| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 1/5/2031 |
| Caveat | When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. |
| Vendor | Ctrl IQ, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-CCM | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-CFB128 | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-CFB8 | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-CMAC | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-CTR | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-ECB | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-KW | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-OFB | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| AES-XTS Testing Revision 2.0 | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| Counter DRBG | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 |
| Deterministic ECDSA SigGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| ECDSA KeyGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| ECDSA KeyVer (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| ECDSA SigGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| ECDSA SigVer (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| Hash DRBG | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| HMAC DRBG | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| HMAC-SHA-1 | A6113, A6114, A6115, A6116, A6117, A6118, A6121, A6122, A6123, A6124, A6125, A6126 |
| HMAC-SHA2-224 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| HMAC-SHA2-256 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| HMAC-SHA2-384 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| HMAC-SHA2-512 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| HMAC-SHA2- 512/224 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| HMAC-SHA2- 512/256 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| HMAC-SHA3-224 | A6116, A6117, A6118, A6124, A6125, A6126 |
| HMAC-SHA3-256 | A6116, A6117, A6118, A6124, A6125, A6126 |
| HMAC-SHA3-384 | A6116, A6117, A6118, A6124, A6125, A6126 |
| HMAC-SHA3-512 | A6116, A6117, A6118, A6124, A6125, A6126 |
| PBKDF | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| RSA KeyGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| RSA SigGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| RSA SigVer (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| SHA-1 | A6113, A6114, A6115, A6116, A6117, A6118, A6121, A6122, A6123, A6124, A6125, A6126 |
| SHA2-224 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| SHA2-256 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| SHA2-384 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| SHA2-512 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| SHA2-512/224 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| SHA2-512/256 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 |
| SHA3-224 | A6116, A6117, A6118, A6124, A6125, A6126 |
| SHA3-256 | A6116, A6117, A6118, A6124, A6125, A6126 |
| SHA3-384 | A6116, A6117, A6118, A6124, A6125, A6126 |
| SHA3-512 | A6116, A6117, A6118, A6124, A6125, A6126 |
| SHAKE-128 | A6116, A6117, A6118, A6124, A6125, A6126 |
| SHAKE-256 | A6116, A6117, A6118, A6124, A6125, A6126 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for Rocky Linux 8 and 9 libgcrypt Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric encryption<br/>Symmetric decryption<br/>Symmetric encryption with AES-XTS (for data storage)</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Rocky Linux 8 and 9 libgcrypt Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric encryption<br/>Symmetric decryption<br/>Symmetric encryption with AES-XTS (for data storage)</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Ctrl IQ, Inc. Rocky Linux 8 and 9 libgcrypt Cryptographic Module Prepared by: atsec information security corporation
Austin, TX 78759 Document version: 1.1 www.atsec.com Last update: 2025-12-18
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Table of Contents 2.10 © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module List of Tables List of Figures © 2025 Ctrl IQ, Inc., atsec information security.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | N/A |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | 1 |
| Overall Level | Overall Level | 1 |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
This document is the non-proprietary FIPS 140-3 Security Policy for version rocky8.20240929 and rocky9.20240929 of the Rocky Linux 8 and 9 libgcrypt Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1
This Security Policy describes the features and design of the module named Rocky Linux 8 and 9 libgcrypt Cryptographic Module using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Module specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic module to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. including this notice. Other documentation is proprietary to their authors. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
Purpose and Use: The Rocky Linux 8 and 9 libgcrypt Cryptographic Module (hereafter referred to as “the module”) is a software library implementing general purpose cryptographic algorithms. The module provides cryptographic services to applications running in the user space of the underlying operating system through an application program interface (API). Module Type: Software Module Embodiment: MultiChipStand Cryptographic Boundary: The module consists of the shared library file (i.e. libgcrypt.so.20) which constitutes the cryptographic boundary. The block diagram in Figure 1 shows the cryptographic boundary of the module, its interfaces with the operational environment and the flow of information between the module and operator. The block diagram is representative of both versions rocky8.20240929 and rocky9.20240929 of the cryptographic module. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP is the general-purpose computer on which the module is installed. The entropy source and the PAA provided by the processor are located within the module’s physical perimeter and outside of the module’s cryptographic boundary. Figure 1: Block Diagram © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 8 | rocky8.20240929 | N/A | /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 8 | HMAC-SHA-256 | ||||||
| /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 9 | rocky9.20240929 | N/A | /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 9 | HMAC-SHA-256 | ||||||
| Rocky Linux 8 | Rocky Linux 8 | SuperMicro SuperServer 5039MS | rocky8.20240929 | Intel Kaby Lake Xeon E3-1270 v6 | Yes | N/A | ||||
| Rocky Linux 8 | Rocky Linux 8 | SuperMicro SuperServer 5039MS | rocky8.20240929 | Intel Kaby Lake Xeon E3-1270 v6 | No | N/A | ||||
| Rocky Linux 9 | Rocky Linux 9 | SuperMicro SuperServer 5039MS | rocky9.20240929 | Intel Kaby Lake Xeon E3-1270 v6 | Yes | N/A | ||||
| Rocky Linux 9 | Rocky Linux 9 | SuperMicro SuperServer 5039MS | rocky9.20240929 | Intel Kaby Lake Xeon E3-1270 v6 | No | N/A |
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 8 | rocky8.20240929 | N/A | /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 8 | HMAC-SHA-256 | ||||||
| /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 9 | rocky9.20240929 | N/A | /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 9 | HMAC-SHA-256 | ||||||
| Rocky Linux 8 | Rocky Linux 8 | SuperMicro SuperServer 5039MS | rocky8.20240929 | Intel Kaby Lake Xeon E3-1270 v6 | Yes | N/A | ||||
| Rocky Linux 8 | Rocky Linux 8 | SuperMicro SuperServer 5039MS | rocky8.20240929 | Intel Kaby Lake Xeon E3-1270 v6 | No | N/A | ||||
| Rocky Linux 9 | Rocky Linux 9 | SuperMicro SuperServer 5039MS | rocky9.20240929 | Intel Kaby Lake Xeon E3-1270 v6 | Yes | N/A | ||||
| Rocky Linux 9 | Rocky Linux 9 | SuperMicro SuperServer 5039MS | rocky9.20240929 | Intel Kaby Lake Xeon E3-1270 v6 | No | N/A |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
Tested Module Identification
The module does not claim any excluded components.
Modes List and Description: © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- approved Mode | Automatically entered whenever a non-approved service is requested | Equivalent to the indicator of the requested service (the service API call return is not GPG_ERR_NO_ERROR) | Non- Approved |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB128 | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| Deterministic ECDSA SigGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Component - No | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-5 |
| Hash DRBG | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC DRBG | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Prediction Resistance - No, Yes Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A6113, A6114, A6115, A6116, A6117, A6118, A6121, A6122, A6123, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-224 | A6116, A6117, A6118, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-256 | A6116, A6117, A6118, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-384 | A6116, A6117, A6118, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-512 | A6116, A6117, A6118, A6124, A6125, A6126 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| PBKDF | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Iteration Count - Iteration Count: 1000- 10000000 Increment 1 Password Length - Password Length: 8- 128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Key Generation Mode - probable Modulo - 2048, 3072, 4096, 6144, 8192 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| SHA-1 | A6113, A6114, A6115, A6116, A6117, A6118, A6121, A6122, A6123, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A6116, A6117, A6118, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A6116, A6117, A6118, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A6116, A6117, A6118, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A6116, A6117, A6118, A6124, A6125, A6126 | Message Length - Message Length: 0- 65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHAKE-128 | A6116, A6117, A6118, A6124, A6125, A6126 | Output Length - Output Length: 16- 65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A6116, A6117, A6118, A6124, A6125, A6126 | Output Length - Output Length: 16- 65536 Increment 8 | FIPS 202 |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Nonapproved NonApproved Table 4: Modes List and Description Mode Change Instructions and Status: When the module starts up successfully, after passing all the pre-operational self-test and the cryptographic algorithms self-tests (CASTs), the module is operating in the approved mode of operation by default and can only be transitioned into the non-approved mode by calling one of the non-approved services listed in the NonApproved Services table. The module will transition back to approved mode when approved service is called. Section 4 provides details on the service indicator implemented by the module. The service indicator identifies
Approved Algorithms: © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Approved Functions | Properties | ||
|---|---|---|---|---|
| Asymmetric Cryptographic Key Generation (CKG) | Key type:Asymmetric | N/A | SP 800-133 Rev.2 section 4, example 1 | |
| ECDH | Shared secret computation | |||
| AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAX | Symmetric encryption; Symmetric decryption |
