| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Firmware-hybrid |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 11/11/2030 |
| Caveat | When operated in approved mode and installed, initialized and configured as specified in Section 11.1 of the Security Policy; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs |
| Vendor | Ezurio |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Physical Security | 7 |
| Non-Invasive Security | 8 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for Summit Linux FIPS Core Crypto Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Kernel AES-ECB<br/>Kernel AES-CTR<br/>Kernel AES-CBC</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Summit Linux FIPS Core Crypto Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Kernel AES-ECB<br/>Kernel AES-CTR<br/>Kernel AES-CBC</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Ezurio Summit Linux FIPS Core Crypto Module Document Version: 1.1 Last Modified: 08/19/2025 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com © 2025 Ezurio / atsec information security.
| # | Section | Page |
|---|---|---|
| 1 | General | 5 |
| 1.1 | Overview | 5 |
| 1.1.1 | How this Security Policy was prepared | 5 |
| 1.2 | Security Levels | 5 |
| 2 | Cryptographic Module Specification | 6 |
| 2.1 | Description | 6 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 8 |
| 2.3 | Excluded Components | 9 |
| 2.4 | Modes of Operation | 9 |
| 2.5 | Algorithms | 9 |
| 2.6 | Security Function Implementations | 19 |
| 2.7 | Algorithm Specific Information | 28 |
| 2.7.1 | AES GCM IV | 28 |
| 2.7.1.1 | TLS version 1.2 | 28 |
| 2.7.1.2 | TLS version 1.3 | 28 |
| 2.7.1.3 | IEEE 802.11 GCMP | 29 |
| 2.7.2 | AES XTS | 29 |
| 2.7.3 | Key derivation using SP 800-132 PBKDF2 | 29 |
| 2.7.4 | SP 800-56Ar3 Assurances | 30 |
| 2.7.5 | RSA Key Encapsulation | 30 |
| 2.7.6 | RSA Key Agreement | 31 |
| 2.7.7 | RSA SigGen and SigVer compliance | 31 |
| 2.7.8 | SHA-3 compliance | 31 |
| 2.7.9 | SHA-1 compliance to SP 800-131A rev2 | 31 |
| 2.8 | RBG and Entropy | 32 |
| 2.9 | Key Generation | 32 |
| 2.10 | Key Establishment | 33 |
| 2.11 | Industry Protocols | 33 |
| 3 | Cryptographic Module Interfaces | 34 |
| 3.1 | Ports and Interfaces | 34 |
| 4 | Roles, Services, and Authentication | 35 |
| 4.1 | Roles | 35 |
| 4.2 | Approved Services | 35 |
| 4.3 | Non-Approved Services | 54 |
| 5 | Software/Firmware Security | 55 |
| 5.1 | Integrity Techniques | 55 |
| 5.2 | Initiate on Demand | 55 |
| 6 | Operational Environment | 56 |
| 6.1 | Operational Environment Type and Requirements | 56 |
| 6.2 | Configuration Settings and Restrictions | 56 |
| 7 | Physical Security | 57 |
| 7.1 | Mechanisms and Actions Required | 57 |
| 8 | Non-Invasive Security | 58 |
| 8.1 | Mitigation Techniques | 58 |
| 9 | Sensitive Security Parameters Management | 59 |
| 9.1 | Storage Areas | 59 |
| 9.2 | SSP Input-Output Methods | 59 |
| 9.3 | SSP Zeroization Methods | 59 |
| 9.4 | SSPs | 60 |
| 9.5 | Transitions | 84 |
| 10 | Self-Tests | 85 |
| 10.1 | Pre-Operational Self-Tests | 85 |
| 10.2 | Conditional Self-Tests | 85 |
| 10.3 | Periodic Self-Test Information | 93 |
| 10.4 | Error States | 98 |
| 10.5 | Operator Initiation of Self-Tests | 98 |
| 11 | Life-Cycle Assurance | 99 |
| 11.1 | Installation, Initialization, and Startup Procedures | 99 |
| 11.2 | Administrator Guidance | 99 |
| 11.3 | Non-Administrator Guidance | 100 |
| 11.4 | End of Life | 100 |
| 12 | Mitigation of Other Attacks | 101 |
| 12.1 | Attack List | 101 |
| Appendix A. Glossary and Abbreviations | 102 | |
| Appendix B. References | 103 |
© 2025 Ezurio / atsec information security.
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) | 8 |
| Table 3: Tested Module Identification – Hybrid Disjoint Hardware | 8 |
| Table 4: Tested Operational Environments - Software, Firmware, Hybrid | 9 |
| Table 5: Modes List and Description | 9 |
| Table 6: Approved Algorithms | 18 |
| Table 7: Vendor-Affirmed Algorithms | 18 |
| Table 8: Non-Approved, Not Allowed Algorithms | 19 |
| Table 9: Security Function Implementations | 28 |
| Table 10: Entropy Certificates | 32 |
| Table 11: Entropy Sources | 32 |
| Table 12: Ports and Interfaces | 34 |
| Table 13: Roles | 35 |
| Table 14: Approved Services | 53 |
| Table 15: Non-Approved Services | 54 |
| Table 16: Storage Areas | 59 |
| Table 17: SSP Input-Output Methods | 59 |
| Table 18: SSP Zeroization Methods | 60 |
| Table 19: SSP Table 1 | 75 |
| Table 20: SSP Table 2 | 84 |
| Table 21: Pre-Operational Self-Tests | 85 |
| Table 22: Conditional Self-Tests | 93 |
| Table 23: Pre-Operational Periodic Information | 93 |
| Table 24: Conditional Periodic Information | 97 |
| Table 25: Error States | 98 |
| Figure 1: Tested Operational Environment Physical Perimeter | 7 |
| Figure 2: Block Diagram | 8 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | 1 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | 1 |
| Overall Level | Overall Level | 1 |
This document is the non-proprietary FIPS 140-3 Security Policy for the Summit Linux FIPS Core Crypto Module, firmware version 11.1, hardware version ATSAMA5D31, ATSAMA5D36. It contains the security rules under which the module must be operated and describes how this module meets the requirements as specified in FIPS 140-3 (Federal Information Processing Standards Publication 140-3) for a Security Level 1 module. This Security Policy contains non-proprietary information. All other documentation submitted for FIPS 140-3 conformance testing and validation is proprietary and is releasable only under appropriate non-disclosure agreements.
consolidated into this document by atsec information security together with other vendor-supplied documentation. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.
Table 1: Security Levels N/A © 2025 Ezurio / atsec information security.
Purpose and Use: The Summit Linux FIPS Core Crypto Module (hereafter referred to as the “module”) is a Firmware-Hybrid module supporting FIPS 140-3 Approved cryptographic algorithms. The module is composed by a hardware component, the ARM-based Microchip/Atmel microprocessor, and firmware components comprised of a kernel and OpenSSL library, and fipscheck binary. The firmware components provide a C language application program interface (API) for use by other processes that require cryptographic functionality. The module offers approved cryptographic functions in the Approved mode for, among other uses:
(a) WB50NBT with Microchip/Atmel (b) SU60-SOMC 60 Series SOM (System on Module) ATSAMA5D31. with Microchip/Atmel ATSAMA5D36 Figure 1: Tested Operational Environment Physical Perimeter Figure 2 below shows the block diagram of the module. The cryptographic boundary is indicated with yellow blocks, distributed among hardware and firmware components. Blocks of another color do not belong to the cryptographic boundary. Users of the module interact through the API that are the logical interfaces data input, data output, control input, status output. A dotted line encompasses the module’s components that interface through the API. In Figure 2, users of the module are exemplified by applications. These applications may reside within the NAND Flash memory or may reside outside (but still within the physical perimeter), always interacting with the module’s API. The physical perimeter of the module is defined as the perimeter of the circuit board on which the module is installed. The filesystem and operating system reside on NAND Flash memory within the physical perimeter. © 2025 Ezurio / atsec information security.
| Name | Model | Hardware Version | Firmware Version | Processor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|
| Image.gz, fips.so and fipscheck (application and library) | 11.1 | N/A | Image.gz, fips.so and fipscheck (application and library) | HMAC-SHA-256 | |||
| ATSAMA5D31 | ATSAMA5D31 | ATSAMA5D31 | N/A | N/A | N/A | ||
| ATSAMA5D36 | ATSAMA5D36 | ATSAMA5D36 | N/A | N/A | N/A |
| Name | Model | Hardware Version | Firmware Version | Processor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|
| Image.gz, fips.so and fipscheck (application and library) | 11.1 | N/A | Image.gz, fips.so and fipscheck (application and library) | HMAC-SHA-256 | |||
| ATSAMA5D31 | ATSAMA5D31 | ATSAMA5D31 | N/A | N/A | N/A | ||
| ATSAMA5D36 | ATSAMA5D36 | ATSAMA5D36 | N/A | N/A | N/A |
Tested Module Identification
| Name | Operating System | Hardware Platform | Software Version | Processor | Paa Pai | Hypervisor |
|---|---|---|---|---|---|---|
| Summit Linux 11.1 | Summit Linux 11.1 | Ezurio WB50NBT System-On-Module | 11.1 | Microchip/Atmel ATSAMA5D31, ARM Cortex A5-based (ARMv7) | No | N/A |
| Summit Linux 11.1 | Summit Linux 11.1 | Ezurio 60 Series SOM (System on Module) | 11.1 | Microchip/Atmel ATSAMA5D36, ARM Cortex A5-based (ARMv7) | No | N/A |
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- approved mode | Automatically entered whenever a non-approved service is requested | Equivalent to the indicator of the requested service as defined in section 4.3 | Non- Approved |
Tested Operational Environments - Software, Firmware, Hybrid: N/A N/A Table 4: Tested Operational Environments - Software, Firmware, Hybrid
There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.
Modes List and Description: Nonapproved NonApproved Table 5: Modes List and Description After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the Mode Change Instructions and Status: The module automatically switches between the approved and non-approved modes depending on the services service that was requested.
Approved Algorithms: © 2025 Ezurio / atsec information security.
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A4712 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4716 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4719 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A4721 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5004 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5004 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A4714 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A4718 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A4720 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A4722 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A5004 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A4712 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A4716 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A4719 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A4721 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A5004 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB1 | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A4724 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A4724 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A4712 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A4716 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A4719 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A4721 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A5004 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A4712 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A4716 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A4719 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A4721 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4711 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4712 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4715 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4716 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4717 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4719 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4721 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5019 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-GCM | A4712 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GCM | A4715 | Direction - Decrypt, Encrypt IV Generation - External | SP 800-38D |
| AES-GCM | A4717 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GCM | A4719 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GCM | A4721 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GCM | A5008 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A4712 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A4719 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A4721 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5008 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-KW | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A4723 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-OFB | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A4712 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A4716 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A4719 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A4721 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A5004 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A4711 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Counter DRBG | A4712 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Counter DRBG | A4715 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Counter DRBG | A4717 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Counter DRBG | A4719 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Counter DRBG | A4721 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Counter DRBG | A5015 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - No, Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-5) | A4711 | Curve - P-256, P-384 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A5018 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5018 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5018 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256 Component - No | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5020 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5018 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5020 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-5 |
| EDDSA KeyGen | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5 |
| EDDSA SigGen | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5 |
| EDDSA SigVer | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5 |
| Hash DRBG | A5015 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A5015 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A4711 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A4712 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A4716 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A4711 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A4712 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A4716 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A4711 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A4712 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A4716 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A4711 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A4712 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A4716 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 224 | A4713 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 224 | A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 256 | A4713 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 256 | A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 384 | A4713 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 384 | A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 512 | A4713 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 512 | A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A4711 | Domain Parameter Generation Methods - P-256, P-384 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A5018 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-FFC-SSC Sp800-56Ar3 | A5014 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Scheme - | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5018 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KDA HKDF Sp800-56Cr1 | A5013 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3- 256, SHA3-384, SHA3-512 | SP 800-56C Rev. 2 |
| KDA OneStep SP800-56Cr2 | A5012 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 | SP 800-56C Rev. 2 |
| KDA TwoStep SP800-56Cr2 | A5012 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 | SP 800-56C Rev. 2 |
| KDF ANS 9.42 (CVL) | A5018 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5020 | KDF Type - DER Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5018 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2- 512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF KMAC Sp800-108r1 | A5017 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 Rev. 1 |
| KDF SP800-108 | A5017 | KDF Mode - Counter, Feedback Supported Lengths - Supported Lengths: 112, 128, 776, 3456, 4096 | SP 800-108 Rev. 1 |
| KDF SSH (CVL) | A5019 | Cipher - AES-128, AES-192, AES-256, TDES Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| KDF TLS (CVL) | A5018 | TLS Version - v1.0/1.1 | SP 800-135 Rev. 1 |
| KMAC-128 | A5020 | Message Length - Message Length: 0-65536 Increment 8 Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 |
| KMAC-256 | A5020 | Message Length - Message Length: 0-65536 Increment 8 Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 |
| KTS-IFC | A5018 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| PBKDF | A5018 | Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 14-128 Increment 1 | SP 800-132 |
| PBKDF | A5020 | Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 14-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-5) | A5018 | Key Generation Mode - probableWithProbableAux Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5018 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5018 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| Safe Primes Key Generation | A5014 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192 | SP 800-56A Rev. 3 |
| Safe Primes Key Verification | A5014 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192 | SP 800-56A Rev. 3 |
| SHA-1 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4711 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4712 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4716 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4711 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4712 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4716 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A4711 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A4712 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A4716 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A4711 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A4712 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A4716 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512/224 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512/256 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA3-224 | A4713 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202 |
| SHA3-224 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202 |
| SHA3-256 | A4713 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202 |
| SHA3-256 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202 |
| SHA3-384 | A4713 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202 |
| SHA3-384 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202 |
| SHA3-512 | A4713 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202 |
| SHA3-512 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202 |
| SHAKE-128 | A5020 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A5020 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| TLS v1.2 KDF RFC7627 (CVL) | A5018 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.3 KDF (CVL) | A5013 | HMAC Algorithm - SHA2-256, SHA2-384 KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 Rev. 1 |
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 © 2025 Ezurio / atsec information security.
HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA3224 HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3512 HMAC-SHA3512 © 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
| Name | Approved Functions | Properties | ||
|---|---|---|---|---|
| Asymmetric keygen (CKG) | Type:asymmetric | N/A | Section 4 example 1 per SP 800-133rev2 | |
| FIPS provider PBKDF with salt length less than 128 bits | Key derivation |
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| Asymmetric keygen (CKG) | Type:asymmetric | N/A | Section 4 example 1 per SP 800-133rev2 | |||
| FIPS provider PBKDF with salt length less than 128 bits | Key derivation | |||||
| FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS | Key derivation | |||||
| FIPS provider TLSv1.2 KDF without using EMS | Key derivation | |||||
| FIPS provider AES GCM using externally generated IV | Encryption/Decryption | |||||
| Kernel AES- CCM (KTS- Wrap) | Key Unwrapping, Key Unwrapping | AES-CCM: (A4712, A4716, A4719, A4721) | KTS-Wrap | Keys: 128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES- GCM (KTS- Wrap) | Key Wrapping, Key Unwrapping | AES-GCM: (A4712, A4715, A4717, A4719, A4721) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES CBC with HMAC | Key Wrapping, Key Unwrapping | AES-CBC: (A4712, A4716, A4719, A4721) HMAC-SHA2- 256: (A4711, A4712, A4716) HMAC-SHA2- 384: (A4711, A4712, A4716) HMAC-SHA2- 512: (A4711, A4712, A4716) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G | ||
| Kernel AES CTR with HMAC | Key Wrapping, Key Unwrapping | AES-CTR: (A4712, A4716, A4719, A4721) HMAC-SHA2- 256: (A4711, A4712, A4716) HMAC-SHA2- 384: (A4711, A4712, A4716) HMAC-SHA2- 512: (A4711, A4712, A4716) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
Table 6: Approved Algorithms Vendor-Affirmed Algorithms: N/A Table 7: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: © 2025 Ezurio / atsec information security.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS | Key derivation | |||
| FIPS provider TLSv1.2 KDF without using EMS | Key derivation | |||
| FIPS provider AES GCM using externally generated IV | Encryption/Decryption | |||
| Kernel AES- CCM (KTS- Wrap) | Key Unwrapping, Key Unwrapping | AES-CCM: (A4712, A4716, A4719, A4721) | KTS-Wrap | Keys: 128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| Kernel AES- GCM (KTS- Wrap) | Key Wrapping, Key Unwrapping | AES-GCM: (A4712, A4715, A4717, A4719, A4721) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| Kernel AES CBC with HMAC | Key Wrapping, Key Unwrapping | AES-CBC: (A4712, A4716, A4719, A4721) HMAC-SHA2- 256: (A4711, A4712, A4716) HMAC-SHA2- 384: (A4711, A4712, A4716) HMAC-SHA2- 512: (A4711, A4712, A4716) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| Kernel AES CTR with HMAC | Key Wrapping, Key Unwrapping | AES-CTR: (A4712, A4716, A4719, A4721) HMAC-SHA2- 256: (A4711, A4712, A4716) HMAC-SHA2- 384: (A4711, A4712, A4716) HMAC-SHA2- 512: (A4711, A4712, A4716) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| Kernel KAS- ECC-SSC | Shared Secret Computation | KAS-ECC-SSC Sp800-56Ar3: (A4711) | KAS-SSC | Curves:Curves : P-256, P-384 elliptic curves with 128 and 192 bits of key strength Compliance : Compliant with IG D.F scenario 2(1) |
| Kernel AES-ECB | Encryption/Decryption | AES-ECB: (A4711, A4712, A4715, A4716, A4717, A4719, A4721) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES-CTR | Encryption/Decryption | AES-CTR: (A4712, A4716, A4719, A4721) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES-CBC | Encryption/Decryption | AES-CBC: (A4712, A4716, A4719, A4721) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES- CBC-CS3 | Encryption/Decryption | AES-CBC-CS3: (A4714, A4718, A4720, A4722) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES- CFB8 | Encryption/Decryption | AES-CFB8: (A4724) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES- CFB128 | Encryption/Decryption | AES-CFB128: (A4724) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES-XTS | Encryption/Decryption | AES-XTS Testing Revision 2.0: (A4712, A4716, A4719, A4721) | BC-UnAuth | Keys:128, 256 bits with 128 and 256 bits of key strength |
| Kernel AES- CCM (BC-Auth) | Authenticated Encryption/Decryption | AES-CCM: (A4712, A4716, A4719, A4721) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES- GCM (BC-Auth) | Authenticated Encryption/Decryption | AES-GCM: (A4712, A4715, A4717, A4719, A4721) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES-OFB | Encryption/Decryption | AES-OFB: (A4723) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES- CMAC | Message authentication code (MAC) | AES-CMAC: (A4712, A4716, A4719, A4721) | MAC | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel AES- GMAC | Message authentication code (MAC) | AES-GMAC: (A4712, A4719, A4721) | MAC | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| Kernel Counter DRBG | Random Number Generation | Counter DRBG: (A4711, A4712, A4715, A4717, A4719, A4721) | DRBG | Compliance:Compliant with SP800-90ARev1 |
| Kernel ECDSA Key Generation | Key Generation | ECDSA KeyGen (FIPS186-5): (A4711) Asymmetric keygen (CKG): () Type: asymmetric | CKG | |
| Kernel HMAC | Message authentication code (MAC) | HMAC-SHA2- 224: (A4711, A4712, A4716) HMAC-SHA2- 256: (A4711, A4712, A4716) HMAC-SHA2- 384: (A4711, A4712, A4716) HMAC-SHA2- 512: (A4711, A4712, A4716) HMAC-SHA3- 224: (A4713) HMAC-SHA3- 256: (A4713) HMAC-SHA3- 384: (A4713) HMAC-SHA3- 512: (A4713) | MAC | Keys:112-256 bits with 112-256 bits of key strength |
| Kernel Hashes | Hashing | SHA2-224: (A4711, A4712, A4716) SHA2-256: (A4711, A4712, A4716) SHA2-384: (A4711, A4712, A4716) SHA2-512: (A4711, A4712, | SHA | |
| FIPS provider AES-CCM (KTS- Wrap) | Key Unwrapping, Key Unwrapping | AES-CCM: (A5004) | KTS-Wrap | Keys: 128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| FIPS provider AES-GCM (KTS- Wrap) | Key Wrapping, Key Unwrapping | AES-GCM: (A5008) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| FIPS provider KAS-IFC-SSC | Shared Secret Computation | KAS-IFC-SSC: (A5018) | KAS-SSC | Keys:2048, 3072, 4096, 6144, 8192-bit keys with 112-200 bits of key strength Compliance : Compliant with IG D.F scenario 1(1) |
| FIPS provider KTS-IFC | Key encapsulation, Key unencapsulation | KTS-IFC: (A5018) | KTS-Encap | Keys:2048, 3072, 4096, 6144, 8192-bit keys with 112-200 bits of key strength respectively Compliance:Compliant with IG D.G |
| FIPS provider Safe Primes Key Generation | Key Generation | Safe Primes Key Generation: (A5014) Asymmetric keygen (CKG): () Type: asymmetric | CKG | |
| FIPS provider Safe Primes Key Verification | Key Verification | Safe Primes Key Verification: (A5014) | AsymKeyPair- KeyVer | Groups:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, |
| FIPS provider KAS-FFC-SSC | Shared Secret Computation | KAS-FFC-SSC Sp800-56Ar3: (A5014) | KAS-SSC | Keys:2048, 3072, 4096, 6144, 8192-bit keys with 112-200 bits of key strength Compliance : Compliant with IG D.F scenario 2(1) |
| FIPS provider KAS-ECC-SSC | Shared Secret Computation | KAS-ECC-SSC Sp800-56Ar3: (A5018) | KAS-SSC | Curves:P-224, P-256, P-384, P-521 elliptic curves with 112-256 bits of key strength Compliance : Compliant with IG D.F scenario 2(1) |
| FIPS provider AES KW | Key Wrapping, Key Unwrapping | AES-KW: (A5004) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| FIPS provider AES KWP | Key Wrapping, Key Unwrapping | AES-KWP: (A5004) | KTS-Wrap | Keys:128, 192, 256-bit keys with 128, 192, 256 bits of key strength, respectively Compliance:Compliant with IG D.G |
| FIPS provider AES-ECB | Encryption/Decryption | AES-ECB: (A5004, A5019) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CTR | Encryption/Decryption | AES-CTR: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CBC | Encryption/Decryption | AES-CBC: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CBC-CS1 | Encryption/Decryption | AES-CBC-CS1: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CBC-CS2 | Encryption/Decryption | AES-CBC-CS2: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CBC-CS3 | Encryption/Decryption | AES-CBC-CS3: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CFB1 | Encryption/Decryption | AES-CFB1: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CFB8 | Encryption/Decryption | AES-CFB8: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CFB128 | Encryption/Decryption | AES-CFB128: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-XTS | Encryption/Decryption | AES-XTS Testing Revision 2.0: (A5004) | BC-UnAuth | Keys:128, 256 bits with 128 and 256 bits of key strength |
| FIPS provider AES-CCM (BC- Auth) | Authenticated Encryption/Decryption | AES-CCM: (A5004) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-GCM (BC- Auth) | Authenticated Encryption/Decryption | AES-GCM: (A5008) | BC-Auth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-OFB | Encryption/Decryption | AES-OFB: (A5004) | BC-UnAuth | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-CMAC | Message authentication code (MAC) | AES-CMAC: (A5004) | MAC | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider AES-GMAC | Message authentication code (MAC) | AES-GMAC: (A5008) | MAC | Keys:128, 192, 256 bits with 128-256 bits of key strength |
| FIPS provider Counter DRBG | Random Number Generation | Counter DRBG: (A5015) | DRBG | Compliance:Compliant with SP800-90ARev1 |
| FIPS provider Hash DRBG | Random Number Generation | Hash DRBG: (A5015) | DRBG | Compliance:Compliant with SP800-90ARev1 |
| FIPS provider HMAC DRBG | Random Number Generation | HMAC DRBG: (A5015) | DRBG | Compliance:Compliant with SP800-90ARev1 |
| FIPS provider ECDSA Key Generation | Key Generation | ECDSA KeyGen (FIPS186-5): (A5018) Asymmetric keygen (CKG): () Type: asymmetric | CKG | |
| FIPS provider ECDSA Key Verification | Key Verification | ECDSA KeyVer (FIPS186-5): (A5018) | AsymKeyPair- KeyVer | Curves:P-224, P-256, P-384, P-521 |
| FIPS provider ECDSA Signature Generation | Signature Generation | ECDSA SigGen (FIPS186-5): (A5018, A5020) | DigSig-SigGen | Curves:P-224, P-256, P-384, P-521 |
| FIPS provider ECDSA Signature Verification | Signature Verification | ECDSA SigVer (FIPS186-5): (A5018, A5020) | DigSig-SigVer | Curves:P-224, P-256, P-384, P-521 |
| FIPS provider EDDSA Key Generation | Key Generation | EDDSA KeyGen: (A5016) Asymmetric keygen (CKG): () Type: asymmetric | CKG | |
| FIPS provider EDDSA Signature Generation | Signature Generation | EDDSA SigGen: (A5016) | DigSig-SigGen | Curves:Ed25519, Ed448 |
| FIPS provider EDDSA Signature Verification | Signature Verification | EDDSA SigVer: (A5016) | DigSig-SigVer | Curves:Ed25519, Ed448 |
| FIPS provider RSA Key Generation | Key Generation | RSA KeyGen (FIPS186-5): (A5018) Asymmetric keygen (CKG): () Type: asymmetric | CKG | |
| FIPS provider RSA Signature Generation | Signature Generation | RSA SigGen (FIPS186-5): (A5018) | DigSig-SigGen | Keys:2048, 3072, 4096 keys with 112-150 bits of key strength respectively |
| FIPS provider RSA Signature Verification (Legacy) | Signature Verification using SHA-1 message digest | RSA SigGen (FIPS186-5): (A5018) | DigSig-SigVer | Keys:2048, 3072, 4096 keys with 112-150 bits of key strength respectively |
| FIPS provider RSA Signature Verification | Signature Verification | RSA SigVer (FIPS186-5): (A5018) | DigSig-SigVer | Keys:2048, 3072, 4096 keys with 112-150 bits of key strength respectively |
| FIPS provider HMAC | Message authentication code (MAC) | HMAC-SHA-1: (A5018) HMAC-SHA2- 224: (A5018) HMAC-SHA2- 256: (A5018) HMAC-SHA2- 384: (A5018) HMAC-SHA2- 512: (A5018) HMAC-SHA2- 512/224: (A5018) HMAC-SHA2- 512/256: (A5018) HMAC-SHA3- 224: (A5020) HMAC-SHA3- 256: (A5020) HMAC-SHA3- 384: (A5020) HMAC-SHA3- 512: (A5020) | MAC | Keys:112-256 bits with 112-256 bits of key strength |
| FIPS provider KMAC | Message authentication code (MAC) | KMAC-128: (A5020) KMAC-256: (A5020) | MAC | Keys:112-256 bits with 112-256 bits of key strength |
| FIPS provider Hashes | Hashing | SHA-1: (A5018) SHA2-224: (A5018) SHA2-256: (A5018) SHA2-384: (A5018) SHA2-512: (A5018) SHA2-512/224: (A5018) SHA2-512/256: (A5018) SHA3-224: (A5020) SHA3-256: (A5020) SHA3-384: (A5020) | SHA | |
| FIPS provider ANS 9.42 Key Derivation (CVL) | Key Derivation | KDF ANS 9.42: (A5018, A5020) | KAS-135KDF | OID:AES-128-KW, AES-192-KW, AES- 256-KW with 128, 192, 256 bits of key strength, respectively |
| FIPS provider ANS 9.63 Key Derivation (CVL) | Key Derivation | KDF ANS 9.63: (A5018) | KAS-135KDF | Key data length:128- 4096 bits |
| FIPS provider TLS 1.0 and 1.1 Key Derivation (CVL) | Key Derivation | KDF TLS: (A5018) | KAS-135KDF | Derived key:112-256 bits with 112-256 bits of key strength |
| FIPS provider TLS 1.2 Key Derivation (CVL) | Key Derivation | TLS v1.2 KDF RFC7627: (A5018) | KAS-135KDF | Derived key:112-256 bits with 112-256 bits of key strength |
| FIPS provider TLS 1.3 Key Derivation (CVL) | Key Derivation | TLS v1.3 KDF: (A5013) | KAS-135KDF | Derived key:112-256 bits with 112-256 bits of key strength |
| FIPS provider HKDF Key Derivation | Key Derivation | KDA HKDF Sp800-56Cr1: (A5013) | KAS-56CKDF | Derived key:112-256 bits with 112-256 bits of key strength |
| FIPS provider Password-based Key Derivation | Key Derivation | PBKDF: (A5018, A5020) | PBKDF | Derived key:112-4096 bits with 112-150 bits of key strength |
| FIPS provider OneStep Key Derivation | Key Derivation | KDA OneStep SP800-56Cr2: (A5012) | KAS-56CKDF | Derived key:2048 bits with 112 bits of key strength |
| FIPS provider TwoStep Key Derivation | Key Derivation | KDA TwoStep SP800-56Cr2: (A5012) | KAS-56CKDF | Derived key:2048 bits with 112 bits of key strength |
| FIPS provider KMAC Key Derivation | Key Derivation | KDF KMAC Sp800-108r1: (A5017) | KBKDF | Derived key:112-4096 bits with 112-150 bits of key strength |
| FIPS provider KBKDF Key Derivation | Key Derivation. | KDF SP800-108: (A5017) | KBKDF | Derived key:112-4096 bits with 112-150 bits of key strength |
| FIPS provider SSH Key Derivation | Key Derivation | KDF SSH: (A5019) | KAS-135KDF | Keys:128, 192, 256 bits with 128-256 bits of key strength |
Table 8: Non-Approved, Not Allowed Algorithms
Kernel AESCCM (KTSWrap) Kernel AESGCM (KTSWrap) © 2025 Ezurio / atsec information security.
