SP 80056Ar3 5.6.2.1.4 T T T T T T n n n n n n © 2025 Ezurio/atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Condition s | |
|---|---|---|---|---|---|---|---|
| SHA3-384 (A4713) | SHA3-384 (A4713) | KAT | CAS T | Message digest | 0-8184 bit messages | Module is operational | Module initializatio n |
| SHA3-512 (A4713) | SHA3-512 (A4713) | KAT | CAS T | Message digest | 0-8184 bit messages | Module is operational | Module initializatio n |
| AES-ECB (A4711) | AES-ECB (A4711) | KAT | CAS T | Encryption, Decryption (Separately) | 128, 192, 256 bit keys | Module is operational | Module initializatio n |
| AES-CBC (A4712) | AES-CBC (A4712) | KAT | CAS T | Encryption, Decryption (Separately) | 128, 192, 256 bit keys | Module is operational | Module initializatio n |
| AES-CTR (A4712) | AES-CTR (A4712) | KAT | CAS T | Encryption, Decryption (Separately) | 128, 192, 256 bit keys | Module is operational | Module initializatio n |
| AES-CCM (A4712) | AES-CCM (A4712) | KAT | CAS T | Encryption, Decryption (Separately) | 128, 192, 256 bit keys | Module is operational | Module initializatio n |
| AES-GCM (A4712) | AES-GCM (A4712) | KAT | CAS T | Message authenticatio n | 128, 192, 256 bit keys | Module is operational | Module initializatio n |
| AES- CMAC (A4712) | AES- CMAC (A4712) | KAT | CAS T | Message authenticatio n | 128 and 256 bit keys | Module is operational | Module initializatio n |
| KAS-ECC- SSC Sp800- 56Ar3 (A4711) | KAS-ECC- SSC Sp800- 56Ar3 (A4711) | KAT | CAS T | Shared secret computation | P-256, P- 384 | Module is operational | Module initializatio n |
| Counter DRBG (A4711) | Counter DRBG (A4711) | KAT | CAS T | Seed Generate | 128, 192, 256 bit keys with/witho ut PR; Health test per section 11.3 of SP 800-90A | Module is operational | Module initializatio n |
| ECDSA KeyGen (FIPS186- 5) (A5009) | ECDSA KeyGen (FIPS186- 5) (A5009) | PCT | PCT | Signature generation and verification | SHA2-256 | Successful key generation | EC key pair generation |
| RSA KeyGen (FIPS186- 5) (A5018) | RSA KeyGen (FIPS186- 5) (A5018) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA2-256 | Successful key generation | RSA key pair generation |
| Safe Primes Key | Safe Primes Key | PCT | PCT | Public key re- computation and | N/A | Successful key generation | Safe Primes key |
| Generatio n (A5014) | Generatio n (A5014) | comparison with the existing public key (per SP 800- 56Ar3 Section 5.6.2.1.4) | pair generation | ||||
| EDDSA KeyGen (A5016) | EDDSA KeyGen (A5016) | PCT | PCT | Signature generation and verification | ED25519 and ED448 | Successful key generation | EDDSA key pair generation |
| SHA-1 (A5009) | SHA-1 (A5009) | KAT | CAS T | Message Digest | 24-bit message | Module is operational | Module initializatio n |
| SHA2-512 (A5009) | SHA2-512 (A5009) | KAT | CAS T | Message Digest | 24-bit message | Module is operational | Module initializatio n |
| SHA3-256 (A5011) | SHA3-256 (A5011) | KAT | CAS T | Message Digest | 32-bit message | Module is operational | Module initializatio n |
| AES-ECB (A5002) | AES-ECB (A5002) | KAT | CAS T | Decryption | 128-bit keys, 128- bit ciphertext | Module is operational | Module initializatio n |
| AES-GCM (A5005) | AES-GCM (A5005) | KAT | CAS T | Encryption, Decryption (Separately) | 256-bit keys, 96- bit IVs, 128-bit plaintext, 128-bit additional data | Module is operational | Module initializatio n |
| KDF SP800- 108 (A5017) | KDF SP800- 108 (A5017) | KAT | CAS T | Key Derivation | Counter mode, HMAC- SHA2-256, 128-bit input key | Module is operational | Module initializatio n |
| KDA OneStep SP800- 56Cr2 (A5012) | KDA OneStep SP800- 56Cr2 (A5012) | KAT | CAS T | Key Derivation | SHA-224, 392-bit input secret | Module is operational | Module initializatio n |
