© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
SUSE LLC
SUSE Linux Enterprise Libgcrypt Cryptographic Module
FIPS 140-3 Non-Proprietary Security Policy
Prepared by:
atsec information security corporation
4516 Seton Center Pkwy, Suite 250
Austin, TX 78759 Document version: 1.0
www.atsec.com Last update: 2026-01-08
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 2 of 92
Table of Contents
1 General.................................................................................................................................................................6
1.1 Overview.....................................................................................................................................................6
1.2 Security Levels ............................................................................................................................................6
2 Cryptographic Module Specification ..................................................................................................................7
2.1 Description ..................................................................................................................................................7
2.2 Tested and Vendor Affirmed Module Version and Identification ...........................................................8
2.3 Excluded Components ..............................................................................................................................11
2.4 Modes of Operation ..................................................................................................................................12
2.5 Algorithms.................................................................................................................................................12
2.6 Security Function Implementations.........................................................................................................29
2.7 Algorithm Specific Information ...............................................................................................................34
2.7.1 AES XTS ................................................................................................................................................34
2.7.2 Key Derivation using SP 800-132 PBKDF2.........................................................................................34
2.8 RBG and Entropy......................................................................................................................................35
2.9 Key Generation .........................................................................................................................................36
2.10 Key Establishment ....................................................................................................................................36
2.11 Industry Protocols.....................................................................................................................................36
3 Cryptographic Module Interfaces .....................................................................................................................37
3.1 Ports and Interfaces ..................................................................................................................................37
4 Roles, Services, and Authentication .................................................................................................................38
4.1 Authentication Methods...........................................................................................................................38
4.2 Roles...........................................................................................................................................................38
4.3 Approved Services.....................................................................................................................................38
4.4 Non-Approved Services............................................................................................................................47
4.5 External Software/Firmware Loaded .......................................................................................................47
5 Software/Firmware Security .............................................................................................................................49
5.1 Integrity Techniques.................................................................................................................................49
5.2 Initiate on Demand...................................................................................................................................49
6 Operational Environment .................................................................................................................................50
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 3 of 92
6.1 Operational Environment Type and Requirements................................................................................50
6.2 Configuration Settings and Restrictions ..................................................................................................50
7 Physical Security................................................................................................................................................51
8 Non-Invasive Security.......................................................................................................................................52
9 Sensitive Security Parameters Management.....................................................................................................53
9.1 Storage Areas.............................................................................................................................................53
9.2 SSP Input-Output Methods ......................................................................................................................53
9.3 SSP Zeroization Methods..........................................................................................................................53
9.4 SSPs............................................................................................................................................................54
10 Self-Tests........................................................................................................................................................61
10.1 Pre-Operational Self-Tests........................................................................................................................61
10.2 Conditional Self-Tests...............................................................................................................................61
10.3 Periodic Self-Test Information.................................................................................................................76
10.4 Error States................................................................................................................................................84
10.5 Operator Initiation of Self-Tests...............................................................................................................85
11 Life-Cycle Assurance.....................................................................................................................................86
11.1 Installation, Initialization, and Startup Procedures.................................................................................86
11.2 Administrator Guidance ...........................................................................................................................86
11.3 Non-Administrator Guidance...................................................................................................................86
11.4 End of Life .................................................................................................................................................86
12 Mitigation of Other Attacks..........................................................................................................................87
12.1 Attack List .................................................................................................................................................87
Appendix A. Glossary and Abbreviations .................................................................................................................88
Appendix B. References .............................................................................................................................................90
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 4 of 92
List of Tables
Table 1: Security Levels................................................................................................................................................6
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) ...............................9
Table 3: Tested Operational Environments - Software, Firmware, Hybrid ............................................................10
Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid..........................................11
Table 5: Modes List and Description .........................................................................................................................12
Table 6: Approved Algorithms...................................................................................................................................27
Table 7: Vendor-Affirmed Algorithms......................................................................................................................28
Table 8: Non-Approved, Not Allowed Algorithms...................................................................................................28
Table 9: Security Function Implementations............................................................................................................34
Table 10: Entropy Certificates ...................................................................................................................................35
Table 11: Entropy Sources..........................................................................................................................................35
Table 12: Ports and Interfaces....................................................................................................................................37
Table 13: Roles............................................................................................................................................................38
Table 14: Approved Services......................................................................................................................................46
Table 15: Non-Approved Services .............................................................................................................................47
Table 16: Storage Areas ..............................................................................................................................................53
Table 17: SSP Input-Output Methods .......................................................................................................................53
Table 18: SSP Zeroization Methods...........................................................................................................................54
Table 19: SSP Table 1 .................................................................................................................................................57
Table 20: SSP Table 2 .................................................................................................................................................60
Table 21: Pre-Operational Self-Tests.........................................................................................................................61
Table 22: Conditional Self-Tests ................................................................................................................................75
Table 23: Pre-Operational Periodic Information......................................................................................................76
Table 24: Conditional Periodic Information .............................................................................................................84
Table 25: Error States .................................................................................................................................................85
List of Figures
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 5 of 92
Figure 1: Block Diagram...............................................................................................................................................8
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 6 of 92
1 General
1.1 Overview
This document is the non-proprietary FIPS 140-3 Security Policy for version 3.3 of the SUSE Linux Enterprise
Libgcrypt Cryptographic Module. It contains the security rules under which the module must operate and
describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information
Processing Standards Publication 140-3) for an overall Security Level 1 module.
This Non-Proprietary Security Policy may be reproduced and distributed, but only whole and intact and
including this notice. Other documentation is proprietary to their authors.
1.2 Security Levels
Section Title Security Level
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security N/A
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks 1
Overall Level 1
Table 1: Security Levels
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 7 of 92
2 Cryptographic Module Specification
2.1 Description
Purpose and Use:
The SUSE Linux Enterprise Libgcrypt Cryptographic Module (hereafter referred to as “the module”) provides a
C language application program interface (API) for use by other applications that require cryptographic
functionality. The module operates on a general-purpose computer.
Module Type: Software
Module Embodiment: MultiChipStand
Cryptographic Boundary:
The cryptographic boundary of the module is defined as the libgcrypt.so.20.4.3 shared library and its HMAC
file (which stores the expected integrity value for the shared library). The block diagram in Figure 1 shows the
cryptographic boundary of the module, its interfaces with the operational environment and the flow of
information between the module and operator.
Tested Operational Environment’s Physical Perimeter (TOEPP):
The module is aimed to run on a general-purpose computer; the physical perimeter is the surface of the case of
the target platform, as shown with orange dotted lines in the diagram in Figure 1. The components of the
TOEPP are listed in table Tested Operational Environments - Software, Firmware, Hybrid. The entropy source
located within the module’s physical perimeter is outside of the module’s cryptographic boundary (see Figure
1).
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 8 of 92
Figure 1: Block Diagram
2.2 Tested and Vendor Affirmed Module Version and Identification
Tested Module Identification – Hardware:
N/A for this module.
Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets):
Package or File Name Software/ Firmware
Version
Features Integrity Test
/usr/lib64/libgcrypt.so.20.4.3
on AMD EPYC(TM) 7343
or Intel(R) Xeon(R) Gold
5416S
3.3 N/A HMAC-SHA2-256
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 9 of 92
Package or File Name Software/ Firmware
Version
Features Integrity Test
/usr/lib64/libgcrypt.so.20.4.3
on Ampere(R) Altra(R)
Q80-30
3.3 N/A HMAC-SHA2-256
/usr/lib64/libgcrypt.so.20.4.3
on IBM(R) Telum(TM)
3.3 N/A HMAC-SHA2-256
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)
Tested Module Identification – Hybrid Disjoint Hardware:
N/A for this module.
Tested Operational Environments - Software, Firmware, Hybrid:
Operating
System
Hardware Platform Processors PAA/PAI Hypervisor
or Host OS
Version(s)
SUSE Linux
Enterprise Server
15 SP6
SuperMicro SuperChassis
825BTQC-R1K23LPB and
Motherboard H12DSi-NT6
AMD
EPYC(TM)
7343
Yes N/A 3.3
SUSE Linux
Enterprise Server
15 SP6
SuperMicro SuperChassis
825BTQC-R1K23LPB and
Motherboard H12DSi-NT6
AMD
EPYC(TM)
7343
No N/A 3.3
SUSE Linux
Enterprise Server
15 SP6
GIGABYTE R152-P30 Ampere(R)
Altra(R) Q80-
30
Yes N/A 3.3
SUSE Linux
Enterprise Server
15 SP6
GIGABYTE R152-P30 Ampere(R)
Altra(R) Q80-
30
No N/A 3.3
SUSE Linux
Enterprise Server
15 SP6
IBM z16 A01 IBM(R)
Telum(TM)
Yes N/A 3.3
SUSE Linux
Enterprise Server
15 SP6
IBM z16 A01 IBM(R)
Telum(TM)
No N/A 3.3
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 10 of 92
Operating
System
Hardware Platform Processors PAA/PAI Hypervisor
or Host OS
Version(s)
SUSE Linux
Enterprise Server
15 SP6
ASUS RS700-E11-RS4U Intel(R)
Xeon(R) Gold
5416S
Yes N/A 3.3
SUSE Linux
Enterprise Server
15 SP6
ASUS RS700-E11-RS4U Intel(R)
Xeon(R) Gold
5416S
No N/A 3.3
Table 3: Tested Operational Environments - Software, Firmware, Hybrid
Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid:
Operating System Hardware Platform
SUSE Linux Enterprise Server for
SAP 15SP6
ASUS RS700-E11-RS4U on Intel(R) Xeon(R) Gold 5416S
SUSE Linux Enterprise Server for
SAP 15SP6
SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard
H12DSi-NT6 on AMD EPYC(TM) 7343
SUSE Linux Enterprise Desktop
15SP6
ASUS RS700-E11-RS4U on Intel(R) Xeon(R) Gold 5416S
SUSE Linux Enterprise Desktop
15SP6
SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard
H12DSi-NT6 on AMD EPYC(TM) 7343
SUSE Linux Enterprise Base
Container Image 15SP6
ASUS RS700-E11-RS4U on Intel(R) Xeon(R) Gold 5416S
SUSE Linux Enterprise Base
Container Image 15SP6
SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard
H12DSi-NT6 on AMD EPYC(TM) 7343
SUSE Linux Enterprise Base
Container Image 15SP6
GIGABYTE R152-P30 on Ampere(R) Altra(R) Q80-30
SUSE Linux Enterprise Base
Container Image 15SP6
IBM z16 A01 on IBM(R) Telum(TM)
SUSE Linux Enterprise Server
15SP6
IBM LinuxONE III Model LT1 on z15
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 11 of 92
Operating System Hardware Platform
SUSE Linux Enterprise Server Real
Time 15SP6
QEMU VM on AMD EPYC(TM) 7773X
SUSE Linux Enterprise Desktop
15SP6
QEMU VM on AMD EPYC(TM) 7773X
SUSE Linux Enterprise Desktop
15SP6
QEMU VM on Intel(R) i7-1195G7
SUSE Linux Enterprise Base
Container Image 15SP6
QEMU VM on AMD EPYC(TM) 7773X
SUSE Linux Enterprise Base
Container Image 15SP6
QEMU VM on Ampere(R) Altra(R) Q80-30
SUSE Linux Enterprise Base
Container Image 15SP6
IBM LinuxONE III Model LT1 QEMU VM on z15
SUSE Linux Enterprise Server
15SP6
IBM LinuxONE III Model LT1 QEMU VM on z15
SUSE Linux Enterprise Server
15SP6
QEMU VM on AMD EPYC(TM) 7773X
SUSE Linux Enterprise Server
15SP6
QEMU VM on Ampere(R) Altra(R) Q80-30
SUSE Linux Enterprise Server for
SAP 15SP6
QEMU VM on AMD EPYC(TM) 7773X
Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid
The SUSE Linux Enterprise Server operating system is used as the basis of other products. Compliance is
maintained for SUSE products whenever the binary is found unchanged per the vendor affirmation from SUSE
based on the allowance FIPS 140-3 Management Manual, Section 7.9.1, bullet 1 a) i).