Kernel AESCFB8 Kernel AESCFB128 Kernel AESCMAC © 2025 Ezurio / atsec information security.
Kernel AESGMAC © 2025 Ezurio / atsec information security.
AsymKeyPairKeyVer © 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
AsymKeyPairKeyVer © 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
Table 9: Security Function Implementations
AES-GCM encryption and decryption are used in the context of the TLS protocol version 1.2 and 1.3 using the FIPS provider component (corresponding to Scenario 1 and 5 of IG C.H), and in the context of IEEE 802.11 GCMP using the kernel/hardware components (corresponding to Scenario 5 of IG C.H). For IPsec, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The mechanism for IV generation is compliant with RFC 4106. IVs generated using this mechanism may only be used in the context of AES GCM encryption within the IPsec protocol. Alternatively, the Crypto Officer can use the module’s API to perform AES GCM encryption using internal IV generation. These IVs are always 96 bits and generated using the approved DRBG internal to the module’s boundary, compliant with Scenario 2 of FIPS 140-3 IG C.H. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the EVP_EncryptInit_ex2 API function with a non-NULL iv value. When this is the case, the API will set a non-approved service indicator.
For TLS v1.2, the module uses the context of Scenario 1 of IG C.H. The module is compliant with SP 80052rev2 section 3.3.1, and the mechanism for IV generation is compliant with RFC5288. For this compliance, the module’s implementation of the AES-GCM shall be used together with an application that negotiates the protocol session’s keys and the 32-bit nonce value of the IV. The setting of the counter portion of the IV is performed within the cryptographic boundary. The nonce explicit part of the IV does not exhaust the maximum number of possible values for a given session key. This condition is implicitly ensured by the design of the TLS protocol, in which the nonce_explicit is denied exhaustion by the control exerted by the protocol’s management logic (wherein the nonce_explicit is incremented per each TLS record). This management logic also implies that the probability of an exhaustion of all 264
For TLS 1.3, the AES GCM implementation uses the context of Scenario 5 of FIPS 140-3 IG C.H. The protocol that provides this compliance is TLS 1.3, defined in RFC8446 of August 2018, using the cipher-suites that © 2025 Ezurio / atsec information security.
explicitly select AES GCM as the encryption/decryption cipher (Appendix B.4 of RFC8446). The module supports acceptable AES GCM cipher suites from Section 3.3.1 of SP800-52r2. TLS 1.3 employs separate 64-bit sequence numbers, one for protocol records that are received, and one for protocol records that are sent to a peer. These sequence numbers are set at zero at the beginning of a TLS 1.3 connection and each time when the AES-GCM key is changed. After reading or writing a record, the respective sequence number is incremented by one. The protocol specification determines that the sequence number should not wrap, and if this condition is observed, then the protocol implementation must either trigger a re-key of the session (i.e., a new key for AESGCM) or terminate the connection. The module implements, within its boundary, an IV generation unit for TLS 1.3 that keeps control of the 64-bit counter value within the AES-GCM IV. The module explicitly ensures that the 64-bit counter is monotonically increasing at each invocation of the AES-GCM for the same encryption key, and that this counter does not exhaust all its possible values. If this exhaustion condition is observed, the module will return an error indication to the calling application who will then need to either trigger a re-key of the session (i.e., a new key for AES-GCM) or terminate the connection. The module will refuse a new AES-GCM encryption for the same key and IV under this scenario. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established.
The kernel component is in compliance with FIPS 140-3 IG C.H scenario 5 for the WPA2 protocol. Specifically, GCMP is defined in IEEE 802.11ac-2013. For IEEE 802.11 GCMP, the module implements an internal production unit logic that constructs the IV deterministically upon the initialization of a GCMP connection, and therefore the initialization of a GCM encryption context. In case the module's power is lost and then restored, the key used for AES GCM encryption or decryption shall be re-distributed.
The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 2 20 AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check to ensure that the two AES keys used in AES XTS mode are not identical. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.
The module provides password-based key derivation (PBKDF2), compliant with SP 800-132. The module supports option 1a from Section 5.4 of SP 800-132, in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance to SP 800-132 and FIPS 140-3 IG D.N, the following requirements shall be met: © 2025 Ezurio / atsec information security.
Kernel Component: The module offers ECDH shared secret computation services compliant to the SP 80056ARev3. In order to meet the required assurances listed in section 5.6 of SP 800-56ARev3, the module shall be used together with an application that implements the "IPsec protocol" and the following steps shall be performed. The entity using the module, must use the module's "key pair generation" service for generating ECDH ephemeral keys. The key generation service performs full public key validation. This meets the assurances required by key pair owner defined in the section 5.6.2.1 of SP 800-56ARev3. The consumer using the module doesn't need to obtain assurance of the peer's possession of private key as the module only makes use of ephemeral keys. As part of the module’s shared secret computation service, the module internally performs the public key validation on the peer's public key passed in as input to the SSC function. This meets the public key validity assurance required by the sections 5.6.2.2.1/5.6.2.2.2 of SP 800-56ARev3. FIPS provider Component: The module offers DH and ECDH shared secret computation services compliant to the SP 800-56ARev3. To comply with the assurances found in Section 5.6.2 of SP 800-56Ar3, the operator must use the module together with an application that implements the TLS protocol. Additionally, the module’s approved key pair generation service must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the full public key validation of the generated public key. The module’s shared secret computation service will internally perform the full public key validation of the peer public key, complying with Sections 5.6.2.2.1 and 5.6.2.2.2 of SP 800-56Ar3.
To comply with SP800-56Br2 assurances found in its Section 6 (specifically SP800-56Br2 Section 6.4 Required Assurances) the entity using the module must obtain required assurances listed in section 6.4 of SP 800-56Br2 by performing the following steps: 1. The entity requesting the RSA key un-encapsulation service from the module, shall only use an RSA private key that was generated by an active FIPS validated module that implements FIPS 186-5 compliant RSA key generation service and performs the key pair validity and the pairwise consistency as stated in © 2025 Ezurio / atsec information security.
section 6.4.1.1 of the SP 800-56Br2. Additionally, the entity shall renew these assurances over time by using any method described in section 6.4.1.5 of the SP 800-56Br2. 2. For use of an RSA key encapsulation service in the context of key transport per IG D.G the entity using the module shall: a. verify the validity of the peer’s public key using the public key validation service of the module (EVP_PKEY_check() API). b. confirm the peer’s possession of private key by using any method specified in section 6.4.2.3 of the SP 800-56Br2. Only after the above assurances are successfully met, shall the entity use the peer’s public key to perform the RSA key encapsulation service of the module.
To comply with the assurances found in Section 6.4 of SP 800-56Br2, the module’s approved RSA key pair generation service must be used to generate the RSA key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the key pair validity and the pairwise consistency according to section 6.4.1.1 of SP 800-56Br2. Additionally, the entity requesting the shared secret computation service shall verify the validity of the peer’s public key using the public key validation service of the module (EVP_PKEY_check() API). This service will perform the full public key validation of the peer’s public key, complying with Section 6.4.2.1 of SP 800-56Br2.
The module provides RSA signature generation and signature verification compliant with IG C.F. The module supports RSA modulus lengths of 2048, 3072, and 4096 bits for signature generation and 1024, 2048, 3072, and 4096 for signature verification. The RSA signature generation and signature verification implementations have been tested for all implemented RSA modulus lengths. The number of Miller-Rabin tests is consistent with the bit sizes of p and q from Table B.1 of FIPS 186-4.
The module provides SHA-3 and SHAKE hash functions compliant with IG C.C. Every implementation of each SHA-3 and SHAKE functions were tested and validated on all of the module’s operating environments. SHA-3 hash functions are also used as part of a higher-level algorithm for HMAC. SHAKE functions are only used a standalone algorithms.
© 2025 Ezurio / atsec information security.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Summit CPU Time Jitter RNG Entropy Source | Non- Physical | 256 bits | Summit Linux 11.1 on Microchip SAMA5D3 ATSAMA5D31 and Linux 11.1 on Microchip SAMA5D3 ATSAMA5D36 | full entropy | A4713 (SHA3-256) |
| Cert | Vendor | ||
|---|---|---|---|
| Number | Name | ||
| E119 | Ezurio |
SHA-1 from FIPS provider Message Digest service is only approved for non-digital-signature uses. SHA-1 used within Digital Signature Verification is considered Legacy (approved) per IG C.M. Algorithms designated as “Legacy” can only be used on data that was generated prior to the Legacy Date specified in FIPS 140-3 IG C.M. Table 10: Entropy Certificates NonPhysical Table 11: Entropy Sources The module implements multiple DRBGs compliant with SP800-90A for random number generation and the creation of key components of asymmetric keys. The kernel component of the module implements a CTR_DRBG while the FIPS provider component of the module implements a CTR_DRBG, Hash_DRBG and HMAC_DRBG. Each of these DRBG is seeded with full entropy using an entropy source listed in the above table. For internal usage, module uses an SP800-90Ar1 CTR_DRBG with AES-256 as the default DRBG in both the Kernel and the FIPS Provider components. Note: Per FIPS 140-3 IG C.L please make sure to select the appropriate hash function when instantiating HMAC or Hash DRBG based on the minimum-security strength required for the generated random bits.
For generating RSA, ECDSA, Diffie-Hellman, EC Diffie-Hellman keys for the FIPS provider component and ECDSA keys for Kernel component, the module implements asymmetric key generation services compliant with FIPS186-5 or SP800-56Arev3 as applicable and using a DRBG compliant with SP800-90A. The random value used in asymmetric key generation is obtained from the DRBG. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per Section 4 of SP800-133rev2 (vendor affirmed). Additionally, the module implements the following key derivation methods according to section 6.2 of SP 800133r2:
The module implements following key establishments methods that are listed in the Security Function Implementations table: - shared secret computation for KAS-IFC-SSC, KAS-FFC-SSC KAS-ECC-SSC - key transport for KTS-IFC and KTS-Wrap
Only the Key Derivation Functions have been validated by the CAVP No other part of the SSH, IKE or TLS protocols are implemented or have been tested by the CAVP and CMVP. For DH, the module supports the use of the safe primes defined in RFC 3526 (IKE) and RFC 7919 (TLS) as listed in Approved Services table. Note that the module only implements key pair generation, key pair verification, and shared secret computation. SSH KDF, TLS 1.0/1.1 KDF, TLS 1.2 KDF (RFC 7627), TLS 1.3 KDF implementations shall only be used to generate secret keys in the context of the SSH, TLS 1.0/1.1, TLS 1.2, or TLS 1.3 protocols, respectively. Note that TLS 1.2 KDF must be compliant with RFC 7627 to be considered approved. ANS X9.42 KDF and ANS X9.63 KDF implementations shall only be used to generate secret keys in the context of an ANS X9.42-2001 resp. ANS X9.63-2001 key agreement scheme. © 2025 Ezurio / atsec information security.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API data input parameters, AF_ALG type sockets (kernel component) |
| N/A | N/A | Data Output | API output parameters, AF_ALG type sockets (kernel component) |
| N/A | N/A | Control Input | API function calls, API control input parameters, AF_ALG type sockets (kernel component), kernel command line (kernel component) |
| N/A | N/A | Status Output | API return values, error queue (FIPS provider component), AF_ALG type sockets (kernel component), kernel logs (kernel component) |
| N/A | N/A | Power | The hardware component of the module receives power from the circuit board on which the module is installed. The power input is not applicable for the firmware components. |
N/A N/A N/A N/A N/A Table 12: Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design. © 2025 Ezurio / atsec information security.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | Crypto Officer | Role | None | ||||||
| Kernel Encryptio n | Encryptio n | Crypto Officer - Kernel AES key: W,E | Kernel AES- ECB Kernel AES- CTR Kernel AES- CBC Kernel AES- CBC- CS3 Kernel AES- CFB8 Kernel AES- CFB128 Kernel AES- XTS Kernel AES- OFB | crypto_skcipher_setkey returns 0 | AES key, plaintext | ciphertex t |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | Crypto Officer | Role | None | ||||||
| Kernel Encryptio n | Encryptio n | Crypto Officer - Kernel AES key: W,E | Kernel AES- ECB Kernel AES- CTR Kernel AES- CBC Kernel AES- CBC- CS3 Kernel AES- CFB8 Kernel AES- CFB128 Kernel AES- XTS Kernel AES- OFB | crypto_skcipher_setkey returns 0 | AES key, plaintext | ciphertex t | |||
| Kernel Decryptio n | Decryptio n | Crypto Officer - Kernel AES key: W,E | Kernel AES- ECB Kernel AES- CTR Kernel AES- CBC Kernel AES- CBC- CS3 Kernel AES- CFB8 Kernel AES- CFB128 Kernel AES- XTS Kernel AES- OFB | crypto_skcipher_setkey returns 0 | AES key, ciphertex t | plaintext | |||