| KDA HKDF Sp800- 56Cr1 (A5013) | KDA HKDF Sp800- 56Cr1 (A5013) | KAT | CAS T | Key Derivation | SHA-256, 48-bit input secret | Module is operational | Module initializatio n |
| KDF ANS 9.42 (A5009) | KDF ANS 9.42 (A5009) | KAT | CAS T | Key Derivation | SHA-1 with AES-128, KW, 160- | Module is operational | Module initializatio n |
| KDF ANS 9.63 (A5009) | KDF ANS 9.63 (A5009) | KAT | CAS T | Key Derivation | SHA-256, 192-bit input secret | Module is operational | Module initializatio n |
| KDF SSH (A5019) | KDF SSH (A5019) | KAT | CAS T | Key Derivation | SHA-1, 1056-bit input secret | Module is operational | Module initializatio n |
| TLS v1.2 KDF RFC7627 (A5009) | TLS v1.2 KDF RFC7627 (A5009) | KAT | CAS T | Key Derivation | SHA-256, 84-bit input secret | Module is operational | Module initializatio n |
| TLS v1.3 KDF (A5013) | TLS v1.3 KDF (A5013) | KAT | CAS T | Key Derivation | Extract and expand modes, SHA-256 | Module is operational | Module initializatio n |
| PBKDF (A5009) | PBKDF (A5009) | KAT | CAS T | Key Derivation | SHA-256, 24- character password, 288-bit salt, Iteration count: 4096 | Module is operational | Module initializatio n |
| Counter DRBG (A5015) | Counter DRBG (A5015) | KAT | CAS T | Instantiate, Generate, Reseed, Generate (compliant with SP 800- 90Ar1 Section 11.3) | AES-128 with prediction resistance | Module is operational | Module initializatio n |
| HMAC DRBG (A5015) | HMAC DRBG (A5015) | KAT | CAS T | Instantiate, Generate, Reseed, Generate (compliant with SP 800- 90Ar1 Section 11.3) | SHA-1 with prediction resistance | Module is operational | Module initializatio n |
| Hash DRBG (A5015) | Hash DRBG (A5015) | KAT | CAS T | Instantiate, Generate, Reseed, Generate (compliant with SP 800- 90Ar1 Section 11.3) | SHA-256 with prediction resistance | Module is operational | Module initializatio n |
| KAS-FFC- SSC Sp800- 56Ar3 (A5014) | KAS-FFC- SSC Sp800- 56Ar3 (A5014) | KAT | CAS T | Shared Secret Computation | ffdhe2048 | Module is operational | Module initializatio n |
| KAS-ECC- SSC Sp800- 56Ar3 (A5009) | KAS-ECC- SSC Sp800- 56Ar3 (A5009) | KAT | CAS T | Shared Secret Computation | P-256 | Module is operational | Module initializatio n |
| RSA SigGen (FIPS186- 5) (A5009) | RSA SigGen (FIPS186- 5) (A5009) | KAT | CAS T | Signature Generation | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module is operational | Module initializatio n |
| RSA SigVer (FIPS186- 5) (A5009) | RSA SigVer (FIPS186- 5) (A5009) | KAT | CAS T | Signature Verification | PKCS#1 v1.5 with SHA-256 and 2048- bit key | Module is operational | Module initializatio n |
| ECDSA SigGen (FIPS186- 5) (A5009) | ECDSA SigGen (FIPS186- 5) (A5009) | KAT | CAS T | Signature Generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module is operational | Module initializatio n |
| ECDSA SigVer (FIPS186- 5) (A5009) | ECDSA SigVer (FIPS186- 5) (A5009) | KAT | CAS T | Signature Verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module is operational | Module initializatio n |
| EDDSA SigGen (A5016) | EDDSA SigGen (A5016) | KAT | CAS T | Signature Generation | ED25519 and ED448 | Module is operational | Module initializatio n |
| EDDSA SigVer (A5016) | EDDSA SigVer (A5016) | KAT | CAS T | Signature Verification | ED25519 and ED448 | Module is operational | Module initializatio n |
| KTS-IFC (A5018) | KTS-IFC (A5018) | KAT | CAS T | Decryption | SHA-256, no padding | Module is operational | Module initializatio n |
s d e T s T P-256, P384 T T T T T T T n n n n n n n n n n n T n N/A AESCMAC KAS-ECCSSC Sp80056Ar3 (FIPS1865) (FIPS1865) © 2025 Ezurio/atsec information security.