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| Asymmetric Cryptographic Key Generation (CKG) | Key type:Asymmetric | N/A | SP 800-133 Rev.2 section 4, example 1 | |||
| ECDH | Shared secret computation | |||||
| AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAX | Symmetric encryption; Symmetric decryption | |||||
| RSA | Signature generation (pre-hashed); Signature verification (pre-hashed); Asymmetric encryption (primitive); Asymmetric decryption (primitive) | |||||
| ECDSA | Signature generation (pre-hashed); Signature verification (pre-hashed) | |||||
| Message digest with SHA-1 | Message digest using SHA-1 | SHA-1: (A6113, A6114, A6115, A6116, A6117, A6118, A6121, A6122, A6123, A6124, A6125, A6126) | SHA | |||
| Message digest with SHA-2 | Message digest using SHA-2 | SHA2-224: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) SHA2-256: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) SHA2-384: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) SHA2-512: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) SHA2-512/224: (A6114, A6115, | SHA |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Table 5: Approved Algorithms The above table lists all approved cryptographic algorithms of the module, including specific key lengths employed for approved services, and implemented modes or methods of operation of the algorithms. Vendor-Affirmed Algorithms: N/A Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Description | Approved Functions | Type |
|---|---|---|---|
| RSA | Signature generation (pre-hashed); Signature verification (pre-hashed); Asymmetric encryption (primitive); Asymmetric decryption (primitive) | ||
| ECDSA | Signature generation (pre-hashed); Signature verification (pre-hashed) | ||
| Message digest with SHA-1 | Message digest using SHA-1 | SHA-1: (A6113, A6114, A6115, A6116, A6117, A6118, A6121, A6122, A6123, A6124, A6125, A6126) | SHA |
| Message digest with SHA-2 | Message digest using SHA-2 | SHA2-224: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) SHA2-256: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) SHA2-384: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) SHA2-512: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) SHA2-512/224: (A6114, A6115, | SHA |
| Message digest with SHA-3 | Message digest using SHA-3 | SHA3-224: (A6116, A6117, A6118, A6124, A6125, A6126) SHA3-256: (A6116, A6117, A6118, A6124, A6125, A6126) SHA3-384: (A6116, A6117, A6118, A6124, A6125, A6126) SHA3-512: (A6116, A6117, A6118, A6124, A6125, A6126) SHAKE-128: (A6116, A6117, A6118, A6124, A6125, A6126) SHAKE-256: (A6116, A6117, A6118, A6124, A6125, A6126) | SHA XOF |
| Symmetric encryption | Encryption using AES | AES-CBC: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) AES-CFB128: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) | BC-UnAuth |
| Symmetric decryption | Decryption using AES | AES-CBC: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) AES-CFB128: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) AES-CFB8: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) AES-CTR: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) AES-ECB: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) | BC-UnAuth |
| Symmetric encryption with AES-XTS (for data storage) | Encryption using AES-XTS (for data storage) | AES-XTS Testing Revision 2.0: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) | BC-UnAuth |
| Symmetric decryption with AES-XTS (for data storage) | Decryption using AES-XTS (for data storage) | AES-XTS Testing Revision 2.0: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) | BC-UnAuth |
| Authenticated symmetric encryption | Authenticated encryption using AES | AES-CCM: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) AES-KW: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) | BC-Auth |
| Authenticated symmetric decryption | Authenticated decryption using AES | AES-CCM: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) AES-KW: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) | BC-Auth |
| Message authentication generation with AES-CMAC | Message authentication generation using AES-CMAC | AES-CMAC: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) | MAC |
| Message authentication code with HMAC | Message authentication code using HMAC | HMAC-SHA-1: (A6113, A6114, A6115, A6116, A6117, A6118, A6121, A6122, A6123, A6124, A6125, A6126) HMAC-SHA2-224: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) HMAC-SHA2-256: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) HMAC-SHA2-384: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) HMAC-SHA2-512: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) HMAC-SHA2- 512/224: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) HMAC-SHA2- 512/256: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | MAC |
| Random number generation with CTR_DRBG | Random number generation using CTR_DRBG | Counter DRBG: (A6114, A6115, A6117, A6118, A6122, A6123, A6125, A6126) | DRBG |
| Random number generation with HMAC_DRBG | Random number generation using HMAC_DRBG | HMAC DRBG: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | DRBG |
| Random number generation with Hash_DRBG | Random number generation using Hash_DRBG | Hash DRBG: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | DRBG |
| Key pair generation with ECDSA | Key pair generation using ECDSA (IG D.H compliant) | ECDSA KeyGen (FIPS186-5): (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) Asymmetric Cryptographic Key Generation (CKG): () | AsymKeyPair- KeyGen CKG |
| Public key verification with ECDSA | Public key verification using ECDSA | ECDSA KeyVer (FIPS186-5): (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | AsymKeyPair- KeyVer |
| Key pair generation with RSA | Key pair generation using RSA (IG D.H compliant) | RSA KeyGen (FIPS186-5): (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) Asymmetric Cryptographic Key Generation (CKG): () Key type: Asymmetric | AsymKeyPair- KeyGen CKG |
| Digital signature generation with ECDSA | Digital signature generation using ECDSA | ECDSA SigGen (FIPS186-5): (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | DigSig-SigGen |
| Deterministic digital signature generation with ECDSA | Deterministic digital signature generation using ECDSA | Deterministic ECDSA SigGen (FIPS186-5): (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | DigSig-SigGen |
| Digital signature generation with RSA | Digital signature generation using RSA | RSA SigGen (FIPS186-5): (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | DigSig-SigGen |
| Digital signature verification with ECDSA | Digital signature verification using ECDSA | ECDSA SigVer (FIPS186-5): (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | DigSig-SigVer |
| Digital signature verification with RSA | Digital signature verification using RSA | RSA SigVer (FIPS186-5): (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | DigSig-SigVer |
| Key derivation with PBKDF | Key derivation using PBKDF | PBKDF: (A6114, A6115, A6116, A6117, A6118, A6122, A6123, A6124, A6125, A6126) | PBKDF |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Table 7: Non-Approved, Not Allowed Algorithms The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved services.
© 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module () AsymKeyPairKeyGen © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module AsymKeyPairKeyVer AsymKeyPairKeyGen () © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Table 8: Security Function Implementations
AES XTS The length of a single data unit encrypted with the XTS-AES shall not exceed 2²⁰ AES blocks, that is 16MB of data. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. The AES-XTS mode shall only be used for the cryptographic protection of data on storage devices. The AESXTS shall not be used for other purposes, such as the encryption of data in transit. Key_1 and Key_2 shall be generated and/or established independently according to the rules for component symmetric keys from NIST SP 800-133r2, Section 6.3. The module provides password-based key derivation (PBKDF), compliant with SP800-132. The module supports option 1a from Section 5.4 of [SP800-132], in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance with [SP800-132] and FIPS 140-3 IG D.N, the following requirements shall be met.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Rocky Linux Userspace CPU Time Jitter RNG Entropy Source | Non- Physical | 256 bits | Rocky Linux 8 on Intel Xeon E3-1270 v6; Rocky Linux 9 on Intel Xeon E3-1270 v6 | full entropy | SHA3-256 |
| Cert | Vendor | ||
|---|---|---|---|
| Number | Name | ||
| E210 | Ctrl IQ |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
Table 9: Entropy Certificates NonPhysical Table 10: Entropy Sources The Module provides an SP800-90A-compliant Deterministic Random Bit Generator (DRBG) for creation of key components of asymmetric keys, and random number generation. The seeding (and automatic reseeding) of the DRBG is done with get_random(). The module supports the Hash_DRBG, HMAC_DRBG and CTR_DRBG. The DRBG is initialized during module initialization; the module loads by default the DRBG using the HMAC_DRBG mechanism with SHA-256 and © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module without prediction resistance. A different DRBG mechanism can be chosen by invoking the gcry_control(GCRYCTL_DRBG_REINIT) function. The module uses an [SP800-90B]-compliant entropy source specified in the above table. This entropy source is located within the module’s physical perimeter but outside of the module’s cryptographic boundary. The module obtains 384 bits to seed the DRBG and 256 bits to reseed it, respectively corresponding to 384 bits of entropy for seeding and 256 bits for reseeding, which is full entropy. Outputs of multiple GetEntropy() calls are concatenated to receive the entropy input length greater than 256 bits. The output is truncated to get the entropy input string which is not a multiple of 256. The module performs the DRBG health tests as defined in Section 11.3 of [SP800-90A]. The module complies with the Public Use Document for ESV certificate E210 by reading entropy data from the get_random() function with the GRND_RANDOM flag set, which corresponds to the GetEntropy() conceptual interface. The operational environment on the ESV certificate is identical to the operating system described in this document. There are no maintenance requirements for the entropy source.
The module provides an [SP800-90Arev1]-compliant Deterministic Random Bit Generator (DRBG) for the creation of key components of asymmetric keys, and random number generation. The Cryptographic Key Generation (CKG) methods implemented in the module for Approved services in approved mode are compliant with section 5.1 of [SP800-133rev2] and with IG D.H. For generating RSA and ECDSA keys the module implements asymmetric key generation services compliant with [FIPS186-5]. A seed (i.e., the random value) used in asymmetric key generation is directly obtained from the [SP800-90Arev1] DRBG. Intermediate key generation values are not output from the module and are explicitly zeroized after processing the service. 2.10 Key Establishment The module does not provide any key establisment mechanism.
