| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 12/17/2030 |
| Caveat | When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. |
| Vendor | SUSE LLC |
flowchart LR
%% Deterministic review-risk graph for SUSE Linux Enterprise Kernel Crypto API Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>IKEV<br/>IPSEC</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for SUSE Linux Enterprise Kernel Crypto API Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>IKEV<br/>IPSEC</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;SUSE LLC SUSE Linux Enterprise Kernel Crypto API Cryptographic Module Prepared by: atsec information security corporation
Austin, TX 78759 Document version: 1.1 www.atsec.com Last update: 12-04-2025 © 2025 SUSE, LLC/atsec information security corporation.
| # | Section | Page |
|---|
© 2025 SUSE, LLC/atsec information security corporation.
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 3: Tested Operational Environments - Software, Firmware, Hybrid | 9 |
| Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid | 10 |
| Table 5: Modes List and Description | 10 |
| Table 6: Approved Algorithms | 16 |
| Table 7: Vendor-Affirmed Algorithms | 16 |
| Table 8: Non-Approved, Not Allowed Algorithms | 17 |
| Table 9: Security Function Implementations | 32 |
| Table 10: Entropy Certificates | 34 |
| Table 11: Entropy Sources | 35 |
| Table 12: Ports and Interfaces | 37 |
| Table 13: Roles | 38 |
| Table 14: Approved Services | 46 |
| Table 15: Non-Approved Services | 47 |
| Table 16: Storage Areas | 52 |
| Table 17: SSP Input-Output Methods | 52 |
| Table 18: SSP Zeroization Methods | 53 |
| Table 19: SSP Table 1 | 58 |
| Table 20: SSP Table 2 | 61 |
| Table 21: Pre-Operational Self-Tests | 63 |
| Table 22: Conditional Self-Tests | 129 |
| Table 23: Pre-Operational Periodic Information | 129 |
| Table 24: Conditional Periodic Information | 151 |
| Table 25: Error States | 152 |
| Figure 1: Block Diagram | 6 |
This document is the non-proprietary FIPS 140-3 Security Policy for versions 3.5 and 3.6 the SUSE Linux Enterprise Kernel Crypto API Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module. intact and including this notice. Other documentation is proprietary to their authors.
In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.
Section Title Security Level
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security N/A
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks N/A
Overall Level 1 Table 1: Security Levels © 2025 SUSE, LLC/atsec information security corporation.
Purpose and Use: The SUSE Linux Enterprise Kernel Crypto API Cryptographic Module (hereafter referred to as “the module”) provides a C language application program interface (API) for use by other (kernel space and user space) processes that require cryptographic functionality. The module operates on a general-purpose computer as part of the Linux kernel. Its cryptographic functionality can be accessed using the Linux Kernel Crypto API. Module Type: Software Module Embodiment: MultiChipStand Cryptographic Boundary: The cryptographic boundary of the module is defined as the kernel binary and the kernel crypto object files, the libkcapi library, and the fipscheck binary, which is used to verify the integrity of the software components. In addition, the cryptographic boundary contains the .hmac files which store the expected integrity values for each of the software components. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. It includes software in kernel and user space, as well as the PAA in the CPU. The TOEPP is indicated by the large thin border in Figure 1. Figure 1: Block Diagram © 2025 SUSE, LLC/atsec information security corporation.
Identification Tested Module Identification
Package or File Name Software/ Features Integrity Firmware Test Version rt/kernel/arch/x86/crypto/*.ko; and 4096-bit /usr/lib64/libkcapi.so.0.13.0; key /usr/lib64/libkcapi/fipscheck; /usr/lib64/libkcapi/.fipscheck.hmac Table 2: Tested Module Identification
Operating Hardware Processors PAA/PAI Hypervisor Version(s) System Platform or Host OS SUSE Linux ASUS RS700-E11- Intel® Yes N/A 3.5 Enterprise RS4U Xeon® Gold 3.6 Server 15 5416S SP6 SUSE Linux ASUS RS700-E11- Intel® No N/A 3.5 Enterprise RS4U Xeon® Gold 3.6 Server 15 5416S SP6 Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: Operating System Hardware Platform SUSE Linux Enterprise ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S Server for SAP 15SP6 SUSE Linux Enterprise ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S Desktop 15SP6 SUSE Linux Enterprise DELL PowerEdge R640 on Intel® Xeon® Gold 6234 Server 15SP6 SUSE Linux Enterprise SuperMicro SuperChassis 825BTQCR1K23LPB and Server for SAP 15SP6 Motherboard H12DSi-NT6 on AMD EPYC(TM) 7343 SUSE Linux Enterprise SuperMicro SuperChassis 825BTQCR1K23LPB and Desktop 15SP6 Motherboard H12DSi-NT6 on AMD EPYC(TM) 7343 SUSE Linux Enterprise IBM LinuxONE III Model LT1 QEMU VM on z15 Server 15SP6 SUSE Linux Enterprise IBM LinuxONE III Model LT1 on z15 Server 15SP6 SUSE Linux Enterprise QEMU VM on AMD EPYC(TM) 7543P Server for SAP 15SP6 SUSE Linux Enterprise QEMU VM on Intel® Xeon® Gold 5218R Server for SAP 15SP6 SUSE Linux Enterprise QEMU VM on AMD EPYC(TM) 7543P Desktop 15SP6 SUSE Linux Enterprise QEMU VM on Intel® i7-1195G7 Desktop 15SP6 © 2025 SUSE, LLC/atsec information security corporation.
Operating System Hardware Platform SUSE Linux Enterprise QEMU VM on Intel® Xeon® Gold 6338 Server 15SP6 SUSE Linux Enterprise QEMU VM on Ampere® Altra® Q80-30 Server 15SP6 SUSE Linux Enterprise ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S Server Real Time 15SP6 SUSE Linux Enterprise SuperMicro SuperChassis 825BTQCR1K23LPB and Server Real Time 15SP6 Motherboard H12DSi-NT6 on AMD EPYC(TM) 7343 SUSE Linux Enterprise QEMU VM on AMD EPYC(TM) 7773X Server Real Time 15SP6 Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate. The module is considered to maintain compliance with the FIPS 140-3 validation for SUSE products when operating on any general-purpose platform/processor that supports the SUSE Linux Enterprise Server operating system per the vendor affirmation from SUSE based on the allowance FIPS 140-3 management manual [FIPS140-3_MM] section 7.9.1 bullet 1 a i).
There are no components within the cryptographic boundary excluded from the FIPS 140-3 requirements.
Modes List and Description: Mode Description Type Status Indicator Name Approved Automatically Approved Mapped to approved service indicator in mode entered Section 4.3 for all approved algorithms except whenever an GCM: respective approved service function approved service returns indicator 0. For GCM: is requested crypto_aead_get_flags(tfm) has the CRYPTO_TFM_FIPS_COMPLIANCE flag set Non- Automatically Non- No service indicator required for nonapproved entered Approved approved services per IG 2.4.C mode whenever a nonapproved service is requested Table 5: Modes List and Description © 2025 SUSE, LLC/atsec information security corporation.
After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode. No operator intervention is required to reach this point. Mode Change Instructions and Status: The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status indicator of the mode of operation is equivalent to the indicator of the service that was requested.
Approved Algorithms: Algorithm CAVP Cert Properties Reference AES-CBC A5503, A5507, A5510, A5513, Direction - Decrypt, SP 800-38A A5520, A5521, A5524, A5526, Encrypt A5530, A5533, A5536, A5661, Key Length - 128, 192, A5664 256 AES-CBC- A5503, A5507, A5510, A5513, Direction - decrypt, SP 800-38A CS3 A5520, A5521, A5526, A5530, encrypt A5533, A5536, A5664 Key Length - 128, 192, AES-CCM A5503, A5507, A5513, A5520, Key Length - 128, 192, SP 800-38C A5521, A5526, A5530, A5536, 256 A5661, A5664 AES-CFB128 A5503, A5507, A5513, A5521, Direction - Decrypt, SP 800-38A A5526, A5530, A5536, A5664 Encrypt Key Length - 128, 192, AES-CMAC A5503, A5507, A5513, A5520, Direction - Generation, SP 800-38B A5521, A5526, A5530, A5536, Verification A5661, A5664 Key Length - 128, 192, AES-CTR A5503, A5507, A5510, A5513, Direction - Decrypt, SP 800-38A A5520, A5521, A5524, A5526, Encrypt A5530, A5533, A5536, A5661, Key Length - 128, 192, A5664 256 AES-ECB A5503, A5505, A5506, A5507, Direction - Decrypt, SP 800-38A A5508, A5509, A5510, A5511, Encrypt A5512, A5513, A5514, A5515, Key Length - 128, 192, A5520, A5521, A5522, A5523, 256 A5524, A5526, A5528, A5529, A5530, A5531, A5532, A5533, A5534, A5535, A5536, A5537, © 2025 SUSE, LLC/atsec information security corporation.
Algorithm CAVP Cert Properties Reference A5538, A5661, A5662, A5663, A5664, A5665, A5666 AES-GCM A5503, A5506, A5507, A5509, Direction - Decrypt, SP 800-38D A5510, A5512, A5513, A5515, Encrypt A5521, A5523, A5526, A5529, IV Generation - External A5530, A5532, A5533, A5535, Key Length - 128, 192, A5536, A5538, A5661, A5663, 256 A5664, A5666 AES-GCM A5505, A5508, A5511, A5514, Direction - Decrypt, SP 800-38D A5522, A5528, A5531, A5534, Encrypt A5537, A5662, A5665 IV Generation - Internal IV Generation Mode 8.2.2 Key Length - 128, 192, AES-GMAC A5503, A5507, A5513, A5521, Direction - Decrypt, SP 800-38D A5526, A5530, A5536, A5661, Encrypt A5664 IV Generation - External Key Length - 128, 192, AES-KW A5503, A5507, A5513, A5521, Direction - Decrypt, SP 800-38F A5526, A5530, A5536, A5664 Encrypt Key Length - 128, 192, AES-OFB A5503, A5507, A5513, A5521, Direction - Decrypt, SP 800-38A A5526, A5530, A5536, A5664 Encrypt Key Length - 128, 192, AES-XTS A5503, A5507, A5510, A5513, Direction - Decrypt, SP 800-38E Testing A5520, A5521, A5524, A5526, Encrypt Revision 2.0 A5530, A5533, A5536, A5661, Key Length - 128, 256 A5664 Counter A5503, A5505, A5506, A5507, Prediction Resistance - SP 800-90A DRBG A5508, A5509, A5510, A5511, No, Yes Rev. 1 A5512, A5513, A5514, A5515, Mode - AES-128, AESA5521, A5522, A5523, A5526, 192, AES-256 A5528, A5529, A5530, A5531, Derivation Function A5532, A5533, A5534, A5535, Enabled - Yes A5536, A5537, A5538, A5661, A5662, A5663, A5664, A5665, A5666 © 2025 SUSE, LLC/atsec information security corporation.