s d e T SP800108 SP80056Cr2 Sp80056Cr1 s 5.6.2.1.4) T T keys, 128bit HMACSHA2-256, T T n T n T n T n T n n n n n © 2025 Ezurio/atsec information security.
s 24character d e s T n T n T n T n T n T n T T n n © 2025 Ezurio/atsec information security.
KAS-FFCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 (FIPS1865) (FIPS1865) (FIPS1865) (FIPS1865) s d e T s n T n P-256, P384, and P521 P-256, P384, and P521 T n T n T n T n T T T n n n Table 21: Conditional Self-Tests The module performs self-tests on all approved cryptographic algorithms as part of the approved services supported in the approved mode of operation, using the tests shown in in the table above. Services are not available, and data output (via the data output interface) is inhibited during the self-tests. If any of these tests fails, the module transitions to the error state.
© 2025 Ezurio/atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method |
|---|---|---|---|---|---|
| HMAC-SHA2- 256 (A5009) | HMAC-SHA2- 256 (A5009) | Message Authentication | SW/FW Integrity | On-demand | Manually |
| ECDSA KeyGen (FIPS186-5) (A4711) | ECDSA KeyGen (FIPS186-5) (A4711) | PCT | PCT | On demand | Manually |
| SHA2-224 (A4711) | SHA2-224 (A4711) | KAT | CAST | On demand | Manually |
| SHA2-256 (A4711) | SHA2-256 (A4711) | KAT | CAST | On demand | Manually |
| SHA2-384 (A4711) | SHA2-384 (A4711) | KAT | CAST | On demand | Manually |
| SHA2-512 (A4711) | SHA2-512 (A4711) | KAT | CAST | On demand | Manually |
| SHA3-224 (A4713) | SHA3-224 (A4713) | KAT | CAST | On demand | Manually |
| SHA3-256 (A4713) | SHA3-256 (A4713) | KAT | CAST | On demand | Manually |
| SHA3-384 (A4713) | SHA3-384 (A4713) | KAT | CAST | On demand | Manually |
| SHA3-512 (A4713) | SHA3-512 (A4713) | KAT | CAST | On demand | Manually |
| AES-ECB (A4711) | AES-ECB (A4711) | KAT | CAST | On demand | Manually |
| AES-CBC (A4712) | AES-CBC (A4712) | KAT | CAST | On demand | Manually |
| AES-CTR (A4712) | AES-CTR (A4712) | KAT | CAST | On demand | Manually |
| AES-CCM (A4712) | AES-CCM (A4712) | KAT | CAST | On demand | Manually |
| AES-GCM (A4712) | AES-GCM (A4712) | KAT | CAST | On demand | Manually |
| AES-CMAC (A4712) | AES-CMAC (A4712) | KAT | CAST | On demand | Manually |
| KAS-ECC-SSC Sp800-56Ar3 (A4711) | KAS-ECC-SSC Sp800-56Ar3 (A4711) | KAT | CAST | On demand | Manually |
| Counter DRBG (A4711) | Counter DRBG (A4711) | KAT | CAST | On demand | Manually |
| ECDSA KeyGen (FIPS186-5) (A5009) | ECDSA KeyGen (FIPS186-5) (A5009) | PCT | PCT | On demand | Manually |
| RSA KeyGen (FIPS186-5) (A5018) | RSA KeyGen (FIPS186-5) (A5018) | PCT | PCT | On demand | Manually |