| Kernel Authentic ated Encryptio n | Encryptio n | Crypto Officer - Kernel AES key: W,E | Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | crypto_aead_setkey returns 0 | AES key, IV, plaintext | ciphertex t | |||
| Kernel Authentic ated Decryptio n | Decryptio n | Crypto Officer - Kernel AES key: W,E | Kernel AES- CCM (BC- Auth) Kernel AES- GCM | crypto_aead_setkey returns 0 | AES key, IV, MAC tag, ciphertex t | plaintext | |||
| Kernel key wrapping | Wrap a key | Crypto Officer - Kernel AES key: W,E | Kernel AES- CCM (KTS- Wrap) Kernel AES- GCM (KTS- Wrap) Kernel AES CBC with HMAC Kernel AES CTR with HMAC | crypto_skcipher_setkey returns 0; crypto_aead_setkey returns 0; crypto_shash_init returns 0 | AES key, key to be wrapped | wrapped key | |||
| Kernel key unwrappin g | unwrap a key | Crypto Officer - Kernel AES key: W,E | Kernel AES- CCM (KTS- Wrap) Kernel AES- GCM (KTS- Wrap) Kernel AES CBC with HMAC Kernel AES CTR with HMAC | crypto_skcipher_setkey returns 0; crypto_aead_setkey returns 0; crypto_shash_init returns 0 | AES key, key to be unwrapp ed | unwrapp ed key | |||
| Kernel AES Message Authentic ation | compute a MAC tag | Crypto Officer - Kernel AES key: W,E | Kernel AES- CMAC Kernel AES- GMAC | crypto_shash_init returns 0 | AES key, message | MAC tag | |||
| Kernel HMAC Message Authentic ation | compute a MAC tag | Crypto Officer - Kernel HMAC key: W,E | Kernel HMAC | crypto_shash_init returns 0 | HMAC key, message | MAC tag | |||
| Kernel Message Digest | compute a message digest | Crypto Officer | Kernel Hashes | crypto_shash_init returns 0 | message | digest value | |||
| Kernel ECC Shared Secret Computati on | compute a shared secret | Crypto Officer - Kernel EC public key: W,E - Kernel EC private key: W,E - Kernel shared secret: W,E | Kernel KAS- ECC- SSC | crypto_kpp_compute_shared_se cret returns 0 | EC public key, EC private key | Shared Secret | |||
| Kernel Random Number Generatio n | generate random bytes | Crypto Officer - Entropy input: W,E - DRBG seed: G,E - Internal state (V, C): G,W,E | Kernel Counter DRBG | crypto_rng_get_bytes returns 0 | output length | random data | |||
| Kernel EC Key generation | generate key pair | Crypto Officer - Kernel EC public key: G,R - Kernel EC private key: G,R - Kernel | Kernel ECDSA Key Generati on | crypto_kpp_set_secret and crypto_kpp_generate_public_ke y return 0 | Curve | EC keys | |||
| FIPS provider Message Digest | compute a message digest | Crypto Officer | FIPS provider Hashes | _SUMMIT_FIPS_INDICATOR_ APPROVED | message | digest value | |||
| FIPS provider Encryptio n | Encrypt plaintext | Crypto Officer - FIPS provider AES Key: W,E | FIPS provider AES- CTR FIPS provider AES- CBC FIPS provider AES- ECB FIPS provider AES- CBC- CS1 FIPS provider AES- CBC- CS2 FIPS provider AES- CBC- CS3 FIPS provider AES- CFB1 FIPS provider AES- | _SUMMIT_FIPS_INDICATOR_ APPROVED | AES key, plaintext | ciphertex t | |||
| FIPS provider Decryptio n | Decrypt ciphertex t | Crypto Officer - FIPS provider AES Key: W,E | FIPS provider AES- CTR FIPS provider AES- CBC FIPS provider AES- ECB FIPS provider AES- CBC- CS1 FIPS provider AES- CBC- CS2 FIPS provider AES- CBC- CS3 FIPS provider AES- | _SUMMIT_FIPS_INDICATOR_ APPROVED | AES key, ciphertex t | plaintext | |||
| FIPS provider Authentic ated Encryptio n | Encrypt plaintext | Crypto Officer - FIPS provider AES Key: W,E | FIPS provider AES- CCM (BC- Auth) FIPS provider AES- GCM (BC- Auth) | _SUMMIT_FIPS_INDICATOR_ APPROVED | AES key, IV, plaintext | ciphertex t | |||
| FIPS provider Authentic ated Decryptio n | Decrypt ciphertex t | Crypto Officer - FIPS provider AES Key: W,E | FIPS provider AES- CCM (BC- Auth) FIPS provider AES- GCM (BC- Auth) | _SUMMIT_FIPS_INDICATOR_ APPROVED | AES key, IV, MAC tag, ciphertex t | plaintext | |||
| FIPS provider AES Message Authentic ation | compute a MAC tag | Crypto Officer - FIPS provider AES Key: W,E | FIPS provider AES- CMAC FIPS provider AES- GMAC | _SUMMIT_FIPS_INDICATOR_ APPROVED | AES key, message | MAC tag | |||
| FIPS provider HMAC Message Authentic ation | compute a MAC tag | Crypto Officer - FIPS provider HMAC key: W,E | FIPS provider HMAC | _SUMMIT_FIPS_INDICATOR_ APPROVED | HMAC key, message | MAC tag | |||
| FIPS provider FFC Shared Secret Computati on | compute a shared secret | Crypto Officer - FIPS provider DH public key: W,E - FIPS provider DH private key: W,E | FIPS provider KAS- FFC- SSC | _SUMMIT_FIPS_INDICATOR_ APPROVED | DH private key, DH public key | Shared Secret | |||
| FIPS provider ECC Shared Secret Computati on | compute a shared secret | Crypto Officer - FIPS provider EC public key: W,E - FIPS provider EC private key: W,E - FIPS provider shared secret: W,E | FIPS provider KAS- ECC- SSC | _SUMMIT_FIPS_INDICATOR_ APPROVED | EC public key, EC private key | Shared Secret | |||
| FIPS provider IFC Shared Secret | compute a shared secret | Crypto Officer - FIPS provider RSA public | FIPS provider KAS- IFC-SSC | _SUMMIT_FIPS_INDICATOR_ APPROVED | RSA public key, RSA private key | Shared Secret | |||
| Computati on | key: W,E - FIPS provider RSA private key: W,E - FIPS provider shared secret: W,E | ||||||||
| FIPS provider Key Derivation | derive a key | Crypto Officer - FIPS provider shared secret: W,E - FIPS provider derived key: G,R - FIPS provider key- derivation key: W,E - FIPS provider AES Derived Key: G,R - FIPS provider HMAC Derived Key: G,R - FIPS provider 802.11 Pre- shared key (PSK): W,E - FIPS provider 802.11 Pairwise | FIPS provider ANS 9.42 Key Derivati on (CVL) FIPS provider ANS 9.63 Key Derivati on (CVL) FIPS provider HKDF Key Derivati on FIPS provider OneStep Key Derivati on FIPS provider TwoSte p Key Derivati on | _SUMMIT_FIPS_INDICATOR_ APPROVED | Shared secret | derived key | |||
| FIPS provider KMAC Key Derivati on FIPS provider KBKDF Key Derivati on FIPS provider SSH Key Derivati on | Master Key (PMK): W,E - FIPS provider 802.11 KDF Internal State: R - FIPS provider 802.11 Temporal Keys: W,E - FIPS provider 802.11 MIC keys (KCK): W,E - FIPS provider 802.11 Key Encryption Key (KEK): W,E - FIPS provider 802.11 Group Temporal Key (GTK): W,E | FIPS provider KMAC Key Derivati on FIPS provider KBKDF Key Derivati on FIPS provider SSH Key Derivati on | |||||||
| FIPS provider Key Derivation (FIPS provider TLS master secret) | derive a TLS master secret | Crypto Officer - FIPS provider TLS pre- master secret: W,E - FIPS provider TLS master secret: G,R | FIPS provider TLS 1.0 and 1.1 Key Derivati on (CVL) FIPS provider TLS 1.2 Key | _SUMMIT_FIPS_INDICATOR_ APPROVED | FIPS provider TLS pre- master secret | ||||
| FIPS provider Key Derivation (FIPS provider derived key) | derive a key used for session establish ment | Crypto Officer - FIPS provider TLS master secret: W,E - FIPS provider derived key: G,R | FIPS provider TLS 1.0 and 1.1 Key Derivati on (CVL) FIPS provider TLS 1.2 Key Derivati on (CVL) FIPS provider TLS 1.3 Key Derivati on (CVL) | _SUMMIT_FIPS_INDICATOR_ APPROVED | FIPS provider TLS master secret | FIPS provider derived key | |||
| FIPS provider Password- based key derivation | derive a key from a password | Crypto Officer - FIPS provider derived key: G,R - FIPS provider Password: W,E | FIPS provider Passwor d-based Key Derivati on | _SUMMIT_FIPS_INDICATOR_ APPROVED | password | derived key | |||
| FIPS provider SafePrime key generation | generate a key pair | Crypto Officer - FIPS provider module generated DH public key: G,R - FIPS provider module generated DH private key: G,R - FIPS provider Intermediat e Key Generation Value: G,R | FIPS provider Safe Primes Key Generati on | _SUMMIT_FIPS_INDICATOR_ APPROVED | DH- Group | Module generate d Dh private key, Module generate d DH public key | |||
| FIPS provider EC Key generation | generate a key pair | Crypto Officer - FIPS provider module generated EC public key: G,R - FIPS provider module generated EC private key: G,R - FIPS provider Intermediat e Key Generation Value: G,R | FIPS provider ECDSA Key Generati on FIPS provider EDDSA Key Generati on | _SUMMIT_FIPS_INDICATOR_ APPROVED | Curve | Module Generate d EC Private Key, Module Generate d EC Public Key | |||
| FIPS provider | generate a key pair | Crypto Officer - FIPS | FIPS provider RSA | _SUMMIT_FIPS_INDICATOR_ APPROVED | Modulus | Module Generate d RSA | |||
| RSA key generation | provider module generated RSA private key: G,R - FIPS provider module generated RSA public key: G,R - FIPS provider Intermediat e Key Generation Value: G,R | Key Generati on | Private Key, Module Generate d RSA Public Key | ||||||
| FIPS provider SafePrime Key Verificatio n | verify key pair | Crypto Officer - FIPS provider DH public key: W - FIPS provider DH private key: W | FIPS provider Safe Primes Key Verifica tion | _SUMMIT_FIPS_INDICATOR_ APPROVED | DH Private key, DH public key | Pass/fail | |||
| FIPS provider EC Key Verificatio n | verify key pair | Crypto Officer - FIPS provider EC public key: W - FIPS provider EC private key: W | FIPS provider ECDSA Key Verifica tion | _SUMMIT_FIPS_INDICATOR_ APPROVED | EC public key, EC private key | Pass/fail | |||
| FIPS provider Key wrapping | wrap a key | Crypto Officer - FIPS provider AES Key: W,E | FIPS provider AES- CCM (KTS- Wrap) | _SUMMIT_FIPS_INDICATOR_ APPROVED | AES key, key to be wrapped | wrapped key | |||
| FIPS provider Key unwrappin g | unwrap a key | Crypto Officer - FIPS provider AES Key: W,E | FIPS provider AES- CCM (KTS- Wrap) FIPS provider AES- GCM (KTS- Wrap) FIPS provider AES KW FIPS provider AES KWP | _SUMMIT_FIPS_INDICATOR_ APPROVED | AES key, key to be unwrapp ed | unwrapp ed key | |||
| FIPS provider RSA Signature Verificatio n | verify digital signature | Crypto Officer - FIPS provider RSA public key: W,E | FIPS provider RSA Signatur e Verifica tion | _SUMMIT_FIPS_INDICATOR_ APPROVED | RSA public key, signature , hash algorith m | Pass/fail | |||
| FIPS provider EC Signature Verificatio n | verify digital signature | Crypto Officer - FIPS provider EC public key: W,E | FIPS provider ECDSA Signatur e Verifica tion FIPS provider EDDSA Signatur e Verifica tion | _SUMMIT_FIPS_INDICATOR_ APPROVED | Message, EC public key, signature , hash algorith m (ECDSA only) | Pass/fail | |||
| FIPS provider EC Signature Generatio n | generate digital signature | Crypto Officer - FIPS provider EC private key: W,E | FIPS provider ECDSA Signatur e Generati on FIPS provider EDDSA Signatur e Generati on | _SUMMIT_FIPS_INDICATOR_ APPROVED | Message, EC public key, signature , hash algorith m (ECDSA only) | signature | |||
| FIPS provider RSA Signature Generatio n | generate digital signature | Crypto Officer - FIPS provider RSA private key: W,E | FIPS provider RSA Signatur e Generati on | _SUMMIT_FIPS_INDICATOR_ APPROVED | Message, RSA public key, signature , hash algorith m | signature | |||
| FIPS provider RSA Signature Verificatio n (Legacy) | verify a digital signature using SHA-1 message digest | Crypto Officer - FIPS provider RSA public key: W,E | FIPS provider RSA Signatur e Verifica | _SUMMIT_FIPS_INDICATOR_ APPROVED | Message, RSA public key, signature , hash | signature | |||
| algorith m | tion (Legacy) | algorith m | |||||||
| FIPS provider Random Number Generatio n | generate random bytes | Crypto Officer - Entropy input: W,E - DRBG seed: G,E - Internal State (V, Key): G,W,E - Internal state (V, C): G,W,E | FIPS provider Counter DRBG FIPS provider Hash DRBG FIPS provider HMAC DRBG | _SUMMIT_FIPS_INDICATOR_ APPROVED | output length | random bytes | |||
| FIPS provider key encapsulat ion | KTS | Crypto Officer - FIPS provider RSA public key: W,E | FIPS provider KTS- IFC | _SUMMIT_FIPS_INDICATOR_ APPROVED | RSA public key | Encapsul ated key | |||
| FIPS provider key decapsulat ion | KTS | Crypto Officer - FIPS provider RSA private key: W,E | FIPS provider KTS- IFC | _SUMMIT_FIPS_INDICATOR_ APPROVED | RSA private key | Decapsul ated key | |||
| FIPS provider KMAC Message Authentic ation | MAC | Crypto Officer | FIPS provider KMAC | _SUMMIT_FIPS_INDICATOR_ APPROVED | KMAC key | Mac tag | |||
| Show version | Return the module name and version informati on | Unauthenti cated | None | None | N/A | module name and version | |||
| Show status | return module status | Unauthenti cated | None | None | N/A | module status | |||
| Self-Tests | perform CASTs and integrity test | Unauthenti cated | None | None | N/A | Pass/Fail | |||
| Zeroizatio n | zeroize all SSPs | Crypto Officer - Kernel AES key: Z - FIPS provider AES Key: Z - Kernel HMAC key: Z - Kernel shared secret: Z - FIPS provider shared secret: Z - Entropy input: Z - DRBG seed: Z - Internal State (V, Key): Z - Internal state (V, C): Z - FIPS provider DH public key: Z - FIPS provider DH private key: Z - Kernel EC public key: Z | None | None | Any SSP | N/A |
Table 13: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module. No support is provided for multiple concurrent operators.
n n t AESECB AESCTR AESCBC AESCBCCS3 AESCFB8 AESCFB128 AESXTS AESOFB W,E © 2025 Ezurio / atsec information security.
n n t n n t n n t AESECB AESCTR AESCBC AESCBCCS3 AESCFB8 AESCFB128 AESXTS AESOFB AESCCM (BCAuth) AESGCM (BCAuth) AESCCM (BCAuth) AESGCM W,E W,E W,E © 2025 Ezurio / atsec information security.
g (BCAuth) AESCCM (KTSWrap) AESGCM (KTSWrap) AESCCM (KTSWrap) AESGCM (KTSWrap) W,E W,E © 2025 Ezurio / atsec information security.
AESCMAC AESGMAC KASECCSSC n W,E W,E W,E W,E G,W,E G,R G,R © 2025 Ezurio / atsec information security.
n t AESCTR AESCBC AESECB AESCBCCS1 AESCBCCS2 AESCBCCS3 AESCFB1 G,E,Z W,E © 2025 Ezurio / atsec information security.
n t t AESCFB128 AESXTS AESOFB AESCTR AESCBC AESECB AESCBCCS1 AESCBCCS2 AESCBCCS3 W,E © 2025 Ezurio / atsec information security.
n t n t t AESCFB8 AESCFB128 AESXTS AESOFB AESCCM (BCAuth) AESGCM (BCAuth) AESCCM (BCAuth) AESGCM (BCAuth) W,E W,E © 2025 Ezurio / atsec information security.
AESCMAC AESGMAC KASFFCSSC KASECCSSC KASIFC-SSC W,E W,E W,E W,E © 2025 Ezurio / atsec information security.
keyderivation © 2025 Ezurio / atsec information security.
TLS premaster W,E W,E W,E W,E TLS premaster © 2025 Ezurio / atsec information security.
Passwordbased key a W,E © 2025 Ezurio / atsec information security.
DHGroup © 2025 Ezurio / atsec information security.
n n AESCCM (KTSWrap) W W W,E © 2025 Ezurio / atsec information security.
g n m AESGCM (KTSWrap) AESCCM (KTSWrap) AESGCM (KTSWrap) e W,E © 2025 Ezurio / atsec information security.
n m n m n m e e e e e e W,E W,E © 2025 Ezurio / atsec information security.
m n KTSIFC KTSIFC N/A N/A G,W,E G,W,E © 2025 Ezurio / atsec information security.