The module does not implement industry protocols, therefore this section is not applicable. © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API input parameters |
| N/A | N/A | Data Output | API output parameters |
| N/A | N/A | Control Input | API function calls, API input parameters for control input |
| N/A | N/A | Status Output | API return codes |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
N/A N/A N/A N/A Table 11: Ports and Interfaces As a software-only module, the module does not have physical ports. The operator can only interact with the module through the API provided by the module. Thus, the physical ports are interpreted to be the physical ports of the hardware platform on which the module runs. The logical interfaces are logically separated from each other by the API design. All data output via data output interface is inhibited when the module is performing pre-operational test or zeroization or when the module enters error state. The module does not implement a control output interface. © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmetric encryption | Encrypt a plaintext | Crypto Officer - AES key: W,E | Symmetric encryption Symmetric encryption with AES- XTS (for data storage) | gcry_cipher_open returns GPG_ERR_NO_ERROR | AES key, plaintext | Ciphertex t | |||
| Symmetric decryption | Decrypt a ciphertext | Crypto Officer - AES key: W,E | Symmetric decryption Symmetric decryption with AES- XTS (for data storage) | gcry_cipher_open returns GPG_ERR_NO_ERROR | AES key, cipherte xt | Plaintext | |||
| Authenticat ed symmetric encryption | Encrypt and authenticate a plaintext | Crypto Officer - AES key: W,E | Authenticat ed symmetric encryption | gcry_cipher_open returns GPG_ERR_NO_ERROR | AES key, plaintext , IV | Ciphertex t, MAC tag | |||
| Authenticat ed symmetric decryption | Decrypt and verify a ciphertext | Crypto Officer - AES key: W,E | Authenticat ed symmetric decryption | gcry_cipher_open returns GPG_ERR_NO_ERROR | AES key, cipherte xt, IV, MAC tag | Plaintext or fail | |||
| Message digest | Compute SHA hashes | Crypto Officer | Message digest with | gcry_md_open returns GPG_ERR_NO_ERROR | Message | Digest value |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmetric encryption | Encrypt a plaintext | Crypto Officer - AES key: W,E | Symmetric encryption Symmetric encryption with AES- XTS (for data storage) | gcry_cipher_open returns GPG_ERR_NO_ERROR | AES key, plaintext | Ciphertex t | |||
| Symmetric decryption | Decrypt a ciphertext | Crypto Officer - AES key: W,E | Symmetric decryption Symmetric decryption with AES- XTS (for data storage) | gcry_cipher_open returns GPG_ERR_NO_ERROR | AES key, cipherte xt | Plaintext | |||
| Authenticat ed symmetric encryption | Encrypt and authenticate a plaintext | Crypto Officer - AES key: W,E | Authenticat ed symmetric encryption | gcry_cipher_open returns GPG_ERR_NO_ERROR | AES key, plaintext , IV | Ciphertex t, MAC tag | |||
| Authenticat ed symmetric decryption | Decrypt and verify a ciphertext | Crypto Officer - AES key: W,E | Authenticat ed symmetric decryption | gcry_cipher_open returns GPG_ERR_NO_ERROR | AES key, cipherte xt, IV, MAC tag | Plaintext or fail | |||
| Message digest | Compute SHA hashes | Crypto Officer | Message digest with | gcry_md_open returns GPG_ERR_NO_ERROR | Message | Digest value | |||
| Message authenticati on code (MAC) with HMAC | Compute HMAC | Crypto Officer - HMAC key: W,E | Message authenticati on code with HMAC | gcry_mac_open returns GPG_ERR_NO_ERROR | HMAC key, message | MAC tag | |||
| Message authenticati on code (MAC) with CMAC | Compute AES-based CMAC | Crypto Officer - AES key: W,E | Message authenticati on generation with AES- CMAC | gcry_mac_open returns GPG_ERR_NO_ERROR | AES key, message | MAC tag | |||
| Random Number Generation with CTR_DRBG | Generate random bitstrings from CTR_DRBG | Crypto Officer - Entropy Input: W,E,Z - CTR_DRBG seed: G,E,Z - CTR_DRBG internal state (V value, Key): G,W,E | Random number generation with CTR_DRBG | gcry_randomize(), gcry_random_bytes(), gcry_random_bytes_sec ure() return GPG_ERR_NO_ERROR | Output length | Random bytes | |||
| Random Number Generation with HMAC_DR BG | Generate random bitstrings from HMAC_DR BG | Crypto Officer - Entropy Input: W,E,Z - HMAC_DR BG seed: G,E,Z - HMAC_DR | Random number generation with HMAC_DR BG | gcry_randomize(), gcry_random_bytes(), gcry_random_bytes_sec ure() return GPG_ERR_NO_ERROR | Output length | Random bytes | |||
| Random Number Generation with Hash_DRB G | Generate random bitstrings from Hash_DRB G | Crypto Officer - Entropy Input: W,E,Z - Hash_DRB G seed: G,E,Z - Hash_DRB G internal state (V value, C value): G,W,E | Random number generation with Hash_DRB G | gcry_randomize(), gcry_random_bytes(), gcry_random_bytes_sec ure() return GPG_ERR_NO_ERROR | Output length | Random bytes | |||
| Key Pair Generation with RSA | Generate a key pair using RSA | Crypto Officer - Module- generated RSA Private Key: G,R - Module- generated RSA Public Key: G,R - Intermediat e key generation value: G,E,Z - Hash_DRB G internal state (V value, C value): W,E - HMAC_DR | Random number generation with CTR_DRBG Random number generation with HMAC_DR BG Random number generation with Hash_DRB G Key pair generation with RSA | gcry_pk_genkey returns GPG_ERR_NO_ERROR | Modulus bits | RSA public key, RSA private key | |||
| Key Pair Generation with ECDSA | Generate a key pair using ECDSA | Crypto Officer - Module- generated ECDSA Private Key: G,R - Module- generated ECDSA Public Key: G,R - Intermediat e key generation value: G,E,Z - Hash_DRB G internal state (V value, C value): W,E - HMAC_DR BG internal state (V value, Key): W,E - CTR_DRBG internal state (V | Random number generation with CTR_DRBG Random number generation with HMAC_DR BG Random number generation with Hash_DRB G Key pair generation with ECDSA | gcry_pk_genkey returns GPG_ERR_NO_ERROR | Curve | ECDSA public key, ECDSA private key | |||
| Public key verification | Verify ECDSA public key | Crypto Officer - ECDSA Public Key: W,E | Public key verification with ECDSA | gcry_mpi_ec_curve_poi nt() returns GPG_ERR_NO_ERROR | ECDSA public key | Pass/fail | |||
| Digital signature generation with RSA | Generate a signature using RSA | Crypto Officer - RSA Private Key: W,E - Hash_DRB G internal state (V value, C value): W,E - HMAC_DR BG internal state (V value, Key): W,E - CTR_DRBG internal state (V value, Key): W,E | Random number generation with CTR_DRBG Random number generation with HMAC_DR BG Random number generation with Hash_DRB G Digital signature generation with RSA | gcry_pk_hash_sign returns GPG_ERR_NO_ERROR | RSA private key, message | Signature | |||
| Digital signature generation with ECDSA | Generate a signature using ECDSA | Crypto Officer - ECDSA Private Key: W,E - Hash_DRB G internal state (V value, C value): W,E - HMAC_DR | Random number generation with CTR_DRBG Random number generation with HMAC_DR BG Random number | gcry_pk_hash_sign returns GPG_ERR_NO_ERROR | ECDSA private key, message | Signature |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
Table 12: Roles No support is provided for multiple concurrent operators.
t W,E W,E W,E W,E © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module with AESCMAC W,E W,E,Z G,W,E W,E,Z G,E,Z © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module G,W,E G G G W,E,Z G,E,Z G,W,E G - Modulegenerated - Modulegenerated © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module W,E W,E G - Modulegenerated G,R - Modulegenerated G,R W,E © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module W,E W,E G W,E W,E W,E W,E © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Description | Generation | Input | Output | Access | Indicator |
|---|---|---|---|---|---|---|
| Determinist ic digital signature generation with ECDSA | Generate a signature using deterministi c ECDSA | Determinist ic digital signature generation with ECDSA | ECDSA private key, message | Signature | Crypto Officer - ECDSA Private Key: W,E | gcry_pk_hash_sign returns GPG_ERR_NO_ERROR |
| Digital signature verification with RSA | Verify a signature using RSA | Digital signature verification with RSA | RSA public key, message, signatur e | Pass/fail | Crypto Officer - RSA Public Key: W,E | gcry_pk_hash_verify returns GPG_ERR_NO_ERROR |
| Digital signature verification with ECDSA | Verify a signature using ECDSA | Digital signature verification with ECDSA | ECDSA public key, message, signatur e | Pass/fail | Crypto Officer - ECDSA Public Key: W,E | gcry_pk_hash_verify returns GPG_ERR_NO_ERROR |
| Key derivation | Perform key derivation | Key derivation with PBKDF | Passwor d, salt, iteration count, output length | Derived key | Crypto Officer - Password or passphrase: W,E - Derived key: G,R | gcry_kdf_derive_fips returns GPG_ERR_NO_ERROR |
| On-demand Integrity test | Perform on- demand integrity test | Message authenticati on code with HMAC | N/A | Pass/fail | Crypto Officer | N/A |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Perform ondemand e e N/A N/A G W,E W,E W,E W,E W,E W,E © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output | Security Functions |
|---|---|---|---|---|---|---|---|
| Show status | Show module status | Crypto Officer | None | N/A | N/A | Module status | |
| Self-tests | Perform self-tests | Crypto Officer | None | N/A | N/A | Pass/fail | |
| Show module name and version | Show module name and version | Crypto Officer | None | N/A | N/A | Module name and version informati on | |
| Symmetric encryption | AES encryption using non-approved AES modes | AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAX | CO | ||||
| Symmetric decryption | AES decryption using non-approved AES modes | AES-GCM, AES-GCM-SIV, AES-OCB, AES-EAX | CO | ||||
| Shared secret computation | ECDH Shared Secret Computation | ECDH | CO | ||||
| Digital signature generation primitive | Generate a signature using ECDSA/RSA signature generation primitive | RSA ECDSA | CO | ||||
| Digital signature verification primitive | Verify a signature using ECDSA/RSA signature verification primitive | RSA ECDSA | CO | ||||
| Asymmetric encryption primitive | Perform encryption using RSA encryption primitive | RSA | CO | ||||
| Asymmetric decryption primitive | Perform decryption using RSA decryption primitive | RSA | CO |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module N/A N/A N/A N/A N/A N/A N/A N/A Table 13: Approved Services The table above lists the approved services. For each service, the table lists the associated cryptographic algorithm(s), the role to perform the service, the cryptographic keys or CSPs involved, and their access type(s). The following convention is used to specify access rights to a CSP:
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Table 14: Non-Approved Services
The module does not have the capability of loading software or firmware from an external source. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
The integrity of the module is verified comparing the HMAC-SHA-256 value calculated at run time with the HMAC-SHA-256 value embedded in the module’s ELF header that was computed at build time for each software component of the module. If the HMAC values do not match, the test fails and the module enters the error state.
Integrity tests are performed as part of the Pre-Operational Self-Tests. The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational tests (i.e., integrity test) and cryptographic algorithm self-tests (CASTs). This service can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) API function call or by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output or input is possible. In order to verify whether the self-tests have succeeded and the module is in the Operational state, the calling application may invoke the gcry_control(GCRYCTL_OPERATIONAL_P). The function will return TRUE if the module is in the operational state, FALSE if the module is in the Error state. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
Type of Operational Environment: Modifiable How Requirements are Satisfied: The module operates in a modifiable operational environment per FIPS 140-3 level 1 specification: the module executes on a general-purpose operating system, which allows modification, loading, and execution of software that is not part of the validated module. If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented.