| Safe Primes Key Generation (A5014) | Safe Primes Key Generation (A5014) | PCT | PCT | On demand | Manually |
| EDDSA KeyGen (A5016) | EDDSA KeyGen (A5016) | PCT | PCT | On demand | Manually |
| SHA-1 (A5009) | SHA-1 (A5009) | KAT | CAST | On demand | Manually |
| SHA2-512 (A5009) | SHA2-512 (A5009) | KAT | CAST | On demand | Manually |
| SHA3-256 (A5011) | SHA3-256 (A5011) | KAT | CAST | On demand | Manually |
| AES-ECB (A5002) | AES-ECB (A5002) | KAT | CAST | On demand | Manually |
| AES-GCM (A5005) | AES-GCM (A5005) | KAT | CAST | On demand | Manually |
| KDF SP800-108 (A5017) | KDF SP800-108 (A5017) | KAT | CAST | On demand | Manually |
| KDA OneStep SP800-56Cr2 (A5012) | KDA OneStep SP800-56Cr2 (A5012) | KAT | CAST | On demand | Manually |
| KDA HKDF Sp800-56Cr1 (A5013) | KDA HKDF Sp800-56Cr1 (A5013) | KAT | CAST | On demand | Manually |
| KDF ANS 9.42 (A5009) | KDF ANS 9.42 (A5009) | KAT | CAST | On demand | Manually |
| KDF ANS 9.63 (A5009) | KDF ANS 9.63 (A5009) | KAT | CAST | On demand | Manually |
| KDF SSH (A5019) | KDF SSH (A5019) | KAT | CAST | On demand | Manually |
| TLS v1.2 KDF RFC7627 (A5009) | TLS v1.2 KDF RFC7627 (A5009) | KAT | CAST | On demand | Manually |
| TLS v1.3 KDF (A5013) | TLS v1.3 KDF (A5013) | KAT | CAST | On demand | Manually |
| PBKDF (A5009) | PBKDF (A5009) | KAT | CAST | On demand | Manually |
| Counter DRBG (A5015) | Counter DRBG (A5015) | KAT | CAST | On demand | Manually |
| HMAC DRBG (A5015) | HMAC DRBG (A5015) | KAT | CAST | On demand | Manually |
| Hash DRBG (A5015) | Hash DRBG (A5015) | KAT | CAST | On demand | Manually |
| KAS-FFC-SSC Sp800-56Ar3 (A5014) | KAS-FFC-SSC Sp800-56Ar3 (A5014) | KAT | CAST | On demand | Manually |
| KAS-ECC-SSC Sp800-56Ar3 (A5009) | KAS-ECC-SSC Sp800-56Ar3 (A5009) | KAT | CAST | On demand | Manually |
| RSA SigGen (FIPS186-5) (A5009) | RSA SigGen (FIPS186-5) (A5009) | KAT | CAST | On demand | Manually |
| RSA SigVer (FIPS186-5) (A5009) | RSA SigVer (FIPS186-5) (A5009) | KAT | CAST | On demand | Manually |
| ECDSA SigGen (FIPS186-5) (A5009) | ECDSA SigGen (FIPS186-5) (A5009) | KAT | CAST | On demand | Manually |
| ECDSA SigVer (FIPS186-5) (A5009) | ECDSA SigVer (FIPS186-5) (A5009) | KAT | CAST | On demand | Manually |
| EDDSA SigGen (A5016) | EDDSA SigGen (A5016) | KAT | CAST | On demand | Manually |
| EDDSA SigVer (A5016) | EDDSA SigVer (A5016) | KAT | CAST | On demand | Manually |
| KTS-IFC (A5018) | KTS-IFC (A5018) | KAT | CAST | On demand | Manually |
HMAC-SHA2Message Table 22: Pre-Operational Periodic Information © 2025 Ezurio/atsec information security.
