AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 1 of 60
Amazon Web Services Inc.
AWS-LC Cryptographic Module (static)
FIPS 140-3 Non-Proprietary Security Policy
Prepared by:
atsec information security corporation
4516 Seton Center Pkwy, Suite 250
Austin, TX 78759
www.atsec.com
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 2 of 60
Table of Contents
1 General ................................................................................................................................................5
1.1 Overview .......................................................................................................................................5
1.2 Security Levels..............................................................................................................................5
1.3 Additional Information...................................................................................................................5
2 Cryptographic Module Specification .....................................................................................................6
2.1 Description....................................................................................................................................6
2.2 Tested and Vendor Affirmed Module Version and Identification ....................................................7
2.3 Excluded Components...................................................................................................................8
2.4 Modes of Operation .......................................................................................................................8
2.5 Algorithms.....................................................................................................................................9
2.6 Security Function Implementations.............................................................................................25
2.7 Algorithm Specific Information ....................................................................................................32
2.8 RBG and Entropy.........................................................................................................................34
2.9 Key Generation ...........................................................................................................................34
2.10 Key Establishment.....................................................................................................................34
2.11 Industry Protocols......................................................................................................................34
3 Cryptographic Module Interfaces .......................................................................................................36
3.1 Ports and Interfaces ....................................................................................................................36
4 Roles, Services, and Authentication ...................................................................................................37
4.1 Authentication Methods ..............................................................................................................37
4.2 Roles ...........................................................................................................................................37
4.3 Approved Services ......................................................................................................................37
4.4 Non-Approved Services ...............................................................................................................43
4.5 External Software/Firmware Loaded............................................................................................43
5 Software/Firmware Security ...............................................................................................................44
5.1 Integrity Techniques....................................................................................................................44
5.2 Initiate on Demand......................................................................................................................44
6 Operational Environment ...................................................................................................................45
6.1 Operational Environment Type and Requirements......................................................................45
6.2 Configuration Settings and Restrictions ......................................................................................45
7 Physical Security................................................................................................................................46
7.1 Mechanisms and Actions Required..............................................................................................46
7.4 Fault Induction Mitigation............................................................................................................46
7.5 EFP/EFT Information ....................................................................................................................46
7.6 Hardness Testing Temperature Ranges.......................................................................................46
8 Non-Invasive Security ........................................................................................................................47
8.1 Mitigation Techniques .................................................................................................................47
9 Sensitive Security Parameters Management......................................................................................48
9.1 Storage Areas..............................................................................................................................48
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 3 of 60
9.2 SSP Input-Output Methods ..........................................................................................................48
9.3 SSP Zeroization Methods.............................................................................................................48
9.4 SSPs ............................................................................................................................................49
9.5 Transitions...................................................................................................................................53
10 Self-Tests .........................................................................................................................................54
10.1 Pre-Operational Self-Tests.........................................................................................................54
10.2 Conditional Self-Tests................................................................................................................54
10.3 Periodic Self-Test Information ...................................................................................................56
10.4 Error States ...............................................................................................................................57
10.5 Operator Initiation of Self-Tests.................................................................................................57
10.6 Additional Information...............................................................................................................57
11 Life-Cycle Assurance ........................................................................................................................58
11.1 Installation, Initialization, and Startup Procedures ....................................................................58
11.2 Administrator Guidance.............................................................................................................59
12 Mitigation of Other Attacks ..............................................................................................................60
12.1 Attack List .................................................................................................................................60
12.2 Mitigation Effectiveness ............................................................................................................60
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 4 of 60
List of Tables
Table 1: Security Levels ..........................................................................................................................5
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)..................7
Table 3: Tested Operational Environments - Software, Firmware, Hybrid ...............................................8
Table 4: Modes List and Description........................................................................................................8
Table 5: Approved Algorithms...............................................................................................................23
Table 6: Vendor-Affirmed Algorithms ....................................................................................................24
Table 7: Non-Approved, Allowed Algorithms with No Security Claimed.................................................24
Table 8: Non-Approved, Not Allowed Algorithms...................................................................................25
Table 9: Security Function Implementations .........................................................................................32
Table 10: Ports and Interfaces...............................................................................................................36
Table 11: Roles .....................................................................................................................................37
Table 12: Approved Services.................................................................................................................42
Table 13: Non-Approved Services .........................................................................................................43
Table 14: EFP/EFT Information ..............................................................................................................46
Table 15: Hardness Testing Temperatures............................................................................................46
Table 16: Storage Areas........................................................................................................................48
Table 17: SSP Input-Output Methods.....................................................................................................48
Table 18: SSP Zeroization Methods .......................................................................................................48
Table 19: SSP Table 1 ...........................................................................................................................51
Table 20: SSP Table 2 ...........................................................................................................................52
Table 21: Pre-Operational Self-Tests .....................................................................................................54
Table 22: Conditional Self-Tests............................................................................................................55
Table 23: Pre-Operational Periodic Information.....................................................................................56
Table 24: Conditional Periodic Information............................................................................................56
Table 25: Error States ...........................................................................................................................57
List of Figures
Figure 1: Block Diagram..........................................................................................................................6
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 5 of 60
1 General
1.1 Overview
This document is the non-proprietary FIPS 140-3 Security Policy for version AWS-LC FIPS
2.0.0 of the AWS-LC Cryptographic Module (static). It contains the security rules under which
the module must operate and describes how this module meets the requirements as
specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for
an overall Security Level 1 module.
