Home / FIPS 140 / ae46bd6ed6ba612b
Link Link by certificate ID Link by certificate name

Red Hat Enterprise Linux 9 Kernel Cryptographic API

Certificate #4796

Webpage information ?

Status active
Validation dates 11.09.2024
Sunset date 10-09-2026
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. The module generates random strings whose strengths are modified by available entropy.
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The Red Hat Enterprise Linux 9 Kernel Cryptographic API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality
Tested configurations
  • Red Hat Enterprise Linux 9 on IBM z16 3931-A01 with IBM z16 with PAI
  • Red Hat Enterprise Linux 9 on IBM z16 3931-A01 with IBM z16 without PAI
  • Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel Xeon Silver 4216 with PAA
  • Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel Xeon Silver 4216 without PAA
  • Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 running on IBM 9080-HEX with IBM POWER10 without PAA
Vendor Red Hat(R), Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy ?

Security target PDF TXT

Symmetric Algorithms
AES-128, AES-192, AES-256, AES, AES-, CAST, HMAC, CMAC
Hash functions
SHA-1, SHA-512, SHA-256, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-3, PBKDF2
Schemes
MAC
Protocols
IKEv2, IPsec
Randomness
DRBG, RNG, RBG
Block cipher modes
ECB, CBC, CTR, CFB, GCM, CCM, XTS

Security level
Level 1
Side-channel analysis
Fault Induction

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 198-1, FIPS 186-4, FIPS 180-4, FIPS 202, FIPS186-4, FIPS 186-5, SP 800-38A, SP 800-38C, SP 800-38B, SP 800-38D, SP 800-38E, SP 800-90A, PKCS 1, PKCS#1, RFC 4106, RFC 7296

File metadata

Title 140sp-new
Author Dick Sikkema
Creation date D:20240903161045Z00'00'
Modification date D:20240903161045Z00'00'
Pages 103
Creator Word
Producer macOS Version 12.7.6 (Build 21H1320) Quartz PDFContext

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 14.10.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf.
  • 16.09.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4796,
  "dgst": "ae46bd6ed6ba612b",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "HMAC-SHA3-256A3728",
        "AES-GMACA3722",
        "HMAC-SHA3-512A3728",
        "AES-XTS Testing Revision 2.0A4549",
        "SHA2-256A3722",
        "HMAC-SHA2-512A3722",
        "SHA3-512A3728",
        "AES-ECBA3724",
        "AES-GCMA3724",
        "AES-CFB128A3725",
        "HMAC DRBGA3724",
        "AES-CMACA3722",
        "Counter DRBGA3724",
        "AES-OFBA3726",
        "AES-CCMA3722",
        "HMAC-SHA-1A3722",
        "SHA3-384A3728",
        "HMAC-SHA2-224A3722",
        "RSA SigVer (FIPS186-4)A3722",
        "Hash DRBGA3724",
        "HMAC-SHA3-384A3728",
        "SHA3-224A3728",
        "HMAC-SHA2-384A3722",
        "HMAC-SHA3-224A3728",
        "SHA2-512A3722",
        "AES-CBC-CS3A3727",
        "SHA2-384A3722",
        "SHA-1A3722",
        "SHA2-224A3722",
        "HMAC-SHA2-256A3722",
        "SHA3-256A3728",
        "AES-CTRA4549",
        "AES-CBCA4549"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "9"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "CCM": {
          "CCM": 2
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 1
        },
        "GCM": {
          "GCM": 14
        },
        "XTS": {
          "XTS": 10
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKEv2": 1
        },
        "IPsec": {
          "IPsec": 7
        }
      },
      "crypto_scheme": {
        "MAC": {
          "MAC": 11
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "atsec": {
          "atsec": 105
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "- PKCS 1": 5,
          "AES-128": 15,
          "AES-192": 15,
          "AES-256": 15,
          "HMAC- SHA-1": 5,
          "HMAC-SHA- 256": 34,
          "HMAC-SHA- 512": 2,
          "HMAC-SHA-1": 38,
          "PKCS 1": 5,
          "PKCS#1": 10,
          "SHA- 256": 6,
          "SHA-1": 66,
          "SHA-256": 18,
          "SHA-3": 5,
          "SHA-512": 1,
          "SHA2- 256": 2,
          "SHA2-224": 28,
          "SHA2-256": 62,
          "SHA2-384": 54,
          "SHA2-512": 65,
          "SHA3-224": 11,
          "SHA3-256": 12,
          "SHA3-384": 11,
          "SHA3-512": 12,
          "SHA512": 17
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF2": 2
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 67
          },
          "SHA2": {
            "SHA-256": 18,
            "SHA-512": 1,
            "SHA512": 17
          },
          "SHA3": {
            "SHA-3": 5,
            "SHA3-224": 12,
            "SHA3-256": 11,
            "SHA3-384": 12,
            "SHA3-512": 11
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 256
        },
        "RNG": {
          "RBG": 2,
          "RNG": 1
        }
      },
      "side_channel_analysis": {
        "FI": {
          "Fault Induction": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 6,
          "FIPS 180-4": 26,
          "FIPS 186-4": 8,
          "FIPS 186-5": 2,
          "FIPS 198-1": 34,
          "FIPS 202": 9,
          "FIPS PUB 140-3": 2,
          "FIPS186-4": 12
        },
        "NIST": {
          "SP 800-38A": 37,
          "SP 800-38B": 5,
          "SP 800-38C": 5,
          "SP 800-38D": 20,
          "SP 800-38E": 8,
          "SP 800-90A": 49
        },
        "PKCS": {
          "PKCS 1": 5,
          "PKCS#1": 5
        },
        "RFC": {
          "RFC 4106": 2,
          "RFC 7296": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 65,
            "AES-": 6,
            "AES-128": 15,
            "AES-192": 15,
            "AES-256": 15
          },
          "CAST": {
            "CAST": 505
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 2,
            "HMAC": 85
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Dick Sikkema",
      "/CreationDate": "D:20240903161045Z00\u002700\u0027",
      "/Creator": "Word",
      "/ModDate": "D:20240903161045Z00\u002700\u0027",
      "/Producer": "macOS Version 12.7.6 (Build 21H1320) Quartz PDFContext",
      "/Title": "140sp-new",
      "pdf_file_size_bytes": 1106591,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 103
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "c471d6ef4d3ac49345248e3f403ab540a5b2d49c19a7ca60be11699e50ab830a",
    "policy_txt_hash": "83be0208c3554804a35507841b0c9cfaeca44ecf37f4d794e7df84c73e968d12"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. The module generates random strings whose strengths are modified by available entropy.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
    "date_sunset": "2026-09-10",
    "description": "The Red Hat Enterprise Linux 9 Kernel Cryptographic API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Red Hat Enterprise Linux 9 Kernel Cryptographic API",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "5.14.0-70.53.1.el9_0; 1.3.1-3.el9",
    "tested_conf": [
      "Red Hat Enterprise Linux 9 on IBM z16 3931-A01 with IBM z16 with PAI",
      "Red Hat Enterprise Linux 9 on IBM z16 3931-A01 with IBM z16 without PAI",
      "Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel Xeon Silver 4216 with PAA",
      "Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel Xeon Silver 4216 without PAA",
      "Red Hat Enterprise Linux 9 with PowerVM FW1040.00 with VIOS 3.1.3.00 running on IBM 9080-HEX with IBM POWER10 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-09-11",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Red Hat(R), Inc.",
    "vendor_url": "http://www.redhat.com"
  }
}