Algorithm CAVP Cert Properties Reference ECDSA A5503, A5526 Curve - P-256, P-384 FIPS 186-5 KeyGen Secret Generation Mode (FIPS186-5) testing candidates ECDSA A5504, A5527 Component - No FIPS 186-4 SigVer Curve - P-256, P-384 (FIPS186-4) Hash Algorithm - SHA-1 ECDSA A5504, A5527 Curve - P-256, P-384 FIPS 186-5 SigVer Hash Algorithm - SHA2(FIPS186-5) 224, SHA2-256, SHA2384, SHA2-512 Hash DRBG A5503, A5516, A5517, A5518, Prediction Resistance - SP 800-90A A5526, A5539, A5540, A5541, No, Yes Rev. 1 A5664 Mode - SHA-1, SHA2-256, SHA2-512 HMAC DRBG A5503, A5516, A5517, A5518, Prediction Resistance - SP 800-90A A5526, A5539, A5540, A5541, No, Yes Rev. 1 A5664 Mode - SHA-1, SHA2-256, SHA2-512 HMAC-SHA-1 A5503, A5516, A5517, A5518, Key Length - Key Length: FIPS 198-1 A5519, A5520, A5526, A5539, 112-524288 Increment 8 A5540, A5541, A5542, A5664 HMAC-SHA2- A5503, A5516, A5517, A5518, Key Length - Key Length: FIPS 198-1
224 A5519, A5520, A5524, A5525, 112-524288 Increment 8
A5526, A5539, A5540, A5541, A5542, A5664 HMAC-SHA2- A5503, A5516, A5517, A5518, Key Length - Key Length: FIPS 198-1
256 A5519, A5520, A5524, A5525, 112-524288 Increment 8
A5526, A5539, A5540, A5541, A5542, A5664 HMAC-SHA2- A5503, A5516, A5517, A5518, Key Length - Key Length: FIPS 198-1
384 A5525, A5526, A5539, A5540, 112-524288 Increment 8
A5541, A5664 HMAC-SHA2- A5503, A5516, A5517, A5518, Key Length - Key Length: FIPS 198-1
512 A5525, A5526, A5539, A5540, 112-524288 Increment 8
A5541, A5664 HMAC-SHA3- A5503, A5526, A5664 Key Length - Key Length: FIPS 198-1
224 112-524288 Increment 8
© 2025 SUSE, LLC/atsec information security corporation.
Algorithm CAVP Cert Properties Reference HMAC-SHA3- A5503, A5526, A5664 Key Length - Key Length: FIPS 198-1
256 112-524288 Increment 8
HMAC-SHA3- A5503, A5526, A5664 Key Length - Key Length: FIPS 198-1
384 112-524288 Increment 8
HMAC-SHA3- A5503, A5526, A5664 Key Length - Key Length: FIPS 198-1
512 112-524288 Increment 8
KAS-ECC- A5503, A5526 Domain Parameter SP 800-56A SSC Sp800- Generation Methods - P- Rev. 3 56Ar3 256, P-384 Scheme ephemeralUnified KAS Role - initiator, responder KAS-FFC-SSC A5503, A5526 Domain Parameter SP 800-56A Sp800- Generation Methods - Rev. 3 56Ar3 ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 Scheme dhEphem KAS Role - initiator, responder KDF SP800- A5503, A5526 KDF Mode - Counter SP 800-108
108 Supported Lengths - Rev. 1
RSA SigVer A5503, A5526, A5664 Signature Type - PKCS FIPS 186-4 (FIPS186-4) 1.5 Modulo - 2048, 3072, 4096 RSA SigVer A5503, A5526, A5664 Modulo - 2048, 3072, FIPS 186-5 (FIPS186-5) 4096 Signature Type pkcs1v1.5 Safe Primes A5503, A5526 Safe Prime Groups - SP 800-56A Key ffdhe2048, ffdhe3072, Rev. 3 Generation ffdhe4096, ffdhe6144, ffdhe8192 © 2025 SUSE, LLC/atsec information security corporation.
Algorithm CAVP Cert Properties Reference SHA-1 A5503, A5516, A5517, A5518, Message Length - FIPS 180-4 A5519, A5520, A5526, A5539, Message Length: 0A5540, A5541, A5542, A5664 65536 Increment 8 Large Message Sizes - 1, SHA2-224 A5503, A5516, A5517, A5518, Message Length - FIPS 180-4 A5519, A5520, A5524, A5525, Message Length: 0A5526, A5539, A5540, A5541, 65536 Increment 8 A5542, A5664 Large Message Sizes - 1, SHA2-256 A5503, A5516, A5517, A5518, Message Length - FIPS 180-4 A5519, A5520, A5524, A5525, Message Length: 0A5526, A5539, A5540, A5541, 65536 Increment 8 A5542, A5664 Large Message Sizes - 1, SHA2-384 A5503, A5516, A5517, A5518, Message Length - FIPS 180-4 A5525, A5526, A5539, A5540, Message Length: 0A5541, A5664 65536 Increment 8 Large Message Sizes - 1, SHA2-512 A5503, A5516, A5517, A5518, Message Length - FIPS 180-4 A5525, A5526, A5539, A5540, Message Length: 0A5541, A5664 65536 Increment 8 Large Message Sizes - 1, SHA3-224 A5503, A5526, A5664 Message Length - FIPS 202 Message Length: 0-
Large Message Sizes - 1, SHA3-256 A5503, A5526, A5664 Message Length - FIPS 202 Message Length: 0-
Large Message Sizes - 1, SHA3-384 A5503, A5526, A5664 Message Length - FIPS 202 Message Length: 0-
Large Message Sizes - 1, SHA3-512 A5503, A5526, A5664 Message Length - FIPS 202 Message Length: 0© 2025 SUSE, LLC/atsec information security corporation.
Algorithm CAVP Cert Properties Reference
Large Message Sizes - 1, Table 6: Approved Algorithms Vendor-Affirmed Algorithms: Name Properties Implementation Reference Asymmetric Key N/A SP 800-133 Rev. 2, Cryptographic Key Type:Asymmetric section 4, example 1 Generation (CKG) Table 7: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: Name Use and Function AES-GCM with Encryption with external IV (not compliant to FIPS 140-3 IG C.H) external IV KBKDF (by Key derivation with implementation not tested by CAVP using the libkcapi) HKDF (by using Key derivation with implementation not tested by CAVP the libkcapi) PBKDF2 (by Password-based key derivation with implementation not tested by CAVP using the libkcapi) RSA Encryption primitive; Decryption primitive (not compliant to SP 80056Br2) RSA with Signature generation (pre-hashed message); Signature verification (prePKCS#1 v1.5 hashed message); Key encapsulation (not compliant to SP 800-56Br2); padding Key un-encapsulation (not compliant to SP 800-56Br2) ECDSA Signature generation (pre-hashed message); Signature verification (prehashed message) © 2025 SUSE, LLC/atsec information security corporation.
Table 8: Non-Approved, Not Allowed Algorithms
Name Type Description Properties Algorithms Encryption BC-UnAuth Encrypt a Key size (XTS):128, 256 AES-CBC: with AES plaintext with bits (A5503, AES Security strength A5507, (XTS):128, 256 bits A5510, Key size (Others):128, A5513, 192, 256 bits A5520, Security strength A5521, (Others):128, 192, 256 A5524, bits A5526, A5530, A5533, A5536, A5661, A5664) AES-CBCCS3: (A5503, A5507, A5510, A5513, A5520, A5521, A5526, A5530, A5533, A5536, A5664) AES-CFB128: (A5503, A5507, A5513, A5521, A5526, A5530, A5536, A5664) AES-CTR: (A5503, A5507, A5510, A5513, A5520, A5521, A5524, A5526, A5530, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5533, A5536, A5661, A5664) AES-ECB: (A5503, A5505, A5506, A5507, A5508, A5509, A5510, A5511, A5512, A5513, A5514, A5515, A5520, A5521, A5522, A5523, A5524, A5526, A5528, A5529, A5530, A5531, A5532, A5533, A5534, A5535, A5536, A5537, A5538, A5661, A5662, A5663, A5664, A5665, A5666) AES-OFB: (A5503, A5507, A5513, A5521, A5526, A5530, A5536, A5664) AES-XTS Testing © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms Revision 2.0: (A5503, A5507, A5510, A5513, A5520, A5521, A5524, A5526, A5530, A5533, A5536, A5661, A5664) Decryption BC-UnAuth Decrypt a Key size (XTS):128, 256 AES-CBC: with AES ciphertext bits (A5503, with AES Security strength A5507, (XTS):128, 256 bits A5510, Key size (Others):128, A5513, 192, 256 bits A5520, Security strength A5521, (Others):128, 192, 256 A5524, bits A5526, A5530, A5533, A5536, A5661, A5664) AES-CBCCS3: (A5503, A5507, A5510, A5513, A5520, A5521, A5526, A5530, A5533, A5536, A5664) AES-CFB128: (A5503, A5507, A5513, A5521, A5526, A5530, A5536, A5664) AES-CTR: © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms (A5503, A5507, A5510, A5513, A5520, A5521, A5524, A5526, A5530, A5533, A5536, A5661, A5664) AES-ECB: (A5503, A5505, A5506, A5507, A5508, A5509, A5510, A5511, A5512, A5513, A5514, A5515, A5520, A5521, A5522, A5523, A5524, A5526, A5528, A5529, A5530, A5531, A5532, A5533, A5534, A5535, A5536, A5537, A5538, A5661, A5662, A5663, A5664, A5665, A5666) AES-OFB: (A5503, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5507, A5513, A5521, A5526, A5530, A5536, A5664) AES-XTS Testing Revision 2.0: (A5503, A5507, A5510, A5513, A5520, A5521, A5524, A5526, A5530, A5533, A5536, A5661, A5664) Message SHA Compute a SHA-1: digest message (A5503, digest A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) SHA2-224: (A5503, A5516, A5517, A5518, A5519, A5520, A5524, A5525, A5526, A5539, A5540, A5541, A5542, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5664) SHA2-256: (A5503, A5516, A5517, A5518, A5519, A5520, A5524, A5525, A5526, A5539, A5540, A5541, A5542, A5664) SHA2-384: (A5503, A5516, A5517, A5518, A5525, A5526, A5539, A5540, A5541, A5664) SHA2-512: (A5503, A5516, A5517, A5518, A5525, A5526, A5539, A5540, A5541, A5664) SHA3-224: (A5503, A5526, A5664) SHA3-256: (A5503, A5526, A5664) SHA3-384: (A5503, A5526, A5664) SHA3-512: © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms (A5503, A5526, A5664) Message MAC Compute a Key size (HMAC):112- AES-CMAC: authenticatio MAC tag for 524288 bits (A5503, n authenticatio Security strength A5507, n (HMAC):112-256 bits A5513, Key size (AES):128, 192, A5520,
Security strength A5526, (AES):128, 192, 256 bits A5530, A5536, A5661, A5664) AES-GMAC: (A5503, A5507, A5513, A5521, A5526, A5530, A5536, A5661, A5664) HMAC-SHA-1: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2224: (A5503, A5516, A5517, A5518, A5519, A5520, A5524, A5525, A5526, A5539, A5540, A5541, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5542, A5664) HMAC-SHA2256: (A5503, A5516, A5517, A5518, A5519, A5520, A5524, A5525, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2384: (A5503, A5516, A5517, A5518, A5525, A5526, A5539, A5540, A5541, A5664) HMAC-SHA2512: (A5503, A5516, A5517, A5518, A5525, A5526, A5539, A5540, A5541, A5664) HMAC-SHA3224: (A5503, A5526, A5664) HMAC-SHA3256: (A5503, A5526, A5664) HMAC-SHA3384: (A5503, A5526, A5664) © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms HMAC-SHA3512: (A5503, A5526, A5664) Random DRBG Generate CTR-DRBG:Modes: AES- Counter number random 128, AES-192, AES-256, DRBG: generation numbers from with derivation function, (A5503, with DRBGs DRBGs with/without prediction A5505, resistance; Internal state A5506, length: 256, 320, 384 A5507, bits; Security strength: A5508, 128, 192, 256 bits A5509, HMAC-DRBG:Modes: SHA- A5510, 1, SHA-256, SHA-512 A5511, with/without prediction A5512, resistance; Internal state A5513, length: 320, 512, 1024 A5514, bits; Security strength: A5515, 128, 256 bits A5521, Hash-DRBG:Modes: SHA- A5522, 1, SHA-256, SHA-512 A5523, with/without prediction A5526, resistance; Internal state A5528, length: 880, 1776 bits; A5529, Security strength: 128, A5530,