CMVP makes no statement as to the correct operation of the module or the security strengths of the generated
keys when so ported if the specific operational environment is not listed on the validation certificate.
2.3 Excluded Components
There are no components excluded from the requirements of the FIPS 140-3 standard.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 12 of 92
2.4 Modes of Operation
Modes List and Description:
Mode Name Description Type Status Indicator
Approved
Mode
Automatically entered whenever an
approved service is requested
Approved Equivalent to the indicator of
the requested service
Non-approved
Mode
Automatically entered whenever a non-
approved service is requested
Non-
Approved
Equivalent to the indicator of
the requested service
Table 5: Modes List and Description
After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the
module automatically transitions to the approved mode. No operator intervention is required to reach this
point. The module operates in the approved mode of operation by default and can only transition into the non-
approved mode by calling one of the non-approved services listed in Section 4.4.
In the operational state, the module accepts service requests from calling applications through its logical
interfaces. At any point in the operational state, a calling application can end its process, causing the module to
end its operation.
2.5 Algorithms
Approved Algorithms:
Algorithm CAVP
Cert
Properties Reference
AES-CBC A6821 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A6822 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A6824 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CBC A6825 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CCM A6821 Key Length - 128, 192, 256 SP 800-38C
AES-CCM A6822 Key Length - 128, 192, 256 SP 800-38C
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 13 of 92
Algorithm CAVP
Cert
Properties Reference
AES-CCM A6824 Key Length - 128, 192, 256 SP 800-38C
AES-CCM A6825 Key Length - 128, 192, 256 SP 800-38C
AES-CFB128 A6821 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A6822 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A6824 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB128 A6825 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A6821 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A6822 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A6824 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CFB8 A6825 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CMAC A6821 Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A6822 Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A6824 Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
AES-CMAC A6825 Direction - Generation, Verification
Key Length - 128, 192, 256
SP 800-38B
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 14 of 92
Algorithm CAVP
Cert
Properties Reference
AES-CTR A6821 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A6822 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A6824 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CTR A6825 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A6821 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A6822 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A6824 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A6825 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-KW A6821 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A6822 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A6824 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KW A6825 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-OFB A6821 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-OFB A6822 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 15 of 92
Algorithm CAVP
Cert
Properties Reference
AES-OFB A6824 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-OFB A6825 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-XTS Testing
Revision 2.0
A6821 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
AES-XTS Testing
Revision 2.0
A6822 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
AES-XTS Testing
Revision 2.0
A6824 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
AES-XTS Testing
Revision 2.0
A6825 Direction - Decrypt, Encrypt
Key Length - 128, 256
SP 800-38E
Counter DRBG A6821 Prediction Resistance - No, Yes
Mode - AES-128, AES-192, AES-256
Derivation Function Enabled - Yes
SP 800-90A
Rev. 1
Counter DRBG A6822 Prediction Resistance - No, Yes
Mode - AES-128, AES-192, AES-256
Derivation Function Enabled - Yes
SP 800-90A
Rev. 1
Counter DRBG A6824 Prediction Resistance - No, Yes
Mode - AES-128, AES-192, AES-256
Derivation Function Enabled - Yes
SP 800-90A
Rev. 1
Counter DRBG A6825 Prediction Resistance - No, Yes
Mode - AES-128, AES-192, AES-256
Derivation Function Enabled - Yes
SP 800-90A
Rev. 1
Deterministic ECDSA
SigGen (FIPS186-5)
A6821 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 16 of 92
Algorithm CAVP
Cert
Properties Reference
Deterministic ECDSA
SigGen (FIPS186-5)
A6822 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
Deterministic ECDSA
SigGen (FIPS186-5)
A6823 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
Deterministic ECDSA
SigGen (FIPS186-5)
A6824 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
Deterministic ECDSA
SigGen (FIPS186-5)
A6825 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
ECDSA KeyGen
(FIPS186-5)
A6821 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyGen
(FIPS186-5)
A6822 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyGen
(FIPS186-5)
A6823 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyGen
(FIPS186-5)
A6824 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyGen
(FIPS186-5)
A6825 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A6821 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 17 of 92
Algorithm CAVP
Cert
Properties Reference
ECDSA KeyVer
(FIPS186-5)
A6822 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A6823 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A6824 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A6825 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A6821 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A6822 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A6823 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A6824 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A6825 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
Component - No
FIPS 186-5
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 18 of 92
Algorithm CAVP
Cert
Properties Reference
ECDSA SigVer
(FIPS186-5)
A6821 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A6822 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A6823 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A6824 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
FIPS 186-5
ECDSA SigVer
(FIPS186-5)
A6825 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,
SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224,
SHA3-256, SHA3-384, SHA3-512
FIPS 186-5
Hash DRBG A6821 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
Hash DRBG A6822 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
Hash DRBG A6823 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
Hash DRBG A6824 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
Hash DRBG A6825 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 19 of 92
Algorithm CAVP
Cert
Properties Reference
HMAC DRBG A6821 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
HMAC DRBG A6822 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
HMAC DRBG A6823 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
HMAC DRBG A6824 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
HMAC DRBG A6825 Prediction Resistance - No, Yes
Mode - SHA2-256, SHA2-512
SP 800-90A
Rev. 1
HMAC-SHA2-224 A6821 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-224 A6822 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-224 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-224 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-224 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-256 A6821 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-256 A6822 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-256 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-256 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-256 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-384 A6821 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-384 A6822 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-384 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 20 of 92
Algorithm CAVP
Cert
Properties Reference
HMAC-SHA2-384 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-384 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512 A6821 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512 A6822 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/224 A6821 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/224 A6822 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/224 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/224 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/224 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/256 A6821 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/256 A6822 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/256 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/256 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA2-512/256 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-224 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-224 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-224 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-256 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 21 of 92
Algorithm CAVP
Cert
Properties Reference
HMAC-SHA3-256 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-256 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-384 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-384 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-384 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-512 A6823 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-512 A6824 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
HMAC-SHA3-512 A6825 Key Length - Key Length: 112-524288 Increment 8 FIPS 198-1
PBKDF A6821 Iteration Count - Iteration Count: 1000-10000000
Increment 1
Password Length - Password Length: 8-128 Increment
1
SP 800-132
PBKDF A6822 Iteration Count - Iteration Count: 1000-10000000
Increment 1
Password Length - Password Length: 8-128 Increment
1
SP 800-132
PBKDF A6823 Iteration Count - Iteration Count: 1000-10000000
Increment 1
Password Length - Password Length: 8-128 Increment
1
SP 800-132
PBKDF A6824 Iteration Count - Iteration Count: 1000-10000000
Increment 1
Password Length - Password Length: 8-128 Increment
1
SP 800-132
PBKDF A6825 Iteration Count - Iteration Count: 1000-10000000
Increment 1
Password Length - Password Length: 8-128 Increment
1
SP 800-132
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 22 of 92
Algorithm CAVP
Cert
Properties Reference
RSA KeyGen
(FIPS186-5)
A6821 Key Generation Mode - probable
Modulo - 2048, 3072, 4096, 6144, 8192
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A6822 Key Generation Mode - probable
Modulo - 2048, 3072, 4096, 6144, 8192
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A6823 Key Generation Mode - probable
Modulo - 2048, 3072, 4096, 6144, 8192
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A6824 Key Generation Mode - probable
Modulo - 2048, 3072, 4096, 6144, 8192
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA KeyGen
(FIPS186-5)
A6825 Key Generation Mode - probable
Modulo - 2048, 3072, 4096, 6144, 8192
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA SigGen (FIPS186-
5)
A6821 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigGen (FIPS186-
5)
A6822 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigGen (FIPS186-
5)
A6823 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigGen (FIPS186-
5)
A6824 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigGen (FIPS186-
5)
A6825 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 23 of 92
Algorithm CAVP
Cert
Properties Reference
RSA SigVer (FIPS186-
5)
A6821 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
5)
A6822 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
5)
A6823 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
5)
A6824 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
5)
A6825 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SHA2-224 A6821 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A6822 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A6821 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 24 of 92
Algorithm CAVP
Cert
Properties Reference
SHA2-256 A6822 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A6821 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A6822 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A6821 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 25 of 92
Algorithm CAVP
Cert
Properties Reference
SHA2-512 A6822 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A6821 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A6822 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/224 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A6821 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 26 of 92
Algorithm CAVP
Cert
Properties Reference
SHA2-512/256 A6822 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA3-224 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-224 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-224 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-256 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-256 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-256 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 27 of 92
Algorithm CAVP
Cert
Properties Reference
SHA3-384 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-384 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-384 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-512 A6823 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-512 A6824 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHA3-512 A6825 Message Length - Message Length: 0-65536 Increment
8
Large Message Sizes - 1, 2, 4, 8
FIPS 202
SHAKE-128 A6823 Output Length - Output Length: 16-65536 Increment 8 FIPS 202
SHAKE-128 A6824 Output Length - Output Length: 16-65536 Increment 8 FIPS 202
SHAKE-128 A6825 Output Length - Output Length: 16-65536 Increment 8 FIPS 202
SHAKE-256 A6823 Output Length - Output Length: 16-65536 Increment 8 FIPS 202
SHAKE-256 A6824 Output Length - Output Length: 16-65536 Increment 8 FIPS 202
SHAKE-256 A6825 Output Length - Output Length: 16-65536 Increment 8 FIPS 202
Table 6: Approved Algorithms
Vendor-Affirmed Algorithms:
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 28 of 92
Name Properties Implementation Reference
Asymmetric Cryptographic Key
Generation (CKG)
Key
type:Asymmetric
N/A SP 800-133 Rev. 2, section
4, example 1
Table 7: Vendor-Affirmed Algorithms
Non-Approved, Allowed Algorithms:
N/A for this module.
