Inline Crypto Engine (ICE)

Certificate #4425

Webpage information ?

Status active
Validation dates 26.01.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Hardware
Embodiment Single Chip
Caveat None
Exceptions
  • Mitigation of Other Attacks: N/A
Description The Inline Crypto Engine (ICE) module is comprised of a sub-chip cryptographic subsystem in the Google IN762 SoC. The module provides a cryptographic engine supporting cryptographic offload for IPsec and PSP protocols. The ICE module processes network infrastructure packets in both the Ingress and Egress directions. In addition to providing the cryptographic primitives for the security protocols it also provides packet integrity authentication and anti-replay protection.
Version (Hardware) 1.0
Tested configurations
  • IN762 SoC B1
Vendor Google, LLC
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-, CMAC
Asymmetric Algorithms
ECC
Protocols
IKE, IPsec
Block cipher modes
ECB, CTR, GCM

Trusted Execution Environments
PSP

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS 140, SP 800-38D, SP 800-38B, SP 800-108, NIST SP 800-38D

File metadata

Creation date D:20221219141243-08'00'
Modification date D:20221219141243-08'00'
Pages 16
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 09.02.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4425,
  "dgst": "11b0147cac181f43",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KBKDF#A811",
        "AES#A812",
        "AES#A813",
        "AES#A811",
        "KTS#A812"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CTR": {
          "CTR": 1
        },
        "ECB": {
          "ECB": 4
        },
        "GCM": {
          "GCM": 6
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 1
        },
        "IPsec": {
          "IPsec": 3
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES 128, 256": 3,
          "AES 256": 1,
          "AES-GCM 128": 2,
          "AES-GCM 256": 4
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 1
        }
      },
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 1,
          "FIPS 140-2": 10
        },
        "NIST": {
          "NIST SP 800-38D": 2,
          "SP 800-108": 3,
          "SP 800-38B": 1,
          "SP 800-38D": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 5,
            "AES-": 2
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 6
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 21
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20221219141243-08\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20221219141243-08\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 484296,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://csrc.nist.gov/groups/STM/cmvp/index.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 16
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "862a3d1fb6062409f0303ba9b88f38b35aa1a1ffe7b29ddf338f867d75452a77",
    "policy_txt_hash": "eacab7f9230318bf651c599589270c9b1580361b5f1e5c9147e3dae8926a1488"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "None",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/January 2023_010223_0657_signed.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Inline Crypto Engine (ICE) module is comprised of a sub-chip cryptographic subsystem in the Google IN762 SoC. The module provides a cryptographic engine supporting cryptographic offload for IPsec and PSP protocols. The ICE module processes network infrastructure packets in both the Ingress and Egress directions. In addition to providing the cryptographic primitives for the security protocols it also provides packet integrity authentication and anti-replay protection.",
    "embodiment": "Single Chip",
    "exceptions": [
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": "1.0",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Inline Crypto Engine (ICE)",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "IN762 SoC B1"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-01-26",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Google, LLC",
    "vendor_url": "http://www.google.com"
  }
}