Kernel Cryptography Module for AlmaLinux 9

Certificate #4750

Webpage information

Status active
Validation dates 02.08.2024 , 07.08.2025
Sunset date 01-08-2029
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy.
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
Description The Linux kernel crypto API implementation provides cryptographic services to Linux kernel space software components and user space via the AF_ALG interface.
Tested configurations
  • AlmaLinux 9.2 running on Amazon Web Services (AWS) a1.metal with AWS Graviton with PAA
  • AlmaLinux 9.2 running on Amazon Web Services (AWS) a1.metal with AWS Graviton without PAA
  • AlmaLinux 9.2 running on Amazon Web Services (AWS) m5.metal with Intel Xeon Platinum 8259CL with PAA
  • AlmaLinux 9.2 running on Amazon Web Services (AWS) m5.metal with Intel Xeon Platinum 8259CL without PAA
Vendor Cloudlinux Inc., TuxCare division
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-128, AES-192, AES-256, CAST, HMAC, CMAC
Hash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-3, SHA3-224, SHA3-256, SHA3-384, SHA3-512, PBKDF2
Schemes
MAC
Protocols
IKEv2, IPsec
Randomness
DRBG, RNG
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS

Security level
Level 1

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 180-4, FIPS 202, FIPS 197, FIPS 198-1, FIPS 186-4, FIPS 186-5, SP 800-38A, SP 800-38D, SP 800-38B, SP 800-38C, SP 800-38E, PKCS#1, RFC 4106, RFC 7296, ISO/IEC 24759

File metadata

Creation date D:20250429092626Z00'00'
Modification date D:20250429092626Z00'00'
Pages 33
Producer macOS Versione 14.5 (Build 23F79) Quartz PDFContext

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4750,
  "dgst": "a360748ed90aa02c",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES-CFB128A4044",
        "SHA2-384A4049",
        "SHA2-512A4049",
        "SHA2-256A4049",
        "HMAC-SHA3-224A4026",
        "SHA3-512A4026",
        "HMAC-SHA2-512A4049",
        "AES-CBCA4041",
        "AES-CCMA4041",
        "HMAC-SHA3-384A4026",
        "HMAC-SHA2-384A4049",
        "RSA SigVer (FIPS186-4)A4049",
        "AES-GMACA4041",
        "AES-CMACA4041",
        "Hash DRBGA4049",
        "SHA3-384A4026",
        "AES-CTRA4041",
        "SHA3-256A4026",
        "SHA2-224A4049",
        "AES-GCMA4043",
        "HMAC-SHA3-512A4026",
        "HMAC-SHA2-224A4049",
        "HMAC-SHA3-256A4026",
        "HMAC DRBGA4049",
        "AES-ECBA4043",
        "HMAC-SHA2-256A4049",
        "Counter DRBGA4043",
        "AES-XTS Testing Revision 2.0A4041",
        "AES-CBC-CS3A4046",
        "AES-OFBA4045",
        "SHA3-224A4026"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "9"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 7
        },
        "CCM": {
          "CCM": 6
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 6
        },
        "ECB": {
          "ECB": 4
        },
        "GCM": {
          "GCM": 24
        },
        "OFB": {
          "OFB": 3
        },
        "XTS": {
          "XTS": 12
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKEv2": 1
        },
        "IPsec": {
          "IPsec": 7
        }
      },
      "crypto_scheme": {
        "MAC": {
          "MAC": 6
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "atsec": {
          "atsec": 36
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-128": 1,
          "AES-192": 1,
          "AES-256": 1,
          "PKCS#1": 12,
          "RSA PKCS#1": 2,
          "SHA- 256": 4,
          "SHA- 512": 2,
          "SHA-1": 4,
          "SHA-224": 4,
          "SHA-256": 8,
          "SHA-3": 3,
          "SHA-384": 3,
          "SHA-512": 7,
          "SHA2- 384": 1,
          "SHA2-256": 1,
          "SHA2-384": 2,
          "SHA2-512": 3,
          "SHA3- 224": 2,
          "SHA3- 256": 2,
          "SHA3- 384": 1,
          "SHA3- 512": 1,
          "SHA3- 512 32": 1,
          "SHA3-224": 3,
          "SHA3-256": 5,
          "SHA3-384": 4,
          "SHA3-512": 4
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF2": 3
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 4
          },
          "SHA2": {
            "SHA-224": 4,
            "SHA-256": 8,
            "SHA-384": 3,
            "SHA-512": 7
          },
          "SHA3": {
            "SHA-3": 3,
            "SHA3-224": 4,
            "SHA3-256": 5,
            "SHA3-384": 4,
            "SHA3-512": 4
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 25
        },
        "RNG": {
          "RNG": 4
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 41,
          "FIPS 180-4": 2,
          "FIPS 186-4": 4,
          "FIPS 186-5": 1,
          "FIPS 197": 7,
          "FIPS 198-1": 2,
          "FIPS 202": 2,
          "FIPS PUB 140-3": 2
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-38A": 3,
          "SP 800-38B": 1,
          "SP 800-38C": 1,
          "SP 800-38D": 2,
          "SP 800-38E": 1
        },
        "PKCS": {
          "PKCS#1": 7
        },
        "RFC": {
          "RFC 4106": 3,
          "RFC 7296": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 59,
            "AES-128": 1,
            "AES-192": 1,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 2
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 5,
            "HMAC": 16
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20250429092626Z00\u002700\u0027",
      "/ModDate": "D:20250429092626Z00\u002700\u0027",
      "/Producer": "macOS Versione 14.5 (Build 23F79) Quartz PDFContext",
      "pdf_file_size_bytes": 464329,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf",
          "https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
          "https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
          "https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
          "https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf",
          "https://datatracker.ietf.org/doc/html/rfc4106",
          "http://www.tuxcare.com/",
          "https://www.ietf.org/rfc/rfc3447.txt",
          "https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
          "http://www.atsec.com/",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 33
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "f2b571869071730c9a37a32f3250b2583914ec7991d6d12937d38f8df7643178",
    "policy_txt_hash": "20a698d32f7d8bf01950ff6805909c6ee1a53dd5f31a1a0237134ffac2a788b0"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
    "date_sunset": "2029-08-01",
    "description": "The Linux kernel crypto API implementation provides cryptographic services to Linux kernel space software components and user space via the AF_ALG interface.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Kernel Cryptography Module for AlmaLinux 9",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "kernel 5.14.0-284.1101.el9_2.tuxcare.7; libkcapi 1.3.1-3.el9",
    "tested_conf": [
      "AlmaLinux 9.2 running on Amazon Web Services (AWS) a1.metal with AWS Graviton with PAA",
      "AlmaLinux 9.2 running on Amazon Web Services (AWS) a1.metal with AWS Graviton without PAA",
      "AlmaLinux 9.2 running on Amazon Web Services (AWS) m5.metal with Intel Xeon Platinum 8259CL with PAA",
      "AlmaLinux 9.2 running on Amazon Web Services (AWS) m5.metal with Intel Xeon Platinum 8259CL without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-08-02",
        "lab": "atsec information security corporation",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2025-08-07",
        "lab": "atsec information security corporation",
        "validation_type": "Update"
      }
    ],
    "vendor": "Cloudlinux Inc., TuxCare division",
    "vendor_url": "http://www.tuxcare.com"
  }
}