Non-Approved, Allowed Algorithms with No Security Claimed:
N/A for this module.
Non-Approved, Not Allowed Algorithms:
Name Use and Function
SHA-1 Message digest
AES-GCM, AES-GCM-SIV, AES-
OCB, AES-EAX
Symmetric encryption; Symmetric decryption
HMAC with SHA-1 Message authentication code (MAC)
Hash/HMAC DRBG with SHA-1 Random Number Generation
RSA Signature generation primitive; Signature verification primitive;
Asymmetric encryption; Asymmetric decryption
RSA with SHA-1 Signature generation; Signature verification
ECDH Shared Secret Computation
ECDSA Signature generation primitive; Signature verification primitive
ECDSA with SHA-1 Signature generation; Signature verification
PBKDF with SHA-1 Key derivation
Table 8: Non-Approved, Not Allowed Algorithms
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 29 of 92
2.6 Security Function Implementations
Name Type Description Properties Algorithms
Message digest SHA
XOF
Message digest
using SHA or
SHAKE algorithms
SHA2-224: (A6821,
A6822, A6823,
A6824, A6825)
SHA2-256: (A6821,
A6822, A6823,
A6824, A6825)
SHA2-384: (A6821,
A6822, A6823,
A6824, A6825)
SHA2-512: (A6821,
A6822, A6823,
A6824, A6825)
SHA2-512/224:
(A6821, A6822,
A6823, A6824,
A6825)
SHA2-512/256:
(A6821, A6822,
A6823, A6824,
A6825)
SHA3-224: (A6823,
A6824, A6825)
SHA3-256: (A6823,
A6824, A6825)
SHA3-384: (A6823,
A6824, A6825)
SHA3-512: (A6823,
A6824, A6825)
SHAKE-128:
(A6823, A6824,
A6825)
SHAKE-256:
(A6823, A6824,
A6825)
Symmetric
encryption
BC-UnAuth Encryption using
AES
AES-CBC: (A6821,
A6822, A6824,
A6825)
AES-CFB128:
(A6821, A6822,
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 30 of 92
Name Type Description Properties Algorithms
A6824, A6825)
AES-CFB8: (A6821,
A6822, A6824,
A6825)
AES-CTR: (A6821,
A6822, A6824,
A6825)
AES-ECB: (A6821,
A6822, A6824,
A6825)
AES-OFB: (A6821,
A6822, A6824,
A6825)
AES-XTS Testing
Revision 2.0:
(A6821, A6822,
A6824, A6825)
Symmetric
decryption
BC-UnAuth Decryption using
AES
AES-CBC: (A6821,
A6822, A6824,
A6825)
AES-CFB128:
(A6821, A6822,
A6824, A6825)
AES-CFB8: (A6821,
A6822, A6824,
A6825)
AES-CTR: (A6821,
A6822, A6824,
A6825)
AES-ECB: (A6821,
A6822, A6824,
A6825)
AES-OFB: (A6821,
A6822, A6824,
A6825)
AES-XTS Testing
Revision 2.0:
(A6821, A6822,
A6824, A6825)
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 31 of 92
Name Type Description Properties Algorithms
Message
authentication
with AES
MAC Message
authentication
using AES CMAC
AES-CMAC:
(A6821, A6822,
A6824, A6825)
Key wrapping with
AES
KTS-Wrap Key wrapping with
AES
Standard:SP 800-
38F
IG D.G:Approved
key wrapping
Caveat:Key
establishment
methodology
provides between
128 and 256 bits of
security strength
AES-KW: (A6821,
A6822, A6824,
A6825)
AES-CCM: (A6821,
A6822, A6824,
A6825)
Key unwrapping
with AES
KTS-Wrap Key unwrapping
with AES
Standard:SP 800-
38F
IG D.G:Approved
key wrapping
Caveat:Key
establishment
methodology
provides between
128 and 256 bits of
security strength
AES-KW: (A6821,
A6822, A6824,
A6825)
AES-CCM: (A6821,
A6822, A6824,
A6825)
Authenticated
symmetric
encryption
BC-Auth Authenticated
encryption using
AES CCM
AES-CCM: (A6821,
A6822, A6824,
A6825)
Authenticated
symmetric
decryption
BC-Auth Authenticated
decryption using
AES CCM
AES-CCM: (A6821,
A6822, A6824,
A6825)
Message
authentication
code with HMAC
MAC Message
authentication
code using HMAC
HMAC-SHA2-224:
(A6821, A6822,
A6823, A6824,
A6825)
HMAC-SHA2-256:
(A6821, A6822,
A6823, A6824,
A6825)
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 32 of 92
Name Type Description Properties Algorithms
HMAC-SHA2-384:
(A6821, A6822,
A6823, A6824,
A6825)
HMAC-SHA2-512:
(A6821, A6822,
A6823, A6824,
A6825)
HMAC-SHA2-
512/224: (A6821,
A6822, A6823,
A6824, A6825)
HMAC-SHA2-
512/256: (A6821,
A6822, A6823,
A6824, A6825)
HMAC-SHA3-224:
(A6823, A6824,
A6825)
HMAC-SHA3-256:
(A6823, A6824,
A6825)
HMAC-SHA3-384:
(A6823, A6824,
A6825)
HMAC-SHA3-512:
(A6823, A6824,
A6825)
Random number
generation
DRBG Random number
generation using
Hash_DRBG,
HMAC_DRBG, or
CTR_DRBG
Hash DRBG:
(A6821, A6822,
A6823, A6824,
A6825)
HMAC DRBG:
(A6821, A6822,
A6823, A6824,
A6825)
Counter DRBG:
(A6821, A6822,
A6824, A6825)
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 33 of 92
Name Type Description Properties Algorithms
Key pair generation
with ECDSA
AsymKeyPair-
KeyGen
CKG
Key pair generation
using ECDSA
ECDSA KeyGen
(FIPS186-5):
(A6821, A6822,
A6823, A6824,
A6825)
Asymmetric
Cryptographic Key
Generation (CKG):
()
Key type:
Asymmetric
Public key
verification with
ECDSA
AsymKeyPair-
KeyVer
Public key
verification using
ECDSA
ECDSA KeyVer
(FIPS186-5):
(A6821, A6822,
A6823, A6824,
A6825)
Digital signature
generation with
ECDSA
DigSig-SigGen Digital signature
generation using
ECDSA
ECDSA SigGen
(FIPS186-5):
(A6821, A6822,
A6823, A6824,
A6825)
Deterministic
digital signature
generation with
ECDSA
DigSig-SigGen Deterministic
digital signature
generation using
ECDSA
Deterministic
ECDSA SigGen
(FIPS186-5):
(A6821, A6822,
A6823, A6824,
A6825)
Key pair generation
with RSA
AsymKeyPair-
KeyGen
CKG
Key pair generation
using RSA
RSA KeyGen
(FIPS186-5):
(A6821, A6822,
A6823, A6824,
A6825)
Asymmetric
Cryptographic Key
Generation (CKG):
()
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 34 of 92
Name Type Description Properties Algorithms
Key type:
Asymmetric
Digital signature
generation with
RSA
DigSig-SigGen Digital signature
generation using
RSA
RSA SigGen
(FIPS186-5):
(A6821, A6822,
A6823, A6824,
A6825)
Digital signature
verification with
ECDSA
DigSig-SigVer Digital signature
verification using
ECDSA
ECDSA SigVer
(FIPS186-5):
(A6821, A6822,
A6823, A6824,
A6825)
Digital signature
verification with
RSA
DigSig-SigVer Digital signature
verification using
RSA
RSA SigVer
(FIPS186-5):
(A6821, A6822,
A6823, A6824,
A6825)
Key derivation
with PBKDF
PBKDF Key derivation
using PBKDF
Password length:8-
128 characters
PBKDF: (A6821,
A6822, A6823,
A6824, A6825)
Table 9: Security Function Implementations
2.7 Algorithm Specific Information
2.7.1 AES XTS
The length of a single data unit encrypted or decrypted with AES-XTS shall not exceed 220
AES blocks, that is
16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. The XTS mode shall
only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes,
such as the encryption of data in transit.