A5532, A5533, A5534, A5535, A5536, A5537, A5538, A5661, A5662, A5663, A5664, A5665, A5666) Hash DRBG: (A5503, A5516, A5517, A5518, A5526, A5539, A5540, A5541, A5664) HMAC DRBG: © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms (A5503, A5516, A5517, A5518, A5526, A5539, A5540, A5541, A5664) Authenticated BC-Auth Encrypt and Key size (AES):128, 192, AES-CCM: encryption authenticate 256 bits (A5503, a plaintext Security strength A5507, (AES):128, 192, 256 bits A5513, A5520, A5521, A5526, A5530, A5536, A5661, A5664) AES-GCM: (A5503, A5505, A5506, A5507, A5508, A5509, A5510, A5511, A5512, A5513, A5514, A5515, A5521, A5522, A5523, A5526, A5528, A5529, A5530, A5531, A5532, A5533, A5534, A5535, A5536, A5537, A5538, A5661, A5662, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5663, A5664, A5665, A5666) AES-KW: (A5503, A5507, A5513, A5521, A5526, A5530, A5536, A5664) AES-CBC: (A5503, A5507, A5510, A5513, A5520, A5521, A5524, A5526, A5530, A5533, A5536, A5661, A5664) HMAC-SHA-1: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2224: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5542, A5664) HMAC-SHA2256: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2384: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2512: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) Authenticated BC-Auth Decrypt and Key size:128, 192, 256 AES-CCM: decryption authenticate bits (A5503, a ciphertext Security strength:128, A5507, 192, 256 bits A5513, A5520, A5521, A5526, A5530, A5536, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5661, A5664) AES-GCM: (A5503, A5505, A5506, A5507, A5508, A5509, A5510, A5511, A5512, A5513, A5514, A5515, A5521, A5522, A5523, A5526, A5528, A5529, A5530, A5531, A5532, A5533, A5534, A5535, A5536, A5537, A5538, A5661, A5662, A5663, A5664, A5665, A5666) AES-KW: (A5503, A5507, A5513, A5521, A5526, A5530, A5536, A5664) AES-CBC: (A5503, A5507, A5510, A5513, A5520, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5521, A5524, A5526, A5530, A5533, A5536, A5661, A5664) HMAC-SHA-1: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2224: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2256: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2384: (A5503, A5516, A5517, © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2512: (A5503, A5516, A5517, A5518, A5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) Key pair AsymKeyPair Generate an Curves:P-256, P-384 ECDSA generation -KeyGen asymmetric Security strength:128, KeyGen with ECDSA CKG EC key pair 192 bits (FIPS186-5): Mode:FIPS 186-5, Section (A5503, A.2.2 - Rejection A5526) Sampling Asymmetric Cryptographi c Key Generation (CKG): () Key pair AsymKeyPair Generate an Groups:ffdhe2048, Safe Primes generation -KeyGen asymmetric ffdhe3072, ffdhe4096, Key with Safe CKG DH key pair ffdhe6144, ffdhe8192 Generation: Primes using Diffie- Security strength:112- (A5503, Hellman 200 bits A5526) Mode:NIST SP 800-56A Asymmetric Rev. 3, Section 5.6.1.1.3 - Cryptographi Extra Random Bits c Key Generation (CKG): () Digital DigSig- Verify a Curves:P-256, P-384 ECDSA SigVer signature SigVer digital Hashes:SHA-1, SHA2-224, (FIPS186-4): verification signature SHA2-256, SHA2-384, (A5504, with ECDSA using ECDSA SHA2-512 A5527) Security strength:80 ECDSA SigVer © 2025 SUSE, LLC/atsec information security corporation.
Name Type Description Properties Algorithms (SHA-1); 112, 128, 192, (FIPS186-5):
A5527) Digital DigSig- Verify a Padding:PKCS#1 v1.5 RSA SigVer signature SigVer signature with Hashes:SHA-256 (FIPS186-4): verification RSA Key size(s):4096 bits (A5503, with RSA (149 bits) A5526, A5664) RSA SigVer (FIPS186-5): (A5503, A5526, A5664) Shared secret KAS-SSC Compute a Groups:ffdhe2048, KAS-FFC-SSC computation shared secret ffdhe3072, ffdhe4096, Sp800-56Ar3: with DH using Diffie- ffdhe6144, ffdhe8192 (A5503, Hellman Security strength:112- A5526)
KAS role:initiator, responder KAS Scheme:dhEphem Shared secret KAS-SSC Compute a Curves:P-256, P-384 KAS-ECC-SSC computation shared secret Security strength:128, Sp800-56Ar3: with ECDH using Elliptic 192 bits (A5503, Curve Diffie- KAS role:initiator, A5526) Hellman responder KAS scheme:ephemeralUnifie d Key KBKDF Derive a KDF mode:Counter KDF SP800derivation symmetric MAC mode:AES-CMAC 108: (A5503, with KBKDF key from a with 128-, 192-, 256-bit A5526) key-derivation keys; HMAC with SHA-1, key SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Derived key length:112-
Table 9: Security Function Implementations © 2025 SUSE, LLC/atsec information security corporation.
The Crypto Officer shall consider the following requirements and restrictions when using the module. For IPsec, the module offers the AES GCM implementation and uses the context of Scenario
1 of FIPS 140-3 IG C.H. The mechanism for IV generation is compliant with RFC 4106. IVs
generated using this mechanism may only be used in the context of AES GCM encryption within the IPsec protocol. The module does not implement IPsec. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. This application must use RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES GCM encryption keys are derived. The design of the IPsec protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the crypto_aead_encrypt API function with an AES GCM handle. Any approved use of the AES GCM service is indicated by the crypto_aead_get_flags(tfm) API returning the CRYPTO_TFM_FIPS_COMPLIANCE flag, as described in section 4.3.
The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 220 AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check to ensure that the two AES keys used in AES XTS mode are not identical. As the module does not implement symmetric key generation, this check is performed when the keys are input by the operator. Key_1 and Key_2 shall be generated and/or established independently according to the rules for component symmetric keys from NIST SP 800-133r2, Section 6.3. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.
For RSA signature verification, the module supports modulus size 4096 bits. The supported modulus size has been CAVP tested.
To comply with the assurances found in Section 5.6.2 of SP 800-56A Rev. 3, the operator must use the Diffie-Hellman and EC Diffie-Hellman shared secret computation algorithms in the context of IETF protocols. Additionally, the module’s approved key pair generation service (see Approved Services table in Section 4.3 Approved Services) must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the full public key validation of the generated public key. © 2025 SUSE, LLC/atsec information security corporation.
The module’s shared secret computation service will internally perform the full public key validation of the peer public key, complying with Sections 5.6.2.2.1 and 5.6.2.2.2 of SP 80056A Rev. 3.
The module does not establish SSPs using an approved key agreement scheme (KAS). However, it does offer some or all of the underlying KAS cryptographic functionality to be used by an external operator/application as part of an approved KAS.
The module does not establish SSPs using an approved key transport scheme (KTS). However, it does offer approved authenticated algorithms that can be used by an external operator/application as part of an approved KTS.
Digital signature generation using SHA-1 is non-approved and not allowed in approved services.
Cert Vendor Number Name E206 SUSE LLC E211 SUSE LLC Table 10: Entropy Certificates Name Type Operational Environment Sample Entropy Conditioning Size per Component Sample SUSE Non- SUSE Linux Enterprise Server 256 bits Full SHA3-256 Kernel Physical 15 SP6 on AMD EPYC(TM) entropy (A5503) CPU 7343; SUSE Linux Enterprise Time Server 15 SP6 on Ampere® Jitter Altra® Q80-30; SUSE Linux RNG Enterprise Server 15 SP6 on IBM® Telum(TM); SUSE Linux Enterprise Server 15 SP6 on Intel® Xeon® Gold 5416S SUSE Non- SUSE Linux Enterprise Server 256 bits Full SHA3-256 Kernel- Physical 15 SP6 on AMD EPYC(TM) entropy (A5526) RT CPU 7343; SUSE Linux Enterprise Time
1 The kernel RT and kernel-default modules are compiled within different binaries. For this reason, two separate ESV
validations were performed. Entropy-related source code between the two versions the kernel is the same. © 2025 SUSE, LLC/atsec information security corporation.
Name Type Operational Environment Sample Entropy Conditioning Size per Component Sample Jitter Server 15 SP6 on Intel® RNG Xeon® Gold 5416S Table 11: Entropy Sources The module implements three different Deterministic Random Bit Generator (DRBG) implementations based on SP 800-90Ar1: CTR_DRBG, Hash_DRBG, and HMAC_DRBG. Each of these DRBG implementations can be instantiated by the operator of the module. When instantiated, these DRBGs can be used to generate random numbers for external usage. Additionally, the module employs a specific HMAC-SHA2-512 DRBG implementation for internal purposes (e.g. to generate initialization vectors). This DRBG is initially seeded with
384 output bits from the entropy source (384 bits of entropy) and reseeded with 256 output
bits from the entropy source (256 bits of entropy). Outputs of multiple GetEntropy() calls are concatenated to receive the entropy input length greater than 256 bits. The output is truncated to get the entropy input string which is not a multiple of 256. E.g. The 384 bits of entropy source output is obtained by calling the GetEntropy() twice, with each call providing 256 bits of output. The second call output is truncated to 128 bits and concatenated to the 256 bit output from the first call. The module complies with the Public Use Document for ESV certificate E205 by reading entropy data from the jent_kcapi_random() function, which corresponds to the GetEntropy() conceptual interface. The operational environment on the ESV certificate is identical to the operating system described in this document. There are no maintenance requirements for the entropy source.
The module implements asymmetric key pair generation compliant with SP 800-133 Rev.
The module implements shared secret computation as listed in the Security Function Implementations table in 2.6 Security Function Implementations. © 2025 SUSE, LLC/atsec information security corporation.
AES GCM with internal IV generation in the approved mode is compliant with RFC 4106 and shall only be used in conjunction with the IPsec protocol. No parts of this protocol, other than the AES GCM implementation, have been tested by the CAVP and CMVP. © 2025 SUSE, LLC/atsec information security corporation.
Physical Logical Data That Passes Port Interface(s) N/A Data Input API data input parameters, AF_ALG type sockets N/A Data Output API data output parameters, AF_ALG type sockets N/A Control Input API function calls, API control input parameters, AF_ALG type sockets, kernel command line N/A Status API return values, AF_ALG type sockets, kernel logs Output Table 12: Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design, AF_ALG type socket that allows the applications running in the user space to request cryptographic services from the module. © 2025 SUSE, LLC/atsec information security corporation.
The module does not implement authentication.