N/A N/A n Z Z Z © 2025 Ezurio / atsec information security.
Z Z Z © 2025 Ezurio / atsec information security.
keyderivation Table 14: Approved Services The table above lists the approved services. The following convention is used to specify access rights to SSPs: Generate (G): The module generates or derives the SSP. Read (R): The SSP is read from the module (e.g. the SSP is output). Write (W): The SSP is updated, imported, or written to the module. Execute (E): The module uses the SSP in performing a cryptographic operation. Zeroize (Z): The module zeroizes the SSP. To interact with the FIPS provider component of the module, a calling application must use the EVP API layer provided by OpenSSL. This layer will delegate the request to the FIPS provider, which will in turn perform the requested service. The EVP_KDF_CTX_get_params() function can be used to determine whether an EVP API © 2025 Ezurio / atsec information security.
| Name | Description | Roles | Approved Functions |
|---|---|---|---|
| FIPS provider PBKDF with salt length less than 128 bits | Key derivation | CO | FIPS provider PBKDF with salt length less than 128 bits |
| FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS | Key derivation | CO | FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS |
| FIPS provider TLSv1.2 KDF without using EMS | Key derivation | CO | FIPS provider TLSv1.2 KDF without using EMS |
| FIPS provider AES-GCM using EVP_EncryptInit_ex2 | Encryption/Decryption using AES- GCM and externally generated IV | CO | FIPS provider AES GCM using externally generated IV |
function is approved. After a cryptographic service was performed by the module, the API context associated with this request can contain a parameter (listed below) which represents the approved service indicator.
Table 15: Non-Approved Services © 2025 Ezurio / atsec information security.
The integrity of the module’s firmware components (the kernel, the FIPS provider components and fipscheck application and library) is individually verified by the fipscheck integrity test tool using an HMAC-SHA2-256 implemented by the FIPS provider. The HMAC value of each firmware component is computed at build time and stored in the .hmac file for each component. The value is recalculated at runtime for the image of the kernel, for the FIPS provider binary and the fipscheck application and library, and then compared against the stored value in the file. If the comparison succeeds, then the remaining Known Answer Tests (KATs) for FIPS provider are performed. Then the kernel component executes its algorithm-specific Known Answer Tests. If the integrity test fails the module will enter the error state. Please see section 10.4 for details
Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity tests can be invoked on demand by unloading and subsequently re-initializing the module, which will perform (among others) the firmware integrity tests. The Self-Tests service can also be used to invoke the integrity test on-demand. © 2025 Ezurio / atsec information security.
Type of Operational Environment: Limited How Requirements are Satisfied: The firmware components of this module are executed in the Microchip/Atmel ATSAMA5D31 (Microprocessor Unit) and Microchip/Atmel ATSAMA5D36 (Microprocessor Unit), ARM Cortex A5-based (ARMv7) operational environments.
The module shall be installed as stated in Section 11.1. There are no security rules, settings or restrictions to the configuration of the operational environment. © 2025 Ezurio / atsec information security.
N/A for this module. The module is a firmware-hardware hybrid module. The module contains standard integrated circuits with a uniform exterior material and standard connectors. The module is enclosed within a production-grade enclosure with components that include standard passivation techniques (e.g., a conformal coating applied over the module's circuitry to protect against environmental or other physical damage) conformant to the Level 1 requirements for physical security. The physical security requirements do not apply to the firmware components of the module. © 2025 Ezurio / atsec information security.
This module does not implement any non-invasive security mechanism and therefore this section is not applicable. © 2025 Ezurio / atsec information security.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs. |
| Name | Type | From | To | ||
|---|---|---|---|---|---|
| API input parameters | Plaintext | Operating calling application (TOEPP) | Cryptographic module | Manual | Electronic |
| Kernel AF_ALG_type sockets (input) | Plaintext | Operating calling application (TOEPP) | Cryptographic module | Manual | Electronic |
| API output parameters | Plaintext | Cryptographic module | Operator calling application (TOEPP) | Manual | Electronic |
| Kernel AF_ALG type sockets (output) | Plaintext | Cryptographic module | Operator calling application (TOEPP) | Manual | Electronic |
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Kernel free cipher handle | Zeroizes the SSPs contained | Memory occupied by SSPs is overwritten with zeroes, which renders the | By calling the appropriate zeroization functions:- AES key: crypto_free_skcipher and crypto_free_aead; - HMAC key: |
Table 16: Storage Areas plaintext form. SSPs are provided to the module by the calling process and are destroyed when released by the appropriate zeroization function calls.
Table 17: SSP Input-Output Methods
© 2025 Ezurio / atsec information security.
| Name | Type | Description | Strength | Zeroization | Use | Operator Initiation crypto free shash and crypto free ahash; - DRBG Internal state: crypto free rng; - EC public & private key: crypto free kpp and crypto free akcipher |
|---|---|---|---|---|---|---|
| Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. All data output is inhibited during zeroization. The completion of the zeroization routine(s) indicate that the zeroization procedure succeeded | Zeroizes the SSPs | FIPS provider calling the zeroization API | By calling the appropriate zeroization functions: - EVP_CIPHER_CTX_free(): clears and frees symmetric cipher context; - EVP_MAC_CTX_free(): clears and frees MAC context; -EVP_KDF_CTX_free(): clears and frees KDF context; - EVP_RAND_CTX_free(): clears and frees DRBG context; - EVP_PKEY_free(): clears and frees asymmetric key pair structures | |||
| Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. All data output is inhibited during zeroization. | Zeroizes the SSPs | FIPS provider Automatic | Intermediate key generation value: zeroized automatically by the module (after the requested service completed) | |||
| Volatile memory used by the module is overwritten within nanoseconds when power is removed | De-allocates the volatile memory used to store SSPs | Remove power from the module | By removing power | |||
| Kernel AES key | Symmetric Key - CSP | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits - 128, 192, 256 bits | Kernel AES- CCM (KTS- Wrap) |
| Name | Type | Description | Strength | Zeroization | Use | Operator Initiation crypto free shash and crypto free ahash; - DRBG Internal state: crypto free rng; - EC public & private key: crypto free kpp and crypto free akcipher |
|---|---|---|---|---|---|---|
| Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. All data output is inhibited during zeroization. The completion of the zeroization routine(s) indicate that the zeroization procedure succeeded | Zeroizes the SSPs | FIPS provider calling the zeroization API | By calling the appropriate zeroization functions: - EVP_CIPHER_CTX_free(): clears and frees symmetric cipher context; - EVP_MAC_CTX_free(): clears and frees MAC context; -EVP_KDF_CTX_free(): clears and frees KDF context; - EVP_RAND_CTX_free(): clears and frees DRBG context; - EVP_PKEY_free(): clears and frees asymmetric key pair structures | |||
| Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. All data output is inhibited during zeroization. | Zeroizes the SSPs | FIPS provider Automatic | Intermediate key generation value: zeroized automatically by the module (after the requested service completed) | |||
| Volatile memory used by the module is overwritten within nanoseconds when power is removed | De-allocates the volatile memory used to store SSPs | Remove power from the module | By removing power | |||
| Kernel AES key | Symmetric Key - CSP | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits - 128, 192, 256 bits | Kernel AES- CCM (KTS- Wrap) |
Table 18: SSP Zeroization Methods AESCCM (KTSWrap) © 2025 Ezurio / atsec information security.
| Name | Type | Establishment | Generate |
|---|---|---|---|
| Category | Category | ed By | d By |
AESGCM (KTSWrap) AESCBC-CS3 AESCFB8 AESCFB128 AESCCM (BCAuth) AESGCM (BCAuth) © 2025 Ezurio / atsec information security.
| Name | Type | Description | Strength | Use | ||
|---|---|---|---|---|---|---|
| Kernel HMAC key | Authenticati on key - CSP | HMAC key | 112-256 bits - 112- 256 bits | Kernel AES CBC with HMAC Kernel AES CTR with HMAC Kernel HMAC | ||
| Kernel Intermedi ate Key Generatio n Value | Intermediate value - CSP | Intermediate key generation value | P-256, P-384 - 128, 192 bits | Kernel ECDSA Key Generatio n | Kernel ECDSA Key Generati on | |
| Kernel shared secret | Shared secret - CSP | Shared secret generated by ECDH | P-256, P-384 - 128 and 192 bits | Kernel KAS- ECC-SSC | Kernel KAS- ECC-SSC | |
| DRBG seed | Seed - CSP | DRBG seed derived from entropy input | CTR_DRBG:256,320 ,384 bits; HMAC or HASH DRBG: 440,888 bits - CTR_DRBG: 128,192,256 bits; HMAC or HASH DRBG: 128,256 bits | Kernel Counter DRBG FIPS provider Counter DRBG FIPS provider Hash DRBG FIPS provider HMAC DRBG | Kernel Counter DRBG FIPS provider Counter DRBG FIPS provider Hash DRBG FIPS provider HMAC DRBG | |
| Kernel EC public key | Public key - PSP | Public key used for ECDH | P-256, P-384 - 128, 192 bits | Kernel KAS- ECC-SSC | ||
| Kernel EC private key | Private key - CSP | Private key used for ECDH | P-256, P-384 - 128, 192 bits | Kernel KAS- ECC-SSC |
KASECC-SSC AESGMAC n KASECC-SSC KASECC-SSC KASECC-SSC © 2025 Ezurio / atsec information security.
| Name | Type | Description | Strength | Use | |
|---|---|---|---|---|---|
| Entropy input | Entropy input - CSP | Entropy input used to seed the DRBGs | CTR_DRBG:192,288 ,384 bits; HMAC or HASH DRBG:240,384 bits - CTR_DRBG:192,288 ,384 bits; HMAC or HASH DRBG:240,384 bits | Kernel Counter DRBG FIPS provider Counter DRBG FIPS provider Hash DRBG FIPS provider HMAC DRBG | |
| Internal State (V, Key) | DRBG Internal state - CSP | Internal state of Counter DRBG and HMAC DRBG | CTR_DRBG: 256,320,384 bits; HMAC DRBG: 320,512,1024 bits - CTR_DRBG: 128,192,256 bits; HMAC DRBG: 128,256 bits | Kernel Counter DRBG | Kernel Counter DRBG FIPS provider Counter DRBG |
| Internal state (V, C) | DRBG Internal state - CSP | Internal state of Hash DRBG | HASH DRBG:888,1776 bits - HASH DRBG:128,256 bits | FIPS provider Hash DRBG | FIPS provider Hash DRBG |
| FIPS provider AES Key | Symmetric Key - CSP | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits - 128, 192, 256 bits | FIPS provider AES- CCM (KTS- Wrap) FIPS provider AES- GCM (KTS- Wrap) FIPS provider AES KWP FIPS |
C) AESCCM (KTSWrap) AESGCM (KTSWrap) © 2025 Ezurio / atsec information security.
| Name | Type | Establishment | Generate |
|---|---|---|---|
| Category | Category | ed By | d By |
AESCBC-CS1 AESCBC-CS2 AESCBC-CS3 AESCFB1 AESCFB8 AESCCM (BCAuth) AESGCM (BCAuth) © 2025 Ezurio / atsec information security.
| Name | Type | Description | Strength | Generation | Use | |
|---|---|---|---|---|---|---|
| FIPS provider HMAC key | Authenticati on key - CSP | HMAC key | 112-256 bits - 112- 256 bits | FIPS provider HMAC | ||
| FIPS provider shared secret | Shared secret - CSP | Shared secret generated by DH/ECDH | 224-8192 bits - 112- 256 bits | FIPS provider ANS 9.42 Key Derivatio n (CVL) FIPS provider ANS 9.63 Key Derivatio n (CVL) FIPS provider TLS 1.0 and 1.1 Key Derivatio | FIPS provider KAS- FFC-SSC FIPS provider KAS- ECC-SSC | |
| FIPS provider TLS pre- master secret | Shared secret - CSP | Shared secret used for deriving TLS master secret | 224-8192 bits - 112- 256 bits | FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS | FIPS provider KAS- FFC-SSC FIPS provider KAS- ECC-SSC | |
| FIPS provider TLS master secret | Shared secret - CSP | Shared secret used for the establishment of encrypted session | 256 bits - 112-256 bits based on the TLS pre-master secret used | FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) | FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) | |
| FIPS provider DH public key | Public key - PSP | Public key used for DH | 2048, 3072, 4096, 6144, 8192 bits - 112-200 bits | FIPS provider KAS- FFC-SSC | ||
| FIPS provider DH private key | Private key - CSP | Private key used for DH | 2048, 3072, 4096, 6144, 8192 bits - 112-200 bits | FIPS provider KAS- FFC-SSC | ||
| FIPS provider EC public key | Public key - PSP | Public key used for ECDH and ECDSA | P-224, P-256, P-384, P-521; Ed25519, Ed448 - 112, 128, 192, 256 bits | FIPS provider KAS- ECC-SSC FIPS | ||
| FIPS provider EC private key | Private key - CSP | Private key used for ECDH and ECDSA | P-224, P-256, P-384, P-521; Ed25519, Ed448 - 112, 128, 192, 256 bits | FIPS provider KAS- ECC-SSC FIPS provider ECDSA Signature Generatio n FIPS provider EDDSA Signature Generatio n | ||
| FIPS provider module generated DH public key | Public key - PSP | DH public key generated by the module | 2048, 3072, 4096, 6144, 8192 bits - 112-200 bits | FIPS provider Safe Primes Key Generati on | FIPS provider KAS- FFC-SSC | |
| FIPS provider module generated | Private key - CSP | DH private key generated by the module | 2048, 3072, 4096, 6144, 8192 bits - 112-200 bits | FIPS provider Safe Primes | FIPS provider KAS- FFC-SSC | |
| DH private key | Key Generati on | |||||
| FIPS provider module generated EC public key | Public key - PSP | EC public key generated by the module | P-224, P-256, P-384, P-521; Ed25519, Ed448 - 128-256 bits | FIPS provider ECDSA Key Generati on FIPS provider EDDSA Key Generati on | FIPS provider KAS- ECC-SSC FIPS provider ECDSA Signature Verificati on FIPS provider EDDSA Signature Verificati on | |
| FIPS provider module generated EC private key | Private key - CSP | EC private key generated by the module | P-224, P-256, P-384, P-521; Ed25519, Ed448 (128, 192 bits) - 128-256 bits | FIPS provider ECDSA Key Generati on FIPS provider EDDSA Key Generati on | FIPS provider KAS- ECC-SSC FIPS provider ECDSA Signature Generatio n FIPS provider EDDSA Signature Generatio n | |
| FIPS provider RSA public key | Public key - PSP | Public key used for RSA signature generation | 2048, 3072, 4096 bits - 112, 128, 150 bits | FIPS provider RSA Signature Verificati on | ||
| FIPS provider RSA | Private key - CSP | Private key used for RSA signature generation | 2048, 3072, 4096 bits - 112, 128, 150 bits | FIPS provider RSA |
AESCMAC AESGMAC n KASFFC-SSC KASECC-SSC © 2025 Ezurio / atsec information security.