2.7.2 Key Derivation using SP 800-132 PBKDF2
The module provides password-based key derivation (PBKDF2), compliant with SP 800-132. The module
supports option 1a from Section 5.4 of SP 800-132, in which the Master Key (MK) or a segment of it is used
directly as the Data Protection Key (DPK).
In accordance with SP 800-132 and FIPS 140-3 IG D.N, the following requirements are met:
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 35 of 92
• Derived keys shall be used only for storage applications and shall not be used for any other purposes.
The length of the MK or DPK is 112 bits or more.
• Passwords or passphrases, used as an input for the PBKDF2, shall not be used as cryptographic keys.
• The minimum length of the password or passphrase accepted by the module is 8 characters. The
probability of guessing the value, assuming a worst-case scenario of all digits, is estimated to be at most
10-8
. Combined with the minimum iteration count as described below, this provides an acceptable
trade-off between user experience and security against brute-force attacks.
• A portion of the salt shall be generated randomly using the SP 800-90A Rev. 1 DRBG provided by the
module. The minimum length required is 128 bits.
• The iteration count shall be selected as large as possible, as long as the time required to generate the
key using the entered password is acceptable for the users. The minimum value accepted by the
module is 1000.
2.8 RBG and Entropy
Cert
Number
Vendor
Name
E200 SUSE LLC
Table 10: Entropy Certificates
Name Type Operational Environment Sample
Size
Entropy
per
Sample
Conditioning
Component
SUSE
Userspace
Standalone
CPU Time
Jitter RNG
Non-
Physical
SUSE Linux Enterprise Server 15 SP6 on
AMD EPYC(TM) 7343; SUSE Linux
Enterprise Server 15 SP6 on Ampere(R)
Altra(R) Q80-30; SUSE Linux Enterprise
Server 15 SP6 on Intel(R) Xeon(R) Gold
5416S; SUSE Linux Enterprise Server 15
SP6 on IBM(R) Telum(TM)
256
bits
256 bits SHA3-256
(A5411)
Table 11: Entropy Sources
The module implements three different Deterministic Random Bit Generator (DRBG) implementations based
on SP 800-90A Rev.1: CTR_DRBG, Hash_DRBG, and HMAC_DRBG. Each of these DRBG implementations can
be instantiated by the operator of the module. When instantiated, these DRBGs can be used to generate random
numbers for external usage.
Additionally, the module employs a specific HMAC-SHA2-512 DRBG implementation for internal purposes
(e.g. to generate asymmetric key pairs). This DRBG is initially seeded with 384 output bits from the entropy
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 36 of 92
source (corresponding to 384 bits of entropy) and reseeded with 256 output bits from the entropy source
(corresponding to 256 bits of entropy). A different DRBG mechanism may be selected by invoking the
gcry_control(GCRYCTL_DRBG_REINIT) function.
The module complies with the Public Use Document for ESV certificate E200 by seeding the aforementioned
DRBG using the jent_read_entropy() function, which corresponds to the GetEntropy() function. The
operational environment of the module is identical to the one listed on the ESV certificate. There are no
maintenance requirements for the entropy source.
This entropy source is located within the physical perimeter, but outside of the cryptographic boundary of the
module.
2.9 Key Generation
The module implements asymmetric key pair generation for RSA and ECDSA compliant with SP 800-133 Rev.2
as listed in the Security Function Implementations table and the Vendor-Affirmed Algorithms table. Random
values used in key generation are directly obtained as output from the module's DRBG, compliant SP 800-90A
Rev1.
Intermediate key generation values are not output from the module and are explicitly zeroized after processing
the service.
Additionally, the module implements the following key derivation methods:
• PBKDF2: compliant with option 1a of SP 800-132. This implementation shall only be used to derive
keys for use in storage applications.
2.10 Key Establishment
The module implements key wrapping and unwrapping methods as listed in the Security Function
Implementations table in Section 2.6.
2.11 Industry Protocols
The module does not implement any industry protocols; therefore, this section is not applicable.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 37 of 92
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces
Physical
Port
Logical
Interface(s)
Data That Passes
N/A Data Input API input parameters for data.
N/A Data Output API output parameters for data.
N/A Control Input API function calls, API input parameters for control input
N/A Status Output API return codes, API output parameters for status output.
Table 12: Ports and Interfaces
The logical interfaces are the APIs through which the applications request services. These logical interfaces are
logically separated from each other by the API design. The module does not implement a control output
interface.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 38 of 92
4 Roles, Services, and Authentication
4.1 Authentication Methods
N/A for this module.
4.2 Roles
Name Type Operator Type Authentication Methods
Crypto Officer Role CO None
Table 13: Roles
The module does not support multiple concurrent operators.
4.3 Approved Services
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
Message
digest
Compute message digest
using SHA or SHAKE
gcry_get_fips_service
_indicator() returns 0
Messa
ge,
hash
or
XOF
functi
on
Digest
value
Message
digest
Crypto
Officer
Symmetri
c
encryptio
n
Encrypt a plaintext gcry_get_fips_service
_indicator() returns 0
AES
key,
plaint
ext
Ciphert
ext
Symmetri
c
encryptio
n
Crypto
Officer
- AES
key:
W,E
Symmetri
c
decryptio
n
Decrypt a ciphertext gcry_get_fips_service
_indicator() returns 0
AES
key,
cipher
text
Plainte
xt
Symmetri
c
decryptio
n
Crypto
Officer
- AES
key:
W,E
Authenti
cated
Encrypt and authenticate a
plaintext
gcry_get_fips_service
_indicator() returns 0
AES
key,
Ciphert
ext,
Authenti
cated
Crypto
Officer
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 39 of 92
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
symmetri
c
encryptio
n
IV,
plaint
ext
MAC
tag
symmetri
c
encryptio
n
- AES
key:
W,E
Authenti
cated
symmetri
c
decryptio
n
Authenticate and decrypt a
ciphertext
gcry_get_fips_service
_indicator() returns 0
AES
key,
MAC
tag,
IV,
cipher
text
Plainte
xt or
fail
Authenti
cated
symmetri
c
decryptio
n
Crypto
Officer
- AES
key:
W,E
Key
wrapping
Perform AES-based key
wrapping
gcry_get_fips_service
_indicator() returns 0
AES
key,
any
CSP
Wrappe
d CSP
Key
wrapping
with AES
Crypto
Officer
- AES
key:
W,E
Key
unwrappi
ng
Perform AES-based key
unwrapping
gcry_get_fips_service
_indicator() returns 0
AES
key,
wrapp
ed
CSP
Unwra
pped
CSP
Key
unwrappi
ng with
AES
Crypto
Officer
- AES
key:
W,E
Message
authentic
ation
code
(MAC)
with
CMAC
Compute AES-based
CMAC
gcry_get_fips_service
_indicator() returns 0
AES
key,
messa
ge
MAC
tag
Message
authentic
ation
with AES
Crypto
Officer
- AES
key:
W,E
Message
authentic
ation
code
(MAC)
with
HMAC
Compute HMAC gcry_get_fips_service
_indicator() returns 0
HMA
C key,
messa
ge
MAC
tag
Message
authentic
ation
code
with
HMAC
Crypto
Officer
- HMAC
key:
W,E
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 40 of 92
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
Random
Number
Generati
on
Generate random bitstrings
from
CTR_DRBG/HMAC_DRBG
/Hash_DRBG
gcry_get_fips_service
_indicator() returns 0
Outpu
t
length
Rando
m bytes
Random
number
generatio
n
Crypto
Officer
-
Entropy
Input:
W,E,Z
- DRBG
seed:
G,E,Z
- DRBG
internal
state (V
value,
Key):
G,W,E
- DRBG
internal
state (V
value, C
value):
G,W,E
Key Pair
Generati
on with
RSA
Generate an RSA key pair gcry_get_fips_service
_indicator() returns 0
Modul
us bits
RSA
public
key,
RSA
private
key
Key pair
generatio
n with
RSA
Crypto
Officer
-
Module-
generate
d RSA
Private
Key:
G,R
-
Module-
generate
d RSA
Public
Key:
G,R
-
Interme
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 41 of 92
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
diate
key
generati
on
value:
G,E,Z
Key Pair
Generati
on with
ECDSA
Generate an EC key pair gcry_get_fips_service
_indicator() returns 0
Curve ECDSA
public
key,
ECDSA
private
key
Key pair
generatio
n with
ECDSA
Crypto
Officer
-
Module-
generate
d
ECDSA
Private
Key:
G,R
-
Module-
generate
d
ECDSA
Public
Key:
G,R
-
Interme
diate
key
generati
on
value:
G,E,Z
Public
key
verificati
on
Verify ECDSA public key gcry_get_fips_service
_indicator() returns 0
ECDS
A
public
key
Pass or
fail
Public
key
verificati
on with
ECDSA
Crypto
Officer
-
ECDSA
Public
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 42 of 92
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
Key:
W,E
Digital
signature
generatio
n with
RSA
Generate an RSA signature gcry_get_fips_service
_indicator() returns 0
RSA
privat
e key,
messa
ge
Signatu
re
Digital
signature
generatio
n with
RSA
Crypto
Officer
- RSA
Private
Key:
W,E
Digital
signature
generatio
n with
ECDSA
Generate an ECDSA
signature
gcry_get_fips_service
_indicator() returns 0
ECDS
A
privat
e key,
messa
ge
Signatu
re
Digital
signature
generatio
n with
ECDSA
Crypto
Officer
-
ECDSA
Private
Key:
W,E
Determin
istic
digital
signature
generatio
n with
ECDSA
Generate a deterministic
ECDSA signature
gcry_get_fips_service
_indicator() returns 0
ECDS
A
privat
e key,
messa
ge
Signatu
re
Determin
istic
digital
signature
generatio
n with
ECDSA
Crypto
Officer
-
ECDSA
Private
Key:
W,E
Digital
signature
verificati
on with
RSA
Verify an RSA signature gcry_get_fips_service
_indicator() returns 0
RSA
public
key,
messa
ge,
signat
ure
Pass or
fail
Digital
signature
verificati
on with
RSA
Crypto
Officer
- RSA
Public
Key:
W,E
Digital
signature
verificati
on with
ECDSA
Verify an ECDSA signature gcry_get_fips_service
_indicator() returns 0
ECDS
A
public
key,
messa
ge,
Pass or
fail
Digital
signature
verificati
on with
ECDSA
Crypto
Officer
-
ECDSA
Public
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 43 of 92
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
signat
ure
Key:
W,E
Key
derivatio
n
Perform key derivation gcry_get_fips_service
_indicator() returns 0
Passw
ord,
salt,
iterati
on
count
Derived
key
Key
derivatio
n with
PBKDF
Crypto
Officer
-
Passwor
d or
passphra
se: W,E
-
Derived
key: G,R
On-
demand
Integrity
test
Perform on-demand
integrity test
N/A N/A Pass/fai
l
Message
authentic
ation
code
with
HMAC
Crypto
Officer
Show
status
Show module status N/A N/A Module
status
None Crypto
Officer
Zeroizati
on
Zeroize all SSPs N/A Any
SSP
N/A None Crypto
Officer
- AES
key: Z
- HMAC
key: Z
-
Module-
generate
d RSA
Private
Key: Z
-
Module-
generate
d RSA
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 44 of 92
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
Public
Key: Z
-
Module-
generate
d
ECDSA
Private
Key: Z
-
Module-
generate
d
ECDSA
Public
Key: Z
- RSA
Private
Key: Z
- RSA
Public
Key: Z
-
ECDSA
Private
Key: Z
-
ECDSA
Public
Key: Z
-
Passwor
d or
passphra
se: Z
-
Derived
key: Z
-
Entropy
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 45 of 92
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
Input: Z
- DRBG
seed: Z
- DRBG
internal
state (V
value, C
value):
Z
- DRBG
internal
state (V
value,
Key): Z
Self-tests Perform self-tests N/A N/A Pass/fai
l
Message
digest
Symmetri
c
encryptio
n
Symmetri
c
decryptio
n
Message
authentic
ation
with AES
Random
number
generatio
n
Digital
signature
generatio
n with
ECDSA
Digital
signature
Crypto
Officer
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 46 of 92
Name Description Indicator Inputs Outputs Security
Function
s
SSP
Access
verificati
on with
ECDSA
Digital
signature
generatio
n with
RSA
Digital
signature
verificati
on with
RSA
Key
derivatio
n with
PBKDF
Show
module
name and
version
Show module name and
version
N/A N/A Module
name
and
version
informa
tion
None Crypto
Officer
Table 14: Approved Services
The following convention is used to specify access rights to SSPs:
• Generate (G): The module generates or derives the SSP.