Name Type Operator Type Authentication Methods Crypto Officer Role CO None Table 13: Roles No support is provided for multiple concurrent operators.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns Message Compute crypto_shash_init Messa Digest Message Crypto digest a returns 0 ge value digest Officer message digest Encryptio Encrypt crypto_skcipher_setkey AES Ciphertex Encryptio Crypto n a returns 0 key, t n with Officer plaintext plainte AES - AES xt key: W,E Decrypti Decrypt crypto_skcipher_setkey AES Plaintext Decrypti Crypto on a returns 0 key, on with Officer cipherte ciphert AES - AES xt ext key: W,E Authenti Encrypt For all except AES GCM: AES Ciphertex Authenti Crypto cated and crypto_aead_setkey key, t, MAC cated Officer encryptio authenti returns 0; For AES GCM: plainte tag encryptio - AES n cate a crypto_aead_get_flags(t xt, IV n key: plaintext fm) has the W,E CRYPTO_TFM_ FIPS_COMPLIANCE flag set Authenti Decrypt For all except AES GCM: AES Plaintext Authenti Crypto cated an crypto_aead_setkey key, or failure cated Officer authenti returns 0; For AES GCM: ciphert - AES © 2025 SUSE, LLC/atsec information security corporation.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns decryptio cated crypto_aead_get_flags(t ext, decryptio key: n cipherte fm) has the MAC n W,E xt CRYPTO_TFM_ tag, IV FIPS_COMPLIANCE flag set Encrypt Encrypt crypto_shash_init AES Ciphertex Authenti Crypto then plaintext returns 0 key, t, MAC cated Officer MAC with AES HMAC tag encryptio - AES and use key, n key: HMAC plainte W,E authenti xt - HMAC cate it key: W,E Decrypt Decrypt crypto_shash_init AES Plaintext Authenti Crypto then an returns 0 key, or failure cated Officer verify authenti HMAC decryptio - AES cated a key, n key: cipherte ciphert W,E xt using ext, - HMAC AES and MAC key: HMAC tag W,E Message Compute crypto_shash_init AES: MAC tag Message Crypto authentic a MAC returns 0 AES authentic Officer ation tag key, ation - AES generati messa key: on ge; W,E HMAC: - HMAC HMAC key: key, W,E messa ge Message Compute crypto_shash_init AES: Success/F Message Crypto authentic a MAC returns 0 AES ailure authentic Officer ation tag key, ation - AES verificati messa key: on ge, W,E MAC - HMAC tag; key: HMAC: W,E HMAC key, messa ge, © 2025 SUSE, LLC/atsec information security corporation.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns MAC tag Random Generat crypto_rng_get_bytes Output Random Random Crypto number e returns 0 length bytes number Officer generati random generati on bytes on with Entropy DRBGs input: W,E,Z CTR_DR BG seed: G,E,Z Hash_D RBG seed: G,E,Z HMAC_ DRBG seed: G,E,Z CTR_DR BG Internal state (V, Key): G,W,E Hash_D RBG Internal state (V, C): G,W,E HMAC_ DRBG Internal state (V, Key): G,W,E © 2025 SUSE, LLC/atsec information security corporation.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns Key Derive a crypto_kdf108_ctr_gene Output Derived Key Crypto derivatio symmetr rate returns 0 length key derivatio Officer n ic key n with - Keyfrom a KBKDF derivati key- on key: derivatio W,E n key Derived key: G,R DH Key Generat crypto_kpp_set_secret() Group DH key Key pair Crypto pair e an and pair generati Officer generati asymme crypto_kpp_generate_p on with on tric DH ublic_key() return 0 Safe Modulekey pair Primes generat using ed DH Diffie- private Hellman key: G,R Modulegenerat ed DH public key: G,R Interme diate key generati on value: G,E,Z EC Key Generat crypto_kpp_set_secret() Curve EC key Key pair Crypto pair e an and pair generati Officer generati asymme crypto_kpp_generate_p on with on tric EC ublic_key() return 0 ECDSA Modulekey pair generat ed EC private key: G,R Modulegenerat © 2025 SUSE, LLC/atsec information security corporation.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns ed EC public key: G,R Interme diate key generati on value: G,E,Z Shared Compute crypto_kpp_compute_sh Public Shared Shared Crypto secret a shared ared_secret() returns 0 key secret secret Officer computa secret (peer), computa - DH tion using Private tion with private (EC) key DH key: Diffie- Shared W,E Hellman secret - DH computa public tion with key: ECDH W,E - EC private key: W,E - EC public key: W,E - Shared secret: G,R Error Compute None Messa EDC None Crypto detection an EDC ge Officer code (crc32, crct10dif ) Compres Compres None Data Compress None Crypto sion s data ed data Officer (deflate, lz4, lz4hc, lzo, © 2025 SUSE, LLC/atsec information security corporation.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns zlibdefla te, zstd) Generic Use the None Identifi Various None Crypto system kernel to er, return Officer call perform variou values various s non- argum cryptogr ents aphic operatio ns Show Return None N/A Module None Crypto version the name and Officer module version name and version informati on Show Return None N/A Module None Crypto status the status Officer module status Self-test Perform None N/A Pass/fail Encryptio Crypto the n with Officer CASTs AES and Decrypti integrity on with tests AES Message digest Message authentic ation Random number generati on with DRBGs Authenti cated encryptio n Authenti © 2025 SUSE, LLC/atsec information security corporation.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns cated decryptio n Digital signature verificati on with ECDSA Digital signature verificati on with RSA Shared secret computa tion with DH Shared secret computa tion with ECDH Key derivatio n with KBKDF Zeroizati Zeroize None Any N/A None Crypto on all SSPs SSP Officer - AES key: Z - HMAC key: Z Entropy input: Z CTR_DR BG Internal state (V, Key): Z Hash_D RBG Internal state © 2025 SUSE, LLC/atsec information security corporation.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns (V, C): Z HMAC_ DRBG Internal state (V, Key): Z CTR_DR BG seed: Z Hash_D RBG seed: Z HMAC_ DRBG seed: Z - Keyderivati on key: Z Derived key: Z Interme diate key generati on value: Z Modulegenerat ed DH private key: Z Modulegenerat ed DH public key: Z Modulegenerat © 2025 SUSE, LLC/atsec information security corporation.
Name Descrip Indicator Input Outputs Security SSP tion s Functio Access ns ed EC private key: Z Modulegenerat ed EC public key: Z - DH private key: Z - DH public key: Z - EC private key: Z - EC public key: Z - Shared secret: Z Table 14: Approved Services The table above lists the approved services. The following convention is used to specify access rights to SSPs:
Name Description Algorithms Role AES GCM external IV Encrypt a plaintext using AES AES-GCM with CO encryption GCM with an external IV external IV Key derivation Derive a key from a key- KBKDF (by using CO derivation key or a shared the libkcapi) secret HKDF (by using the libkcapi) © 2025 SUSE, LLC/atsec information security corporation.
Name Description Algorithms Role Password-based key Derive a key from a password PBKDF2 (by using CO derivation the libkcapi) RSA encryption primitive Compute the raw RSA RSA CO encryption of a plaintext RSA decryption primitive Compute the raw RSA RSA CO decryption of a ciphertext RSA signature generation Generate a digital signature for RSA with PKCS#1 CO (pre-hashed message) a pre-hashed message v1.5 padding ECDSA RSA signature verification Verify a digital signature for a RSA with PKCS#1 CO (pre-hashed message) pre-hashed message v1.5 padding ECDSA Table 15: Non-Approved Services
The module does not load external software or firmware. © 2025 SUSE, LLC/atsec information security corporation.
The Linux kernel binary is integrity tested using an HMAC-SHA2-256 calculation performed by the fipscheck application (which utilizes the module’s HMAC and SHA-256 implementations). An HMAC-SHA2-256 calculation is also performed on the fipscheck application and the libkcapi library to verify their integrity. The kernel crypto object files listed in section 2.2 are loaded on start-up by the module and verified using RSA signature verification with PKCS#1 v1.5 padding, SHA-256, and a 4096-bit key. The fipscheck application first executes the HMAC-SHA2-256 self-test. After this self-test is successful, the fipscheck application is used to perform an HMAC calculation of the libkcapi library, the kernel binary, and of its own binary to verify their integrity. After the integrity of these components has been verified, the self-test for the RSA signature verification implementation is run. Upon successful run of this self-test, the RSA signature verification implementation of the kernel is used to verify the integrity of the crypto object files listed in section 2.2 and loaded at start-up.
Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity tests can be invoked on demand by unloading and subsequently re-initializing the module, which will perform (among others) the software integrity tests. © 2025 SUSE, LLC/atsec information security corporation.
Type of Operational Environment: Modifiable How Requirements are Satisfied: The operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented.
The module shall be installed as stated in Section 11.1. Instrumentation tools like the ptrace system call, gdb and strace, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environments. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2025 SUSE, LLC/atsec information security corporation.
The module is comprised of software only and therefore this section is not applicable. © 2025 SUSE, LLC/atsec information security corporation.
This module does not implement any non-invasive security mechanism and therefore this section is not applicable. © 2025 SUSE, LLC/atsec information security corporation.
Storage Description Persistence Area Type Name RAM Temporary storage for SSPs used by the module as part of Dynamic service execution Table 16: Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in the RAM in plaintext form. SSPs are provided to the module by the calling process and are destroyed when released by the appropriate zeroization function calls.
Name From To Format Distributio Entry SFI or Type n Type Type Algorith m AF_ALG_typ Operator Cryptographi Plaintex Manual Electroni e sockets calling c module t c (input) application (TOEPP), userspace AF_ALG_typ Cryptographi Operator Plaintex Manual Electroni e sockets c module calling t c (output) application (TOEPP), userspace API input Operator Cryptographi Plaintex Manual Electroni parameters calling c module t c (input) application (TOEPP), kernel space API output Cryptographi Operator Plaintex Manual Electroni parameters c module calling t c (output) application (TOEPP), kernel space Table 17: SSP Input-Output Methods © 2025 SUSE, LLC/atsec information security corporation.
Zeroization Description Rationale Operator Initiation Method Automatic Automatically Memory occupied by N/A zeroized by the SSPs is overwritten module when with zeroes, which no longer renders the SSP needed values irretrievable. Free cipher Zeroizes the Memory occupied by By calling the appropriate handle SSPs contained SSPs is overwritten zeroization functions: AES key: within the with zeroes, which crypto_free_skcipher and cipher handle renders the SSP crypto_free_aead; HMAC key: values irretrievable. crypto_free_shash and The completion of the crypto_free_ahash; DRBG zeroization routine internal state: crypto_free_rng; indicates that the DRBG seed: crypto_free_rng; zeroization procedure Entropy input string: succeeded. crypto_free_rng; Key-derivation key, Derived key: kfree_sensitive; Shared secret: crypto_free_kpp Remove De-allocates Volatile memory used By removing power power from the volatile by the module is the module memory used overwritten within to store SSPs nanoseconds when power is removed. Module power off indicates that the zeroization procedure succeeded. The successful removal of power implicitly indicates that the zeroization is complete. Table 18: SSP Zeroization Methods All data output is inhibited during zeroization.
Name Descripti Size - Type - Generat Establish Used By on Strengt Category ed By ed By h AES key AES key 128, Symmetric Encryption used for 192, 256 Key - CSP with AES © 2025 SUSE, LLC/atsec information security corporation.
Name Descripti Size - Type - Generat Establish Used By on Strengt Category ed By ed By h encryption bits - Decryption , 128, with AES decryption 192, 256 Message , and bits authenticati computing on MAC tags. Authenticat ed encryption Authenticat ed decryption HMAC key HMAC key. 112- Authenticati Message
bits - on 112-256 bits Entropy Entropy 128-384 Entropy Random input input used bits - input - CSP number to seed 128-384 generation the bits with DRBGs DRBGs. Compliant with IG D.L. CTR_DRBG DRBG 256, Seed - CSP Random Random seed seed 320, 384 number number derived bits - generatio generation from 128, n with with DRBGs entropy 192, 256 DRBGs input. bits Compliant with IG D.L. Hash_DRB DRBG 440, 888 Seed - CSP Random Random G seed seed bits - number number derived 128, 256 generatio generation from bits n with with DRBGs entropy DRBGs input. Compliant with IG D.L. © 2025 SUSE, LLC/atsec information security corporation.