TLS premaster KASFFC-SSC KASECC-SSC n n n n © 2025 Ezurio / atsec information security.
KASFFC-SSC KASFFC-SSC KASECC-SSC © 2025 Ezurio / atsec information security.
KASECC-SSC n n KASFFC-SSC KASFFC-SSC © 2025 Ezurio / atsec information security.
KASECC-SSC KASECC-SSC n n © 2025 Ezurio / atsec information security.
| Name | Type | Description | Strength | Generation | Use | |
|---|---|---|---|---|---|---|
| private key | Signature Generatio n | |||||
| FIPS provider module generated RSA public key | Public key - PSP | RSA public key generated by the module | 2048, 3072, 4096 bits - 112, 128, 150 bits | FIPS provider RSA Key Generati on | FIPS provider RSA Key Generatio n | |
| FIPS provider module generated RSA private key | Private key - CSP | RSA private key generated by the module | 2048, 3072, 4096 bits - 112, 128, 150 bits | FIPS provider RSA Key Generati on | FIPS provider RSA Key Generatio n | |
| FIPS provider Intermedi ate Key Generatio n Value | Intermediate value - CSP | Intermediate key generation value | 224-4096 bits - 112- 256 bits | FIPS provider Safe Primes Key Generati on FIPS provider ECDSA Key Generati on FIPS provider EDDSA Key Generati on FIPS provider RSA Key Generati on | FIPS provider Safe Primes Key Generatio n FIPS provider ECDSA Key Generatio n FIPS provider EDDSA Key Generatio n FIPS provider RSA Key Generatio n | |
| FIPS provider derived key | Symmetric key - CSP | Symmetric key derived from a key-derivation | 112-4096 bits - 112- 256 bits | FIPS provider ANS 9.42 Key | FIPS provider ANS 9.42 Key |
n n n n n n n © 2025 Ezurio / atsec information security.
| Name | Type | Description | Establishment | Use | Generate | |
|---|---|---|---|---|---|---|
| Category | Category | ed By | d By | |||
| key, shared secret, or password | key, shared secret, or password | Derivatio n (CVL) FIPS provider ANS 9.63 Key Derivatio n (CVL) FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) FIPS provider HKDF Key Derivatio n FIPS provider Password -based Key Derivatio n FIPS provider OneStep Key | Derivatio n (CVL) FIPS provider ANS 9.63 Key Derivatio n (CVL) FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) FIPS provider HKDF Key Derivatio n FIPS provider Password -based Key Derivatio n FIPS provider OneStep Key |
n n n n © 2025 Ezurio / atsec information security.
| Name | Type | Description | Strength | Use | Derivatio n FIPS provider Two Step Key Derivatio n FIPS provider KMAC Key Derivatio n FIPS provider KBKDF Key Derivatio n FIPS provider SSH Key Derivatio n |
|---|---|---|---|---|---|
| FIPS provider key- derivation key | Symmetric key - CSP | Symmetric key used to derive symmetric keys | 112-4096 bits - 112- 256 bits | FIPS provider KMAC Key Derivatio n FIPS provider KBKDF Key Derivatio n | |
| FIPS provider Password | Password - CSP | Password used to derive symmetric keys | 8-128 characters - N/A | FIPS provider Password -based Key Derivatio n | |
| FIPS provider AES Derived Key | Symmetric Key - CSP | AES key used for encryption, decryption, and computing MAC tags | 128, 192, 256 bits - 128, 192, 256 bits | FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) FIPS provider KBKDF Key Derivatio n | FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) FIPS provider KBKDF Key Derivatio n |
| FIPS provider HMAC Derived Key | Authenticati on Key - CSP | HMAC key | 112-256 bits - 112- 256 bits | FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) | FIPS provider TLS 1.0 and 1.1 Key Derivatio n (CVL) FIPS provider TLS 1.2 Key Derivatio n (CVL) FIPS provider TLS 1.3 Key Derivatio n (CVL) |
keyderivation n n n n n n n n n n n n n © 2025 Ezurio / atsec information security.
n n © 2025 Ezurio / atsec information security.
| Name | Type | Description | Strength | Use | |
|---|---|---|---|---|---|
| FIPS provider 802.11 Pre-shared key (PSK) | Pre-shared key - CSP | Used for pre- shared key authentication and session key establishment, as well as for 802.11 KDF | Up to 256 bits of length - Up to 256 bits | FIPS provider KBKDF Key Derivatio n | |
| FIPS provider 802.11 Pairwise Master Key (PMK) | Pairwise Master Key - CSP | Used for pre- shared key authentication and session key establishment, as well as for 802.11 KDF | 256 or 384 bits - 256 bits | FIPS provider KBKDF Key Derivatio n | |
| FIPS provider 802.11 Temporal Keys | Temporal Keys - CSP | AES-CCM or AES- GCM keys used for session encryption/decryp tion | 128 or 256 bits - 128 or 256 bits | Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | FIPS provider KBKDF Key Derivatio n |
| FIPS provider 802.11 MIC keys (KCK) | MIC keys - CSP | Key confirmation keys (KCK) used for message authentication during session establishment | 128 or 192 bits - 128 or 192 bits | FIPS provider KBKDF Key Derivatio n |
N/A - N/A n n n n n n n AESCCM (BCAuth) AESGCM (BCAuth) n © 2025 Ezurio / atsec information security.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | |
|---|---|---|---|---|---|---|---|---|---|
| FIPS provider 802.11 Key Encryptio n Key (KEK) | Key Encryption Key - CSP | Used for AES Key Wrapping of the 802.11 Group Temporal Key (GTK) | 128 or 256 bits - 128 or 256 bits | Kernel AES- CBC Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | Kernel AES-CBC Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | ||||
| FIPS provider 802.11 Group Temporal Key (GTK) | Group Temporal Key - CSP | 802.11 session key for broadcast communications | 128 to 256 bits - 128 to 256 bits | Kernel AES- CBC Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | Kernel AES-CBC Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | ||||
| Kernel AES key | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_type sockets (input) | For the duration of the service | |||||
| Kernel HMAC key | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_type sockets (input) | For the duration of the service |
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| FIPS provider 802.11 Key Encryptio n Key (KEK) | Key Encryption Key - CSP | Used for AES Key Wrapping of the 802.11 Group Temporal Key (GTK) | 128 or 256 bits - 128 or 256 bits | Kernel AES- CBC Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | Kernel AES-CBC Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | |||||
| FIPS provider 802.11 Group Temporal Key (GTK) | Group Temporal Key - CSP | 802.11 session key for broadcast communications | 128 to 256 bits - 128 to 256 bits | Kernel AES- CBC Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | Kernel AES-CBC Kernel AES- CCM (BC- Auth) Kernel AES- GCM (BC- Auth) | |||||
| Kernel AES key | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_type sockets (input) | For the duration of the service | ||||||
| Kernel HMAC key | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_type sockets (input) | For the duration of the service | ||||||
| Kernel Intermediate Key Generation Value | RAM:Plaintext | Kernel free cipher handle Remove power from the module | For the duration of the service | Kernel EC public key:Generates Kernel EC private key:Generates | ||||||
| Kernel shared secret | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API output parameters Kernel AF_ALG type sockets (output) | For the duration of the service | Kernel EC public key:Used With Kernel EC private key:Used With | |||||
| DRBG seed | RAM:Plaintext | Kernel free cipher handle FIPS provider calling the zeroization API Remove power from the module | While the DRBG is being instantiated | Entropy input:Derived From Internal State (V, Key):Generates Internal state (V, C):Generates | ||||||
| Kernel EC public key | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_type sockets (input) API output parameters Kernel AF_ALG type sockets (output) | For the duration of the service | Kernel EC private key:Paired With Kernel Intermediate Key Generation Value:Generated from | |||||
| Kernel EC private key | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API input parameters Kernel AF_ALG_type sockets (input) API output parameters Kernel AF_ALG type sockets (output) | For the duration of the service | Kernel EC public key:Paired With Kernel Intermediate Key Generation Value:Generated from | |||||
| Entropy input | RAM:Plaintext | Kernel free cipher handle FIPS provider calling the zeroization API Remove power from the module | From generation until DRBG seed is created | DRBG seed:Derives | ||||||
| Internal State (V, Key) | RAM:Plaintext | Kernel free cipher handle FIPS provider calling the zeroization API Remove power from the module | From DRBG instantiation until DRBG termination | DRBG seed:Generated from | ||||||
| Internal state (V, C) | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | From DRBG instantiation until DRBG termination | DRBG seed:Generated from | ||||||
| FIPS provider AES Key | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | ||||||
| FIPS provider HMAC key | RAM:Plaintext | FIPS provider calling the zeroization API Remove | API input parameters | For the duration of the service | ||||||
| FIPS provider shared secret | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service | FIPS provider DH public key:Established by FIPS provider DH private key:Established by FIPS provider EC public key:Established by FIPS provider EC private key:Established by FIPS provider derived key:Derives | |||||
| FIPS provider TLS pre-master secret | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service | FIPS provider DH public key:Established by FIPS provider DH private key:Established by FIPS provider EC public key:Established by FIPS provider EC private key:Established by FIPS provider TLS master secret:Derives | |||||
| FIPS provider TLS master secret | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters API output parameters | For the duration of the service | FIPS provider TLS pre-master secret:Derived From FIPS provider derived key:Derives | |||||
| FIPS provider DH public key | RAM:Plaintext | FIPS provider calling the zeroization API | API input parameters | For the duration of the service | FIPS provider DH private key:Paired With FIPS provider Intermediate Key |
AESCBC AESCCM (BCAuth) AESGCM (BCAuth) AESCBC AESCCM (BCAuth) AESGCM (BCAuth) AESCCM (BCAuth) AESGCM (BCAuth) AESCCM (BCAuth) AESGCM (BCAuth) Table 19: SSP Table 1 © 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
(V, C) © 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
| Name | Generation | Storage | Zeroization | Input | |
|---|---|---|---|---|---|
| FIPS provider DH private key | FIPS provider DH public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API | API input parameters | For the duration of the service |
| FIPS provider EC public key | FIPS provider EC private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider EC private key | FIPS provider EC public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider module generated DH public key | FIPS provider module generated DH private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service |
| FIPS provider module generated DH private key | FIPS provider module generated DH public key:Paired With FIPS provider Intermediate Key Generation | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service |
| FIPS provider module generated EC public key | FIPS provider module generated EC private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service |
| FIPS provider module generated EC private key | FIPS provider module generated EC public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service |
| FIPS provider RSA public key | FIPS provider RSA private key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider RSA private key | FIPS provider RSA public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider module generated RSA public key | FIPS provider module generated RSA private key:Paired With FIPS provider Intermediate Key Generation | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service |
| FIPS provider module generated RSA private key | FIPS provider module generated RSA public key:Paired With FIPS provider Intermediate Key Generation Value:Generated from | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service |
| FIPS provider Intermediate Key Generation Value | FIPS provider DH public key:Generates FIPS provider DH private key:Generates FIPS provider module generated DH public key:Generates FIPS provider module generated DH private key:Generates FIPS provider EC public key:Generates FIPS provider EC private key:Generates FIPS provider module generated EC public key:Generates FIPS provider module generated EC private key:Generates FIPS provider RSA public key:Generates FIPS provider RSA private key:Generates FIPS provider module generated | RAM:Plaintext | FIPS provider Automatic | For the duration of the service | |
| FIPS provider derived key | FIPS provider key- derivation key:Derived From FIPS provider shared secret:Derived From FIPS provider password:Derived From | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service |
| FIPS provider key-derivation key | FIPS provider derived key:Derives | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider Password | FIPS provider derived key:Derives | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider AES Derived Key | FIPS provider derived key:Derives | RAM:Plaintext | Kernel free cipher handle FIPS provider calling the zeroization API Remove power from the module | API output parameters | For the duration of the service |
| FIPS provider HMAC Derived Key | FIPS provider derived key:Derives | RAM:Plaintext | Kernel free cipher handle | API output parameters | For the duration of the service |
| FIPS provider 802.11 Pre- shared key (PSK) | FIPS provider derived key:Used With | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider 802.11 Pairwise Master Key (PMK) | FIPS provider derived key:Used With | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider 802.11 KDF Internal State | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | For the duration of the service | ||
| FIPS provider 802.11 Temporal Keys | Kernel AES key:Encrypts Kernel AES key:Decrypts | RAM:Plaintext | FIPS provider calling the zeroization API Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider 802.11 MIC keys (KCK) | RAM:Plaintext | FIPS provider calling the zeroization | API input parameters | For the duration of the service | |
| FIPS provider 802.11 Key Encryption Key (KEK) | Kernel AES key:Encrypts | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API input parameters | For the duration of the service |
| FIPS provider 802.11 Group Temporal Key (GTK) | Kernel AES key:Encrypts Kernel AES key:Decrypts | RAM:Plaintext | Kernel free cipher handle Remove power from the module | API output parameters | For the duration of the service |
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. © 2025 Ezurio / atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Test Properties | Conditions | |
|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A5018) | HMAC- SHA2-256 (A5018) | Message Authentication | SW/FW Integrity | Integrity test for fips.so; Integrity test for kernel binary; Integrity test for fipscheck binary; Integrity test for fipscheck library | 256-bit key | Module becomes operational and services are available for use | ||
| ECDSA KeyGen (FIPS186-5) (A4711) | ECDSA KeyGen (FIPS186-5) (A4711) | PCT | PCT | SP 800-56Ar3 Section 5.6.2.1.4 | crypto_kpp_g enerate_public_key returns 0 | N/A | Key pair generation | |
| HMAC- SHA2-256 (A4711) | HMAC- SHA2-256 (A4711) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |
| HMAC- SHA2-256 (A4712) | HMAC- SHA2-256 (A4712) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |
| HMAC- SHA2-256 (A4716) | HMAC- SHA2-256 (A4716) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |
| HMAC- SHA2-384 (A4711) | HMAC- SHA2-384 (A4711) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |
| HMAC- SHA2-384 (A4712) | HMAC- SHA2-384 (A4712) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Test Properties | Conditions | |
|---|---|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A5018) | HMAC- SHA2-256 (A5018) | Message Authentication | SW/FW Integrity | Integrity test for fips.so; Integrity test for kernel binary; Integrity test for fipscheck binary; Integrity test for fipscheck library | 256-bit key | Module becomes operational and services are available for use | ||||
| ECDSA KeyGen (FIPS186-5) (A4711) | ECDSA KeyGen (FIPS186-5) (A4711) | PCT | PCT | SP 800-56Ar3 Section 5.6.2.1.4 | crypto_kpp_g enerate_public_key returns 0 | N/A | Key pair generation | |||
| HMAC- SHA2-256 (A4711) | HMAC- SHA2-256 (A4711) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA2-256 (A4712) | HMAC- SHA2-256 (A4712) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA2-256 (A4716) | HMAC- SHA2-256 (A4716) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA2-384 (A4711) | HMAC- SHA2-384 (A4711) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA2-384 (A4712) | HMAC- SHA2-384 (A4712) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA2-384 (A4716) | HMAC- SHA2-384 (A4716) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA2-512 (A4711) | HMAC- SHA2-512 (A4711) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA2-512 (A4712) | HMAC- SHA2-512 (A4712) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA2-512 (A4716) | HMAC- SHA2-512 (A4716) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA3-224 (A4713) | HMAC- SHA3-224 (A4713) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA3-256 (A4713) | HMAC- SHA3-256 (A4713) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA3-384 (A4713) | HMAC- SHA3-384 (A4713) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA3-512 (A4713) | HMAC- SHA3-512 (A4713) | KAT | CAST | Message Authentication | Module is operational | 0-8184 bit messages | Module initialization | |||
| HMAC- SHA-1 (A5018) | HMAC- SHA-1 (A5018) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA2-512 (A5018) | HMAC- SHA2-512 (A5018) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| AES-ECB (A4711) | AES-ECB (A4711) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-ECB (A4712) | AES-ECB (A4712) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-ECB (A4715) | AES-ECB (A4715) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-ECB (A4716) | AES-ECB (A4716) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-ECB (A4717) | AES-ECB (A4717) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-ECB (A4719) | AES-ECB (A4719) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-ECB (A4721) | AES-ECB (A4721) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-OFB (A4723) | AES-OFB (A4723) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES- CFB128 (A4724) | AES- CFB128 (A4724) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-CCM (A4719) | AES-CCM (A4719) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-CCM (A4712) | AES-CCM (A4712) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-CCM (A4716) | AES-CCM (A4716) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-CCM (A4721) | AES-CCM (A4721) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-GCM (A4712) | AES-GCM (A4712) | KAT | CAST | Message authentication | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-GCM (A4715) | AES-GCM (A4715) | KAT | CAST | Message authentication | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-GCM (A4717) | AES-GCM (A4717) | KAT | CAST | Message authentication | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-GCM (A4719) | AES-GCM (A4719) | KAT | CAST | Message authentication | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-GCM (A4721) | AES-GCM (A4721) | KAT | CAST | Message authentication | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| AES-CMAC (A4712) | AES-CMAC (A4712) | KAT | CAST | Message authentication | Module is operational | 128 and 256 bit keys | Module initialization | |||
| AES-CMAC (A4716) | AES-CMAC (A4716) | KAT | CAST | Message authentication | Module is operational | 128 and 256 bit keys | Module initialization | |||
| AES-CMAC (A4719) | AES-CMAC (A4719) | KAT | CAST | Message authentication | Module is operational | 128 and 256 bit keys | Module initialization | |||
| AES-CMAC (A4721) | AES-CMAC (A4721) | KAT | CAST | Message authentication | Module is operational | 128 and 256 bit keys | Module initialization | |||
| KAS-ECC- SSC Sp800- 56Ar3 (A4711) | KAS-ECC- SSC Sp800- 56Ar3 (A4711) | KAT | CAST | Shared secret computation | Module is operational | P-256, P-384 | Module initialization | |||
| Counter DRBG (A4711) | Counter DRBG (A4711) | KAT | CAST | Seed Generate | Module is operational | 128, 192, 256 bit keys with/without PR; Health test per section 11.3 of SP 800- 90A | Module initialization | |||
| Counter DRBG (A4712) | Counter DRBG (A4712) | KAT | CAST | Seed Generate | Module is operational | 128, 192, 256 bit keys with/without PR; Health test per section 11.3 of SP 800- 90A | Module initialization | |||
| Counter DRBG (A4715) | Counter DRBG (A4715) | KAT | CAST | Seed Generate | Module is operational | 128, 192, 256 bit keys with/without PR; Health test per section 11.3 of SP 800- 90A | Module initialization | |||
| Counter DRBG (A4717) | Counter DRBG (A4717) | KAT | CAST | Seed Generate | Module is operational | 128, 192, 256 bit keys with/without PR; Health test per section 11.3 of SP 800- 90A | Module initialization | |||
| Counter DRBG (A4719) | Counter DRBG (A4719) | KAT | CAST | Seed Generate | Module is operational | 128, 192, 256 bit keys with/without PR; Health test per section 11.3 of SP 800- 90A | Module initialization | |||
| Counter DRBG (A4721) | Counter DRBG (A4721) | KAT | CAST | Seed Generate | Module is operational | 128, 192, 256 bit keys with/without | Module initialization | |||
| ECDSA KeyGen (FIPS186-5) (A5018) | ECDSA KeyGen (FIPS186-5) (A5018) | PCT | PCT | Signature generation and verification | Successful key generation | SHA2-256 | EC key pair generation | |||
| RSA KeyGen (FIPS186-5) (A5018) | RSA KeyGen (FIPS186-5) (A5018) | PCT | PCT | Signature generation and verification | Successful key generation | PKCS#1 v1.5 with SHA2-256 | RSA key pair generation | |||
| Safe Primes Key Generation (A5014) | Safe Primes Key Generation (A5014) | PCT | PCT | Public key re- computation and comparison with the existing public key (per SP 800-56Ar3 Section 5.6.2.1.4) | Successful key generation | N/A | Safe Primes key pair generation | |||
| EDDSA KeyGen (A5016) | EDDSA KeyGen (A5016) | PCT | PCT | Signature generation and verification | Successful key generation | ED25519 and ED448 | EDDSA key pair generation | |||
| AES-ECB (A5019) | AES-ECB (A5019) | KAT | CAST | Decryption | Module is operational | 128-bit keys, 128-bit ciphertext | Module initialization | |||
| AES-GCM (A5008) | AES-GCM (A5008) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 256-bit keys, 96-bit IVs, 128-bit plaintext, 128- bit additional data | Module initialization | |||
| KDF SP800-108 (A5017) | KDF SP800-108 (A5017) | KAT | CAST | Key Derivation | Module is operational | Counter mode, HMAC-SHA2- 256, 128-bit input key | Module initialization | |||
| KDA OneStep SP800- 56Cr2 (A5012) | KDA OneStep SP800- 56Cr2 (A5012) | KAT | CAST | Key Derivation | Module is operational | SHA-224, 392- bit input secret | Module initialization | |||
| KDA HKDF Sp800- 56Cr1 (A5013) | KDA HKDF Sp800- 56Cr1 (A5013) | KAT | CAST | Key Derivation | Module is operational | SHA-256, 48- bit input secret | Module initialization | |||
| KDF ANS 9.42 (A5018) | KDF ANS 9.42 (A5018) | KAT | CAST | Key Derivation | Module is operational | SHA-1 with AES-128, KW, 160-bit input secret | Module initialization | |||
| KDF ANS 9.42 (A5020) | KDF ANS 9.42 (A5020) | KAT | CAST | Key Derivation | Module is operational | SHA-1 with AES-128, KW, 160-bit input secret | Module initialization | |||
| KDF ANS 9.63 (A5018) | KDF ANS 9.63 (A5018) | KAT | CAST | Key Derivation | Module is operational | SHA-256, 192- bit input secret | Module initialization | |||
| KDF SSH (A5019) | KDF SSH (A5019) | KAT | CAST | Key Derivation | Module is operational | SHA-1, 1056- bit input secret | Module initialization | |||
| TLS v1.2 KDF RFC7627 (A5018) | TLS v1.2 KDF RFC7627 (A5018) | KAT | CAST | Key Derivation | Module is operational | SHA-256, 84- bit input secret | Module initialization | |||
| TLS v1.3 KDF (A5013) | TLS v1.3 KDF (A5013) | KAT | CAST | Key Derivation | Module is operational | Extract and expand modes, SHA-256 | Module initialization | |||
| PBKDF (A5018) | PBKDF (A5018) | KAT | CAST | Key Derivation | Module is operational | SHA-256, 24- character password, 288- bit salt, Iteration count: 4096 | Module initialization | |||
| PBKDF (A5020) | PBKDF (A5020) | KAT | CAST | Key Derivation | Module is operational | SHA-256, 24- character password, 288- bit salt, Iteration count: 4096 | Module initialization | |||
| Counter DRBG (A5015) | Counter DRBG (A5015) | KAT | CAST | Instantiate, Generate, Reseed, Generate (compliant with SP 800-90Ar1 Section 11.3) | Module is operational | AES-128 with prediction resistance | Module initialization | |||
| HMAC DRBG (A5015) | HMAC DRBG (A5015) | KAT | CAST | Instantiate, Generate, Reseed, Generate (compliant with SP 800-90Ar1 Section 11.3) | Module is operational | SHA-1 with prediction resistance | Module initialization | |||
| Hash DRBG (A5015) | Hash DRBG (A5015) | KAT | CAST | Instantiate, Generate, Reseed, Generate (compliant with SP 800-90Ar1 Section 11.3) | Module is operational | SHA-256 with prediction resistance | Module initialization | |||
| KAS-FFC- SSC Sp800- 56Ar3 (A5014) | KAS-FFC- SSC Sp800- 56Ar3 (A5014) | KAT | CAST | Shared Secret Computation | Module is operational | ffdhe2048 | Module initialization | |||
| KAS-ECC- SSC Sp800- 56Ar3 (A5018) | KAS-ECC- SSC Sp800- 56Ar3 (A5018) | KAT | CAST | Shared Secret Computation | Module is operational | P-256 | Module initialization | |||
| RSA SigGen (FIPS186-5) (A5018) | RSA SigGen (FIPS186-5) (A5018) | KAT | CAST | Signature Generation | Module is operational | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module initialization | |||
| ECDSA SigGen (FIPS186-5) (A5018) | ECDSA SigGen (FIPS186-5) (A5018) | KAT | CAST | Signature Generation | Module is operational | SHA-256 and P-224, P-256, P-384, and P- 521 | Module initialization | |||
| ECDSA SigGen (FIPS186-5) (A5020) | ECDSA SigGen (FIPS186-5) (A5020) | KAT | CAST | Signature Generation | Module is operational | SHA-256 and P-224, P-256, P-384, and P- 521 | Module initialization | |||
| EDDSA SigGen (A5016) | EDDSA SigGen (A5016) | KAT | CAST | Signature Generation | Module is operational | ED25519 and ED448 | Module initialization | |||
| KTS-IFC (A5018) | KTS-IFC (A5018) | KAT | CAST | RSA Primitive Computation | Module is operational | SHA-256 with no padding | Module initialization | |||
| AES-CMAC (A5004) | AES-CMAC (A5004) | KAT | CAST | Message Authentication | Module is operational | 128 and 256 bit keys | Module initialization | |||
| AES-CBC (A5004) | AES-CBC (A5004) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128 and 256 bit keys | Module initialization | |||
| AES-CCM (A5004) | AES-CCM (A5004) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128, 192, 256 bit keys | Module initialization | |||
| HMAC- SHA2-224 (A4711) | HMAC- SHA2-224 (A4711) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA2-224 (A4712) | HMAC- SHA2-224 (A4712) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA2-224 (A4716) | HMAC- SHA2-224 (A4716) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA2-224 (A5018) | HMAC- SHA2-224 (A5018) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA2-256 (A5018) | HMAC- SHA2-256 (A5018) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA2-384 (A5018) | HMAC- SHA2-384 (A5018) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA3-224 (A5020) | HMAC- SHA3-224 (A5020) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA3-384 (A5020) | HMAC- SHA3-384 (A5020) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA3-512 (A5020) | HMAC- SHA3-512 (A5020) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| HMAC- SHA3-256 (A5020) | HMAC- SHA3-256 (A5020) | KAT | CAST | Message Authentication | Module is operational | 24-bit message | Module initialization | |||
| AES-CBC- CS3 (A4714) | AES-CBC- CS3 (A4714) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128 and 256 bit keys | Module initialization | |||
| AES-CBC- CS3 (A4718) | AES-CBC- CS3 (A4718) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128 and 256 bit keys | Module initialization | |||
| AES-CBC- CS3 (A4720) | AES-CBC- CS3 (A4720) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128 and 256 bit keys | Module initialization | |||
| AES-CBC- CS3 (A4722) | AES-CBC- CS3 (A4722) | KAT | CAST | Encryption, Decryption (Separately) | Module is operational | 128 and 256 bit keys | Module initialization | |||
| SHAKE- 128 (A5020) | SHAKE- 128 (A5020) | KAT | CAST | Message digest | Module is operational | 0-8184 bit messages | Module initialization | |||
| SHAKE- 256 (A5020) | SHAKE- 256 (A5020) | KAT | CAST | Message digest | Module is operational | 0-8184 bit messages | Module initialization | |||
| KDF KMAC Sp800- 108r1 (A5017) | KDF KMAC Sp800- 108r1 (A5017) | KAT | CAST | Key Derivation | Module is operational | Counter mode, HMAC-SHA2- 256, 128-bit input key | Module initialization | |||
| KDA TwoStep SP800- 56Cr2 (A5012) | KDA TwoStep SP800- 56Cr2 (A5012) | KAT | CAST | Key Derivation | Module is operational | SHA-224, 392- bit input secret | Module initialization | |||
| KMAC-128 (A5020) | KMAC-128 (A5020) | KAT | CAST | Message digest | Module is operational | 0-8184 bit messages | Module initialization | |||
| KMAC-256 (A5020) | KMAC-256 (A5020) | KAT | CAST | Message digest | Module is operational | 0-8184 bit messages | Module initialization | |||
| KAS-IFC- SSC (A5018) | KAS-IFC- SSC (A5018) | KAT | CAST | Shared Secret Computation | Module is operational | SHA-256 with no padding | Module initialization | |||
| HMAC-SHA2-256 (A5018) | HMAC-SHA2-256 (A5018) | Message Authentication | SW/FW Integrity | On demand | Manually | |||||
| ECDSA KeyGen (FIPS186-5) (A4711) | ECDSA KeyGen (FIPS186-5) (A4711) | PCT | PCT | On demand | Manually | |||||
| HMAC-SHA2-256 (A4711) | HMAC-SHA2-256 (A4711) | KAT | CAST | On demand | Manually |
HMACSHA2-256 Table 21: Pre-Operational Self-Tests The pre-operational firmware integrity tests are performed automatically when the module is powered on, before the module transitions into the operational state. The algorithm used for the integrity test (i.e., HMACSHA2-256) is self-tested before the firmware integrity test is performed. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully.
HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-384 HMACSHA2-384 N/A © 2025 Ezurio / atsec information security.
HMACSHA2-384 HMACSHA2-512 HMACSHA2-512 HMACSHA2-512 HMACSHA3-224 HMACSHA3-256 HMACSHA3-384 HMACSHA3-512 HMACSHA-1 HMACSHA2-512 © 2025 Ezurio / atsec information security.
AESCFB128 © 2025 Ezurio / atsec information security.
KAS-ECCSSC Sp80056Ar3 © 2025 Ezurio / atsec information security.
SP80056Cr2 Sp80056Cr1 N/A © 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
KAS-FFCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 HMACSHA2-224 © 2025 Ezurio / atsec information security.