• Read (R): The SSP is read from the module (e.g. the SSP is output).
• Write (W): The SSP is updated, imported, or written to the module.
• Execute (E): The module uses the SSP in performing a cryptographic operation.
• Zeroize (Z): The module zeroizes the SSP.
• N/A: The module does not access any SSP or key during its operation.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 47 of 92
4.4 Non-Approved Services
Name Description Algorithms Role
Message Digest SHA-1 as a standalone digest SHA-1 CO
Symmetric encryption AES encryption using non-approved
AES modes
AES-GCM, AES-GCM-SIV,
AES-OCB, AES-EAX
CO
Symmetric decryption AES decryption using non-approved
AES modes
AES-GCM, AES-GCM-SIV,
AES-OCB, AES-EAX
CO
Message authentication
code (MAC)
Computing a MAC using HMAC-
SHA-1
HMAC with SHA-1 CO
Random Number
Generation
Using Hash or HMAC DRBGs with
SHA-1
Hash/HMAC DRBG with SHA-
1
CO
Shared Secret
Computation
ECDH Shared Secret Computation ECDH CO
Signature generation Generate a signature using SHA-1 RSA with SHA-1
ECDSA with SHA-1
CO
Signature verification Verify a signature using SHA-1 RSA with SHA-1
ECDSA with SHA-1
CO
Digital signature
generation primitive
Generate a signature using a
signature generation primitive
RSA
ECDSA
CO
Digital signature
verification primitive
Verify a signature using a signature
verification primitive
RSA
ECDSA
CO
Asymmetric encryption Perform encryption using RSA RSA CO
Asymmetric decryption Perform decryption using RSA RSA CO
Key derivation Using PBKDF with SHA-1 PBKDF with SHA-1 CO
Table 15: Non-Approved Services
4.5 External Software/Firmware Loaded
The module does not load external software or firmware.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 48 of 92
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 49 of 92
5 Software/Firmware Security
5.1 Integrity Techniques
The integrity of the module is verified comparing the HMAC-SHA2-256 value calculated at run time with the
HMAC-SHA2-256 value embedded in the module’s ELF header that was computed at build time for each
software component of the module. The 256 bits long HMAC key used for the integrity test is stored in the
module’s ELF header too. If the HMAC values do not match, the test fails and the module enters the error state.
5.2 Initiate on Demand
Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is
initialized. The integrity tests can be invoked on demand by invoking the gry_control(GCRYCTL_SELFTEST)
API function call or by unloading and subsequently re-initializing the module, which will perform (among
others) the software integrity tests. During the execution of the on-demand self-tests, services are not available,
and no data output or input is possible.
In order to verify whether the self-tests have succeeded and the module is in the Operational state, the calling
application may invoke the gcry_control(GCRYCTL_OPERATIONAL_P). The function will return TRUE if the
module is in the operational state, FALSE if the module is in the Error state.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 50 of 92
6 Operational Environment
6.1 Operational Environment Type and Requirements
Type of Operational Environment: Modifiable
How Requirements are Satisfied:
Any SSPs contained within the module are protected by the process isolation and memory separation
mechanisms, and only the module has control over these SSPs.
If properly installed, the operating system provides process isolation and memory protection mechanisms that
ensure appropriate separation for memory access among the processes on the system. Each process has control
over its own data and uncontrolled access to the data of other processes is prevented.
6.2 Configuration Settings and Restrictions
The module shall be installed as stated in Section 11.
Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other
tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the
operational environment. The use of any of these tools implies that the cryptographic module is running in a
non-validated operational environment.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 51 of 92
7 Physical Security
The module is comprised of software only and therefore this section is not applicable.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 52 of 92
8 Non-Invasive Security
This module does not implement any non-invasive security mechanisms, and therefore this section is not
applicable.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 53 of 92
9 Sensitive Security Parameters Management
9.1 Storage Areas
Storage
Area
Name
Description Persistence
Type
RAM Temporary storage for SSPs used by the module as part of service execution. The
module does not perform persistent storage of SSPs
Dynamic
Table 16: Storage Areas
9.2 SSP Input-Output Methods
Name From To Format
Type
Distribution
Type
Entry
Type
SFI or
Algorithm
API input
parameters
(plaintext)
Calling
application
within TOEPP
Cryptographic
module
Plaintext Manual Electronic
API output
parameters
(plaintext)
Cryptographic
module
Calling
application
within TOEPP
Plaintext Manual Electronic
Table 17: SSP Input-Output Methods
9.3 SSP Zeroization Methods
Zeroization
Method
Description Rationale Operator Initiation
Destroy
Object
Destroys the SSP
represented by
the object
Memory occupied by SSPs
is overwritten with zeroes
and then it is released,
which renders the SSP
values irretrievable. The
completion of the
zeroization routine
indicates that the
zeroization procedure
succeeded.
By calling the cipher related zeroization
API which are the following: gcry_free(),
gcry_cipher_close(), gcry_mac_close(),
gcry_sexp_release(), gcry_mpi_release(),
gcry_ctx_release(),
gcry_mpi_point_release(),
gcry_ctrl(GCRYCTL_TE RM_SECMEM)
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 54 of 92
Zeroization
Method
Description Rationale Operator Initiation
Automatic Automatically
zeroized by the
module when no
longer needed
Memory occupied by SSPs
is overwritten with zeroes,
which renders the SSP
values irretrievable.
N/A
Module
Reset
De-allocates the
volatile memory
used to store SSPs
Volatile memory used by
the module is overwritten
within nanoseconds when
power is removed.
By unloading and reloading the module
Table 18: SSP Zeroization Methods
All data output is inhibited during zeroization.