Name Descripti Size - Type - Generat Establish Used By on Strengt Category ed By ed By h HMAC_DR DRBG 440, 888 Seed - CSP Random Random BG seed seed bits - number number derived 128, 256 generatio generation from bits n with with DRBGs entropy DRBGs input. Compliant with IG D.L. CTR_DRBG Internal 256, Internal Random Random Internal state of 320, 384 state - CSP number number state (V, CTR_DRBG bits - generatio generation Key) instances. 128, n with with DRBGs Compliant 192, 256 DRBGs with IG bits D.L. Hash_DRB Internal 880, Internal Random Random G Internal state of 1776 bits state - CSP number number state (V, Hash_DRB - 128, generatio generation C) G 256 bits n with with DRBGs instances. DRBGs Compliant with IG D.L. HMAC_DR Internal 320, Internal Random Random BG state of 512, state - CSP number number Internal HMAC_DR 1024 bits generatio generation state (V, BG - 128, n with with DRBGs Key) instances. 256 bits DRBGs Compliant with IG D.L. Key- Symmetric 112- Symmetric Key derivation key used 4096 bits key - CSP derivation key to derive - 112- with KBKDF symmetric 256 bits keys Derived Symmetric 112- Symmetric Key Key key key 4096 bits key - CSP derivation derivation derived - 112- with with KBKDF from a 256 bits KBKDF key© 2025 SUSE, LLC/atsec information security corporation.
Name Descripti Size - Type - Generat Establish Used By on Strengt Category ed By ed By h derivation key Intermedia Intermedia 112- Intermediat Key pair Key pair te key te key pair 8912 bits e value - generatio generation generation generation - 112- CSP n with with ECDSA value value 256 bits ECDSA Key pair generated Key pair generation during key generatio with Safe generation n with Primes services Safe (SP 800- Primes
Section 4, 5.1, and 5.2) Module- DH private ffdhe204 Private key - Key pair Key pair generated key 8, CSP generatio generation DH private generated ffdhe307 n with with Safe key by the 2, Safe Primes module ffdhe409 Primes 6, ffdhe614 4, ffdhe819
Module- DH public ffdhe204 Public key - Key pair Key pair generated key 8, PSP generatio generation DH public generated ffdhe307 n with with Safe key by the 2, Safe Primes module ffdhe409 Primes 6, ffdhe614 4, ffdhe819
Module- EC private P-256, P- Private key - Key pair Key pair generated key 384 - CSP generatio generation EC private generated 128, 192 n with with ECDSA key by the bits ECDSA module © 2025 SUSE, LLC/atsec information security corporation.
Name Descripti Size - Type - Generat Establish Used By on Strengt Category ed By ed By h Module- EC public P-256, P- Public key - Key pair Key pair generated key 384 - PSP generatio generation EC public generated 128, 192 n with with ECDSA key by the bits ECDSA module DH private DH private ffdhe204 Private key - Shared key key input 8, CSP secret to the ffdhe307 computatio module 2, n with DH and used ffdhe409 for shared 6, secret ffdhe614 computati 4, on ffdhe819
DH public DH public ffdhe204 Public key - Shared key key input 8, PSP secret to the ffdhe307 computatio module 2, n with DH and used ffdhe409 for shared 6, secret ffdhe614 computati 4, on ffdhe819
EC private ECDH P-256, P- Private key - Shared key private 384 - CSP secret key input 128, 192 computatio to the bits n with ECDH module and used for shared secret computati on EC public ECDH P-256, P- Public key - Shared key public key 384 - PSP secret input to 128, 192 computatio the bits n with ECDH module and used for shared © 2025 SUSE, LLC/atsec information security corporation.
Name Descripti Size - Type - Generat Establish Used By on Strengt Category ed By ed By h secret computati on Shared Shared 224- Shared Shared Shared secret secret 8912 bits Secret - CSP secret secret generated - 112- computati computatio by 256 bits on with DH n with DH ECDH/DH Shared Shared shared secret secret secret computati computatio computati on with n with ECDH on ECDH Key derivation with KBKDF Table 19: SSP Table 1 Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n AES key AF_ALG_typ RAM:Plaintex Until cipher Free cipher e sockets t handle is handle (input) freed or Remove API input module power from parameters powered off the module (input) HMAC key AF_ALG_typ RAM:Plaintex Until cipher Free cipher e sockets t handle is handle (input) freed or Remove API input module power from parameters powered off the module (input) Entropy RAM:Plaintex From Automatic CTR_DRBG input t generation Seed:Derives until DRBG Hash_DRBG seed/reseed Seed:Derives HMAC_DRBG Seed:Derives CTR_DRBG RAM:Plaintex While the Automatic Entropy seed t DRBG is input:Derived being From instantiated CTR_DRBG © 2025 SUSE, LLC/atsec information security corporation.
Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n Internal state (V, Key):Derives Hash_DRBG RAM:Plaintex While the Automatic Entropy seed t DRBG is input:Derived being From instantiated Hash_DRBG Internal state (V, C):Derives HMAC_DRB RAM:Plaintex While the Automatic Entropy G seed t DRBG is input:Derived being From instantiated HMAC_DRBG Internal state (V, Key):Derives CTR_DRBG RAM:Plaintex From DRBG Free cipher CTR_DRBG Internal t instantiation handle seed:Derived state (V, until DRBG Remove From Key) is un- power from instantiated the module Hash_DRBG RAM:Plaintex From DRBG Free cipher Hash_DRBG Internal t instantiation handle seed:Derived state (V, C) until DRBG Remove From is un- power from instantiated the module HMAC_DRB RAM:Plaintex From DRBG Free cipher HMAC_DRBG G Internal t instantiation handle seed:Derived state (V, until DRBG Remove From Key) is un- power from instantiated the module Key- API input RAM:Plaintex From Free cipher Derived derivation parameters t service handle key:Derives key (input) invocation Remove until power from cipherhandl the module e is freed Derived key API output RAM:Plaintex From Free cipher Key-derivation parameters t service handle key:Derived (output) invocation Remove From until power from cipherhandl the module e is freed © 2025 SUSE, LLC/atsec information security corporation.
Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n Intermediat RAM:Plaintex From Automatic Modulee key t service Remove generated DH generation invocation power from private value until it is the module key:Generates completed Modulegenerated DH public key:Generates Modulegenerated EC private key:Generates Modulegenerated EC public key:Generates Module- AF_ALG_typ RAM:Plaintex Until cipher Free cipher Intermediate key generated e sockets t handle is handle generation DH private (output) freed or Remove value:Generated key API output module power from from parameters powered off the module Module(output) generated DH public key:Paired With Module- AF_ALG_typ RAM:Plaintex Until cipher Free cipher Intermediate key generated e sockets t handle is handle generation DH public (output) freed or Remove value:Generated key API output module power from from parameters powered off the module Module(output) generated DH private key:Paired With Module- AF_ALG_typ RAM:Plaintex Until cipher Free cipher Intermediate key generated e sockets t handle is handle generation EC private (output) freed or Remove value:Generated key API output module power from From parameters powered off the module Module(output) generated EC public key:Paired With Module- AF_ALG_typ RAM:Plaintex Until cipher Free cipher Intermediate key generated e sockets t handle is handle generation EC public (output) freed or Remove value:Generated key API output From Module© 2025 SUSE, LLC/atsec information security corporation.
Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n parameters module power from generated EC (output) powered off the module private key:Paired With DH private AF_ALG_typ RAM:Plaintex Free cipher DH public key e sockets t handle key:Paired With (input) Remove Shared API input power from secret:Establishe parameters the module s (input) DH public AF_ALG_typ RAM:Plaintex Free cipher DH private key e sockets t handle key:Paired With (input) Remove Shared API input power from secret:Establishe parameters the module s (input) EC private AF_ALG_typ RAM:Plaintex Free cipher EC public key e sockets t handle key:Paired With (input) Remove Shared API input power from secret:Establishe parameters the module s (input) EC public AF_ALG_typ RAM:Plaintex Free cipher EC private key e sockets t handle key:Paired With (input) Remove Shared API input power from secret:Establishe parameters the module s (input) Shared AF_ALG_typ RAM:Plaintex From Free cipher DH private secret e sockets t service handle key:Established (output) invocation Remove By API output until power from DH public parameters cipherhandl the module key:Established (output) e is freed By EC private key:Established By EC public key:Established By Table 20: SSP Table 2 © 2025 SUSE, LLC/atsec information security corporation.
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Test Method Test Indicator Details Test Properties Type HMAC-SHA2- 256-bit key Message SW/FW Module Integrity test
256 (A5503) - Authentication Integrity becomes for kernel
kernel version operational binary
3.5 and services version 3.5
are available for use. HMAC-SHA2- 256-bit key Message SW/FW Module Integrity test
256 (A5503) - Authentication Integrity becomes for fipscheck
fipscheck operational application version 3.5 and services version 3.5 are available for use. RSA SigVer 4096-bit key Signature SW/FW Module Integrity test (FIPS186-5) with SHA2- Verification Integrity becomes for kernel (A5503) - 256 operational object files object files and services version 3.5 version 3.5 are available for use. HMAC-SHA2- 256-bit key Message SW/FW Module Integrity test
256 (A5526) - Authentication Integrity becomes for kernel
kernel version operational binary
3.6 and services version 3.6
are available for use. HMAC-SHA2- 256-bit key Message SW/FW Module Integrity test
256 (A5526) - Authentication Integrity becomes for fipscheck
fipscheck operational application version 3.6 and services version 3.6 are available for use. RSA SigVer 4096-bit key Signature SW/FW Module Integrity test (FIPS186-5) with SHA2- Verification Integrity becomes for kernel (A5526) - 256 operational object files object files and services version 3.6 version 3.6 are available for use. Table 21: Pre-Operational Self-Tests © 2025 SUSE, LLC/atsec information security corporation.