© 2025 Ezurio/atsec information security.
| Name | Description | Role Access | Indicator | Recovery Method |
|---|---|---|---|---|
| Error State | The module immediately stops functioning due to a self-test failure | Integrity test failure CAST Failure PCT Failure | Module reboots | Reboot and successful completion of self- tests |
Table 23: Conditional Periodic Information
Table 24: Error States In the error state, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running).
All self-tests, with the exception of the continuous health tests, can be invoked on demand by unloading and subsequently re-initializing the module. © 2025 Ezurio/atsec information security.
Before deploying the module for usage, the Crypto Officer shall employ the following steps:
The Crypto Officer must execute the “cat /proc/sys/crypto/fips_name” command. The Crypto Officer must ensure that the proper name is listed in the output as follows: Summit Linux This output maps to the module name “Summit Linux FIPS Core Crypto Module”. Next the Crypto Officer must execute “cat /proc/sys/crypto/fips_version”. This command must output the following: 11.0 The following are the HMAC values for each of the module components:
There is no non-administrator guidance.
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. © 2025 Ezurio/atsec information security.
For the FIPS Provider component, certain cryptographic subroutines and algorithms are vulnerable to timing analysis. The FIPS Provider component mitigates this vulnerability by using constant-time implementations. This includes, but is not limited to:
Appendix A. Glossary and Abbreviations AES API CAST CAVP CBC CCM CFB CMAC CMVP CSP CTR CTS DH DRBG ECB ECC ECDH ECDSA EMS ENT (NP) FFC FIPS GCM GMAC HKDF HMAC IPsec KAT KBKDF MAC NIST PAA PBKDF2 PKCS RSA SFI SHA SSC SSP TOEPP XTS Advanced Encryption Standard Application Programming Interface Cryptographic Algorithm Self-Test Cryptographic Algorithm Validation Program Cipher Block Chaining Counter with Cipher Block Chaining-Message Authentication Code Cipher Feedback Cipher-based Message Authentication Code Cryptographic Module Validation Program Critical Security Parameter Counter Ciphertext Stealing Diffie-Hellman Deterministic Random Bit Generator Electronic Code Book Elliptic Curve Cryptography Elliptic Curve Diffie-Hellman Elliptic Curve Digital Signature Algorithm Extended Master Secret Non-physical Entropy Source Finite Field Cryptography Federal Information Processing Standards Galois Counter Mode Galois Counter Mode Message Authentication Code HMAC-based Key Derivation Function Keyed-Hash Message Authentication Code Internet Protocol Security Known Answer Test Key-based Key Derivation Function Message Authentication Code National Institute of Science and Technology Processor Algorithm Acceleration Password-based Key Derivation Function v2 Public-Key Cryptography Standards Rivest, Shamir, Addleman Security Function Implementation Secure Hash Algorithm Shared Secret Computation Sensitive Security Parameter Test Operational Environment’s Physical Perimeter XEX-based Tweaked-codebook mode with cipher text Stealing © 2025 Ezurio/atsec information security.
Appendix B. References ANS X9.422001 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9422001 ANS X9.632001 Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9632001 FIPS 140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips140-3-ig-announcements FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-5 Digital Signature Standard (DSS) February 3, 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) May 2003 https://www.ietf.org/rfc/rfc3526.txt RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS August 2008 https://www.ietf.org/rfc/rfc5288.txt © 2025 Ezurio/atsec information security.
RFC 7919 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) August 2016 https://www.ietf.org/rfc/rfc7919.txt RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 August 2018 https://www.ietf.org/rfc/rfc8446.txt SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP 800-38A Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38aadd.pdf SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication80038c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf SP 800-52r2 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf SP 800-56Ar3 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf SP 800-56Cr2 Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf © 2025 Ezurio/atsec information security.
SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP 800-108r1 NIST Special Publication 800-108 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf SP 800131Ar2 Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800131Ar2.pdf SP 800-132 Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf SP 800-133r2 Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf SP 800-135r1 Recommendation for Existing Application-Specific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800135r1.pdf SP 800-140B CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf © 2025 Ezurio/atsec information security.