9.4 SSPs
Name Description Size - Strength Type -
Category
Generated
By
Established
By
Used By
AES key AES key used
for encryption,
decryption,
key wrapping,
key
unwrapping,
and computing
MAC tags
AES-XTS: 128,
256 bits; Other
modes: 128,
192, 256 bits -
AES-XTS: 128,
256 bits; Other
modes: 128,
192, 256 bits
Symmetric
key - CSP
Symmetric
encryption
Symmetric
decryption
Authenticated
symmetric
encryption
Authenticated
symmetric
decryption
Key wrapping
with AES
Key
unwrapping
with AES
Message
authentication
with AES
HMAC key HMAC key
used for
112-524288 bits
- 112-256 bits
Symmetric
key - CSP
Message
authentication
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 55 of 92
Name Description Size - Strength Type -
Category
Generated
By
Established
By
Used By
computing
MAC tags
code with
HMAC
Module-
generated
RSA Private
Key
RSA Private
key generated
by the module
2048-8192 bits
- 112-200 bits
Private key -
CSP
Key pair
generation
with RSA
Module-
generated
RSA Public
Key
RSA Public
key generated
by the module
2048-8192 bits
- 112-200 bits
Public key -
PSP
Key pair
generation
with RSA
RSA Private
Key
Private key
used for RSA
signature
generation
2048-8192 bits
- 112-200 bits
Private key -
CSP
Digital
signature
generation
with RSA
RSA Public
Key
Public key
used for RSA
signature
verification
2048-8192 bits
- 112-200 bits
Public key -
PSP
Digital
signature
verification
with RSA
Module-
generated
ECDSA
Private Key
ECDSA
Private key
generated by
the module
P-224, P-256,
P-384, P-521 -
112, 128, 192,
256 bits
Private key -
CSP
Key pair
generation
with
ECDSA
Module-
generated
ECDSA
Public Key
ECDSA Public
key generated
by the module
P-224, P-256,
P-384, P-521 -
112, 128, 192,
256 bits
Public key -
PSP
Key pair
generation
with
ECDSA
ECDSA
Private Key
Private key
used for
ECDSA
signature
generation
P-224, P-256,
P-384, P-521 -
112, 128, 192,
256 bits
Private key -
CSP
Public key
verification
with ECDSA
Digital
signature
generation
with ECDSA
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 56 of 92
Name Description Size - Strength Type -
Category
Generated
By
Established
By
Used By
ECDSA
Public Key
Public key
used for
ECDSA
signature
verification
P-224, P-256,
P-384, P-521 -
112, 128, 192,
256 bits
Public key -
PSP
Digital
signature
verification
with ECDSA
Intermediate
key
generation
value
Intermediate
key pair
generation
value
generated
during key
generation (SP
800-133 Rev. 2
Section 4, 5.1,
and 5.2)
ECDSA: P-224,
P-256, P-384,
P-521; RSA:
2048-8192 -
ECDSA: 112,
128, 192, 256
bits; RSA: 112-
200 bits
Intermediate
value - CSP
Key pair
generation
with RSA
Key pair
generation
with
ECDSA
Key pair
generation
with RSA
Key pair
generation
with ECDSA
Password or
passphrase
Password used
to derive
symmetric
keys
8-128
characters -
N/A
Password -
CSP
Key
derivation
with PBKDF
Derived key Symmetric key
derived from a
password
112-4096 bits -
112-256 bits
Symmetric
key - CSP
Key
derivation
with
PBKDF
Entropy
Input
Entropy input
used to seed
the DRBG (IG
D.L compliant)
256-384 bits -
256-384 bits
Entropy
input - CSP
Random
number
generation
DRBG seed DRBG seed
derived from
entropy input
as defined in
SP 800-90Ar1
(IG D.L
compliant)
CTR_DRBG:
256, 320, 384
bits;
HMAC_DBRG:
440, 880 bits;
Hash_DRBG:
440, 880 bits -
CTR_DRBG:
128, 192, 256
Seed - CSP Random
number
generation
Random
number
generation
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 57 of 92
Name Description Size - Strength Type -
Category
Generated
By
Established
By
Used By
bits;
HMAC_DRBG:
128, 256 bits;
Hash_DRBG:
128, 256 bits;
DRBG
internal
state (V
value, C
value)
Internal state
of the
Hash_DRBG
(IG D.L
compliant)
880, 1776 bits -
128, 256 bits
Internal
state - CSP
Random
number
generation
Random
number
generation
DRBG
internal
state (V
value, Key)
Internal state
of the
CTR_DRBG
and
HMAC_DRBG
(IG D.L
compliant)
CTR_DRBG:
256, 320, 384
bits;
HMAC_DRBG:
320, 512, 1024
bits -
CTR_DRBG:
128, 192, 256
bits;
HMAC_DRBG:
128, 256 bits
Internal
state - CSP
Random
number
generation
Random
number
generation
Table 19: SSP Table 1
Name Input -
Output
Storage Storage Duration Zeroization Related SSPs
AES key API input
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
HMAC key API input
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 58 of 92
Name Input -
Output
Storage Storage Duration Zeroization Related SSPs
Module-
generated RSA
Private Key
API output
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
Module-generated
RSA Public
Key:Paired With
Module-
generated RSA
Public Key
API output
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
Module-generated
RSA Private
Key:Paired With
RSA Private
Key
API input
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
RSA Public
Key:Paired With
RSA Public
Key
API input
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
RSA Private
Key:Paired With
Module-
generated
ECDSA
Private Key
API output
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
Module-generated
ECDSA Public
Key:Paired With
Module-
generated
ECDSA Public
Key
API output
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
Module-generated
ECDSA Private
Key:Paired With
ECDSA
Private Key
API input
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
ECDSA Public
Key:Paired With
ECDSA Public
Key
API input
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
ECDSA Private
Key:Paired With
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 59 of 92
Name Input -
Output
Storage Storage Duration Zeroization Related SSPs
Intermediate
key generation
value
RAM:Plaintext For the duration of
the service
Automatic Module-generated
RSA Private
Key:Generates
Module-generated
RSA Public
Key:Generates
Module-generated
ECDSA Private
Key:Generates
Module-generated
ECDSA Public
Key:Generates
Password or
passphrase
API input
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
Derived key:Derives
Derived key API output
parameters
(plaintext)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Destroy
Object
Module
Reset
Password or
passphrase:Derived
From
Entropy Input RAM:Plaintext From service
invocation until
drbg is
seeded/reseeded
Automatic DRBG seed:Derives
DRBG seed RAM:Plaintext From service
invocation until
drbg is
seeded/reseeded
Automatic Entropy
Input:Derived From
DRBG internal state
(V value, C
value):Generates
DRBG internal state
(V value,
Key):Generates
DRBG internal
state (V value,
C value)
RAM:Plaintext From service
invocation until
Automatic DRBG
seed:Generated from
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 60 of 92
Name Input -
Output
Storage Storage Duration Zeroization Related SSPs
cipherhandle is
freed
DRBG internal
state (V value,
Key)
RAM:Plaintext From service
invocation until
cipherhandle is
freed
Automatic DRBG
seed:Generated from
Table 20: SSP Table 2
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 61 of 92
10 Self-Tests
While the module is executing the self-tests, services are not available, and data output (via the data output
interface) is inhibited until the tests are successfully completed. The module does not return control to the
calling application until the tests are completed. If any of the self-tests fails, the module immediately transitions
to the error state.
10.1 Pre-Operational Self-Tests
Algorithm
or Test
Test
Properties
Test Method Test Type Indicator Details
HMAC-
SHA2-256
256-bit
key
Message
authentication
SW/FW
Integrity
Module becomes
operational and
services are
available for use
Integrity test for
/usr/lib64/libgcrypt.so.20.4.3
Table 21: Pre-Operational Self-Tests
The pre-operational software integrity tests are performed automatically when the module is powered on,
before the module transitions into the operational state.
10.2 Conditional Self-Tests
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
AES-ECB
(A6821)
128, 192, 256-bit
keys, encrypt and
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity test
AES-ECB
(A6822)
128, 192, 256-bit
keys, encrypt and
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity test
AES-ECB
(A6824)
128, 192, 256-bit
keys, encrypt and
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 62 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
AES-ECB
(A6825)
128, 192, 256-bit
keys, encrypt and
decrypt
KAT CAST Module
becomes
operational
Symmetric
operation
Test runs at
power-on
before the
integrity test
AES-CMAC
(A6821)
128-bit key MAC
generation, encrypt
KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
AES-CMAC
(A6822)
128-bit key MAC
generation, encrypt
KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
AES-CMAC
(A6824)
128-bit key MAC
generation, encrypt
KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
AES-CMAC
(A6825)
128-bit key MAC
generation, encrypt
KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
Counter DRBG
(A6821)
AES 128-bit key
with DF, with and
without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
Counter DRBG
(A6822)
AES 128-bit key
with DF, with and
without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
Counter DRBG
(A6824)
AES 128-bit key
with DF, with and
without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 63 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
Counter DRBG
(A6825)
AES 128-bit key
with DF, with and
without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
Hash DRBG
(A6821)
SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
Hash DRBG
(A6822)
SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
Hash DRBG
(A6823)
SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
Hash DRBG
(A6824)
SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
Hash DRBG
(A6825)
SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
HMAC DRBG
(A6821)
HMAC-SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
HMAC DRBG
(A6822)
HMAC-SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 64 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
HMAC DRBG
(A6823)
HMAC-SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
HMAC DRBG
(A6824)
HMAC-SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
HMAC DRBG
(A6825)
HMAC-SHA2-256
with/without PR
KAT CAST Module
becomes
operational
Compliant with
SP 800-90Ar1
Test runs at
power-on
before the
integrity test
ECDSA SigGen
(FIPS186-5)
(A6821)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6821)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Deterministic
digital signature
generation
Test runs at
power-on
before the
integrity test
ECDSA SigGen
(FIPS186-5)
(A6822)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6822)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Deterministic
digital signature
generation
Test runs at
power-on
before the
integrity test
ECDSA SigGen
(FIPS186-5)
(A6823)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 65 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6823)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Deterministic
digital signature
generation
Test runs at
power-on
before the
integrity test
ECDSA SigGen
(FIPS186-5)
(A6824)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6824)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Deterministic
digital signature
generation
Test runs at
power-on
before the
integrity test
ECDSA SigGen
(FIPS186-5)
(A6825)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6825)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Deterministic
digital signature
generation
Test runs at
power-on
before the
integrity test
ECDSA SigVer
(FIPS186-5)
(A6821)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
ECDSA SigVer
(FIPS186-5)
(A6822)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
ECDSA SigVer
(FIPS186-5)
(A6823)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 66 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
ECDSA SigVer
(FIPS186-5)
(A6824)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
ECDSA SigVer
(FIPS186-5)
(A6825)
P-256 and SHA2-256 KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