The pre-operational software integrity tests are performed automatically when the module is powered on, before the module transitions into the operational state. The algorithms used for the integrity test (i.e., HMAC-SHA2-256 and RSA SigVer with 4096 bit key) run their CASTs before the integrity test is performed. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the pre-operational software integrity self-tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e SHA-1 0-8184 bit KAT CAST Module Message Module (A5503) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5516) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5517) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5518) messages becomes Digest initialization operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e SHA-1 0-8184 bit KAT CAST Module Message Module (A5519) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5520) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5526) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5539) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5540) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5541) messages becomes Digest initialization operationa © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5542) messages becomes Digest initialization operationa l and services are available for use. SHA-1 0-8184 bit KAT CAST Module Message Module (A5664) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5503) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5516) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5517) messages becomes Digest initialization operationa l and services are © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5518) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5519) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5520) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5524) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5525) messages becomes Digest initialization operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e SHA2-256 0-8184 bit KAT CAST Module Message Module (A5526) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5539) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5540) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5541) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5542) messages becomes Digest initialization operationa l and services are available for use. SHA2-256 0-8184 bit KAT CAST Module Message Module (A5664) messages becomes Digest initialization operationa © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5503) messages becomes Digest initialization operationa l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5516) messages becomes Digest initialization operationa l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5517) messages becomes Digest initialization operationa l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5518) messages becomes Digest initialization operationa l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5525) messages becomes Digest initialization operationa l and services are © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5526) messages becomes Digest initialization operationa l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5539) messages becomes Digest initialization operationa l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5540) messages becomes Digest initialization operationa l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5541) messages becomes Digest initialization operationa l and services are available for use. SHA2-512 0-8184 bit KAT CAST Module Message Module (A5664) messages becomes Digest initialization operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e SHA3-224 0-8184 bit KAT CAST Module Message Module (A5503) messages becomes Digest initialization operationa l and services are available for use. SHA3-224 0-8184 bit KAT CAST Module Message Module (A5526) messages becomes Digest initialization operationa l and services are available for use. SHA3-224 0-8184 bit KAT CAST Module Message Module (A5664) messages becomes Digest initialization operationa l and services are available for use. SHA3-256 0-8184 bit KAT CAST Module Message Module (A5503) messages becomes Digest initialization operationa l and services are available for use. SHA3-256 0-8184 bit KAT CAST Module Message Module (A5526) messages becomes Digest initialization operationa l and services are available for use. SHA3-256 0-8184 bit KAT CAST Module Message Module (A5664) messages becomes Digest initialization operationa © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e l and services are available for use. SHA3-384 0-8184 bit KAT CAST Module Message Module (A5503) messages becomes Digest initialization operationa l and services are available for use. SHA3-384 0-8184 bit KAT CAST Module Message Module (A5526) messages becomes Digest initialization operationa l and services are available for use. SHA3-384 0-8184 bit KAT CAST Module Message Module (A5664) messages becomes Digest initialization operationa l and services are available for use. SHA3-512 0-8184 bit KAT CAST Module Message Module (A5503) messages becomes Digest initialization operationa l and services are available for use. SHA3-512 0-8184 bit KAT CAST Module Message Module (A5526) messages becomes Digest initialization operationa l and services are © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e available for use. SHA3-512 0-8184 bit KAT CAST Module Message Module (A5664) messages becomes Digest initialization operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5503) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5505) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5506) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5507) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5508) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5509) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5510) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5511) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5512) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5513) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5514) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5515) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5521) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5522) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5523) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5526) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5528) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5529) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5530) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5531) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5532) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5533) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5534) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5535) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5536) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5537) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5538) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5661) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5662) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5663) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5664) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5665) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys and becomes initialization (A5666) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5503) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5505) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5506) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5507) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5508) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5509) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5510) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5511) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5512) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5513) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5514) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5515) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5521) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5522) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5523) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5526) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5528) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5529) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5530) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5531) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5532) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5533) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5534) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5535) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5536) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5537) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5538) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5661) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5662) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5663) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5664) 96-bit IVs operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5665) 96-bit IVs operationa l and services are available for use. AES-GCM - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys and becomes initialization (A5666) 96-bit IVs operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5503) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5505) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5506) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5507) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5508) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5509) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5510) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5511) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5512) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5513) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5514) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5515) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5520) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5521) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5522) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5523) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5524) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5526) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5528) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5529) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5530) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5531) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5532) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5533) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5534) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5535) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5536) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5537) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5538) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5661) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5662) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5663) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5664) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5665) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Encryption Module Encrypt bit keys becomes initialization (A5666) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5503) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5505) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5506) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5507) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5508) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5509) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5510) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5511) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5512) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5513) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5514) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5515) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5520) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5521) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5522) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5523) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5524) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5526) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5528) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5529) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5530) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5531) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5532) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5533) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5534) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5535) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5536) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5537) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5538) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5661) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5662) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5663) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5664) operationa l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5665) operationa l and services are available for use. AES-ECB - 128, 192, 256 KAT CAST Module Decryption Module Decrypt bit keys becomes initialization (A5666) operationa l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5503) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5516) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5517) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5518) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5519) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5520) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5526) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5539) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5540) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5541) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5542) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA-1 keys becomes authenticatio initialization (A5664) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5503) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5516) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5517) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5518) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5519) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5520) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5524) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5525) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5526) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5539) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5540) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5541) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5542) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-224 keys becomes authenticatio initialization (A5664) operationa n l and services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5503) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5516) operationa n Before l and integrity test. services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5517) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5518) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5519) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5520) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5524) operationa n Before l and integrity test. services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5525) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5526) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5539) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5540) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5541) operationa n Before l and integrity test. services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5542) operationa n Before l and integrity test. services are available for use. HMAC- 32-64 bit KAT CAST Module Message Module SHA2-256 keys becomes authenticatio initialization. (A5664) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5503) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5516) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5517) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5518) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5525) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5526) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5539) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5540) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5541) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-384 keys becomes authenticatio initialization (A5664) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5503) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5516) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5517) operationa n Before l and integrity test. services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5518) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5525) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5526) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5539) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5540) operationa n Before l and integrity test. services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5541) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA2-512 keys becomes authenticatio initialization. (A5664) operationa n Before l and integrity test. services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-224 keys becomes authenticatio initialization (A5503) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-224 keys becomes authenticatio initialization (A5526) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-224 keys becomes authenticatio initialization (A5664) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-256 keys becomes authenticatio initialization (A5503) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-256 keys becomes authenticatio initialization (A5526) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-256 keys becomes authenticatio initialization (A5664) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-384 keys becomes authenticatio initialization (A5503) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-384 keys becomes authenticatio initialization (A5526) operationa n l and services are available for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-384 keys becomes authenticatio initialization (A5664) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-512 keys becomes authenticatio initialization (A5503) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-512 keys becomes authenticatio initialization (A5526) operationa n l and services are available for use. HMAC- 32-1048 bit KAT CAST Module Message Module SHA3-512 keys becomes authenticatio initialization (A5664) operationa n l and services are available for use. Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5503) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5505) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5506) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5507) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5508) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5509) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e of SP 800- available 90Arev1 for use. Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5510) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5511) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5512) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5513) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5514) DF, operationa Generate with/without l and PR; Health services © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5515) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5521) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5522) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5523) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5526) DF, operationa Generate © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5528) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5529) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5530) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5531) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5532) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5533) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5534) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5535) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5536) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e of SP 800- available 90Arev1 for use. Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5537) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5538) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5661) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5662) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5663) DF, operationa Generate with/without l and PR; Health services © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5664) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5665) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Counter 128, 192, 256 KAT CAST Module Instantiate, Module DRBG bit keys with becomes Reseed, initialization (A5666) DF, operationa Generate with/without l and PR; Health services test per are section 11.3 available of SP 800- for use. 90Arev1 Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5503) PR; Health operationa Generate test per l and section 11.3 services of SP 800- are 90Arev1 available for use. Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5516) PR; Health operationa Generate test per l and © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e section 11.3 services of SP 800- are 90Arev1 available for use. Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5517) PR; Health operationa Generate test per l and section 11.3 services of SP 800- are 90Arev1 available for use. Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5518) PR; Health operationa Generate test per l and section 11.3 services of SP 800- are 90Arev1 available for use. Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5526) PR; Health operationa Generate test per l and section 11.3 services of SP 800- are 90Arev1 available for use. Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5539) PR; Health operationa Generate test per l and section 11.3 services of SP 800- are 90Arev1 available for use. Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5540) PR; Health operationa Generate test per l and section 11.3 services of SP 800- are 90Arev1 © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e available for use. Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5541) PR; Health operationa Generate test per l and section 11.3 services of SP 800- are 90Arev1 available for use. Hash SHA2-256 KAT CAST Module Instantiate, Module DRBG With/without becomes Reseed, initialization (A5664) PR; Health operationa Generate test per l and section 11.3 services of SP 800- are 90Arev1 available for use. HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5503) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5516) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5517) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5518) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5526) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5539) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5540) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5541) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e HMAC SHA2-256, KAT CAST Module Instantiate, Module DRBG SHA2-512 becomes Reseed, initialization (A5664) With/without operationa Generate PR; Health l and test per services section 11.3 are of SP 800- available 90Arev1 for use. ECDSA P-256 with KAT CAST Module Verify Module SigVer SHA-256 becomes initialization (FIPS186- operationa
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e (FIPS186- l and Before 5) (A5664) services integrity test. are available for use. KDF 512 bit key- KAT CAST Module Derivation Module SP800-108 derivation becomes initialization (A5503) key with operationa hmac(sha256 l and ) deriving a services
key material available for use. KDF 512 bit key- KAT CAST Module Derivation Module SP800-108 derivation becomes initialization (A5526) key with operationa hmac(sha256 l and ) deriving a services
key material available for use. KAS-ECC- P-256 and P- KAT CAST Module Shared secret Module SSC 384 becomes computation initialization Sp800- operationa 56Ar3 l and (A5503) services are available for use. KAS-ECC- P-256 and P- KAT CAST Module Shared secret Module SSC 384 becomes computation initialization Sp800- operationa 56Ar3 l and (A5526) services are available for use. KAS-FFC- ffdhe2048, KAT CAST Module Shared secret Module SSC ffdhe3072, becomes computation initialization Sp800- ffdhe4096, operationa 56Ar3 ffdhe6144, l and (A5503) and services ffdhe8192 are © 2025 SUSE, LLC/atsec information security corporation.
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e available for use. KAS-FFC- ffdhe2048, KAT CAST Module Shared secret Module SSC ffdhe3072, becomes computation initialization Sp800- ffdhe4096, operationa 56Ar3 ffdhe6144, l and (A5526) and services ffdhe8192 are available for use. ECDSA PCT PCT PCT Module Public key During KeyGen according to becomes recomputatio operational (FIPS186- Section operationa n state of the
Algorith Test Test Test Indicator Details Conditions m or Test Properties Metho Typ d e available cryptographi for use. c functions are used. Entropy Cutoff C=61, RCT CAST Module Entropy Entropy Source - 1024 becomes source start- source RCT start- samples. operationa up test initialization up test Repetition l and count test services according to are Section 4.4.1 available of SP 800-90B for use. Entropy Cutoff APT CAST Module Entropy Entropy Source - C=355, becomes source start- source APT start- window operationa up test initialization up test W=512, 1024 l and samples. services Adaptive are proportion available test for use. according to Section 4.4.2 of SP 800-90B Entropy Intermittent RCT CAST Entropy Entropy Continuously Source - cutoff C=31, source is source when the RCT permanent operationa continuous entropy continuous cutoff C=61. l and test source is test Repetition services accessed count test are according to available Section 4.4.1 for use. of SP 800-90B Entropy Intermittent APT CAST Entropy Entropy Continuously Source - cutoff C=325, source is source when the APT permanent operationa continuous entropy continuous cutoff C=255, l and test source is test window services accessed W=512. are Adaptive available proportion for use. test according to Section 4.4.2 of SP 800-90B © 2025 SUSE, LLC/atsec information security corporation.
Table 22: Conditional Self-Tests The module performs self-tests on all approved cryptographic algorithms as part of the approved services supported in the approved mode of operation, using the tests shown in the table above. Services are not available, and data output (via the data output interface) is inhibited during the conditional self-tests. If any of these tests fails, the module transitions to the Error State.