The module shall be installed as stated in section 11. Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
The module is comprised of software only and therefore this section is not applicable. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
This module does not implement any non-invasive security mechanism, and therefore this Section is not applicable. © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs |
| Name | Type | From | To | ||
|---|---|---|---|---|---|
| API input parameters (plaintext) | Plaintext | Calling application within TOEPP | Cryptographic module | Manual | Electronic |
| API output parameters (plaintext) | Plaintext | Cryptographic module | Calling application within TOEPP | Manual | Electronic |
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Wipe and Free memory block allocated | Zeroizes the SSPs contained within the cipher handle. | Memory occupied by SSPs is overwritten with zeroes and then it is released, which renders the SSP values irretrievable. The completion of the zeroization routine indicates that the | By calling the cipher related zeroization API which are the following: gcry_free(), gcry_cipher_close(), gcry_mac_close(), gcry_sexp_release(), gcry_mpi_release(), gcry_ctx_release(), gcry_mpi_point_release(), gcry_ctrl(GCRYCTL_TERM_SECMEM) |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
Table 15: Storage Areas zeroization function calls. Table 16: SSP Input-Output Methods form within the physical perimeter of the operational environment. This is allowed by [FIPS140-3_IG] 9.5.A, according to the “CM Software to/from App via TOEPP Path” entry on the Key Establishment Table. © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| AES key | Symmetric key - CSP | AES key used for encryption, decryption, and computing MAC tags | AES-XTS: 128, 256; Other modes: 128, 192, 256 - AES-XTS: 128, 256; Other modes: 128, 192, 256 | Symmetric encryption Symmetric decryption Authenticated symmetric encryption Authenticated symmetric decryption Symmetric encryption with AES-XTS (for data storage) Symmetric decryption with AES-XTS | ||||||
| HMAC key | Symmetric key - CSP | HMAC key used for computing MAC tags | 112- 524288 bits - 112-256 bits | Message authentication code with HMAC | ||||||
| Module- generated RSA Private Key | Private key - CSP | RSA private key generated by the module | 2048- 8192 bits - 112-200 bits | Key pair generation with RSA | Key pair generation with RSA | |||||
| Module- generated RSA Public Key | Public key - PSP | RSA public key generated by the module | 2048- 8192 bits - 112-200 bits | Key pair generation with RSA | Key pair generation with RSA | |||||
| RSA Private Key | Private key - CSP | Private key used for RSA signature generation | 2048- 8192 bits - 112-200 bits | Digital signature generation with RSA | ||||||
| RSA Public Key | Public key - PSP | Public key used for RSA signature verification | 2048- 8192 bits bits - 112-200 bits | Digital signature verification with RSA | ||||||
| Module- generated ECDSA Private Key | Private key - CSP | ECDSA private key generated by the module | P-224, P- 256, P- 384, P- 521 - 112, 128, 192, 256 bits | Key pair generation with ECDSA | Key pair generation with ECDSA | |||||
| Module- generated ECDSA Public Key | Public key - PSP | ECDSA public key generated by the module | P-224, P- 256, P- 384, P- 521 - 112, 128, 192, 256 bits | Key pair generation with ECDSA | Key pair generation with ECDSA | |||||
| ECDSA Private Key | Private key - CSP | Private key used for ECDSA signature generation and public key verification | P-224, P- 256, P- 384, P- 521 - 112, 128, 192, 256 bits | Public key verification with ECDSA Digital signature generation with ECDSA Deterministic digital signature generation with ECDSA | ||||||
| ECDSA Public Key | Public key - PSP | Public key used for ECDSA signature verification | P-224, P- 256, P- 384, P- 521 - 112, 128, 192, 256 bits | Digital signature verification with ECDSA | ||||||
| Intermediate key generation value | Intermediat e value - CSP | Intermediate key pair generation value generated during key generation and key derivation services (SP 800-133r2 Section 4, 5.1, and 5.2) | 112-8192 - 112-256 bits | Key pair generation with RSA Key pair generation with ECDSA | Key pair generation with RSA Key pair generation with ECDSA | |||||
| Password or passphrase | Password - CSP | Password used to derive symmetric keys | Minimu m of 8 character - N/A | Key derivation with PBKDF | ||||||
| Derived key | Symmetric key - CSP | Symmetric key derived from a key derivation key, shared secret, or password | 112-4096 bits - 112-256 bits | Key derivation with PBKDF | ||||||
| Entropy Input | Entropy input - CSP | Entropy input used to seed the DRBG (IG D.L compliant) | 128-384 bits - 128-384 bits | Random number generation with CTR_DRBG Random number generation with HMAC_DRB G Random number generation with Hash_DRBG | ||||||
| Hash_DRBG internal state (V value, C value) | Internal state - CSP | Internal state of the Hash_DRBG (IG D.L compliant) | 880, 1776 bits - 128, 256 bits | Random number generation with Hash_DRBG | Random number generation with Hash_DRBG | |||||
| CTR_DRBG internal state (V value, Key) | Internal state - CSP | Internal state of the CTR_DRBG (IG D.L compliant) | 256, 320, 384 bits - 128, 192, 256 bits | Random number generation with CTR_DRBG | Random number generation with CTR_DRBG | |||||
| HMAC_DRBG internal state (V value, Key) | Internal state - CSP | Internal state of the HMAC_DRB G (IG D.L compliant) | 320, 512, 1024 bits - 128, 256 bits | Random number generation with HMAC_DRB G | Random number generation with HMAC_DRB G | |||||
| Hash_DRBG seed | Seed - CSP | Hash_DRBG seed derived from entropy input as defined in SP 800-90Ar1 (IG D.L compliant) | 440, 880 bits - 128, 256 bits; | Random number generation with Hash_DRBG | Random number generation with Hash_DRBG | |||||
| CTR_DRBG seed | Seed - CSP | CTR_DRBG seed derived | 256, 320, 384 bits - | Random number | Random number | |||||
| from entropy input as defined in SP 800-90Ar1 (IG D.L compliant) | from entropy input as defined in SP 800-90Ar1 (IG D.L compliant) | 128, 192, 256 bits | generation with CTR_DRBG | generation with CTR_DRBG | ||||||
| HMAC_DRBG seed | Seed - CSP | HMAC_DRB G seed derived from entropy input as defined in SP 800-90Ar1 (IG D.L compliant) | 440, 880 bits - 128, 256 bits | Random number generation with HMAC_DRB G | Random number generation with HMAC_DRB G | |||||
| AES key | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed | ||||||
| HMAC key | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed | ||||||
| Module- generated RSA Private Key | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API output parameters (plaintext) | From service invocation until cipherhandle is freed | Module-generated RSA Public Key:Paired With DRBG internal state (V value, Key):Generated from Intermediate key generation value:Generated from | |||||
| Module- generated RSA Public Key | RAM:Plaintext | Wipe and Free memory block | API output parameters (plaintext) | From service invocation until | Module-generated RSA Private Key:Paired With |
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| zeroization procedure succeeded. | ||||
| Automatic | Automatically zeroized by the module when no longer needed | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. | N/A | |
| Module Reset | De-allocates the volatile memory used to store SSPs | Volatile memory used by the module is overwritten within nanoseconds when power is removed. | By unloading and reloading the module |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module N/A Table 17: SSP Zeroization Methods The memory occupied by SSPs is allocated by regular memory allocation operating system calls. The application that is acting as the CO is responsible for calling the appropriate zeroization functions provided in the module's API and listed in the above table. Calling gcry_free(), which will zeroize the SSPs and also invoke the corresponding API functions listed in the above table to zeroize SSPs. The zeroization functions overwrite the operating system call. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module with AESCMAC 112524288 Modulegenerated RSA
P-224, P256, P384, P521 - 112, P-224, P256, P384, P521 - 112, Modulegenerated Modulegenerated © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module P-224, P256, P384, P521 - 112, P-224, P256, P384, P521 - 112, - N/A © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module D.L D.L G G G © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|
| from entropy input as defined in SP 800-90Ar1 (IG D.L compliant) | from entropy input as defined in SP 800-90Ar1 (IG D.L compliant) | 128, 192, 256 bits | generation with CTR_DRBG | generation with CTR_DRBG | ||||||
| HMAC_DRBG seed | Seed - CSP | HMAC_DRB G seed derived from entropy input as defined in SP 800-90Ar1 (IG D.L compliant) | 440, 880 bits - 128, 256 bits | Random number generation with HMAC_DRB G | Random number generation with HMAC_DRB G | |||||
| AES key | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed | ||||||
| HMAC key | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed | ||||||
| Module- generated RSA Private Key | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API output parameters (plaintext) | From service invocation until cipherhandle is freed | Module-generated RSA Public Key:Paired With DRBG internal state (V value, Key):Generated from Intermediate key generation value:Generated from | |||||
| Module- generated RSA Public Key | RAM:Plaintext | Wipe and Free memory block | API output parameters (plaintext) | From service invocation until | Module-generated RSA Private Key:Paired With |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module D.L D.L G G Table 18: SSP Table 1 Modulegenerated RSA Modulegenerated RSA © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Generation | Storage | Zeroization | Input | Cipherhandle is freed |
|---|---|---|---|---|---|
| RSA Private Key | RSA Public Key:Paired With | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed |
| RSA Public Key | RSA Private Key:Paired With | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed |
| Module- generated ECDSA Private Key | Module-generated ECDSA Public Key:Paired With DRBG internal state (V value, Key):Generated from Intermediate key generation value:Generated from | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API output parameters (plaintext) | From service invocation until cipherhandle is freed |
| Module- generated ECDSA Public Key | Module-generated ECDSA Private Key:Paired With DRBG internal state (V value, Key):Generated from Intermediate key generation value:Generated from | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API output parameters (plaintext) | From service invocation until cipherhandle is freed |
| ECDSA Private Key | ECDSA Public Key:Paired With | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed |
| ECDSA Public Key | ECDSA Private Key:Paired With | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed |
| Intermediate key generation value | Module-generated RSA Private Key:Generates Module-generated RSA Public Key:Generates Module-generated ECDSA Private Key:Generates Module-generated ECDSA Public Key:Generates | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed | |
| Password or passphrase | Derived key:Derivation of | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API input parameters (plaintext) | From service invocation until cipherhandle is freed |
| Derived key | Password or passphrase:Derived From | RAM:Plaintext | Wipe and Free memory block allocated Module Reset | API output parameters (plaintext) | From service invocation until cipherhandle is freed |
| Entropy Input | DRBG seed:Derivation of | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed | |
| Hash_DRBG internal state (V value, C value) | DRBG seed:Generated from | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Modulegenerated Modulegenerated © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Storage | Zeroization | Related SSPs | |
|---|---|---|---|---|
| CTR_DRBG internal state (V value, Key) | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed | DRBG seed:Generated from |
| HMAC_DRBG internal state (V value, Key) | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed | DRBG seed:Generated from |
| Hash_DRBG seed | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed | Entropy Input:Derived From Hash_DRBG internal state (V value, C value):Generation of |
| CTR_DRBG seed | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed | Entropy Input:Derived From CTR_DRBG internal state (V value, Key):Generation of |
| HMAC_DRBG seed | RAM:Plaintext | Automatic | From service invocation until cipherhandle is freed | Entropy Input:Derived From HMAC_DRBG internal state (V value, Key):Generation of |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Table 19: SSP Table 2 The tables above summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module.