224 (A6821)
SHA2-224 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
224 (A6822)
SHA2-224 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
224 (A6823)
SHA2-224 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
224 (A6824)
SHA2-224 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
224 (A6825)
SHA2-224 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
256 (A6821)
SHA2-256 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 67 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
HMAC-SHA2-
256 (A6822)
SHA2-256 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
256 (A6823)
SHA2-256 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
256 (A6824)
SHA2-256 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
256 (A6825)
SHA2-256 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
384 (A6821)
SHA2-384 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
384 (A6822)
SHA2-384 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
384 (A6823)
SHA2-384 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
384 (A6824)
SHA2-384 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 68 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
HMAC-SHA2-
384 (A6825)
SHA2-384 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
512 (A6821)
SHA2-512 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
512 (A6822)
SHA2-512 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
512 (A6823)
SHA2-512 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
512 (A6824)
SHA2-512 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA2-
512 (A6825)
SHA2-512 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
224 (A6823)
SHA3-224 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
224 (A6824)
SHA3-224 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 69 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
HMAC-SHA3-
224 (A6825)
SHA3-224 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
256 (A6823)
SHA3-256 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
256 (A6824)
SHA3-256 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
256 (A6825)
SHA3-256 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
384 (A6823)
SHA3-384 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
384 (A6824)
SHA3-384 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
384 (A6825)
SHA3-384 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
512 (A6823)
SHA3-512 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 70 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
HMAC-SHA3-
512 (A6824)
SHA3-512 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
HMAC-SHA3-
512 (A6825)
SHA3-512 KAT CAST Module
becomes
operational
Message
authentication
Test runs at
power-on
before the
integrity test
RSA SigGen
(FIPS186-5)
(A6821)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
RSA SigGen
(FIPS186-5)
(A6822)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
RSA SigGen
(FIPS186-5)
(A6823)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
RSA SigGen
(FIPS186-5)
(A6824)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
RSA SigGen
(FIPS186-5)
(A6825)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
generation
Test runs at
power-on
before the
integrity test
RSA SigVer
(FIPS186-5)
(A6821)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 71 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
RSA SigVer
(FIPS186-5)
(A6822)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
RSA SigVer
(FIPS186-5)
(A6823)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
RSA SigVer
(FIPS186-5)
(A6824)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
RSA SigVer
(FIPS186-5)
(A6825)
PKCS#1 v1.5 with
2048-bit key and
SHA2-256
KAT CAST Module
becomes
operational
Digital
signature
verification
Test runs at
power-on
before the
integrity test
SHA2-224
(A6821)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-224
(A6822)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-224
(A6823)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-224
(A6824)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 72 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
SHA2-224
(A6825)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-256
(A6821)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-256
(A6822)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-256
(A6823)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-256
(A6824)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-256
(A6825)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-384
(A6821)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-384
(A6822)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 73 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
SHA2-384
(A6823)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-384
(A6824)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-384
(A6825)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-512
(A6821)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-512
(A6822)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-512
(A6823)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-512
(A6824)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SHA2-512
(A6825)
Message digest KAT CAST Module
becomes
operational
Message digest Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 74 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
PBKDF (A6821) SHA2-256 with
password length 24
characters, master
key length of 200
bits, iteration count
of 4096, and salt
length of 288 bits
KAT CAST Module
becomes
operational
Password-based
key derivation
Test runs at
power-on
before the
integrity test
PBKDF (A6822) SHA2-256 with
password length 24
characters, master
key length of 200
bits, iteration count
of 4096, and salt
length of 288 bits
KAT CAST Module
becomes
operational
Password-based
key derivation
Test runs at
power-on
before the
integrity test
PBKDF (A6823) SHA2-256 with
password length 24
characters, master
key length of 200
bits, iteration count
of 4096, and salt
length of 288 bits
KAT CAST Module
becomes
operational
Password-based
key derivation
Test runs at
power-on
before the
integrity test
PBKDF (A6824) SHA2-256 with
password length 24
characters, master
key length of 200
bits, iteration count
of 4096, and salt
length of 288 bits
KAT CAST Module
becomes
operational
Password-based
key derivation
Test runs at
power-on
before the
integrity test
PBKDF (A6825) SHA2-256 with
password length 24
characters, master
key length of 200
bits, iteration count
of 4096, and salt
length of 288 bits
KAT CAST Module
becomes
operational
Password-based
key derivation
Test runs at
power-on
before the
integrity test
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 75 of 92
Algorithm or
Test
Test Properties Test
Method
Test
Type
Indicator Details Conditions
RSA KeyGen
(FIPS186-5)
(A6821)
PKCS#1 v1.5 with
SHA2-256
PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
RSA KeyGen
(FIPS186-5)
(A6822)
PKCS#1 v1.5 with
SHA2-256
PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
RSA KeyGen
(FIPS186-5)
(A6823)
PKCS#1 v1.5 with
SHA2-256
PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
RSA KeyGen
(FIPS186-5)
(A6824)
PKCS#1 v1.5 with
SHA2-256
PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
RSA KeyGen
(FIPS186-5)
(A6825)
PKCS#1 v1.5 with
SHA2-256
PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
ECDSA KeyGen
(FIPS186-5)
(A6821)
SHA2-256 PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
ECDSA KeyGen
(FIPS186-5)
(A6822)
SHA2-256 PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
ECDSA KeyGen
(FIPS186-5)
(A6823)
SHA2-256 PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
ECDSA KeyGen
(FIPS186-5)
(A6824)
SHA2-256 PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
ECDSA KeyGen
(FIPS186-5)
(A6825)
SHA2-256 PCT PCT Key pair
generation
is successful
Signature
generation and
verification
Key pair
generation
Table 22: Conditional Self-Tests
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 76 of 92
Data output through the data output interface is inhibited during the conditional self-tests. The module does
not return control to the calling application until the tests are completed. If any of these tests fails, the module
transitions to the error state (Section 10.4).
10.3 Periodic Self-Test Information
Algorithm or Test Test Method Test Type Period Periodic Method
HMAC-SHA2-256 Message
authentication
SW/FW Integrity On demand Manually
Table 23: Pre-Operational Periodic Information
Algorithm or Test Test Method Test Type Period Periodic Method
AES-ECB (A6821) KAT CAST On Demand Manually
AES-ECB (A6822) KAT CAST On Demand Manually
AES-ECB (A6824) KAT CAST On Demand Manually
AES-ECB (A6825) KAT CAST On Demand Manually
AES-CMAC
(A6821)
KAT CAST On Demand Manually
AES-CMAC
(A6822)
KAT CAST On Demand Manually
AES-CMAC
(A6824)
KAT CAST On Demand Manually
AES-CMAC
(A6825)
KAT CAST On Demand Manually
Counter DRBG
(A6821)
KAT CAST On Demand Manually
Counter DRBG
(A6822)
KAT CAST On Demand Manually
Counter DRBG
(A6824)
KAT CAST On Demand Manually
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 77 of 92
Algorithm or Test Test Method Test Type Period Periodic Method
Counter DRBG
(A6825)
KAT CAST On Demand Manually
Hash DRBG
(A6821)
KAT CAST On Demand Manually
Hash DRBG
(A6822)
KAT CAST On Demand Manually
Hash DRBG
(A6823)
KAT CAST On Demand Manually
Hash DRBG
(A6824)
KAT CAST On Demand Manually
Hash DRBG
(A6825)
KAT CAST On Demand Manually
HMAC DRBG
(A6821)
KAT CAST On Demand Manually
HMAC DRBG
(A6822)
KAT CAST On Demand Manually
HMAC DRBG
(A6823)
KAT CAST On Demand Manually
HMAC DRBG
(A6824)
KAT CAST On Demand Manually
HMAC DRBG
(A6825)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A6821)
KAT CAST On Demand Manually
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6821)
KAT CAST On Demand Manually
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 78 of 92
Algorithm or Test Test Method Test Type Period Periodic Method
ECDSA SigGen
(FIPS186-5)
(A6822)
KAT CAST On Demand Manually
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6822)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A6823)
KAT CAST On Demand Manually
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6823)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A6824)
KAT CAST On Demand Manually
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6824)
KAT CAST On Demand Manually
ECDSA SigGen
(FIPS186-5)
(A6825)
KAT CAST On Demand Manually
Deterministic
ECDSA SigGen
(FIPS186-5)
(A6825)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A6821)
KAT CAST On Demand Manually
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 79 of 92
Algorithm or Test Test Method Test Type Period Periodic Method
ECDSA SigVer
(FIPS186-5)
(A6822)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A6823)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A6824)
KAT CAST On Demand Manually
ECDSA SigVer
(FIPS186-5)
(A6825)
KAT CAST On Demand Manually
HMAC-SHA2-224
(A6821)
KAT CAST On Demand Manually
HMAC-SHA2-224
(A6822)
KAT CAST On Demand Manually
HMAC-SHA2-224
(A6823)
KAT CAST On Demand Manually
HMAC-SHA2-224
(A6824)
KAT CAST On Demand Manually
HMAC-SHA2-224
(A6825)
KAT CAST On Demand Manually
HMAC-SHA2-256
(A6821)
KAT CAST On Demand Manually
HMAC-SHA2-256
(A6822)
KAT CAST On Demand Manually
HMAC-SHA2-256
(A6823)
KAT CAST On Demand Manually
HMAC-SHA2-256
(A6824)
KAT CAST On Demand Manually
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 80 of 92
Algorithm or Test Test Method Test Type Period Periodic Method
HMAC-SHA2-256
(A6825)
KAT CAST On Demand Manually
HMAC-SHA2-384
(A6821)
KAT CAST On Demand Manually
HMAC-SHA2-384
(A6822)
KAT CAST On Demand Manually
HMAC-SHA2-384
(A6823)
KAT CAST On Demand Manually
HMAC-SHA2-384
(A6824)
KAT CAST On Demand Manually
HMAC-SHA2-384
(A6825)
KAT CAST On Demand Manually
HMAC-SHA2-512
(A6821)
KAT CAST On Demand Manually
HMAC-SHA2-512
(A6822)
KAT CAST On Demand Manually
HMAC-SHA2-512