1.2 Security Levels
Section Title Security Level
1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security N/A
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks 1
Overall Level 1
Table 1: Security Levels
1.3 Additional Information
This Security Policy describes the features and design of the module named AWS-LC
Cryptographic Module (static) using the terminology contained in the FIPS 140-3
specification. The FIPS 140-3 Security Requirements for Cryptographic Module specifies the
security requirements that will be satisfied by a cryptographic module utilized within a
security system protecting sensitive but unclassified information. The NIST/CCCS
Cryptographic Module Validation Program (CMVP) validates cryptographic module to FIPS
140-3. Validated products are accepted by the Federal agencies of both the USA and Canada
for the protection of sensitive or designated information.
This Non-Proprietary Security Policy may be reproduced and distributed, but only whole and
intact and including this notice. Other documentation is proprietary to their authors.
In preparing the Security Policy document, the laboratory formatted the vendor-supplied
documentation for consolidation without altering the technical statements therein contained.
The further refining of the Security Policy document was conducted iteratively throughout
the conformance testing, wherein the Security Policy was submitted to the vendor, who
would then edit, modify, and add technical contents. The vendor would also supply
additional documentation, which the laboratory formatted into the existing Security Policy,
and resubmitted to the vendor for their final editing.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 6 of 60
2 Cryptographic Module Specification
2.1 Description
Purpose and Use:
The AWS-LC Cryptographic Module (static) (hereafter referred to as “the module”) provides
cryptographic services to applications running in the user space of the underlying operating
system through a C language Application Program Interface (API).
Module Type: Software
Module Embodiment: MultiChipStand
Module Characteristics:
Cryptographic Boundary:
The block diagram in Figure 1 shows the cryptographic boundary of the module, its
interfaces with the operational environment and the flow of information between the module
and operator (depicted through the arrows).
The cryptographic boundary is defined as the AWS-LC Cryptographic Module (static) which is
a cryptographic library consisting of the bcm.o file (version AWS-LC FIPS 2.0.0). This file is
statically linked to the userspace application during the compilation process.
Tested Operational Environment’s Physical Perimeter (TOEPP):
The TOEPP is the general-purpose computer on which the module is installed.
Figure 1: Block Diagram
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 7 of 60
2.2 Tested and Vendor Affirmed Module Version and
Identification
Tested Module Identification – Hardware:
N/A for this module.
Tested Module Identification – Software, Firmware, Hybrid (Executable Code
Sets):
Package or File Name Software/ Firmware
Version
Features Integrity Test
bcm.o on Amazon Linux
2 with Intel ®Xeon ®
Platinum 8275CL
AWS-LC FIPS 2.0.0 N/A HMAC-SHA2-256
bcm.o on Amazon Linux
2023 with Intel ®Xeon
® Platinum 8275CL
AWS-LC FIPS 2.0.0 N/A HMAC-SHA2-256
bcm.o on Ubuntu 22.04
with Intel ®Xeon ®
Platinum 8275CL
AWS-LC FIPS 2.0.0 N/A HMAC-SHA2-256
bcm.o on Amazon Linux
2 with Gravition3
AWS-LC FIPS 2.0.0 N/A HMAC-SHA2-256
bcm.o on Amazon Linux
2023 with Gravition3
AWS-LC FIPS 2.0.0 N/A HMAC-SHA2-256
bcm.o on Ubuntu 22.04
with Gravition3
AWS-LC FIPS 2.0.0 N/A HMAC-SHA2-256
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)
Tested Module Identification – Hybrid Disjoint Hardware:
N/A for this module.
Tested Operational Environments - Software, Firmware, Hybrid:
Operating
System
Hardware Platform Processors PAA/PAI Hypervisor
or Host OS
Version(s)
Amazon
Linux 2
Amazon EC2 c5.metal with 192
GiB system memory and Elastic
Block Store (EBS) 200 GiB
Intel® Xeon®
Platinum 8275CL
Yes N/A AWS-LC FIPS
2.0.0
Amazon
Linux 2023
Amazon EC2 c5.metal with 192
GiB system memory and Elastic
Block Store (EBS) 200 GiB
Intel® Xeon®
Platinum 8275CL
Yes N/A AWS-LC FIPS
2.0.0
Ubuntu 22.04 Amazon EC2 c5.metal with 192
GiB system memory and Elastic
Block Store (EBS) 200 GiB
Intel® Xeon®
Platinum 8275CL
Yes N/A AWS-LC FIPS
2.0.0
Amazon
Linux 2
Amazon EC2 c7g.metal with 128
GiB system memory and Elastic
Block Store (EBS) 200 GiB
Graviton3 Yes N/A AWS-LC FIPS
2.0.0
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 8 of 60
Operating
System
Hardware Platform Processors PAA/PAI Hypervisor
or Host OS
Version(s)
Amazon
Linux 2023
Amazon EC2 c7g.metal with 128
GiB system memory and Elastic
Block Store (EBS) 200 GiB
Graviton3 Yes N/A AWS-LC FIPS
2.0.0
Ubuntu 22.04 Amazon EC2 c7g.metal with 128
GiB system memory and Elastic
Block Store (EBS) 200 GiB
Graviton3 Yes N/A AWS-LC FIPS
2.0.0
Table 3: Tested Operational Environments - Software, Firmware, Hybrid
Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid:
N/A for this module.
CMVP makes no statement as to the correct operation of the module or the security
strengths of the generated keys when so ported if the specific operational environment is
not listed on the validation certificate.
2.3 Excluded Components
The module does not claim any excluded components.
2.4 Modes of Operation
Modes List and Description:
Mode Name Description Type Status Indicator
Approved
Mode
Automatically entered whenever an
approved service is requested.
Approved Equivalent to the indicator of
the requested service.
Non-approved
Mode
Automatically entered whenever a non-
approved service is requested.
Non-
Approved
Equivalent to the indicator of
the requested service.