Algorithm or Test Method Test Type Period Periodic Test Method HMAC-SHA2- Message SW/FW Integrity On demand Manually
kernel version 3.5 HMAC-SHA2- Message SW/FW Integrity On demand Manually
fipscheck version 3.5 RSA SigVer Signature SW/FW Integrity On demand Manually (FIPS186-5) Verification (A5503) - object files version 3.5 HMAC-SHA2- Message SW/FW Integrity On demand Manually
kernel version 3.6 HMAC-SHA2- Message SW/FW Integrity On demand Manually
fipscheck version 3.6 RSA SigVer Signature SW/FW Integrity On demand Manually (FIPS186-5) Verification (A5526) - object files version 3.6 Table 23: Pre-Operational Periodic Information Algorithm or Test Method Test Type Period Periodic Test Method SHA-1 (A5503) KAT CAST On demand Manually SHA-1 (A5516) KAT CAST On demand Manually © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method SHA-1 (A5517) KAT CAST On demand Manually SHA-1 (A5518) KAT CAST On demand Manually SHA-1 (A5519) KAT CAST On demand Manually SHA-1 (A5520) KAT CAST On demand Manually SHA-1 (A5526) KAT CAST On demand Manually SHA-1 (A5539) KAT CAST On demand Manually SHA-1 (A5540) KAT CAST On demand Manually SHA-1 (A5541) KAT CAST On demand Manually SHA-1 (A5542) KAT CAST On demand Manually SHA-1 (A5664) KAT CAST On demand Manually SHA2-256 KAT CAST On demand Manually (A5503) SHA2-256 KAT CAST On demand Manually (A5516) SHA2-256 KAT CAST On demand Manually (A5517) SHA2-256 KAT CAST On demand Manually (A5518) SHA2-256 KAT CAST On demand Manually (A5519) SHA2-256 KAT CAST On demand Manually (A5520) SHA2-256 KAT CAST On demand Manually (A5524) SHA2-256 KAT CAST On demand Manually (A5525) SHA2-256 KAT CAST On demand Manually (A5526) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method SHA2-256 KAT CAST On demand Manually (A5539) SHA2-256 KAT CAST On demand Manually (A5540) SHA2-256 KAT CAST On demand Manually (A5541) SHA2-256 KAT CAST On demand Manually (A5542) SHA2-256 KAT CAST On demand Manually (A5664) SHA2-512 KAT CAST On demand Manually (A5503) SHA2-512 KAT CAST On demand Manually (A5516) SHA2-512 KAT CAST On demand Manually (A5517) SHA2-512 KAT CAST On demand Manually (A5518) SHA2-512 KAT CAST On demand Manually (A5525) SHA2-512 KAT CAST On demand Manually (A5526) SHA2-512 KAT CAST On demand Manually (A5539) SHA2-512 KAT CAST On demand Manually (A5540) SHA2-512 KAT CAST On demand Manually (A5541) SHA2-512 KAT CAST On demand Manually (A5664) SHA3-224 KAT CAST On demand Manually (A5503) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method SHA3-224 KAT CAST On demand Manually (A5526) SHA3-224 KAT CAST On demand Manually (A5664) SHA3-256 KAT CAST On demand Manually (A5503) SHA3-256 KAT CAST On demand Manually (A5526) SHA3-256 KAT CAST On demand Manually (A5664) SHA3-384 KAT CAST On demand Manually (A5503) SHA3-384 KAT CAST On demand Manually (A5526) SHA3-384 KAT CAST On demand Manually (A5664) SHA3-512 KAT CAST On demand Manually (A5503) SHA3-512 KAT CAST On demand Manually (A5526) SHA3-512 KAT CAST On demand Manually (A5664) AES-GCM - KAT CAST On demand Manually Encrypt (A5503) AES-GCM - KAT CAST On demand Manually Encrypt (A5505) AES-GCM - KAT CAST On demand Manually Encrypt (A5506) AES-GCM - KAT CAST On demand Manually Encrypt (A5507) AES-GCM - KAT CAST On demand Manually Encrypt (A5508) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-GCM - KAT CAST On demand Manually Encrypt (A5509) AES-GCM - KAT CAST On demand Manually Encrypt (A5510) AES-GCM - KAT CAST On demand Manually Encrypt (A5511) AES-GCM - KAT CAST On demand Manually Encrypt (A5512) AES-GCM - KAT CAST On demand Manually Encrypt (A5513) AES-GCM - KAT CAST On demand Manually Encrypt (A5514) AES-GCM - KAT CAST On demand Manually Encrypt (A5515) AES-GCM - KAT CAST On demand Manually Encrypt (A5521) AES-GCM - KAT CAST On demand Manually Encrypt (A5522) AES-GCM - KAT CAST On demand Manually Encrypt (A5523) AES-GCM - KAT CAST On demand Manually Encrypt (A5526) AES-GCM - KAT CAST On demand Manually Encrypt (A5528) AES-GCM - KAT CAST On demand Manually Encrypt (A5529) AES-GCM - KAT CAST On demand Manually Encrypt (A5530) AES-GCM - KAT CAST On demand Manually Encrypt (A5531) AES-GCM - KAT CAST On demand Manually Encrypt (A5532) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-GCM - KAT CAST On demand Manually Encrypt (A5533) AES-GCM - KAT CAST On demand Manually Encrypt (A5534) AES-GCM - KAT CAST On demand Manually Encrypt (A5535) AES-GCM - KAT CAST On demand Manually Encrypt (A5536) AES-GCM - KAT CAST On demand Manually Encrypt (A5537) AES-GCM - KAT CAST On demand Manually Encrypt (A5538) AES-GCM - KAT CAST On demand Manually Encrypt (A5661) AES-GCM - KAT CAST On demand Manually Encrypt (A5662) AES-GCM - KAT CAST On demand Manually Encrypt (A5663) AES-GCM - KAT CAST On demand Manually Encrypt (A5664) AES-GCM - KAT CAST On demand Manually Encrypt (A5665) AES-GCM - KAT CAST On demand Manually Encrypt (A5666) AES-GCM - KAT CAST On demand Manually Decrypt (A5503) AES-GCM - KAT CAST On demand Manually Decrypt (A5505) AES-GCM - KAT CAST On demand Manually Decrypt (A5506) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-GCM - KAT CAST On demand Manually Decrypt (A5507) AES-GCM - KAT CAST On demand Manually Decrypt (A5508) AES-GCM - KAT CAST On demand Manually Decrypt (A5509) AES-GCM - KAT CAST On demand Manually Decrypt (A5510) AES-GCM - KAT CAST On demand Manually Decrypt (A5511) AES-GCM - KAT CAST On demand Manually Decrypt (A5512) AES-GCM - KAT CAST On demand Manually Decrypt (A5513) AES-GCM - KAT CAST On demand Manually Decrypt (A5514) AES-GCM - KAT CAST On demand Manually Decrypt (A5515) AES-GCM - KAT CAST On demand Manually Decrypt (A5521) AES-GCM - KAT CAST On demand Manually Decrypt (A5522) AES-GCM - KAT CAST On demand Manually Decrypt (A5523) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-GCM - KAT CAST On demand Manually Decrypt (A5526) AES-GCM - KAT CAST On demand Manually Decrypt (A5528) AES-GCM - KAT CAST On demand Manually Decrypt (A5529) AES-GCM - KAT CAST On demand Manually Decrypt (A5530) AES-GCM - KAT CAST On demand Manually Decrypt (A5531) AES-GCM - KAT CAST On demand Manually Decrypt (A5532) AES-GCM - KAT CAST On demand Manually Decrypt (A5533) AES-GCM - KAT CAST On demand Manually Decrypt (A5534) AES-GCM - KAT CAST On demand Manually Decrypt (A5535) AES-GCM - KAT CAST On demand Manually Decrypt (A5536) AES-GCM - KAT CAST On demand Manually Decrypt (A5537) AES-GCM - KAT CAST On demand Manually Decrypt (A5538) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-GCM - KAT CAST On demand Manually Decrypt (A5661) AES-GCM - KAT CAST On demand Manually Decrypt (A5662) AES-GCM - KAT CAST On demand Manually Decrypt (A5663) AES-GCM - KAT CAST On demand Manually Decrypt (A5664) AES-GCM - KAT CAST On demand Manually Decrypt (A5665) AES-GCM - KAT CAST On demand Manually Decrypt (A5666) AES-ECB - KAT CAST On demand Manually Encrypt (A5503) AES-ECB - KAT CAST On demand Manually Encrypt (A5505) AES-ECB - KAT CAST On demand Manually Encrypt (A5506) AES-ECB - KAT CAST On demand Manually Encrypt (A5507) AES-ECB - KAT CAST On demand Manually Encrypt (A5508) AES-ECB - KAT CAST On demand Manually Encrypt (A5509) AES-ECB - KAT CAST On demand Manually Encrypt (A5510) AES-ECB - KAT CAST On demand Manually Encrypt (A5511) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-ECB - KAT CAST On demand Manually Encrypt (A5512) AES-ECB - KAT CAST On demand Manually Encrypt (A5513) AES-ECB - KAT CAST On demand Manually Encrypt (A5514) AES-ECB - KAT CAST On demand Manually Encrypt (A5515) AES-ECB - KAT CAST On demand Manually Encrypt (A5520) AES-ECB - KAT CAST On demand Manually Encrypt (A5521) AES-ECB - KAT CAST On demand Manually Encrypt (A5522) AES-ECB - KAT CAST On demand Manually Encrypt (A5523) AES-ECB - KAT CAST On demand Manually Encrypt (A5524) AES-ECB - KAT CAST On demand Manually Encrypt (A5526) AES-ECB - KAT CAST On demand Manually Encrypt (A5528) AES-ECB - KAT CAST On demand Manually Encrypt (A5529) AES-ECB - KAT CAST On demand Manually Encrypt (A5530) AES-ECB - KAT CAST On demand Manually Encrypt (A5531) AES-ECB - KAT CAST On demand Manually Encrypt (A5532) AES-ECB - KAT CAST On demand Manually Encrypt (A5533) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-ECB - KAT CAST On demand Manually Encrypt (A5534) AES-ECB - KAT CAST On demand Manually Encrypt (A5535) AES-ECB - KAT CAST On demand Manually Encrypt (A5536) AES-ECB - KAT CAST On demand Manually Encrypt (A5537) AES-ECB - KAT CAST On demand Manually Encrypt (A5538) AES-ECB - KAT CAST On demand Manually Encrypt (A5661) AES-ECB - KAT CAST On demand Manually Encrypt (A5662) AES-ECB - KAT CAST On demand Manually Encrypt (A5663) AES-ECB - KAT CAST On demand Manually Encrypt (A5664) AES-ECB - KAT CAST On demand Manually Encrypt (A5665) AES-ECB - KAT CAST On demand Manually Encrypt (A5666) AES-ECB - KAT CAST On demand Manually Decrypt (A5503) AES-ECB - KAT CAST On demand Manually Decrypt (A5505) AES-ECB - KAT CAST On demand Manually Decrypt (A5506) AES-ECB - KAT CAST On demand Manually Decrypt (A5507) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-ECB - KAT CAST On demand Manually Decrypt (A5508) AES-ECB - KAT CAST On demand Manually Decrypt (A5509) AES-ECB - KAT CAST On demand Manually Decrypt (A5510) AES-ECB - KAT CAST On demand Manually Decrypt (A5511) AES-ECB - KAT CAST On demand Manually Decrypt (A5512) AES-ECB - KAT CAST On demand Manually Decrypt (A5513) AES-ECB - KAT CAST On demand Manually Decrypt (A5514) AES-ECB - KAT CAST On demand Manually Decrypt (A5515) AES-ECB - KAT CAST On demand Manually Decrypt (A5520) AES-ECB - KAT CAST On demand Manually Decrypt (A5521) AES-ECB - KAT CAST On demand Manually Decrypt (A5522) AES-ECB - KAT CAST On demand Manually Decrypt (A5523) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-ECB - KAT CAST On demand Manually Decrypt (A5524) AES-ECB - KAT CAST On demand Manually Decrypt (A5526) AES-ECB - KAT CAST On demand Manually Decrypt (A5528) AES-ECB - KAT CAST On demand Manually Decrypt (A5529) AES-ECB - KAT CAST On demand Manually Decrypt (A5530) AES-ECB - KAT CAST On demand Manually Decrypt (A5531) AES-ECB - KAT CAST On demand Manually Decrypt (A5532) AES-ECB - KAT CAST On demand Manually Decrypt (A5533) AES-ECB - KAT CAST On demand Manually Decrypt (A5534) AES-ECB - KAT CAST On demand Manually Decrypt (A5535) AES-ECB - KAT CAST On demand Manually Decrypt (A5536) AES-ECB - KAT CAST On demand Manually Decrypt (A5537) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method AES-ECB - KAT CAST On demand Manually Decrypt (A5538) AES-ECB - KAT CAST On demand Manually Decrypt (A5661) AES-ECB - KAT CAST On demand Manually Decrypt (A5662) AES-ECB - KAT CAST On demand Manually Decrypt (A5663) AES-ECB - KAT CAST On demand Manually Decrypt (A5664) AES-ECB - KAT CAST On demand Manually Decrypt (A5665) AES-ECB - KAT CAST On demand Manually Decrypt (A5666) HMAC-SHA-1 KAT CAST On demand Manually (A5503) HMAC-SHA-1 KAT CAST On demand Manually (A5516) HMAC-SHA-1 KAT CAST On demand Manually (A5517) HMAC-SHA-1 KAT CAST On demand Manually (A5518) HMAC-SHA-1 KAT CAST On demand Manually (A5519) HMAC-SHA-1 KAT CAST On demand Manually (A5520) HMAC-SHA-1 KAT CAST On demand Manually (A5526) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method HMAC-SHA-1 KAT CAST On demand Manually (A5539) HMAC-SHA-1 KAT CAST On demand Manually (A5540) HMAC-SHA-1 KAT CAST On demand Manually (A5541) HMAC-SHA-1 KAT CAST On demand Manually (A5542) HMAC-SHA-1 KAT CAST On demand Manually (A5664) HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
