Kasten BoringCrypto

Certificate #4534

Webpage information ?

Status active
Validation dates 13.06.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode. No assurance of the minimum strength of generated keys
Exceptions
  • Physical Security: N/A
  • Mitigation of Other Attacks: N/A
Description A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.
Tested configurations
  • Debian Linux 5.10.40 (Rodete) running on HPE Z620 with Intel Xeon E5-2680 with PAA
  • Debian Linux 5.10.40 (Rodete) running on HPE Z620 with Intel Xeon E5-2680 without PAA
  • Google prodimage with Linux 4.15.0 running on Ampere Altra SoC with ARM Neoverse N1 with PAA
  • Google prodimage with Linux 4.15.0 running on Ampere Altra SoC with ARM Neoverse N1 without PAA (single-user mode)
  • Google prodimage with Linux 4.15.0 running on Google Arcadia-Rome with AMD Rome with PAA
  • Google prodimage with Linux 4.15.0 running on Google Arcadia-Rome with AMD Rome without PAA
Vendor Kasten, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, DES, Triple-DES, TripleDES, TDEA, HMAC, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-256
Asymmetric Algorithms
ECDSA, ECC, DH, Diffie-Hellman
Hash functions
SHA-1, SHA-224, SHA-384, SHA-512, SHA-256, MD4, MD5
Schemes
MAC, Key Agreement
Protocols
SSL, TLS, TLS 1.0, TLS v1.2
Randomness
DRBG
Libraries
BoringSSL
Elliptic Curves
P-224, P-256, P-384, P-521, Curve P-256
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM

Security level
Level 1

Standards
FIPS 140-2, FIPS 140, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS PUB 140-2, SP 800-38A, SP 800-38C, SP 800-38D, SP 800-38F, SP 800-67, SP 800-135, NIST SP 800-133, NIST SP 800-90A, SP 800-90A, NIST SP 800-52, NIST SP 800-38D, NIST SP 800-131A, SP 800-133, RFC 2313, RFC 5288, RFC 5246

File metadata

Author Matt Bator
Creation date D:20230328192042+00'00'
Modification date D:20230328192042+00'00'
Pages 26
Creator Microsoft Word

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 31.07.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2023_050723_0638 (1).pdf.
  • 26.06.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4534,
  "dgst": "1edbf99ceb74ae07",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHS#A1657",
        "HMAC#A1657",
        "AES#A1657",
        "KAS#A1657",
        "KTS#A1657",
        "RSA#A1657",
        "DRBG#A1657",
        "CVL#A1657",
        "ECDSA#A1657",
        "KAS-SSC#A1657",
        "Triple-DES#A1657"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDSA": {
            "ECDSA": 18
          }
        },
        "FF": {
          "DH": {
            "DH": 7,
            "Diffie-Hellman": 6
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CCM": {
          "CCM": 1
        },
        "CFB": {
          "CFB": 4
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 4
        },
        "OFB": {
          "OFB": 4
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "BoringSSL": {
          "BoringSSL": 2
        }
      },
      "crypto_protocol": {
        "TLS": {
          "SSL": {
            "SSL": 1
          },
          "TLS": {
            "TLS": 10,
            "TLS 1.0": 1,
            "TLS v1.2": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 4
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "Curve P-256": 1,
          "P-224": 6,
          "P-256": 9,
          "P-384": 6,
          "P-521": 4
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-256": 1,
          "AES-GCM 22": 1,
          "HMAC-SHA- 256": 2,
          "HMAC-SHA-1": 4,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-384": 2,
          "HMAC-SHA-512": 4,
          "HMACSHA- 224": 1,
          "PAA 2": 1,
          "PAA 4": 1,
          "PAA 5": 2,
          "PAA 6": 1,
          "SHA- 256": 1,
          "SHA-1": 4,
          "SHA-224": 1,
          "SHA-256": 2,
          "SHA-384": 1,
          "SHA-512": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 4
          },
          "MD5": {
            "MD5": 5
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 4
          },
          "SHA2": {
            "SHA-224": 1,
            "SHA-256": 2,
            "SHA-384": 1,
            "SHA-512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 6
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 4,
          "FIPS 140-2": 22,
          "FIPS 180-4": 2,
          "FIPS 186-4": 3,
          "FIPS 197": 2,
          "FIPS 198-1": 2,
          "FIPS PUB 140-2": 1
        },
        "NIST": {
          "NIST SP 800-131A": 1,
          "NIST SP 800-133": 1,
          "NIST SP 800-38D": 1,
          "NIST SP 800-52": 1,
          "NIST SP 800-90A": 1,
          "SP 800-133": 1,
          "SP 800-135": 3,
          "SP 800-38A": 2,
          "SP 800-38C": 1,
          "SP 800-38D": 2,
          "SP 800-38F": 2,
          "SP 800-67": 2,
          "SP 800-90A": 2
        },
        "RFC": {
          "RFC 2313": 1,
          "RFC 5246": 2,
          "RFC 5288": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 18,
            "AES-256": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 4,
            "Triple-DES": 16,
            "TripleDES": 1
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 6,
            "HMAC-SHA-256": 2,
            "HMAC-SHA-384": 1,
            "HMAC-SHA-512": 2
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Matt Bator",
      "/CreationDate": "D:20230328192042+00\u002700\u0027",
      "/Creator": "Microsoft Word",
      "/ModDate": "D:20230328192042+00\u002700\u0027",
      "pdf_file_size_bytes": 409517,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://csrc.nist.gov/groups/STM/cmvp/index.html",
          "https://cmake.org/download/",
          "https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl-853ca1ea1168dff08011e5d42d94609cc0ca2e27.tar.xz",
          "http://releases.llvm.org/download.html",
          "https://golang.org/dl/",
          "https://github.com/ninja-build/ninja/releases"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 26
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "c9254a4500bab824260ae9483d8261ef650b30db552b1e1a1745f52bb2375bc7",
    "policy_txt_hash": "8efd453723d6b0fb75193e8a5edafcc7804a3941d5fe872141014f79417ec7ad"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/June 2023_050723_0638 (1).pdf",
    "date_sunset": "2026-09-21",
    "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Kasten BoringCrypto",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "853ca1ea1168dff08011e5d42d94609cc0ca2e27",
    "tested_conf": [
      "Debian Linux 5.10.40 (Rodete) running on HPE Z620 with Intel Xeon E5-2680 with PAA",
      "Debian Linux 5.10.40 (Rodete) running on HPE Z620 with Intel Xeon E5-2680 without PAA",
      "Google prodimage with Linux 4.15.0 running on Ampere Altra SoC with ARM Neoverse N1 with PAA",
      "Google prodimage with Linux 4.15.0 running on Ampere Altra SoC with ARM Neoverse N1 without PAA (single-user mode)",
      "Google prodimage with Linux 4.15.0 running on Google Arcadia-Rome with AMD Rome with PAA",
      "Google prodimage with Linux 4.15.0 running on Google Arcadia-Rome with AMD Rome without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-06-13",
        "lab": "LEIDOS CSTL",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Kasten, Inc.",
    "vendor_url": "http://www.kasten.io"
  }
}