Table 4: Modes List and Description
Mode Change Instructions and Status:
When the module starts up successfully, after passing the pre-operational self-test and the
cryptographic algorithms self-tests (CASTs), the module is operating in the approved mode
of operation by default and can only be transitioned into the non-approved mode by calling
one of the non-approved services listed in the Non-Approved Services table. The module will
transition back to approved mode when approved service is called. Section 4 provides
details on the service indicator implemented by the module. The service indicator identifies
when an approved service is called.
Degraded Mode Description:
The module does not implement a degraded mode of operation.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 9 of 60
2.5 Algorithms
Approved Algorithms:
Algorithm CAVP Cert Properties Reference
ECDSA KeyGen
(FIPS186-5)
A4509 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A4509 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A4509 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
Component - No
FIPS 186-5
ECDSA SigVer
(FIPS186-4)
A4509 Component - No
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA-1
FIPS 186-4
ECDSA SigVer
(FIPS186-5)
A4509 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-5
HMAC-SHA-1 A4509 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-224 A4509 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-256 A4509 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-384 A4509 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512 A4509 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512/256 A4509 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
KAS-ECC-SSC Sp800-
56Ar3
A4509 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDA HKDF Sp800-
56Cr1
A4509 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-56C
Rev. 2
KDF SSH (CVL) A4509 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF TLS (CVL) A4509 TLS Version - v1.0/1.1, v1.2
Hash Algorithm - SHA2-256, SHA2-384, SHA2-512
SP 800-135
Rev. 1
PBKDF A4509 Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 14-128
Increment 1
SP 800-132
RSA KeyGen (FIPS186-
5)
A4509 Key Generation Mode - probable
Modulo - 2048, 3072, 4096
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 10 of 60
Algorithm CAVP Cert Properties Reference
RSA SigGen (FIPS186-
5)
A4509 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
4)
A4509 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-
5)
A4509 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SHA-1 A4509 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A4509 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A4509 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A4509 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A4509 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A4509 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
AES-CBC A4510 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CCM A4510 Key Length - 128 SP 800-38C
AES-CMAC A4510 Direction - Generation, Verification
Key Length - 128, 256
SP 800-38B
AES-CTR A4510 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A4510 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-KW A4510 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A4510 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-XTS Testing
Revision 2.0
A4510 Direction - Decrypt, Encrypt
Key Length - 256
SP 800-38E
Counter DRBG A4510 Prediction Resistance - No
Mode - AES-256
Derivation Function Enabled - No
SP 800-90A
Rev. 1
AES-ECB A4511 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4511 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4511 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 11 of 60
Algorithm CAVP Cert Properties Reference
AES-ECB A4512 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4512 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4512 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-CBC A4513 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CCM A4513 Key Length - 128 SP 800-38C
AES-CMAC A4513 Direction - Generation, Verification
Key Length - 128, 256
SP 800-38B
AES-CTR A4513 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A4513 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-KW A4513 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A4513 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-XTS Testing
Revision 2.0
A4513 Direction - Decrypt, Encrypt
Key Length - 256
SP 800-38E
Counter DRBG A4513 Prediction Resistance - No
Mode - AES-256
Derivation Function Enabled - No
SP 800-90A
Rev. 1
AES-ECB A4514 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4514 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4514 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-CBC A4515 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CCM A4515 Key Length - 128 SP 800-38C
AES-CMAC A4515 Direction - Generation, Verification
Key Length - 128, 256
SP 800-38B
AES-CTR A4515 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A4515 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-KW A4515 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A4515 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 12 of 60
Algorithm CAVP Cert Properties Reference
AES-XTS Testing
Revision 2.0
A4515 Direction - Decrypt, Encrypt
Key Length - 256
SP 800-38E
Counter DRBG A4515 Prediction Resistance - No
Mode - AES-256
Derivation Function Enabled - No
SP 800-90A
Rev. 1
AES-ECB A4516 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4516 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4516 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
ECDSA KeyGen
(FIPS186-5)
A4517 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A4517 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A4517 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
Component - No
FIPS 186-5
ECDSA SigVer
(FIPS186-4)
A4517 Component - No
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA-1
FIPS 186-4
ECDSA SigVer
(FIPS186-5)
A4517 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-5
HMAC-SHA-1 A4517 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-224 A4517 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-256 A4517 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-384 A4517 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512 A4517 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512/256 A4517 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
KAS-ECC-SSC Sp800-
56Ar3
A4517 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDA HKDF Sp800-
56Cr1
A4517 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-56C
Rev. 2
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 13 of 60
Algorithm CAVP Cert Properties Reference
KDF SSH (CVL) A4517 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF TLS (CVL) A4517 TLS Version - v1.0/1.1, v1.2
Hash Algorithm - SHA2-256, SHA2-384, SHA2-512
SP 800-135
Rev. 1
PBKDF A4517 Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 14-128
Increment 1
SP 800-132
RSA KeyGen (FIPS186-
5)
A4517 Key Generation Mode - probable
Modulo - 2048, 3072, 4096
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA SigGen (FIPS186-
5)
A4517 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
4)
A4517 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-
5)
A4517 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SHA-1 A4517 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A4517 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A4517 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A4517 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A4517 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A4517 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
ECDSA KeyGen
(FIPS186-5)
A4518 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A4518 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A4518 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