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Test Properties | Conditions | |
|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A6114) | HMAC- SHA2-256 (A6114) | Message authentication | SW/FW Integrity | Integrity test for /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 8 | 256-bit | Module becomes operational and services are available for use | ||
| HMAC- SHA2-256 (A6122) | HMAC- SHA2-256 (A6122) | Message authentication | SW/FW Integrity | Integrity test for /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 9 | 256-bit | Module becomes operational and services are available for use | ||
| AES-ECB - Encrypt (A6114) | AES-ECB - Encrypt (A6114) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |
| AES-ECB - Encrypt (A6115) | AES-ECB - Encrypt (A6115) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |
| AES-ECB - Encrypt (A6117) | AES-ECB - Encrypt (A6117) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |
| AES-ECB - Encrypt (A6118) | AES-ECB - Encrypt (A6118) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Test Properties | Conditions | |
|---|---|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A6114) | HMAC- SHA2-256 (A6114) | Message authentication | SW/FW Integrity | Integrity test for /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 8 | 256-bit | Module becomes operational and services are available for use | ||||
| HMAC- SHA2-256 (A6122) | HMAC- SHA2-256 (A6122) | Message authentication | SW/FW Integrity | Integrity test for /usr/lib64/libgcrypt.so.20.5.0 on Rocky Linux 9 | 256-bit | Module becomes operational and services are available for use | ||||
| AES-ECB - Encrypt (A6114) | AES-ECB - Encrypt (A6114) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Encrypt (A6115) | AES-ECB - Encrypt (A6115) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Encrypt (A6117) | AES-ECB - Encrypt (A6117) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Encrypt (A6118) | AES-ECB - Encrypt (A6118) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Encrypt (A6122) | AES-ECB - Encrypt (A6122) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Encrypt (A6123) | AES-ECB - Encrypt (A6123) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Encrypt (A6125) | AES-ECB - Encrypt (A6125) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Encrypt (A6126) | AES-ECB - Encrypt (A6126) | KAT | CAST | Symmetric encrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Decrypt (A6114) | AES-ECB - Decrypt (A6114) | KAT | CAST | Symmetric decrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Decrypt (A6115) | AES-ECB - Decrypt (A6115) | KAT | CAST | Symmetric decrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Decrypt (A6117) | AES-ECB - Decrypt (A6117) | KAT | CAST | Symmetric decrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Decrypt (A6118) | AES-ECB - Decrypt (A6118) | KAT | CAST | Symmetric decrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Decrypt (A6122) | AES-ECB - Decrypt (A6122) | KAT | CAST | Symmetric decrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Decrypt (A6123) | AES-ECB - Decrypt (A6123) | KAT | CAST | Symmetric decrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Decrypt (A6125) | AES-ECB - Decrypt (A6125) | KAT | CAST | Symmetric decrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-ECB - Decrypt (A6126) | AES-ECB - Decrypt (A6126) | KAT | CAST | Symmetric decrypt | Module becomes operational | 128, 192, 256-bit keys | Test runs at power-on before the integrity test | |||
| AES-CMAC (A6114) | AES-CMAC (A6114) | KAT | CAST | Message authentication code | Module becomes operational | 128-bit key MAC generation | Test runs at power-on before the integrity test | |||
| AES-CMAC (A6115) | AES-CMAC (A6115) | KAT | CAST | Message authentication code | Module becomes operational | 128-bit key MAC generation | Test runs at power-on before the integrity test | |||
| AES-CMAC (A6117) | AES-CMAC (A6117) | KAT | CAST | Message authentication code | Module becomes operational | 128-bit key MAC generation | Test runs at power-on before the integrity test | |||
| AES-CMAC (A6118) | AES-CMAC (A6118) | KAT | CAST | Message authentication code | Module becomes operational | 128-bit key MAC generation | Test runs at power-on before the integrity test | |||
| AES-CMAC (A6122) | AES-CMAC (A6122) | KAT | CAST | Message authentication code | Module becomes operational | 128-bit key MAC generation | Test runs at power-on before the integrity test | |||
| AES-CMAC (A6123) | AES-CMAC (A6123) | KAT | CAST | Message authentication code | Module becomes operational | 128-bit key MAC generation | Test runs at power-on before the integrity test | |||
| AES-CMAC (A6125) | AES-CMAC (A6125) | KAT | CAST | Message authentication code | Module becomes operational | 128-bit key MAC generation | Test runs at power-on before the integrity test | |||
| AES-CMAC (A6126) | AES-CMAC (A6126) | KAT | CAST | Message authentication code | Module becomes operational | 128-bit key MAC generation | Test runs at power-on before the integrity test | |||
| Counter DRBG (A6114) | Counter DRBG (A6114) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | AES 128-bit key with DF, with and without PR | Test runs at power-on before the integrity test | |||
| Counter DRBG (A6115) | Counter DRBG (A6115) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | AES 128-bit key with DF, with and without PR | Test runs at power-on before the integrity test | |||
| Counter DRBG (A6117) | Counter DRBG (A6117) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | AES 128-bit key with DF, with and without PR | Test runs at power-on before the integrity test | |||
| Counter DRBG (A6118) | Counter DRBG (A6118) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | AES 128-bit key with DF, with and without PR | Test runs at power-on before the integrity test | |||
| Counter DRBG (A6122) | Counter DRBG (A6122) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | AES 128-bit key with DF, with and without PR | Test runs at power-on before the integrity test | |||
| Counter DRBG (A6123) | Counter DRBG (A6123) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | AES 128-bit key with DF, with and without PR | Test runs at power-on before the integrity test | |||
| Counter DRBG (A6125) | Counter DRBG (A6125) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | AES 128-bit key with DF, with and without PR | Test runs at power-on before the integrity test | |||
| Counter DRBG (A6126) | Counter DRBG (A6126) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | AES 128-bit key with DF, with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6114) | Hash DRBG (A6114) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6115) | Hash DRBG (A6115) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6116) | Hash DRBG (A6116) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6117) | Hash DRBG (A6117) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6118) | Hash DRBG (A6118) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6122) | Hash DRBG (A6122) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6123) | Hash DRBG (A6123) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6124) | Hash DRBG (A6124) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6125) | Hash DRBG (A6125) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Hash DRBG (A6126) | Hash DRBG (A6126) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6114) | HMAC DRBG (A6114) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6115) | HMAC DRBG (A6115) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6116) | HMAC DRBG (A6116) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6117) | HMAC DRBG (A6117) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6118) | HMAC DRBG (A6118) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6122) | HMAC DRBG (A6122) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6123) | HMAC DRBG (A6123) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6124) | HMAC DRBG (A6124) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6125) | HMAC DRBG (A6125) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| HMAC DRBG (A6126) | HMAC DRBG (A6126) | KAT | CAST | Compliant with SP 800-90Ar1 (seed, reseed, generate) | Module becomes operational | HMAC-SHA2-256 with and without PR | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6114) | Deterministic ECDSA SigGen (FIPS186-5) (A6114) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6115) | Deterministic ECDSA SigGen (FIPS186-5) (A6115) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6116) | Deterministic ECDSA SigGen (FIPS186-5) (A6116) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6117) | Deterministic ECDSA SigGen (FIPS186-5) (A6117) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6118) | Deterministic ECDSA SigGen (FIPS186-5) (A6118) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6122) | Deterministic ECDSA SigGen (FIPS186-5) (A6122) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6123) | Deterministic ECDSA SigGen (FIPS186-5) (A6123) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6124) | Deterministic ECDSA SigGen (FIPS186-5) (A6124) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6125) | Deterministic ECDSA SigGen (FIPS186-5) (A6125) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| Deterministic ECDSA SigGen (FIPS186-5) (A6126) | Deterministic ECDSA SigGen (FIPS186-5) (A6126) | KAT | CAST | Deterministic digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6114) | ECDSA SigGen (FIPS186-5) (A6114) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6115) | ECDSA SigGen (FIPS186-5) (A6115) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6116) | ECDSA SigGen (FIPS186-5) (A6116) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6117) | ECDSA SigGen (FIPS186-5) (A6117) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6118) | ECDSA SigGen (FIPS186-5) (A6118) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6122) | ECDSA SigGen (FIPS186-5) (A6122) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6123) | ECDSA SigGen (FIPS186-5) (A6123) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6124) | ECDSA SigGen (FIPS186-5) (A6124) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6125) | ECDSA SigGen (FIPS186-5) (A6125) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigGen (FIPS186-5) (A6126) | ECDSA SigGen (FIPS186-5) (A6126) | KAT | CAST | Digital signature generation | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6114) | ECDSA SigVer (FIPS186-5) (A6114) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6115) | ECDSA SigVer (FIPS186-5) (A6115) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6116) | ECDSA SigVer (FIPS186-5) (A6116) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6117) | ECDSA SigVer (FIPS186-5) (A6117) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6118) | ECDSA SigVer (FIPS186-5) (A6118) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6122) | ECDSA SigVer (FIPS186-5) (A6122) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6123) | ECDSA SigVer (FIPS186-5) (A6123) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6124) | ECDSA SigVer (FIPS186-5) (A6124) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6125) | ECDSA SigVer (FIPS186-5) (A6125) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| ECDSA SigVer (FIPS186-5) (A6126) | ECDSA SigVer (FIPS186-5) (A6126) | KAT | CAST | Digital signature verification | Module becomes operational | P-256 and SHA2- 256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6113) | HMAC-SHA-1 (A6113) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6114) | HMAC-SHA-1 (A6114) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6115) | HMAC-SHA-1 (A6115) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6116) | HMAC-SHA-1 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6117) | HMAC-SHA-1 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6118) | HMAC-SHA-1 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6121) | HMAC-SHA-1 (A6121) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6122) | HMAC-SHA-1 (A6122) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6123) | HMAC-SHA-1 (A6123) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6124) | HMAC-SHA-1 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6125) | HMAC-SHA-1 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA-1 (A6126) | HMAC-SHA-1 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6114) | HMAC-SHA2- 224 (A6114) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6115) | HMAC-SHA2- 224 (A6115) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6116) | HMAC-SHA2- 224 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6117) | HMAC-SHA2- 224 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6118) | HMAC-SHA2- 224 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6122) | HMAC-SHA2- 224 (A6122) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6123) | HMAC-SHA2- 224 (A6123) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6124) | HMAC-SHA2- 224 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6125) | HMAC-SHA2- 224 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 224 (A6126) | HMAC-SHA2- 224 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6114) | HMAC-SHA2- 256 (A6114) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6115) | HMAC-SHA2- 256 (A6115) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6116) | HMAC-SHA2- 256 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6117) | HMAC-SHA2- 256 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6118) | HMAC-SHA2- 256 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6122) | HMAC-SHA2- 256 (A6122) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6123) | HMAC-SHA2- 256 (A6123) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6124) | HMAC-SHA2- 256 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6125) | HMAC-SHA2- 256 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 256 (A6126) | HMAC-SHA2- 256 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6114) | HMAC-SHA2- 384 (A6114) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6115) | HMAC-SHA2- 384 (A6115) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6116) | HMAC-SHA2- 384 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6117) | HMAC-SHA2- 384 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6118) | HMAC-SHA2- 384 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6122) | HMAC-SHA2- 384 (A6122) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6123) | HMAC-SHA2- 384 (A6123) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6124) | HMAC-SHA2- 384 