(A6823)
KAT CAST On Demand Manually
HMAC-SHA2-512
(A6824)
KAT CAST On Demand Manually
HMAC-SHA2-512
(A6825)
KAT CAST On Demand Manually
HMAC-SHA3-224
(A6823)
KAT CAST On Demand Manually
HMAC-SHA3-224
(A6824)
KAT CAST On Demand Manually
HMAC-SHA3-224
(A6825)
KAT CAST On Demand Manually
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 81 of 92
Algorithm or Test Test Method Test Type Period Periodic Method
HMAC-SHA3-256
(A6823)
KAT CAST On Demand Manually
HMAC-SHA3-256
(A6824)
KAT CAST On Demand Manually
HMAC-SHA3-256
(A6825)
KAT CAST On Demand Manually
HMAC-SHA3-384
(A6823)
KAT CAST On Demand Manually
HMAC-SHA3-384
(A6824)
KAT CAST On Demand Manually
HMAC-SHA3-384
(A6825)
KAT CAST On Demand Manually
HMAC-SHA3-512
(A6823)
KAT CAST On Demand Manually
HMAC-SHA3-512
(A6824)
KAT CAST On Demand Manually
HMAC-SHA3-512
(A6825)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A6821)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A6822)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A6823)
KAT CAST On Demand Manually
RSA SigGen
(FIPS186-5)
(A6824)
KAT CAST On Demand Manually
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 82 of 92
Algorithm or Test Test Method Test Type Period Periodic Method
RSA SigGen
(FIPS186-5)
(A6825)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A6821)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A6822)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A6823)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A6824)
KAT CAST On Demand Manually
RSA SigVer
(FIPS186-5)
(A6825)
KAT CAST On Demand Manually
SHA2-224 (A6821) KAT CAST On Demand Manually
SHA2-224 (A6822) KAT CAST On Demand Manually
SHA2-224 (A6823) KAT CAST On Demand Manually
SHA2-224 (A6824) KAT CAST On Demand Manually
SHA2-224 (A6825) KAT CAST On Demand Manually
SHA2-256 (A6821) KAT CAST On Demand Manually
SHA2-256 (A6822) KAT CAST On Demand Manually
SHA2-256 (A6823) KAT CAST On Demand Manually
SHA2-256 (A6824) KAT CAST On Demand Manually
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 83 of 92
Algorithm or Test Test Method Test Type Period Periodic Method
SHA2-256 (A6825) KAT CAST On Demand Manually
SHA2-384 (A6821) KAT CAST On Demand Manually
SHA2-384 (A6822) KAT CAST On Demand Manually
SHA2-384 (A6823) KAT CAST On Demand Manually
SHA2-384 (A6824) KAT CAST On Demand Manually
SHA2-384 (A6825) KAT CAST On Demand Manually
SHA2-512 (A6821) KAT CAST On Demand Manually
SHA2-512 (A6822) KAT CAST On Demand Manually
SHA2-512 (A6823) KAT CAST On Demand Manually
SHA2-512 (A6824) KAT CAST On Demand Manually
SHA2-512 (A6825) KAT CAST On Demand Manually
PBKDF (A6821) KAT CAST On Demand Manually
PBKDF (A6822) KAT CAST On Demand Manually
PBKDF (A6823) KAT CAST On Demand Manually
PBKDF (A6824) KAT CAST On Demand Manually
PBKDF (A6825) KAT CAST On Demand Manually
RSA KeyGen
(FIPS186-5)
(A6821)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A6822)
PCT PCT On Demand Manually
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 84 of 92
Algorithm or Test Test Method Test Type Period Periodic Method
RSA KeyGen
(FIPS186-5)
(A6823)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A6824)
PCT PCT On Demand Manually
RSA KeyGen
(FIPS186-5)
(A6825)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A6821)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A6822)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A6823)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A6824)
PCT PCT On Demand Manually
ECDSA KeyGen
(FIPS186-5)
(A6825)
PCT PCT On Demand Manually
Table 24: Conditional Periodic Information
10.4 Error States
Name Description Conditions Recovery Method Indicator
Error
State
The module will return an
error code to indicate the
error and will enter the Error
state. Any further
Failure of pre-
operational tests or
conditional tests.
The error can be
recovered by a
restart (i.e.,
powering off and
An error
message
related to the
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 85 of 92
Name Description Conditions Recovery Method Indicator
cryptographic operation is
inhibited.
powering on) of the
module.
cause of the
failure.
Fatal
Error
state
The module will abort and
will not be available.
Random numbers are
requested in the error
state or cipher
operations are requested
on a deallocated handle.
The error can be
recovered by a
restart (i.e.,
powering off and
powering on) of the
module.
The module is
aborted
Table 25: Error States
After the pre-operational self-tests and the CASTs succeed, the module becomes operational. If any of the pre-
operational self-tests or any of the CASTs fail an error message is returned, and the module transitions to the
error state.
The calling application can obtain the module state by calling the gcry_control(GCRYCTL_OPERATIONAL_P)
API function. The function returns FALSE if the module is in the Error state, TRUE if the module is in the
Operational state. In the Error state, all data output is inhibited, and no cryptographic operation is allowed.
10.5 Operator Initiation of Self-Tests
The software integrity tests, CASTs and entropy source start-up tests can be invoked on demand by unloading
and subsequently re-initializing the module. The PCTs can be invoked on demand by requesting the key pair
generation service.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 86 of 92
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures
Before the libgcrypt20-1.10.3-150600.3.6.1 RPM package is installed, the SUSE Linux Enterprise 15 SP6 system
must operate in the FIPS validated configuration. This can be achieved by:
• Adding the fips=1 option to the kernel command line during the system installation. During the
software selection stage, do not install any third-party software.
• Switching the system into the FIPS validated configuration after the installation. Execute the fips-
mode-setup --enable command. Restart the system.
In both cases, the Crypto Officer must verify the system operates in the FIPS validated configuration by
executing the fips-mode-setup --check command, which should output “FIPS mode is enabled”.
11.2 Administrator Guidance
After the installation of the libgcrypt20-1.10.3-150600.3.6.1 RPM package, the Crypto Officer must check the
output of the gcry_get_config(0, "version") API, which should include the following name and version:
version:1.10.3:10a03:1.47:12f00:
Once libgcrypt has been put into the FIPS-validated configuration, it is not possible to switch back to standard
mode without terminating the process first. If the logging verbosity level of libgcrypt has been set to at least 2,
the state transitions and the self-tests are logged.
The user must not call malloc/free to create/release space for keys, let libgcrypt manage space for keys, which
will ensure that the key memory is overwritten before it is released.
gcry_control(GCRYCTL_TERM_SECMEM) needs to be called before the process is terminated.
11.3 Non-Administrator Guidance
There is no administrator guidance.
11.4 End of Life
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the
module. This will zeroize all SSPs in volatile memory. Then, if desired, the libgcrypt20-1.10.3-150600.3.6.1
RPM packages can be uninstalled from the SUSE Linux Enterprise 15 SP6 system.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 87 of 92
12 Mitigation of Other Attacks
12.1 Attack List
The module implements blinding against RSA timing attacks.
RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA decryption or
signature operations, blinding must be used to protect the RSA operation from that attack.
By default, the module uses the following blinding technique: instead of using the RSA decryption directly, a
blinded value y = x re mod n is decrypted and the unblinded value x' = y' r−1 mod n returned. The blinding
value r is a random value with the size of the modulus n.
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 88 of 92
Appendix A. Glossary and Abbreviations
AES Advanced Encryption Standard
API Application Programming Interface
CAST Cryptographic Algorithm Self-Test
CAVP Cryptographic Algorithm Validation Program
CBC Cipher Block Chaining
CCM Counter with Cipher Block Chaining-Message Authentication Code
CFB Cipher Feedback
CKG Cryptographic Key Generation
CMAC Cipher-based Message Authentication Code
CMVP Cryptographic Module Validation Program
CSP Critical Security Parameter
CTR Counter
DF Derivation Function
DRBG Deterministic Random Bit Generator
ECB Electronic Code Book
ECDSA Elliptic Curve Digital Signature Algorithm
FIPS Federal Information Processing Standards
HMAC Keyed-Hash Message Authentication Code
KAT Known Answer Test
KW Key Wrap
MAC Message Authentication Code
NIST National Institute of Science and Technology
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 89 of 92
OFB Output Feedback
PAA Processor Algorithm Acceleration
PAI Processor Algorithm Implementation
PBKDF2 Password-based Key Derivation Function v2
PCT Pair-wise Consistency Test
PKCS Public Key Cryptography Standard
PR Prediction Resistance
PSP Public Security Parameter
PSS Probabilistic Signature Scheme
RSA Rivest, Shamir, Adleman
SHA Secure Hash Algorithm
SSP Sensitive Security Parameter
XOF Extendable Output Function
XTS XEX-based Tweaked-codebook mode with cipher text Stealing
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 90 of 92
Appendix B. References
FIPS 140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules
March 2019
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf
FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module
Validation Program
18 April 2025
https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation-
program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf
FIPS 140-3 Management
Manual
FIPS 140-3 Cryptographic Module Validation Program Management Manual
17 December 2024
https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation-
program/documents/fips%20140-3/FIPS-140-3-
CMVP%20Management%20Manual.pdf
FIPS 180-4 Secure Hash Standard (SHS)
August 2015
https://doi.org/10.6028/NIST.FIPS.180-4
FIPS 186-5 Digital Signature Standard (DSS)
February 2023
https://doi.org/10.6028/NIST.FIPS.186-5
FIPS 197 Advanced Encryption Standard
May 2023
https://doi.org/10.6028/NIST.FIPS.197-upd1
FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC)
July 2008
https://doi.org/10.6028/NIST.FIPS.198-1
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 91 of 92
FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
August 2015
https://doi.org/10.6028/NIST.FIPS.202
PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography
Specifications Version 2.1
February 2003
https://www.ietf.org/rfc/rfc3447.txt
SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques
December 2001
https://doi.org/10.6028/NIST.SP.800-38A
SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for
Authentication
May 2005
https://doi.org/10.6028/NIST.SP.800-38B
SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for
Authentication and Confidentiality
July 2007
https://doi.org/10.6028/NIST.SP.800-38C
SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for
Confidentiality on Storage Devices
January 2010
https://doi.org/10.6028/NIST.SP.800-38E
SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key
Wrapping
December 2012
https://doi.org/10.6028/NIST.SP.800-38F
SUSE Linux Enterprise Libgcrypt Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy
© 2025 SUSE LLC/atsec information security corporation.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 92 of 92
SP 800-90A Rev. 1 Recommendation for Random Number Generation Using Deterministic Random
Bit Generators
June 2015
https://doi.org/10.6028/NIST.SP.800-90Ar1
SP 800-132 Recommendation for Password-Based Key Derivation - Part 1: Storage
Applications
December 2010
https://doi.org/10.6028/NIST.SP.800-132
SP 800-133 Rev. 2 Recommendation for Cryptographic Key Generation
June 2020
https://doi.org/10.6028/NIST.SP.800-133r2