Component - No
FIPS 186-5
ECDSA SigVer
(FIPS186-4)
A4518 Component - No
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA-1
FIPS 186-4
ECDSA SigVer
(FIPS186-5)
A4518 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-5
HMAC-SHA-1 A4518 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 14 of 60
Algorithm CAVP Cert Properties Reference
HMAC-SHA2-224 A4518 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-256 A4518 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-384 A4518 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512 A4518 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512/256 A4518 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
KAS-ECC-SSC Sp800-
56Ar3
A4518 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDA HKDF Sp800-
56Cr1
A4518 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-56C
Rev. 2
KDF SSH (CVL) A4518 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF TLS (CVL) A4518 TLS Version - v1.0/1.1, v1.2
Hash Algorithm - SHA2-256, SHA2-384, SHA2-512
SP 800-135
Rev. 1
PBKDF A4518 Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 14-128
Increment 1
SP 800-132
RSA KeyGen (FIPS186-
5)
A4518 Key Generation Mode - probable
Modulo - 2048, 3072, 4096
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA SigGen (FIPS186-
5)
A4518 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
4)
A4518 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-
5)
A4518 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SHA-1 A4518 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A4518 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A4518 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A4518 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 15 of 60
Algorithm CAVP Cert Properties Reference
SHA2-512 A4518 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A4518 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
AES-CBC A4519 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CCM A4519 Key Length - 128 SP 800-38C
AES-CMAC A4519 Direction - Generation, Verification
Key Length - 128, 256
SP 800-38B
AES-CTR A4519 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A4519 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-KW A4519 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A4519 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-XTS Testing
Revision 2.0
A4519 Direction - Decrypt, Encrypt
Key Length - 256
SP 800-38E
Counter DRBG A4519 Prediction Resistance - No
Mode - AES-256
Derivation Function Enabled - No
SP 800-90A
Rev. 1
AES-ECB A4520 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4520 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4520 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-ECB A4521 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4521 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4521 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-ECB A4522 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4522 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4522 Direction - Decrypt, Encrypt
IV Generation - External, Internal
SP 800-38D
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 16 of 60
Algorithm CAVP Cert Properties Reference
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
AES-CBC A4523 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-CCM A4523 Key Length - 128 SP 800-38C
AES-CMAC A4523 Direction - Generation, Verification
Key Length - 128, 256
SP 800-38B
AES-CTR A4523 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A4523 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-KW A4523 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A4523 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-XTS Testing
Revision 2.0
A4523 Direction - Decrypt, Encrypt
Key Length - 256
SP 800-38E
Counter DRBG A4523 Prediction Resistance - No
Mode - AES-256
Derivation Function Enabled - No
SP 800-90A
Rev. 1
AES-ECB A4524 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4524 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4524 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-ECB A4525 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4525 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4525 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-ECB A4526 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4526 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4526 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-CBC A4527 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 17 of 60
Algorithm CAVP Cert Properties Reference
AES-CCM A4527 Key Length - 128 SP 800-38C
AES-CMAC A4527 Direction - Generation, Verification
Key Length - 128, 256
SP 800-38B
AES-CTR A4527 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-ECB A4527 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-KW A4527 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-KWP A4527 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38F
AES-XTS Testing
Revision 2.0
A4527 Direction - Decrypt, Encrypt
Key Length - 256
SP 800-38E
Counter DRBG A4527 Prediction Resistance - No
Mode - AES-256
Derivation Function Enabled - No
SP 800-90A
Rev. 1
AES-ECB A4528 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4528 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4528 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-ECB A4529 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4529 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4529 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-ECB A4530 Direction - Decrypt, Encrypt
Key Length - 128, 192, 256
SP 800-38A
AES-GCM A4530 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
AES-GMAC A4530 Direction - Decrypt, Encrypt
IV Generation - External, Internal
IV Generation Mode - 8.2.1, 8.2.2
Key Length - 128, 256
SP 800-38D
ECDSA KeyGen
(FIPS186-5)
A4531 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A4531 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A4531 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
FIPS 186-5
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 18 of 60
Algorithm CAVP Cert Properties Reference
384, SHA2-512
Component - No
ECDSA SigVer
(FIPS186-4)
A4531 Component - No
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA-1
FIPS 186-4
ECDSA SigVer
(FIPS186-5)
A4531 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-5
HMAC-SHA-1 A4531 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-224 A4531 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-256 A4531 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-384 A4531 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512 A4531 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512/256 A4531 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
KAS-ECC-SSC Sp800-
56Ar3
A4531 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDA HKDF Sp800-
56Cr1
A4531 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-56C
Rev. 2
KDF SSH (CVL) A4531 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF TLS (CVL) A4531 TLS Version - v1.0/1.1, v1.2
Hash Algorithm - SHA2-256, SHA2-384, SHA2-512
SP 800-135
Rev. 1
PBKDF A4531 Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 14-128
Increment 1
SP 800-132
RSA KeyGen (FIPS186-
5)
A4531 Key Generation Mode - probable
Modulo - 2048, 3072, 4096
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA SigGen (FIPS186-
5)
A4531 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
4)
A4531 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-
5)
A4531 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SHA-1 A4531 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 19 of 60
Algorithm CAVP Cert Properties Reference
SHA2-224 A4531 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A4531 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A4531 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A4531 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A4531 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