HMACSHA2-224 HMACSHA2-224 HMACSHA2-224 HMACSHA2-256 HMACSHA2-384 HMACSHA3-224 HMACSHA3-384 HMACSHA3-512 HMACSHA3-256 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 AES-CBCCS3 SHAKE128 © 2025 Ezurio / atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Test Properties | Indicator | Conditions |
|---|---|---|---|---|---|---|---|---|---|
| SHAKE- 256 (A5020) | SHAKE- 256 (A5020) | KAT | CAST | Message digest | 0-8184 bit messages | Module is operational | Module initialization | ||
| KDF KMAC Sp800- 108r1 (A5017) | KDF KMAC Sp800- 108r1 (A5017) | KAT | CAST | Key Derivation | Counter mode, HMAC-SHA2- 256, 128-bit input key | Module is operational | Module initialization | ||
| KDA TwoStep SP800- 56Cr2 (A5012) | KDA TwoStep SP800- 56Cr2 (A5012) | KAT | CAST | Key Derivation | SHA-224, 392- bit input secret | Module is operational | Module initialization | ||
| KMAC-128 (A5020) | KMAC-128 (A5020) | KAT | CAST | Message digest | 0-8184 bit messages | Module is operational | Module initialization | ||
| KMAC-256 (A5020) | KMAC-256 (A5020) | KAT | CAST | Message digest | 0-8184 bit messages | Module is operational | Module initialization | ||
| KAS-IFC- SSC (A5018) | KAS-IFC- SSC (A5018) | KAT | CAST | Shared Secret Computation | SHA-256 with no padding | Module is operational | Module initialization | ||
| HMAC-SHA2-256 (A5018) | HMAC-SHA2-256 (A5018) | Message Authentication | SW/FW Integrity | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A4711) | ECDSA KeyGen (FIPS186-5) (A4711) | PCT | PCT | On demand | Manually | ||||
| HMAC-SHA2-256 (A4711) | HMAC-SHA2-256 (A4711) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A4712) | HMAC-SHA2-256 (A4712) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A4716) | HMAC-SHA2-256 (A4716) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A4711) | HMAC-SHA2-384 (A4711) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A4712) | HMAC-SHA2-384 (A4712) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A4716) | HMAC-SHA2-384 (A4716) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A4711) | HMAC-SHA2-512 (A4711) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A4712) | HMAC-SHA2-512 (A4712) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A4716) | HMAC-SHA2-512 (A4716) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-224 (A4713) | HMAC-SHA3-224 (A4713) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-256 (A4713) | HMAC-SHA3-256 (A4713) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-384 (A4713) | HMAC-SHA3-384 (A4713) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-512 (A4713) | HMAC-SHA3-512 (A4713) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A5018) | HMAC-SHA-1 (A5018) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A5018) | HMAC-SHA2-512 (A5018) | KAT | CAST | On demand | Manually | ||||
| AES-ECB (A4711) | AES-ECB (A4711) | KAT | CAST | On demand | Manually | ||||
| AES-ECB (A4712) | AES-ECB (A4712) | KAT | CAST | On demand | Manually | ||||
| AES-ECB (A4715) | AES-ECB (A4715) | KAT | CAST | On demand | Manually | ||||
| AES-ECB (A4716) | AES-ECB (A4716) | KAT | CAST | On demand | Manually | ||||
| AES-ECB (A4717) | AES-ECB (A4717) | KAT | CAST | On demand | Manually | ||||
| AES-ECB (A4719) | AES-ECB (A4719) | KAT | CAST | On demand | Manually | ||||
| AES-ECB (A4721) | AES-ECB (A4721) | KAT | CAST | On demand | Manually | ||||
| AES-OFB (A4723) | AES-OFB (A4723) | KAT | CAST | On demand | Manually | ||||
| AES-CFB128 (A4724) | AES-CFB128 (A4724) | KAT | CAST | On demand | Manually | ||||
| AES-CCM (A4719) | AES-CCM (A4719) | KAT | CAST | On demand | Manually | ||||
| AES-CCM (A4712) | AES-CCM (A4712) | KAT | CAST | On demand | Manually | ||||
| AES-CCM (A4716) | AES-CCM (A4716) | KAT | CAST | On demand | Manually | ||||
| AES-CCM (A4721) | AES-CCM (A4721) | KAT | CAST | On demand | Manually | ||||
| AES-GCM (A4712) | AES-GCM (A4712) | KAT | CAST | On demand | Manually | ||||
| AES-GCM (A4715) | AES-GCM (A4715) | KAT | CAST | On demand | Manually | ||||
| AES-GCM (A4717) | AES-GCM (A4717) | KAT | CAST | On demand | Manually | ||||
| AES-GCM (A4719) | AES-GCM (A4719) | KAT | CAST | On demand | Manually | ||||
| AES-GCM (A4721) | AES-GCM (A4721) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A4712) | AES-CMAC (A4712) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A4716) | AES-CMAC (A4716) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A4719) | AES-CMAC (A4719) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A4721) | AES-CMAC (A4721) | KAT | CAST | On demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A4711) | KAS-ECC-SSC Sp800-56Ar3 (A4711) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A4711) | Counter DRBG (A4711) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A4712) | Counter DRBG (A4712) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A4715) | Counter DRBG (A4715) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A4717) | Counter DRBG (A4717) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A4719) | Counter DRBG (A4719) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A4721) | Counter DRBG (A4721) | KAT | CAST | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A5018) | ECDSA KeyGen (FIPS186-5) (A5018) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A5018) | RSA KeyGen (FIPS186-5) (A5018) | PCT | PCT | On demand | Manually | ||||
| Safe Primes Key Generation (A5014) | Safe Primes Key Generation (A5014) | PCT | PCT | On demand | Manually | ||||
| EDDSA KeyGen (A5016) | EDDSA KeyGen (A5016) | PCT | PCT | On demand | Manually | ||||
| AES-ECB (A5019) | AES-ECB (A5019) | KAT | CAST | On demand | Manually | ||||
| AES-GCM (A5008) | AES-GCM (A5008) | KAT | CAST | On demand | Manually | ||||
| KDF SP800-108 (A5017) | KDF SP800-108 (A5017) | KAT | CAST | On demand | Manually | ||||
| KDA OneStep SP800-56Cr2 (A5012) | KDA OneStep SP800-56Cr2 (A5012) | KAT | CAST | On demand | Manually | ||||
| KDA HKDF Sp800- 56Cr1 (A5013) | KDA HKDF Sp800- 56Cr1 (A5013) | KAT | CAST | On demand | Manually | ||||
| KDF ANS 9.42 (A5018) | KDF ANS 9.42 (A5018) | KAT | CAST | On demand | Manually | ||||
| KDF ANS 9.42 (A5020) | KDF ANS 9.42 (A5020) | KAT | CAST | On demand | Manually | ||||
| KDF ANS 9.63 (A5018) | KDF ANS 9.63 (A5018) | KAT | CAST | On demand | Manually | ||||
| KDF SSH (A5019) | KDF SSH (A5019) | KAT | CAST | On demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A5018) | TLS v1.2 KDF RFC7627 (A5018) | KAT | CAST | On demand | Manually | ||||
| TLS v1.3 KDF (A5013) | TLS v1.3 KDF (A5013) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A5018) | PBKDF (A5018) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A5020) | PBKDF (A5020) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A5015) | Counter DRBG (A5015) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A5015) | HMAC DRBG (A5015) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A5015) | Hash DRBG (A5015) | KAT | CAST | On demand | Manually | ||||
| KAS-FFC-SSC Sp800-56Ar3 (A5014) | KAS-FFC-SSC Sp800-56Ar3 (A5014) | KAT | CAST | On demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5018) | KAS-ECC-SSC Sp800-56Ar3 (A5018) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5018) | RSA SigGen (FIPS186-5) (A5018) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5018) | ECDSA SigGen (FIPS186-5) (A5018) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5020) | ECDSA SigGen (FIPS186-5) (A5020) | KAT | CAST | On demand | Manually | ||||
| EDDSA SigGen (A5016) | EDDSA SigGen (A5016) | KAT | CAST | On demand | Manually | ||||
| KTS-IFC (A5018) | KTS-IFC (A5018) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A5004) | AES-CMAC (A5004) | KAT | CAST | On demand | Manually | ||||
| AES-CBC (A5004) | AES-CBC (A5004) | KAT | CAST | On demand | Manually | ||||
| AES-CCM (A5004) | AES-CCM (A5004) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A4711) | HMAC-SHA2-224 (A4711) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A4712) | HMAC-SHA2-224 (A4712) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A4716) | HMAC-SHA2-224 (A4716) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A5018) | HMAC-SHA2-224 (A5018) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A5018) | HMAC-SHA2-256 (A5018) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A5018) | HMAC-SHA2-384 (A5018) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-224 (A5020) | HMAC-SHA3-224 (A5020) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-384 (A5020) | HMAC-SHA3-384 (A5020) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-512 (A5020) | HMAC-SHA3-512 (A5020) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-256 (A5020) | HMAC-SHA3-256 (A5020) | KAT | CAST | On demand | Manually | ||||
| AES-CBC-CS3 (A4714) | AES-CBC-CS3 (A4714) | KAT | CAST | On demand | Manually | ||||
| AES-CBC-CS3 (A4718) | AES-CBC-CS3 (A4718) | KAT | CAST | On demand | Manually | ||||
| AES-CBC-CS3 (A4720) | AES-CBC-CS3 (A4720) | KAT | CAST | On demand | Manually | ||||
| AES-CBC-CS3 (A4722) | AES-CBC-CS3 (A4722) | KAT | CAST | On demand | Manually | ||||
| SHAKE-128 (A5020) | SHAKE-128 (A5020) | KAT | CAST | On demand | Manually | ||||
| SHAKE-256 (A5020) | SHAKE-256 (A5020) | KAT | CAST | On demand | Manually | ||||
| KDF KMAC Sp800- 108r1 (A5017) | KDF KMAC Sp800- 108r1 (A5017) | KAT | CAST | On demand | Manually | ||||
| KDA TwoStep SP800-56Cr2 (A5012) | KDA TwoStep SP800-56Cr2 (A5012) | KAT | CAST | On demand | Manually | ||||
| KMAC-128 (A5020) | KMAC-128 (A5020) | KAT | CAST | On demand | Manually | ||||
| KMAC-256 (A5020) | KMAC-256 (A5020) | KAT | CAST | On demand | Manually | ||||
| KAS-IFC-SSC (A5018) | KAS-IFC-SSC (A5018) | KAT | CAST | On demand | Manually |
SHAKE256 Sp800108r1 SP80056Cr2 KAS-IFCSSC Table 22: Conditional Self-Tests The module performs self-tests on all approved cryptographic algorithms as part of the approved services supported in the approved mode of operation, using the tests shown in the table above. Services are not available, and data output (via the data output interface) is inhibited during the self-tests. If any of these tests fails, the module transitions to the error state.
Table 23: Pre-Operational Periodic Information © 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
© 2025 Ezurio / atsec information security.
Table 24: Conditional Periodic Information © 2025 Ezurio / atsec information security.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error State | The module immediately stops functioning due to a self-test failure | Firmware integrity test failure CAST Failure PCT Failure | Module will reboot. | Successful completion of self-tests after reboot |
Table 25: Error States In the error state, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running).
All self-tests, with the exception of the health tests, can be invoked on demand by unloading and subsequently re-initializing the module. The entropy health tests are run during DRBG seeding and reseeding. Similarly, a Pair-wise Consistency Test (PCT) it is run for keygen operations. © 2025 Ezurio / atsec information security.
Before deploying the module for usage, the Crypto Officer shall employ the following steps:
The Crypto Officer must execute the “cat /proc/sys/crypto/fips_name” command. The Crypto Officer must ensure that the proper name is listed in the output as follows: Summit Linux This output maps to the module name “Summit Linux FIPS Core Crypto Module”. Next the Crypto Officer must execute “cat /proc/sys/crypto/fips_version”. This command must output the following: 11.1 The hardware component of the module for both OE’s can be identified by executing the “cat /proc/cpuinfo” command which outputs: processor : 0 model name : ARMv7 Processor rev 1 (v7l) BogoMIPS : 33.00 Features : half thumb fastmult vfp edsp thumbee vfpv3 vfpv3d16 tls vfpv4 CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x0 CPU part : 0xc05 CPU revision : 1 Hardware Revision Serial : Atmel SAMA5 : 0000 : 0000000000000000 The following are the HMAC values for each of the components for each platform:
There is no non-administrator guidance.
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. © 2025 Ezurio / atsec information security.
For the FIPS Provider component, certain cryptographic subroutines and algorithms are vulnerable to timing analysis. The FIPS Provider component mitigates this vulnerability by using constant-time implementations. This includes, but is not limited to:
Appendix A. Glossary and Abbreviations AES API CAST CAVP CBC CCM CFB CMAC CMVP CSP CTR CTS DH DRBG ECB ECC ECDH ECDSA EMS ENT (NP) FFC FIPS GCM GMAC HKDF HMAC IPsec KAT KBKDF MAC NIST PAA PBKDF2 PKCS RSA SFI SHA SSC SSP TOEPP XTS Advanced Encryption Standard Application Programming Interface Cryptographic Algorithm Self-Test Cryptographic Algorithm Validation Program Cipher Block Chaining Counter with Cipher Block Chaining-Message Authentication Code Cipher Feedback Cipher-based Message Authentication Code Cryptographic Module Validation Program Critical Security Parameter Counter Ciphertext Stealing Diffie-Hellman Deterministic Random Bit Generator Electronic Code Book Elliptic Curve Cryptography Elliptic Curve Diffie-Hellman Elliptic Curve Digital Signature Algorithm Extended Master Secret Non-physical Entropy Source Finite Field Cryptography Federal Information Processing Standards Galois Counter Mode Galois Counter Mode Message Authentication Code HMAC-based Key Derivation Function Keyed-Hash Message Authentication Code Internet Protocol Security Known Answer Test Key-based Key Derivation Function Message Authentication Code National Institute of Science and Technology Processor Algorithm Acceleration Password-based Key Derivation Function v2 Public-Key Cryptography Standards Rivest, Shamir, Addleman Security Function Implementation Secure Hash Algorithm Shared Secret Computation Sensitive Security Parameter Test Operational Environment’s Physical Perimeter XEX-based Tweaked-codebook mode with cipher text Stealing © 2025 Ezurio / atsec information security.
Appendix B. References ANS X9.42-2001 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9422001 ANS X9.63-2001 Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9632001 FIPS 140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-igannouncements FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-5 Digital Signature Standard (DSS) February 3, 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) May 2003 https://www.ietf.org/rfc/rfc3526.txt © 2025 Ezurio / atsec information security.
RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS August 2008 https://www.ietf.org/rfc/rfc5288.txt RFC 7919 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) August 2016 https://www.ietf.org/rfc/rfc7919.txt RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 August 2018 https://www.ietf.org/rfc/rfc8446.txt SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP 800-38A Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf SP 800-52r2 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf © 2025 Ezurio / atsec information security.
SP 800-56Ar3 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf SP 800-56Cr2 Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf SP 800-90Ar1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP 800-108r1 NIST Special Publication 800-108 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf SP 800-131Ar2 Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf SP 800-132 Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf SP 800-133r2 Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf SP 800-135r1 Recommendation for Existing Application-Specific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf SP 800-140B CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf © 2025 Ezurio / atsec information security.