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6125) | HMAC-SHA2- 384 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 384 (A6126) | HMAC-SHA2- 384 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6114) | HMAC-SHA2- 512 (A6114) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6115) | HMAC-SHA2- 512 (A6115) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6116) | HMAC-SHA2- 512 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6117) | HMAC-SHA2- 512 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6118) | HMAC-SHA2- 512 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6122) | HMAC-SHA2- 512 (A6122) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6123) | HMAC-SHA2- 512 (A6123) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6124) | HMAC-SHA2- 512 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6125) | HMAC-SHA2- 512 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA2- 512 (A6126) | HMAC-SHA2- 512 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 224 (A6116) | HMAC-SHA3- 224 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 224 (A6117) | HMAC-SHA3- 224 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 224 (A6118) | HMAC-SHA3- 224 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 224 (A6124) | HMAC-SHA3- 224 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 224 (A6125) | HMAC-SHA3- 224 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 224 (A6126) | HMAC-SHA3- 224 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-224 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 256 (A6116) | HMAC-SHA3- 256 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 256 (A6117) | HMAC-SHA3- 256 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 256 (A6118) | HMAC-SHA3- 256 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 256 (A6124) | HMAC-SHA3- 256 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 256 (A6125) | HMAC-SHA3- 256 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 256 (A6126) | HMAC-SHA3- 256 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-256 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 384 (A6116) | HMAC-SHA3- 384 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 384 (A6117) | HMAC-SHA3- 384 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 384 (A6118) | HMAC-SHA3- 384 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 384 (A6124) | HMAC-SHA3- 384 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 384 (A6125) | HMAC-SHA3- 384 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 384 (A6126) | HMAC-SHA3- 384 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-384 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 512 (A6116) | HMAC-SHA3- 512 (A6116) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 512 (A6117) | HMAC-SHA3- 512 (A6117) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 512 (A6118) | HMAC-SHA3- 512 (A6118) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 512 (A6124) | HMAC-SHA3- 512 (A6124) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 512 (A6125) | HMAC-SHA3- 512 (A6125) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-512 | Test runs at power-on before the integrity test | |||
| HMAC-SHA3- 512 (A6126) | HMAC-SHA3- 512 (A6126) | KAT | CAST | Message authentication code | Module becomes operational | SHA3-512 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6114) | RSA SigGen (FIPS186-5) (A6114) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6115) | RSA SigGen (FIPS186-5) (A6115) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6116) | RSA SigGen (FIPS186-5) (A6116) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6117) | RSA SigGen (FIPS186-5) (A6117) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6118) | RSA SigGen (FIPS186-5) (A6118) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6122) | RSA SigGen (FIPS186-5) (A6122) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6123) | RSA SigGen (FIPS186-5) (A6123) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6124) | RSA SigGen (FIPS186-5) (A6124) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6125) | RSA SigGen (FIPS186-5) (A6125) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigGen (FIPS186-5) (A6126) | RSA SigGen (FIPS186-5) (A6126) | KAT | CAST | Digital signature generation | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6114) | RSA SigVer (FIPS186-5) (A6114) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6115) | RSA SigVer (FIPS186-5) (A6115) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6116) | RSA SigVer (FIPS186-5) (A6116) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6117) | RSA SigVer (FIPS186-5) (A6117) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6118) | RSA SigVer (FIPS186-5) (A6118) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6122) | RSA SigVer (FIPS186-5) (A6122) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6123) | RSA SigVer (FIPS186-5) (A6123) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6124) | RSA SigVer (FIPS186-5) (A6124) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6125) | RSA SigVer (FIPS186-5) (A6125) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| RSA SigVer (FIPS186-5) (A6126) | RSA SigVer (FIPS186-5) (A6126) | KAT | CAST | Digital signature verification | Module becomes operational | PKCS#1 v1.5 with 2048-bit key and SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6113) | SHA-1 (A6113) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6114) | SHA-1 (A6114) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6115) | SHA-1 (A6115) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6116) | SHA-1 (A6116) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6117) | SHA-1 (A6117) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6118) | SHA-1 (A6118) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6121) | SHA-1 (A6121) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6122) | SHA-1 (A6122) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6123) | SHA-1 (A6123) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6124) | SHA-1 (A6124) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6125) | SHA-1 (A6125) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA-1 (A6126) | SHA-1 (A6126) | KAT | CAST | Message digest | Module becomes operational | SHA-1 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6114) | SHA2-224 (A6114) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6115) | SHA2-224 (A6115) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6116) | SHA2-224 (A6116) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6117) | SHA2-224 (A6117) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6118) | SHA2-224 (A6118) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6122) | SHA2-224 (A6122) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6123) | SHA2-224 (A6123) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6124) | SHA2-224 (A6124) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6125) | SHA2-224 (A6125) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-224 (A6126) | SHA2-224 (A6126) | KAT | CAST | Message digest | Module becomes operational | SHA2-224 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6114) | SHA2-256 (A6114) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6115) | SHA2-256 (A6115) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6116) | SHA2-256 (A6116) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6117) | SHA2-256 (A6117) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6118) | SHA2-256 (A6118) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6122) | SHA2-256 (A6122) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6123) | SHA2-256 (A6123) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6124) | SHA2-256 (A6124) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6125) | SHA2-256 (A6125) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-256 (A6126) | SHA2-256 (A6126) | KAT | CAST | Message digest | Module becomes operational | SHA2-256 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6114) | SHA2-384 (A6114) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6115) | SHA2-384 (A6115) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6116) | SHA2-384 (A6116) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6117) | SHA2-384 (A6117) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6118) | SHA2-384 (A6118) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6122) | SHA2-384 (A6122) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6123) | SHA2-384 (A6123) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6124) | SHA2-384 (A6124) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6125) | SHA2-384 (A6125) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-384 (A6126) | SHA2-384 (A6126) | KAT | CAST | Message digest | Module becomes operational | SHA2-384 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6114) | SHA2-512 (A6114) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6115) | SHA2-512 (A6115) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6116) | SHA2-512 (A6116) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6117) | SHA2-512 (A6117) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6118) | SHA2-512 (A6118) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6122) | SHA2-512 (A6122) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6123) | SHA2-512 (A6123) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6124) | SHA2-512 (A6124) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6125) | SHA2-512 (A6125) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| SHA2-512 (A6126) | SHA2-512 (A6126) | KAT | CAST | Message digest | Module becomes operational | SHA2-512 | Test runs at power-on before the integrity test | |||
| PBKDF (A6114) | PBKDF (A6114) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6115) | PBKDF (A6115) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6116) | PBKDF (A6116) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6117) | PBKDF (A6117) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6118) | PBKDF (A6118) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6122) | PBKDF (A6122) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6123) | PBKDF (A6123) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6124) | PBKDF (A6124) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6125) | PBKDF (A6125) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| PBKDF (A6126) | PBKDF (A6126) | KAT | CAST | Password-based key derivation | Module becomes operational | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096, and salt length of 288 bits | Test runs at power-on before the integrity test | |||
| RSA KeyGen (FIPS186-5) (A6114) | RSA KeyGen (FIPS186-5) (A6114) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6115) | RSA KeyGen (FIPS186-5) (A6115) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6116) | RSA KeyGen (FIPS186-5) (A6116) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6117) | RSA KeyGen (FIPS186-5) (A6117) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6118) | RSA KeyGen (FIPS186-5) (A6118) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6122) | RSA KeyGen (FIPS186-5) (A6122) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6123) | RSA KeyGen (FIPS186-5) (A6123) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6124) | RSA KeyGen (FIPS186-5) (A6124) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6125) | RSA KeyGen (FIPS186-5) (A6125) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| RSA KeyGen (FIPS186-5) (A6126) | RSA KeyGen (FIPS186-5) (A6126) | PCT | PCT | Signature generation and verification | Key pair generation is successful | PKCS#1 v1.5 with SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6114) | ECDSA KeyGen (FIPS186-5) (A6114) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6115) | ECDSA KeyGen (FIPS186-5) (A6115) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6116) | ECDSA KeyGen (FIPS186-5) (A6116) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6117) | ECDSA KeyGen (FIPS186-5) (A6117) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6118) | ECDSA KeyGen (FIPS186-5) (A6118) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6122) | ECDSA KeyGen (FIPS186-5) (A6122) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6123) | ECDSA KeyGen (FIPS186-5) (A6123) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6124) | ECDSA KeyGen (FIPS186-5) (A6124) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6125) | ECDSA KeyGen (FIPS186-5) (A6125) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| ECDSA KeyGen (FIPS186-5) (A6126) | ECDSA KeyGen (FIPS186-5) (A6126) | PCT | PCT | Signature generation and verification | Key pair generation is successful | SHA2-256 | Key pair generation | |||
| HMAC-SHA2-256 (A6114) | HMAC-SHA2-256 (A6114) | Message authentication | SW/FW Integrity | On demand | Manually | |||||
| HMAC-SHA2-256 (A6122) | HMAC-SHA2-256 (A6122) | Message authentication | SW/FW Integrity | On demand | Manually | |||||
| AES-ECB - Encrypt (A6114) | AES-ECB - Encrypt (A6114) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Encrypt (A6115) | AES-ECB - Encrypt (A6115) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Encrypt (A6117) | AES-ECB - Encrypt (A6117) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Encrypt (A6118) | AES-ECB - Encrypt (A6118) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Encrypt (A6122) | AES-ECB - Encrypt (A6122) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Encrypt (A6123) | AES-ECB - Encrypt (A6123) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Encrypt (A6125) | AES-ECB - Encrypt (A6125) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Encrypt (A6126) | AES-ECB - Encrypt (A6126) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Decrypt (A6114) | AES-ECB - Decrypt (A6114) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Decrypt (A6115) | AES-ECB - Decrypt (A6115) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Decrypt (A6117) | AES-ECB - Decrypt (A6117) | KAT | CAST | On demand | Manually | |||||
| AES-ECB - Decrypt (A6118) | AES-ECB - Decrypt (A6118) | KAT | CAST | On demand | Manually |
HMACSHA2-256 HMACSHA2-256 Table 20: Pre-Operational Self-Tests The module performs pre-operational self-tests automatically when the module is becoming available for the consuming application. Pre-operational self-tests ensure that the module is not corrupted. While the module is executing the pre-operational self-tests, services are not available, input and output are inhibited. The module is not available for use by the calling application until the pre-operational self-tests are completed successfully.