ECDSA KeyGen
(FIPS186-5)
A4532 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A4532 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A4532 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
Component - No
FIPS 186-5
ECDSA SigVer
(FIPS186-4)
A4532 Component - No
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA-1
FIPS 186-4
ECDSA SigVer
(FIPS186-5)
A4532 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-5
HMAC-SHA-1 A4532 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-224 A4532 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-256 A4532 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-384 A4532 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512 A4532 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512/256 A4532 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
KAS-ECC-SSC Sp800-
56Ar3
A4532 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDA HKDF Sp800-
56Cr1
A4532 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-56C
Rev. 2
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 20 of 60
Algorithm CAVP Cert Properties Reference
KDF SSH (CVL) A4532 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF TLS (CVL) A4532 TLS Version - v1.0/1.1, v1.2
Hash Algorithm - SHA2-256, SHA2-384, SHA2-512
SP 800-135
Rev. 1
PBKDF A4532 Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 14-128
Increment 1
SP 800-132
RSA KeyGen (FIPS186-
5)
A4532 Key Generation Mode - probable
Modulo - 2048, 3072, 4096
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA SigGen (FIPS186-
5)
A4532 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
4)
A4532 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-
5)
A4532 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SHA-1 A4532 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A4532 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A4532 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A4532 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A4532 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A4532 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
ECDSA KeyGen
(FIPS186-5)
A4533 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A4533 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A4533 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
Component - No
FIPS 186-5
ECDSA SigVer
(FIPS186-4)
A4533 Component - No
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA-1
FIPS 186-4
ECDSA SigVer
(FIPS186-5)
A4533 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-5
HMAC-SHA-1 A4533 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 21 of 60
Algorithm CAVP Cert Properties Reference
HMAC-SHA2-224 A4533 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-256 A4533 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-384 A4533 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512 A4533 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512/256 A4533 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
KAS-ECC-SSC Sp800-
56Ar3
A4533 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDA HKDF Sp800-
56Cr1
A4533 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-56C
Rev. 2
KDF SSH (CVL) A4533 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF TLS (CVL) A4533 TLS Version - v1.0/1.1, v1.2
Hash Algorithm - SHA2-256, SHA2-384, SHA2-512
SP 800-135
Rev. 1
PBKDF A4533 Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 14-128
Increment 1
SP 800-132
RSA KeyGen (FIPS186-
5)
A4533 Key Generation Mode - probable
Modulo - 2048, 3072, 4096
Primality Tests - 2powSecStr
Private Key Format - standard
FIPS 186-5
RSA SigGen (FIPS186-
5)
A4533 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
4)
A4533 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-
5)
A4533 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SHA-1 A4533 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A4533 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A4533 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A4533 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 22 of 60
Algorithm CAVP Cert Properties Reference
SHA2-512 A4533 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A4533 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
ECDSA KeyGen
(FIPS186-5)
A4534 Curve - P-224, P-256, P-384, P-521
Secret Generation Mode - testing candidates
FIPS 186-5
ECDSA KeyVer
(FIPS186-5)
A4534 Curve - P-224, P-256, P-384, P-521 FIPS 186-5
ECDSA SigGen
(FIPS186-5)
A4534 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
Component - No
FIPS 186-5
ECDSA SigVer
(FIPS186-4)
A4534 Component - No
Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA-1
FIPS 186-4
ECDSA SigVer
(FIPS186-5)
A4534 Curve - P-224, P-256, P-384, P-521
Hash Algorithm - SHA2-224, SHA2-256, SHA2-
384, SHA2-512
FIPS 186-5
HMAC-SHA-1 A4534 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-224 A4534 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-256 A4534 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-384 A4534 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512 A4534 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
HMAC-SHA2-512/256 A4534 Key Length - Key Length: 112-524288 Increment
8
FIPS 198-1
KAS-ECC-SSC Sp800-
56Ar3
A4534 Domain Parameter Generation Methods - P-224,
P-256, P-384, P-521
Scheme -
ephemeralUnified -
KAS Role - initiator, responder
SP 800-56A
Rev. 3
KDA HKDF Sp800-
56Cr1
A4534 Derived Key Length - 2048
Shared Secret Length - Shared Secret Length:
224-2048 Increment 8
HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-56C
Rev. 2
KDF SSH (CVL) A4534 Cipher - AES-128, AES-192, AES-256
Hash Algorithm - SHA-1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512
SP 800-135
Rev. 1
KDF TLS (CVL) A4534 TLS Version - v1.0/1.1, v1.2
Hash Algorithm - SHA2-256, SHA2-384, SHA2-512
SP 800-135
Rev. 1
PBKDF A4534 Iteration Count - Iteration Count: 1000-10000
Increment 1
Password Length - Password Length: 14-128
Increment 1
SP 800-132
RSA KeyGen (FIPS186-
5)
A4534 Key Generation Mode - probable
Modulo - 2048, 3072, 4096
FIPS 186-5
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 23 of 60
Algorithm CAVP Cert Properties Reference
Primality Tests - 2powSecStr
Private Key Format - standard
RSA SigGen (FIPS186-
5)
A4534 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
RSA SigVer (FIPS186-
4)
A4534 Signature Type - PKCS 1.5, PKCSPSS
Modulo - 1024, 2048, 3072, 4096
FIPS 186-4
RSA SigVer (FIPS186-
5)
A4534 Modulo - 2048, 3072, 4096
Signature Type - pkcs1v1.5, pss
FIPS 186-5
SHA-1 A4534 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-224 A4534 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-256 A4534 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-384 A4534 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512 A4534 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
SHA2-512/256 A4534 Message Length - Message Length: 0-65536
Increment 8
Large Message Sizes - 1, 2, 4, 8
FIPS 180-4
Table 5: Approved Algorithms
Vendor-Affirmed Algorithms:
Name Properties Implementation Reference
Cryptographic Key
Generation (CKG)
RSA (FIPS 186-5):2048, 3072,
4096 bits with 112, 128, 149 bits
of key strength.
EC (FIPS 186-5):P-224, P-256, P
384, P-521 elliptic curves with
112-256 bits of key strength
AWS-LC Cryptographic
Module (static build)
(SHA_ASM)
SP 800-133Rev2
section 5.1 and
5.2
Cryptographic Key
Generation (CKG)
RSA (FIPS 186-5):2048, 3072,
4096 bits with 112, 128, 149 bits
of key strength.
EC (FIPS 186-5):P-224, P-256, P
384, P-521 elliptic curves with
112-256 bits of key strength.
AWS-LC Cryptographic
Module (static build)
(SHA_CE)
SP 800-133Rev2
section 5.1 and
5.2
Cryptographic Key
Generation (CKG)
RSA (FIPS 186-5):2048, 3072,
4096 bits with 112, 128, 149 bits
of key strength
EC (FIPS 186-5):P-224, P-256, P
384, P-521 elliptic curves with
112-256 bits of key strength.
