This page was not yet optimized for use on mobile devices.
AWS-LC Cryptographic Module
Certificate #4631
Webpage information ?
Document information ?
Security policy
Symmetric Algorithms
AES, AES-256, CAST, DES, Triple-DES, HMAC, CMACAsymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DSAHash functions
SHA-1, SHA-3, MD4, MD5Schemes
MACProtocols
TLS, TLS 1.0, TLS 1.2, TLS 1.3Randomness
DRBG, RNGElliptic Curves
P-224, P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCMTrusted Execution Environments
PSP, SSCSecurity level
Level 1, level 1Side-channel analysis
timing attacksStandards
FIPS 1, FIPS 140-3, FIPS PUB 140-3, FIPS197, FIPS 186-4, FIPS198-1, FIPS180-4, FIPS186-4, FIPS140-3, PKCS#1, RFC5288, RFC8446, ISO/IEC 24759File metadata
| Title: | FIPS 140-3 Non-Proprietary Security Policy |
|---|---|
| Author: | gburlea |
| Creation date: | D:20230911190421+00'00' |
| Modification date: | D:20230911190421+00'00' |
| Pages: | 38 |
| Creator: | Microsoft Word |
References
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
06.11.2023 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2023_011123_0711.pdf.
- The certificate_pdf_url property was set to
-
01.11.2023 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4631,
"dgst": "b567edd38e178dac",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"SHA2-256A2200",
"RSA KeyGen (FIPS186-4)A2200",
"Counter DRBGA2194",
"HMAC-SHA2-224A2200",
"SHA2-512A2200",
"SHA-1A2200",
"AES-CMACA2194",
"AES-CTRA2194",
"RSA SigGen (FIPS186-4)A2200",
"ECDSA KeyGen (FIPS186-4)A2200",
"KDF TLSA2200",
"KAS-ECC-SSC Sp800-56Ar3A2200",
"HMAC-SHA-1A2200",
"ECDSA KeyVer (FIPS186-4)A2200",
"AES-CBCA2194",
"SHA2-512/256A2200",
"AES-GMACA2197",
"ECDSA SigVer (FIPS186-4)A2200",
"SHA2-224A2200",
"SHA2-384A2200",
"AES-CCMA2194",
"AES-KWA2194",
"ECDSA SigGen (FIPS186-4)A2200",
"AES-GCMA2197",
"HMAC-SHA2-256A2200",
"HMAC-SHA2-384A2200",
"AES-ECBA2197",
"HMAC-SHA2-512A2200",
"RSA SigVer (FIPS186-4)A2200",
"AES-KWPA2194"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 5
},
"ECDH": {
"ECDH": 2
},
"ECDSA": {
"ECDSA": 15
}
},
"FF": {
"DH": {
"Diffie-Hellman": 4
},
"DSA": {
"DSA": 1
}
},
"RSA": {
"RSA 2048": 1
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 5
},
"CCM": {
"CCM": 4
},
"CFB": {
"CFB": 2
},
"CTR": {
"CTR": 3
},
"ECB": {
"ECB": 3
},
"GCM": {
"GCM": 13
},
"OFB": {
"OFB": 2
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"TLS": {
"TLS": {
"TLS": 25,
"TLS 1.0": 1,
"TLS 1.2": 4,
"TLS 1.3": 5
}
}
},
"crypto_scheme": {
"MAC": {
"MAC": 4
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 12,
"P-256": 16,
"P-384": 12,
"P-521": 12
}
},
"eval_facility": {
"atsec": {
"atsec": 41
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES 256": 2,
"AES key 128": 1,
"AES-256": 1,
"HMAC-SHA-1": 2,
"PKCS#1": 2,
"RSA 2048": 1,
"SHA-1": 5,
"SHA-3": 1,
"SHA2- 256": 1,
"SHA2-224": 5,
"SHA2-256": 13,
"SHA2-384": 6,
"SHA2-512": 5,
"SHA2-512 2048": 2
}
},
"fips_security_level": {
"Level": {
"Level 1": 2,
"level 1": 1
}
},
"hash_function": {
"MD": {
"MD4": {
"MD4": 2
},
"MD5": {
"MD5": 3
}
},
"SHA": {
"SHA1": {
"SHA-1": 5
},
"SHA3": {
"SHA-3": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 17
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {
"SCA": {
"timing attacks": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 1": 4,
"FIPS 140-3": 47,
"FIPS 186-4": 3,
"FIPS PUB 140-3": 2,
"FIPS140-3": 1,
"FIPS180-4": 2,
"FIPS186-4": 2,
"FIPS197": 7,
"FIPS198-1": 2
},
"ISO": {
"ISO/IEC 24759": 2
},
"PKCS": {
"PKCS#1": 1
},
"RFC": {
"RFC5288": 1,
"RFC8446": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 36,
"AES-256": 1
},
"CAST": {
"CAST": 2
}
},
"DES": {
"3DES": {
"Triple-DES": 2
},
"DES": {
"DES": 3
}
},
"constructions": {
"MAC": {
"CMAC": 4,
"HMAC": 10
}
}
},
"tee_name": {
"AMD": {
"PSP": 1
},
"IBM": {
"SSC": 3
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "gburlea",
"/CreationDate": "D:20230911190421+00\u002700\u0027",
"/Creator": "Microsoft Word",
"/ModDate": "D:20230911190421+00\u002700\u0027",
"/Title": "FIPS 140-3 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 614520,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://gcc.gnu.org/gcc-7/",
"http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"https://github.com/ninja-build/ninja/releases",
"http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38G.pdf",
"https://github.com/awslabs/aws-lc/archive/refs/tags/AWS-LC-FIPS-1.0.2.zip",
"https://golang.org/dl/",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf",
"http://www.ietf.org/rfc/rfc3447.txt",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
"http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
"http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
"http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
"http://csrc.nist.gov/publications/drafts/800-90/sp800-90b_second_draft.pdf",
"http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
"http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
"http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 38
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "507c1c59d66616863357f07dba9f3321349dfab9941dfb801b587db209549504",
"policy_txt_hash": "c0c2c89d9121ddfcd7e3a56196952e2ed51b6e26e685463fb11a35b390312f69"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in approved mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2023_011123_0711.pdf",
"date_sunset": "2028-10-05",
"description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It \u0456s based on code from the Google BoringSSL project and the OpenSSL project.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "AWS-LC Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "AWS-LC FIPS 1.0.2",
"tested_conf": [
"Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
"Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA",
"Amazon Linux 2 running Amazon EC2 c6g.metal with Graviton 2 processor with PAA",
"Amazon Linux 2 running Amazon EC2 c6g.metal with Graviton 2 processor without PAA",
"Ubuntu 20.04 running Amazon EC2 c6g.metal with Graviton 2 processor with PAA",
"Ubuntu 20.04 running Amazon EC2 c6g.metal with Graviton 2 processor without PAA",
"Ubuntu 20.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
"Ubuntu 20.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2023-10-06",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Initial"
}
],
"vendor": "Amazon Web Services Inc.",
"vendor_url": "http://aws.amazon.com"
}
}