© 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Test Properties | Indicator | Conditions |
|---|---|---|---|---|---|---|---|---|---|
| ECDSA KeyGen (FIPS186-5) (A6126) | ECDSA KeyGen (FIPS186-5) (A6126) | PCT | PCT | Signature generation and verification | SHA2-256 | Key pair generation is successful | Key pair generation | ||
| HMAC-SHA2-256 (A6114) | HMAC-SHA2-256 (A6114) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2-256 (A6122) | HMAC-SHA2-256 (A6122) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| AES-ECB - Encrypt (A6114) | AES-ECB - Encrypt (A6114) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Encrypt (A6115) | AES-ECB - Encrypt (A6115) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Encrypt (A6117) | AES-ECB - Encrypt (A6117) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Encrypt (A6118) | AES-ECB - Encrypt (A6118) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Encrypt (A6122) | AES-ECB - Encrypt (A6122) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Encrypt (A6123) | AES-ECB - Encrypt (A6123) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Encrypt (A6125) | AES-ECB - Encrypt (A6125) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Encrypt (A6126) | AES-ECB - Encrypt (A6126) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Decrypt (A6114) | AES-ECB - Decrypt (A6114) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Decrypt (A6115) | AES-ECB - Decrypt (A6115) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Decrypt (A6117) | AES-ECB - Decrypt (A6117) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Decrypt (A6118) | AES-ECB - Decrypt (A6118) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Decrypt (A6122) | AES-ECB - Decrypt (A6122) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Decrypt (A6123) | AES-ECB - Decrypt (A6123) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Decrypt (A6125) | AES-ECB - Decrypt (A6125) | KAT | CAST | On demand | Manually | ||||
| AES-ECB - Decrypt (A6126) | AES-ECB - Decrypt (A6126) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A6114) | AES-CMAC (A6114) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A6115) | AES-CMAC (A6115) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A6117) | AES-CMAC (A6117) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A6118) | AES-CMAC (A6118) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A6122) | AES-CMAC (A6122) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A6123) | AES-CMAC (A6123) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A6125) | AES-CMAC (A6125) | KAT | CAST | On demand | Manually | ||||
| AES-CMAC (A6126) | AES-CMAC (A6126) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A6114) | Counter DRBG (A6114) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A6115) | Counter DRBG (A6115) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A6117) | Counter DRBG (A6117) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A6118) | Counter DRBG (A6118) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A6122) | Counter DRBG (A6122) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A6123) | Counter DRBG (A6123) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A6125) | Counter DRBG (A6125) | KAT | CAST | On demand | Manually | ||||
| Counter DRBG (A6126) | Counter DRBG (A6126) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6114) | Hash DRBG (A6114) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6115) | Hash DRBG (A6115) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6116) | Hash DRBG (A6116) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6117) | Hash DRBG (A6117) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6118) | Hash DRBG (A6118) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6122) | Hash DRBG (A6122) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6123) | Hash DRBG (A6123) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6124) | Hash DRBG (A6124) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6125) | Hash DRBG (A6125) | KAT | CAST | On demand | Manually | ||||
| Hash DRBG (A6126) | Hash DRBG (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6114) | HMAC DRBG (A6114) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6115) | HMAC DRBG (A6115) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6116) | HMAC DRBG (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6117) | HMAC DRBG (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6118) | HMAC DRBG (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6122) | HMAC DRBG (A6122) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6123) | HMAC DRBG (A6123) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6124) | HMAC DRBG (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6125) | HMAC DRBG (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC DRBG (A6126) | HMAC DRBG (A6126) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6114) | Deterministic ECDSA SigGen (FIPS186-5) (A6114) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6115) | Deterministic ECDSA SigGen (FIPS186-5) (A6115) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6116) | Deterministic ECDSA SigGen (FIPS186-5) (A6116) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6117) | Deterministic ECDSA SigGen (FIPS186-5) (A6117) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6118) | Deterministic ECDSA SigGen (FIPS186-5) (A6118) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6122) | Deterministic ECDSA SigGen (FIPS186-5) (A6122) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6123) | Deterministic ECDSA SigGen (FIPS186-5) (A6123) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6124) | Deterministic ECDSA SigGen (FIPS186-5) (A6124) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6125) | Deterministic ECDSA SigGen (FIPS186-5) (A6125) | KAT | CAST | On demand | Manually | ||||
| Deterministic ECDSA SigGen (FIPS186-5) (A6126) | Deterministic ECDSA SigGen (FIPS186-5) (A6126) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6114) | ECDSA SigGen (FIPS186-5) (A6114) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6115) | ECDSA SigGen (FIPS186-5) (A6115) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6116) | ECDSA SigGen (FIPS186-5) (A6116) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6117) | ECDSA SigGen (FIPS186-5) (A6117) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6118) | ECDSA SigGen (FIPS186-5) (A6118) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6122) | ECDSA SigGen (FIPS186-5) (A6122) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6123) | ECDSA SigGen (FIPS186-5) (A6123) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6124) | ECDSA SigGen (FIPS186-5) (A6124) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6125) | ECDSA SigGen (FIPS186-5) (A6125) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A6126) | ECDSA SigGen (FIPS186-5) (A6126) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6114) | ECDSA SigVer (FIPS186-5) (A6114) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6115) | ECDSA SigVer (FIPS186-5) (A6115) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6116) | ECDSA SigVer (FIPS186-5) (A6116) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6117) | ECDSA SigVer (FIPS186-5) (A6117) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6118) | ECDSA SigVer (FIPS186-5) (A6118) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6122) | ECDSA SigVer (FIPS186-5) (A6122) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6123) | ECDSA SigVer (FIPS186-5) (A6123) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6124) | ECDSA SigVer (FIPS186-5) (A6124) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6125) | ECDSA SigVer (FIPS186-5) (A6125) | KAT | CAST | On demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A6126) | ECDSA SigVer (FIPS186-5) (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6113) | HMAC-SHA-1 (A6113) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6114) | HMAC-SHA-1 (A6114) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6115) | HMAC-SHA-1 (A6115) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6116) | HMAC-SHA-1 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6117) | HMAC-SHA-1 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6118) | HMAC-SHA-1 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6121) | HMAC-SHA-1 (A6121) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6122) | HMAC-SHA-1 (A6122) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6123) | HMAC-SHA-1 (A6123) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6124) | HMAC-SHA-1 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6125) | HMAC-SHA-1 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA-1 (A6126) | HMAC-SHA-1 (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6114) | HMAC-SHA2-224 (A6114) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6115) | HMAC-SHA2-224 (A6115) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6116) | HMAC-SHA2-224 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6117) | HMAC-SHA2-224 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6118) | HMAC-SHA2-224 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6122) | HMAC-SHA2-224 (A6122) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6123) | HMAC-SHA2-224 (A6123) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6124) | HMAC-SHA2-224 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6125) | HMAC-SHA2-224 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-224 (A6126) | HMAC-SHA2-224 (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6114) | HMAC-SHA2-256 (A6114) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6115) | HMAC-SHA2-256 (A6115) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6116) | HMAC-SHA2-256 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6117) | HMAC-SHA2-256 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6118) | HMAC-SHA2-256 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6122) | HMAC-SHA2-256 (A6122) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6123) | HMAC-SHA2-256 (A6123) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6124) | HMAC-SHA2-256 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6125) | HMAC-SHA2-256 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-256 (A6126) | HMAC-SHA2-256 (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6114) | HMAC-SHA2-384 (A6114) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6115) | HMAC-SHA2-384 (A6115) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6116) | HMAC-SHA2-384 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6117) | HMAC-SHA2-384 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6118) | HMAC-SHA2-384 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6122) | HMAC-SHA2-384 (A6122) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6123) | HMAC-SHA2-384 (A6123) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6124) | HMAC-SHA2-384 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6125) | HMAC-SHA2-384 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-384 (A6126) | HMAC-SHA2-384 (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6114) | HMAC-SHA2-512 (A6114) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6115) | HMAC-SHA2-512 (A6115) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6116) | HMAC-SHA2-512 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6117) | HMAC-SHA2-512 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6118) | HMAC-SHA2-512 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6122) | HMAC-SHA2-512 (A6122) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6123) | HMAC-SHA2-512 (A6123) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6124) | HMAC-SHA2-512 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6125) | HMAC-SHA2-512 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA2-512 (A6126) | HMAC-SHA2-512 (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-224 (A6116) | HMAC-SHA3-224 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-224 (A6117) | HMAC-SHA3-224 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-224 (A6118) | HMAC-SHA3-224 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-224 (A6124) | HMAC-SHA3-224 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-224 (A6125) | HMAC-SHA3-224 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-224 (A6126) | HMAC-SHA3-224 (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-256 (A6116) | HMAC-SHA3-256 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-256 (A6117) | HMAC-SHA3-256 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-256 (A6118) | HMAC-SHA3-256 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-256 (A6124) | HMAC-SHA3-256 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-256 (A6125) | HMAC-SHA3-256 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-256 (A6126) | HMAC-SHA3-256 (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-384 (A6116) | HMAC-SHA3-384 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-384 (A6117) | HMAC-SHA3-384 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-384 (A6118) | HMAC-SHA3-384 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-384 (A6124) | HMAC-SHA3-384 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-384 (A6125) | HMAC-SHA3-384 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-384 (A6126) | HMAC-SHA3-384 (A6126) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-512 (A6116) | HMAC-SHA3-512 (A6116) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-512 (A6117) | HMAC-SHA3-512 (A6117) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-512 (A6118) | HMAC-SHA3-512 (A6118) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-512 (A6124) | HMAC-SHA3-512 (A6124) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-512 (A6125) | HMAC-SHA3-512 (A6125) | KAT | CAST | On demand | Manually | ||||