AWS-LC Cryptographic
Module (static build) (NEON)
SP 800-133Rev2
section 5.1 and
5.2
Cryptographic Key
Generation (CKG)
RSA (FIPS 186-5):2048, 3072,
4096 bits with 112, 128, 149 bits
of key strength.
AWS-LC Cryptographic
Module (static build)
(SHA_SHANI)
SP 800-133Rev2
section 5.1 and
5.2
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 24 of 60
Name Properties Implementation Reference
EC (FIPS 186-5):P-224, P-256, P
384, P-521 elliptic curves with
112-256 bits of key strength.
Cryptographic Key
Generation (CKG)
RSA (FIPS 186-5):2048, 3072,
4096 bits with 112, 128, 149 bits
of key strength.
EC (FIPS 186-5):P-224, P-256, P
384, P-521 elliptic curves with
112-256 bits of key strength.
AWS-LC Cryptographic
Module (static build)
(SHA_AVX2)
SP 800-133Rev2
section 5.1 and
5.2
Cryptographic Key
Generation (CKG)
RSA (FIPS 186-5):2048, 3072,
4096 bits with 112, 128, 149 bits
of key strength.
EC (FIPS 186-5):P-224, P-256, P
384, P-521 elliptic curves with
112-256 bits of key strength.
AWS-LC Cryptographic
Module (static build)
(SHA_AVX)
SP 800-133Rev2
section 5.1 and
5.2
Cryptographic Key
Generation (CKG)
RSA (FIPS 186-5):2048, 3072,
4096 bits with 112, 128, 149 bits
of key strength.
EC (FIPS 186-5):P-224, P-256, P
384, P-521 elliptic curves with
112-256 bits of key strength.
AWS-LC Cryptographic
Module (static build)
(SHA_SSSE3)
SP 800-133Rev2
section 5.1 and
5.2
Table 6: Vendor-Affirmed Algorithms
Non-Approved, Allowed Algorithms:
N/A for this module.
The module does not implement non-approved algorithms that are allowed in the approved
mode of operation.
Non-Approved, Allowed Algorithms with No Security Claimed:
Name Caveat Use and Function
MD5 Allowed per IG 2.4.A Message Digest used in TLS 1.0/1.1 KDF only
Table 7: Non-Approved, Allowed Algorithms with No Security Claimed
Non-Approved, Not Allowed Algorithms:
Name Use and Function
AES with OFB or CFB1, CFB8 modes Encryption, Decryption
AES GCM, GCM, GMAC, XTS with keys not listed in Table 5 Encryption, Decryption
AES using aes_*_generic function Encryption, Decryption
AES GMAC using aes_*_generic Message Authentication Generation
Curve secp256k1 Signature Generation, Signature
Verification, Shared Secret
Computation
Diffie Hellman Shared Secret Computation
HMAC-MD4, HMAC-MD5, HMAC-SHA1, HMAC-SHA-3, HMAC-
RIPEMD-160
Message Authentication Generation
MD4 Message Digest
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 25 of 60
Name Use and Function
MD5 (outside of TLS) Message Digest
RSA using RSA_generate_key_ex Key Generation
ECDSA using EC_KEY_generate_key Key Generation
RSA using keys less than 2048 bits Signature Generation
RSA using keys less than 1024 bits Signature Verification
RSA without hashing Sign/Verify primitive operations
RSA encryption primitive with PKCS#1 v1.5 and OAEP padding Encryption
SHA-1, SHA-3 Signature Generation
SHAKE, RIPEMD-160, SHA-3 Message Digest
TLS KDF using any SHA algorithms other than SHA2-256,
SHA2-384, SHA2-512; or TLS KDF using non-extended master
secret
Key Derivation
RSA Key Encapsulation/Un-encapsulation
Table 8: Non-Approved, Not Allowed Algorithms
2.6 Security Function Implementations
Name Type Description Properties Algorithms
Shared Secret
Computation with EC
Diffie-Hellman
KAS-SSC Shared secret
computation per
SP 800-56ARev3
Curves:P-224, P-256,
P-384, P-521 elliptic
curves with 112-256
bits of key strength
Compliance:Compliant
with IG D.F scenario
2(1)
KAS-ECC-SSC
Sp800-56Ar3
KAS-ECC-SSC
Sp800-56Ar3
KAS-ECC-SSC
Sp800-56Ar3
KAS-ECC-SSC
Sp800-56Ar3
KAS-ECC-SSC
Sp800-56Ar3
KAS-ECC-SSC
Sp800-56Ar3
KAS-ECC-SSC
Sp800-56Ar3
Key
Wrapping/Unwrapping
with AES KW, AES-
KWP
KTS-Wrap Key wrapping, key
unwrapping using
AES KW/KWP
Keys:128, 192, 256
bits with 128-256 bits
of key strength
Compliance:Compliant
with IG D.G
AES-KW
AES-KWP
AES-KW
AES-KWP
AES-KW
AES-KWP
AES-KW
AES-KWP
AES-KW
AES-KWP
AES-KW
AES-KWP
Key
Wrapping/Unwrapping
with AES GCM
KTS-Wrap Key wrapping, key
unwrapping using
AES GCM
Keys:128 and 256 bits
with 128 and 256 bits
of key strength
Compliance:
Compliant with IG D.G
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 26 of 60
Name Type Description Properties Algorithms
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
Key
Wrapping/Unwrapping
with AES CCM
KTS-Wrap Key wrapping, key
unwrapping using
AES CCM
Keys:128 bits with
128 bits of key
strength
Compliance:Compliant
with IG D.G
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
Encryption/Decryption
with AES
BC-UnAuth Encryption,
decryption using
AES
Keys:128, 192, 256
bits keys with 128-
256 of key strength
AES-CBC
AES-CTR
AES-ECB
AES-XTS Testing