© 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
© 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
© 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA2- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
HMAC-SHA3- KAT CAST On demand Manually
© 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method HMAC-SHA3- KAT CAST On demand Manually
Counter DRBG KAT CAST On demand Manually (A5503) Counter DRBG KAT CAST On demand Manually (A5505) Counter DRBG KAT CAST On demand Manually (A5506) Counter DRBG KAT CAST On demand Manually (A5507) Counter DRBG KAT CAST On demand Manually (A5508) Counter DRBG KAT CAST On demand Manually (A5509) Counter DRBG KAT CAST On demand Manually (A5510) Counter DRBG KAT CAST On demand Manually (A5511) Counter DRBG KAT CAST On demand Manually (A5512) Counter DRBG KAT CAST On demand Manually (A5513) Counter DRBG KAT CAST On demand Manually (A5514) Counter DRBG KAT CAST On demand Manually (A5515) Counter DRBG KAT CAST On demand Manually (A5521) Counter DRBG KAT CAST On demand Manually (A5522) Counter DRBG KAT CAST On demand Manually (A5523) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method Counter DRBG KAT CAST On demand Manually (A5526) Counter DRBG KAT CAST On demand Manually (A5528) Counter DRBG KAT CAST On demand Manually (A5529) Counter DRBG KAT CAST On demand Manually (A5530) Counter DRBG KAT CAST On demand Manually (A5531) Counter DRBG KAT CAST On demand Manually (A5532) Counter DRBG KAT CAST On demand Manually (A5533) Counter DRBG KAT CAST On demand Manually (A5534) Counter DRBG KAT CAST On demand Manually (A5535) Counter DRBG KAT CAST On demand Manually (A5536) Counter DRBG KAT CAST On demand Manually (A5537) Counter DRBG KAT CAST On demand Manually (A5538) Counter DRBG KAT CAST On demand Manually (A5661) Counter DRBG KAT CAST On demand Manually (A5662) Counter DRBG KAT CAST On demand Manually (A5663) Counter DRBG KAT CAST On demand Manually (A5664) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method Counter DRBG KAT CAST On demand Manually (A5665) Counter DRBG KAT CAST On demand Manually (A5666) Hash DRBG KAT CAST On demand Manually (A5503) Hash DRBG KAT CAST On demand Manually (A5516) Hash DRBG KAT CAST On demand Manually (A5517) Hash DRBG KAT CAST On demand Manually (A5518) Hash DRBG KAT CAST On demand Manually (A5526) Hash DRBG KAT CAST On demand Manually (A5539) Hash DRBG KAT CAST On demand Manually (A5540) Hash DRBG KAT CAST On demand Manually (A5541) Hash DRBG KAT CAST On demand Manually (A5664) HMAC DRBG KAT CAST On demand Manually (A5503) HMAC DRBG KAT CAST On demand Manually (A5516) HMAC DRBG KAT CAST On demand Manually (A5517) HMAC DRBG KAT CAST On demand Manually (A5518) HMAC DRBG KAT CAST On demand Manually (A5526) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method HMAC DRBG KAT CAST On demand Manually (A5539) HMAC DRBG KAT CAST On demand Manually (A5540) HMAC DRBG KAT CAST On demand Manually (A5541) HMAC DRBG KAT CAST On demand Manually (A5664) ECDSA SigVer KAT CAST On demand Manually (FIPS186-5) (A5504) ECDSA SigVer KAT CAST On demand Manually (FIPS186-5) (A5527) RSA SigVer KAT CAST On demand Manually (FIPS186-5) (A5503) RSA SigVer KAT CAST On demand Manually (FIPS186-5) (A5526) RSA SigVer KAT CAST On demand Manually (FIPS186-5) (A5664) KDF SP800-108 KAT CAST On demand Manually (A5503) KDF SP800-108 KAT CAST On demand Manually (A5526) KAS-ECC-SSC KAT CAST On demand Manually Sp800-56Ar3 (A5503) KAS-ECC-SSC KAT CAST On demand Manually Sp800-56Ar3 (A5526) © 2025 SUSE, LLC/atsec information security corporation.
Algorithm or Test Method Test Type Period Periodic Test Method KAS-FFC-SSC KAT CAST On demand Manually Sp800-56Ar3 (A5503) KAS-FFC-SSC KAT CAST On demand Manually Sp800-56Ar3 (A5526) ECDSA KeyGen PCT PCT On demand Manually (FIPS186-5) (A5503) ECDSA KeyGen PCT PCT On demand Manually (FIPS186-5) (A5526) Safe Primes Key PCT PCT On demand Manually Generation (A5503) Safe Primes Key PCT PCT On demand Manually Generation (A5526) Entropy Source RCT CAST On demand Manually - RCT start-up test Entropy Source APT CAST On demand Manually - APT start-up test Entropy Source RCT CAST N/A N/A - RCT continuous test Entropy Source APT CAST N/A N/A - APT continuous test Table 24: Conditional Periodic Information © 2025 SUSE, LLC/atsec information security corporation.
Name Description Conditions Recovery Indicator Method Error The Linux kernel Any self-test failure Restart of the Kernel State immediately stops Failure of pre- module Panic executing operational tests or CASTs Failure of Entropy source Health Tests Failure of PCT tests Table 25: Error States In the Error State, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running).
All self-tests, with the exception of the continuous health tests, can be invoked on demand by unloading and subsequently re-initializing the module. © 2025 SUSE, LLC/atsec information security corporation.
The module is distributed as a part of the SUSE Enterprise Linux SP6 RPM packages in the form of: • kernel-default-6.4.0-150600.23.25.1 (for x86, aarch64, and s390x platforms) • kernel-rt-6.4.0-150600.10.17.1 (for x86 platforms) • libkcapi-tools-0.13.0-150600.17.3.1 (for x86, aarch64, and s390x platforms) • dracut-fips-059+suse.521.g8412a1c0-150600.1.3 (for x86, aarch64, and s390x platforms) The module can achieve FIPS validated configuration by:
After the operating environment is configured as adviced in Section 11.1 to support FIPS operation, the Crypto Officer should check the existence of the file /proc/sys/crypto/fips_enabled, and verify it contains a numeric value “1”. If the file does not exist or does not contain “1”, the operating environment is not configured to support FIPS and the module will not operate as a FIPS validated module properly. Then, the Crypto Officer must execute the following commands, which must output the following: © 2025 SUSE, LLC/atsec information security corporation.
# cat /proc/sys/crypto/fips_version 6.4.0-150600.23.25-default (for version 3.5) 6.4.0-150600.10.17-rt (for version 3.6) # rpm -q libkcapi-tools libkcapi-tools-0.13.0-150600.17.3.1 (for versions 3.5 and 3.6) # rpm -q dracut-fips dracut-fips-059+suse.521.g8412a1c0-150600.1.3 (for versions 3.5 and 3.6)
There is no non-administrator guidance.
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the RPMs mentioned in Section 11.1 can be uninstalled from the SUSE Linux Enterprise SP6 system. © 2025 SUSE, LLC/atsec information security corporation.
The module does not offer mitigation of other attacks and therefore this section is not applicable. © 2025 SUSE, LLC/atsec information security corporation.
Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard API Application Programming Interface CAST Cryptographic Algorithm Self-Test CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CKG Cryptographic Key Generation CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter DH Diffie-Hellman DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography ECDH Elliptic Curve Diffie-Hellman ECDSA Elliptic Curve Digital Signature Algorithm FFC Finite Field Cryptography FIPS Federal Information Processing Standards GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HMAC Keyed-Hash Message Authentication Code IKE Internet Key Exchange IPsec Internet Protocol Security © 2025 SUSE, LLC/atsec information security corporation.
KAS Key Agreement Scheme KAT Known Answer Test KBKDF Key-Based Key Derivation Function KW Key Wrap KWP Key Wrap with Padding MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PAI Processor Algorithm Implementation PCT Pair-wise Consistency Test PKCS Public-Key Cryptography Standards RSA Rivest, Shamir, Addleman SHA Secure Hash Algorithm SSC Shared Secret Computation SSP Sensitive Security Parameter TLS Transport Layer Security XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2025 SUSE, LLC/atsec information security corporation.
Appendix B. References FIPS 140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program
https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips140-3-ig-announcements FIPS 180-4 Secure Hash Standard (SHS) March 2012 https://doi.org/10.6028/NIST.FIPS.180-4 FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://doi.org/10.6028/NIST.FIPS.186-4 FIPS 186-5 Digital Signature Standard (DSS) February 2023 https://doi.org/10.6028/NIST.FIPS.186-5 FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://doi.org/10.6028/NIST.FIPS.198-1 FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://doi.org/10.6028/NIST.FIPS.202 PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt RFC 4106 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) June 2005 https://www.rfc-editor.org/rfc/rfc4106.txt © 2025 SUSE, LLC/atsec information security corporation.
RFC 7296 Internet Key Exchange Protocol Version 2 (IKEv2) June 2005 https://www.rfc-editor.org/rfc/rfc7296.txt SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://doi.org/10.6028/NIST.SP.800-38A SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://doi.org/10.6028/NIST.SP.800-38B SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://doi.org/10.6028/NIST.SP.800-38C SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://doi.org/10.6028/NIST.SP.800-38D SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://doi.org/10.6028/NIST.SP.800-38E SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://doi.org/10.6028/NIST.SP.800-38F SP 800-56A Recommendation for Pair-Wise Key-Establishment Schemes Using Rev. 3 Discrete Logarithm Cryptography April 2018 https://doi.org/10.6028/NIST.SP.800-56Ar3 SP 800-90A Recommendation for Random Number Generation Using Rev. 1 Deterministic Random Bit Generators June 2015 https://doi.org/10.6028/NIST.SP.800-90Ar1 © 2025 SUSE, LLC/atsec information security corporation.
SP 800-108 Recommendation for Key Derivation Using Pseudorandom Rev. 1 Functions August 2022 https://doi.org/10.6028/NIST.SP.800-108r1-upd1 SP 800-133 Recommendation for Cryptographic Key Generation Rev. 2 June 2020 https://doi.org/10.6028/NIST.SP.800-133r2 © 2025 SUSE, LLC/atsec information security corporation.