| HMAC-SHA3-512 (A6126) | HMAC-SHA3-512 (A6126) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6114) | RSA SigGen (FIPS186-5) (A6114) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6115) | RSA SigGen (FIPS186-5) (A6115) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6116) | RSA SigGen (FIPS186-5) (A6116) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6117) | RSA SigGen (FIPS186-5) (A6117) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6118) | RSA SigGen (FIPS186-5) (A6118) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6122) | RSA SigGen (FIPS186-5) (A6122) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6123) | RSA SigGen (FIPS186-5) (A6123) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6124) | RSA SigGen (FIPS186-5) (A6124) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6125) | RSA SigGen (FIPS186-5) (A6125) | KAT | CAST | On demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A6126) | RSA SigGen (FIPS186-5) (A6126) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6114) | RSA SigVer (FIPS186-5) (A6114) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6115) | RSA SigVer (FIPS186-5) (A6115) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6116) | RSA SigVer (FIPS186-5) (A6116) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6117) | RSA SigVer (FIPS186-5) (A6117) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6118) | RSA SigVer (FIPS186-5) (A6118) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6122) | RSA SigVer (FIPS186-5) (A6122) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6123) | RSA SigVer (FIPS186-5) (A6123) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6124) | RSA SigVer (FIPS186-5) (A6124) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6125) | RSA SigVer (FIPS186-5) (A6125) | KAT | CAST | On demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A6126) | RSA SigVer (FIPS186-5) (A6126) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6113) | SHA-1 (A6113) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6114) | SHA-1 (A6114) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6115) | SHA-1 (A6115) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6116) | SHA-1 (A6116) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6117) | SHA-1 (A6117) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6118) | SHA-1 (A6118) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6121) | SHA-1 (A6121) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6122) | SHA-1 (A6122) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6123) | SHA-1 (A6123) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6124) | SHA-1 (A6124) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6125) | SHA-1 (A6125) | KAT | CAST | On demand | Manually | ||||
| SHA-1 (A6126) | SHA-1 (A6126) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6114) | SHA2-224 (A6114) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6115) | SHA2-224 (A6115) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6116) | SHA2-224 (A6116) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6117) | SHA2-224 (A6117) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6118) | SHA2-224 (A6118) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6122) | SHA2-224 (A6122) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6123) | SHA2-224 (A6123) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6124) | SHA2-224 (A6124) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6125) | SHA2-224 (A6125) | KAT | CAST | On demand | Manually | ||||
| SHA2-224 (A6126) | SHA2-224 (A6126) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6114) | SHA2-256 (A6114) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6115) | SHA2-256 (A6115) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6116) | SHA2-256 (A6116) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6117) | SHA2-256 (A6117) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6118) | SHA2-256 (A6118) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6122) | SHA2-256 (A6122) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6123) | SHA2-256 (A6123) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6124) | SHA2-256 (A6124) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6125) | SHA2-256 (A6125) | KAT | CAST | On demand | Manually | ||||
| SHA2-256 (A6126) | SHA2-256 (A6126) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6114) | SHA2-384 (A6114) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6115) | SHA2-384 (A6115) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6116) | SHA2-384 (A6116) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6117) | SHA2-384 (A6117) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6118) | SHA2-384 (A6118) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6122) | SHA2-384 (A6122) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6123) | SHA2-384 (A6123) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6124) | SHA2-384 (A6124) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6125) | SHA2-384 (A6125) | KAT | CAST | On demand | Manually | ||||
| SHA2-384 (A6126) | SHA2-384 (A6126) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6114) | SHA2-512 (A6114) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6115) | SHA2-512 (A6115) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6116) | SHA2-512 (A6116) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6117) | SHA2-512 (A6117) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6118) | SHA2-512 (A6118) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6122) | SHA2-512 (A6122) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6123) | SHA2-512 (A6123) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6124) | SHA2-512 (A6124) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6125) | SHA2-512 (A6125) | KAT | CAST | On demand | Manually | ||||
| SHA2-512 (A6126) | SHA2-512 (A6126) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6114) | PBKDF (A6114) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6115) | PBKDF (A6115) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6116) | PBKDF (A6116) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6117) | PBKDF (A6117) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6118) | PBKDF (A6118) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6122) | PBKDF (A6122) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6123) | PBKDF (A6123) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6124) | PBKDF (A6124) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6125) | PBKDF (A6125) | KAT | CAST | On demand | Manually | ||||
| PBKDF (A6126) | PBKDF (A6126) | KAT | CAST | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6114) | RSA KeyGen (FIPS186-5) (A6114) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6115) | RSA KeyGen (FIPS186-5) (A6115) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6116) | RSA KeyGen (FIPS186-5) (A6116) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6117) | RSA KeyGen (FIPS186-5) (A6117) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6118) | RSA KeyGen (FIPS186-5) (A6118) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6122) | RSA KeyGen (FIPS186-5) (A6122) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6123) | RSA KeyGen (FIPS186-5) (A6123) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6124) | RSA KeyGen (FIPS186-5) (A6124) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6125) | RSA KeyGen (FIPS186-5) (A6125) | PCT | PCT | On demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A6126) | RSA KeyGen (FIPS186-5) (A6126) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6114) | ECDSA KeyGen (FIPS186-5) (A6114) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6115) | ECDSA KeyGen (FIPS186-5) (A6115) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6116) | ECDSA KeyGen (FIPS186-5) (A6116) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6117) | ECDSA KeyGen (FIPS186-5) (A6117) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6118) | ECDSA KeyGen (FIPS186-5) (A6118) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6122) | ECDSA KeyGen (FIPS186-5) (A6122) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6123) | ECDSA KeyGen (FIPS186-5) (A6123) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6124) | ECDSA KeyGen (FIPS186-5) (A6124) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6125) | ECDSA KeyGen (FIPS186-5) (A6125) | PCT | PCT | On demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A6126) | ECDSA KeyGen (FIPS186-5) (A6126) | PCT | PCT | On demand | Manually |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Table 21: Conditional Self-Tests
Table 22: Pre-Operational Periodic Information © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module © 2025 Ctrl IQ, Inc., atsec information security.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error State | The module will return an error code to indicate the error and will enter the Error state. Any further cryptographic operation is inhibited. | Failure of pre- operational tests or conditional tests. | An error message related to the cause of the failure. | The error can be recovered by a restart (i.e., powering off and powering on) of the module. |
| Fatal Error state | The module will abort and will not be available. | Random numbers are requested in the error state or cipher operations are requested on a deallocated handle. | The module is aborted | The error can be recovered by a restart (i.e., powering off and powering on) of the module. |
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Table 23: Conditional Periodic Information This information can be found in Section 5.2.
Table 24: Error States After the pre-operational self-tests and the CASTs succeed, the module becomes operational. If any of the preoperational self-tests or any of the CASTs fail an error message is returned, and the module transitions to the The calling application can obtain the module state by calling the gcry_control(GCRYCTL_OPERATIONAL_P) API function. The function returns FALSE if the module is in the Error state, TRUE if the module is in the
The software integrity tests and the CASTs can be invoked relying on the gcry_control(GCRYCTL_SELFTEST) requesting the Key Generation service. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
The Crypto Officer can install the RPM package of the Module (i.e. libgcrypt-1.10.0-10.el8_6.ciqfips.0.4.rpm or libgcrypt-1.10.0-10.el9_2.ciqfips.0.4.rpm) using standard tools recommended for the installation of RPM packages on a Rocky Linux system (for example, dnf, rpm). The integrity of the RPM package is automatically verified during the installation, and the Crypto Officer shall not install the RPM package if there is any integrity error. Before the RPM package of the module is installed, the system must operate in the FIPS-validated configuration. This can be achieved by:
After installation of the RPM package of the module, the operator needs to check the output of the gcry_get_config() API, which should include the following name and version: Rocky Linux 8 Libgcrypt Cryptographic Module Version rocky8.20240929 (for Rocky Linux
The module implements only the Crypto Officer. There are no requirements for non-administrator guidance. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
For secure sanitization of the cryptographic module, the module must first to be powered off, which will zeroize all keys and CSPs in volatile memory. Then, for actual deprecation, the module shall be upgraded to a newer version that is FIPS 140-3 validated. The module does not possess persistent storage of SSPs, so further sanitization steps are not required. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module
RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack. By default, the module uses the following blinding technique: instead of using the RSA decryption directly, a blinded value y = x re mod n is decrypted and the unblinded value x' = y' r−1 mod n returned. The blinding value r is a random value with the size of the modulus n. © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Appendix A. Glossary and Abbreviations AES API CAST CAVP CBC CCM CFB CKG CMAC CMVP CSP CTR DF DRBG ECB ECC ECDSA FIPS GCM HMAC KAT KW MAC NIST OFB PAA PAI PBKDF2 PCT PKCS PR PSS RNG RSA SHA SHS SSP XOF XTS Advanced Encryption Standard Application Programming Interface Cryptographic Algorithm Self-Test Cryptographic Algorithm Validation Program Cipher Block Chaining Counter with Cipher Block Chaining-Message Authentication Code Cipher Feedback Cryptographic Key Generation Cipher-based Message Authentication Code Cryptographic Module Validation Program Critical Security Parameter Counter Mode Derivation Function Deterministic Random Bit Generator Electronic Code Book Elliptic Curve Cryptography Elliptic Curve Digital Signature Algorithm Federal Information Processing Standards Publication Galois Counter Mode Hash Message Authentication Code Known Answer Test AES Key Wrap Message Authentication Code National Institute of Science and Technology Output Feedback Processor Algorithm Acceleration Processor Algorithm Implementation Password-based Key Derivation Function v2 Pair-wise Consistency Test Public-Key Cryptography Standards Prediction Resistance Probabilistic Signature Scheme Random Number Generator Rivest, Shamir, Addleman Secure Hash Algorithm Secure Hash Standard Sensitive Security Parameter Extendable Output Function XEX-based Tweaked-codebook mode with cipher text Stealing © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module Appendix B. References FIPS140-3 FIPS140-3_IG FIPS140-3_MM FIPS180-4 FIPS186-5 FIPS197 FIPS198-1 FIPS202 PKCS#1 SP800-38A SP800-38B SP800-38C SP800-38E FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program October 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS%20140-3%20IG.pdf FIPS 140-3 Cryptographic Module Validation Program - Management Manual (Draft) December 2022 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/Draft%20FIPS-140-3CMVP%20Management%20Manual%20v1.2%20%5BDec%2023%202022%5D.pdf Secure Hash Standard (SHS) August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 https://www.ietf.org/rfc/rfc3447.txt NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf © 2025 Ctrl IQ, Inc., atsec information security.
Rocky Linux 8 and 9 libgcrypt Cryptographic Module SP800-38F SP800-90Arev1 SP800-90B SP800-132 SP800-133rev2 SP800-140Br1 NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf NIST Special Publication 800-90A Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf NIST Special Publication 800-132 - Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf NIST Special Publication 800-133 - Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf NIST Special Publication 800-140B