Revision 2.0
AES-ECB
AES-ECB
AES-CBC
AES-CTR
AES-ECB
AES-XTS Testing
Revision 2.0
AES-ECB
AES-CBC
AES-CTR
AES-ECB
AES-XTS Testing
Revision 2.0
AES-ECB
AES-CBC
AES-CTR
AES-ECB
AES-XTS Testing
Revision 2.0
AES-ECB
AES-ECB
AES-ECB
AES-CBC
AES-CTR
AES-ECB
AES-XTS Testing
Revision 2.0
AES-ECB
AES-ECB
AES-ECB
AES-CBC
AES-CTR
AES-ECB
AES-XTS Testing
Revision 2.0
AES-ECB
AES-ECB
AES-ECB
Signature Generation
with RSA
DigSig-SigGen Digital signature
generation using
RSA
Keys:2048, 3072,
4096 bits with 112-
150 bits of strength
RSA SigGen
(FIPS186-5)
RSA SigGen
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 27 of 60
Name Type Description Properties Algorithms
(FIPS186-5)
RSA SigGen
(FIPS186-5)
RSA SigGen
(FIPS186-5)
RSA SigGen
(FIPS186-5)
RSA SigGen
(FIPS186-5)
RSA SigGen
(FIPS186-5)
Signature Generation
with ECDSA
DigSig-SigGen Digital signature
generation using
ECDSA
Curves:P-224, P-256,
P-384, P-521 with
112-256 bits of key
strength
ECDSA SigGen
(FIPS186-5)
ECDSA SigGen
(FIPS186-5)
ECDSA SigGen
(FIPS186-5)
ECDSA SigGen
(FIPS186-5)
ECDSA SigGen
(FIPS186-5)
ECDSA SigGen
(FIPS186-5)
ECDSA SigGen
(FIPS186-5)
Key Generation with
RSA
AsymKeyPair-
KeyGen
Key generation
using RSA
Keys:2048, 3072,
4096 bits key with
112-150 bits of
strength
RSA KeyGen
(FIPS186-5)
RSA KeyGen
(FIPS186-5)
RSA KeyGen
(FIPS186-5)
RSA KeyGen
(FIPS186-5)
RSA KeyGen
(FIPS186-5)
RSA KeyGen
(FIPS186-5)
RSA KeyGen
(FIPS186-5)
Key Generation with
ECDSA
AsymKeyPair-
KeyGen
Key generation
using ECDSA
Curves:P-224, P-256,
P-384, P-521 with
112-256 bits of
strength
ECDSA KeyGen
(FIPS186-5)
ECDSA KeyGen
(FIPS186-5)
ECDSA KeyGen
(FIPS186-5)
ECDSA KeyGen
(FIPS186-5)
ECDSA KeyGen
(FIPS186-5)
ECDSA KeyGen
(FIPS186-5)
ECDSA KeyGen
(FIPS186-5)
Signature Verification
with ECDSA
DigSig-SigVer Signature
verification using
ECDSA
Curves:P-224, P-256,
P-384, P-521 with
112-256 bits of
strength
ECDSA SigVer
(FIPS186-4)
ECDSA SigVer
(FIPS186-4)
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 28 of 60
Name Type Description Properties Algorithms
ECDSA SigVer
(FIPS186-4)
ECDSA SigVer
(FIPS186-4)
ECDSA SigVer
(FIPS186-4)
ECDSA SigVer
(FIPS186-4)
ECDSA SigVer
(FIPS186-4)
ECDSA SigVer
(FIPS186-5)
ECDSA SigVer
(FIPS186-5)
ECDSA SigVer
(FIPS186-5)
ECDSA SigVer
(FIPS186-5)
ECDSA SigVer
(FIPS186-5)
ECDSA SigVer
(FIPS186-5)
ECDSA SigVer
(FIPS186-5)
Signature Verification
with RSA
DigSig-SigVer Signature
verification using
RSA
Keys:1024, 2048,
3072, 4096 bits with
80-150 bits of
strength
RSA SigVer
(FIPS186-4)
RSA SigVer
(FIPS186-5)
RSA SigVer
(FIPS186-4)
RSA SigVer
(FIPS186-5)
RSA SigVer
(FIPS186-4)
RSA SigVer
(FIPS186-5)
RSA SigVer
(FIPS186-4)
RSA SigVer
(FIPS186-5)
RSA SigVer
(FIPS186-4)
RSA SigVer
(FIPS186-5)
RSA SigVer
(FIPS186-4)
RSA SigVer
(FIPS186-5)
RSA SigVer
(FIPS186-4)
RSA SigVer
(FIPS186-5)
Key Verification with
ECDSA
AsymKeyPair-
KeyVer
Key verification
using ECDSA
Curves:P-224, P-256,
P-384, P-521 with
112-256 bits of
strength
ECDSA KeyVer
(FIPS186-5)
ECDSA KeyVer
(FIPS186-5)
ECDSA KeyVer
(FIPS186-5)
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 29 of 60
Name Type Description Properties Algorithms
ECDSA KeyVer
(FIPS186-5)
ECDSA KeyVer
(FIPS186-5)
ECDSA KeyVer
(FIPS186-5)
ECDSA KeyVer
(FIPS186-5)
Key Derivation with
TLS KDF
KAS-135KDF Key derivation
using TLS KDF
Derived keys:112 to
256 bits
KDF TLS
KDF TLS
KDF TLS
KDF TLS
KDF TLS
KDF TLS
KDF TLS
Key Derivation with
SSH KDF
KAS-135KDF Key derivation
using SSH KDF
SSH Derived keys:112
to 256 bits
KDF SSH
KDF SSH
KDF SSH
KDF SSH
KDF SSH
KDF SSH
KDF SSH
Key Derivation with
KDA HKDF
KAS-56CKDF Key derivation
using KDA HKDF
Derived keys:112 to
256 bits
KDA HKDF Sp800-
56Cr1
KDA HKDF Sp800-
56Cr1
KDA HKDF Sp800-
56Cr1
KDA HKDF Sp800-
56Cr1
KDA HKDF Sp800-
56Cr1
KDA HKDF Sp800-
56Cr1
KDA HKDF Sp800-
56Cr1
Key Derivation with
PBKDF
PBKDF Key derivation
using PBKDF
Derived keys:112 to
256 bits
PBKDF
PBKDF
PBKDF
PBKDF
PBKDF
PBKDF
PBKDF
Message Digest with
SHA
SHA Message digest
using SHA
SHA-1
SHA2-224
SHA2-256
SHA2-384
SHA2-512
SHA2-512/256
SHA-1
SHA2-224
SHA2-256
SHA2-384
SHA2-512
SHA2-512/256
SHA-1
SHA2-224
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 30 of 60
Name Type Description Properties Algorithms
SHA2-256
SHA2-384
SHA2-512
SHA2-512/256
SHA-1
SHA2-224
SHA2-256
SHA2-384
SHA2-512
SHA2-512/256
SHA-1
SHA2-224
SHA2-256
SHA2-384
SHA2-512
SHA2-512/256
SHA-1
SHA2-224
SHA2-256
SHA2-384
SHA2-512
SHA2-512/256
SHA-1
SHA2-224
SHA2-256
SHA2-384
SHA2-512
SHA2-512/256
Random Number
Generation with
DRBG
DRBG Random number
generation using
DRBG
Compliance:Compliant
with SP800-90ARev1
Counter DRBG
Counter DRBG
Counter DRBG
Counter DRBG
Counter DRBG
Counter DRBG
Message
Authentication
Generation with
HMAC
MAC Message
authentication
generation using
HMAC
SHA algorithm:SHA-1,
SHA2-224, SHA2-256,
SHA2-384, SHA2-512,
SHA2-512/256
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-
512/256
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-
512/256
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-
512/256
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 31 of 60
Name Type Description Properties Algorithms
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-
512/256
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-
512/256
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-
512/256
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-
512/256
Message
Authentication
Generation with AES
MAC Message
authentication
generation using
AES CMAC/GMAC
Keys:128 or 256 bits
with 128 or 256 bits
of strength
AES-CMAC
AES-GMAC
AES-GMAC
AES-CMAC
AES-GMAC
AES-CMAC
AES-GMAC
AES-CMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-CMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-CMAC
AES-GMAC
AES-GMAC
AES-GMAC
Authenticated
Encryption/Decryption
with AES CCM
BC-Auth Authenticated
encryption and
decryption using
AES CCM
Keys:128 bits with
128 bits of strength
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
Authenticated
Encryption/Decryption
with AES GCM
BC-Auth Authenticated
encryption and
decryption using
AES GCM
Keys:128 or 256 bits
with 128 or 256 bits
of strength
Authenticated
Encryption:Internal IV
Mode 8.2.2
Authenticated
Decryption:External IV
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 32 of 60
Name Type Description Properties Algorithms
AES-GCM
AES-GCM
AES-GCM
AES-GCM
Table 9: Security Function Implementations
2.7 Algorithm Specific Information
GCM IV
The module offers three AES GCM implementations. The GCM IV generation for these
implementations complies respectively with IG C.H under Scenario 1, Scenario 2, and
Scenario 5. The GCM shall only be used in the context of the AES-GCM encryption executing
under each scenario, and using the referenced APIs explained next.
Scenario 1, TLS 1.2
For TLS 1.2, the module offers the GCM implementation via the functions
EVP_aead_aes_128_gcm_tls12() and EVP_aead_aes_256_gcm_tls12(), and uses the context
of Scenario 1 of IG C.H. The module is compliant with SP800-52rev2 and the mechanism for
IV generation is compliant with RFC5288. The module supports acceptable AES-GCM
ciphersuites from Section 3.3.1 of SP800-52rev2.
The module explicitly ensures that the counter (the nonce_explicit part of the IV) does not
exhaust the maximum number of possible values of 2^{64-1} for a given session key. If this
exhaustion condition is observed, the module returns an error indication to the calling
application, which will then need to either abort the connection, or trigger a handshake to
establish a new encryption key.
In the event the module’s power is lost and restored, the consuming application must ensure
that a new key for use with the AES-GCM key encryption or decryption under this scenario
shall be established.
Scenario 2, Random IV
In this implementation, the module offers the interfaces
EVP_aead_aes_128_gcm_randnonce() and EVP_aead_aes_256_gcm_randnonce() for
compliance with Scenario 2 of IG C.H and SP800-38D Section 8.2.2. The AES-GCM IV is
generated randomly internal to the module using module’s approved DRBG. The DRBG
seeds itself from the entropy source. The GCM IV is 96 bits in length. Per Section 9, this 96-
bit IV contains 96 bits of entropy.
Scenario 5, TLS 1.3
August 2018, using the ciphersuites that explicitly select AES-GCM as the
encryption/decryption cipher (Appendix B.4 of RFC8446). The module supports acceptable
AES-GCM ciphersuites from Section 3.3.1 of SP800-52rev2.
The module implements, within its boundary, an IV generation unit for TLS 1.3 that keeps
control of the 64-bit counter value within the AES-GCM IV. If the exhaustion condition is
observed, the module will return an error indication to the calling application, who will then
need to either trigger a re-key of the session (i.e., a new key for AES-GCM), or terminate the
connection.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 33 of 60
In the event the module’s power is lost and restored, the consuming application must ensure
that new AES-GCM keys encryption or decryption under this scenario are established. TLS
1.3 provides session resumption, but the resumption procedure derives new AES-GCM
encryption keys.
AES XTS
The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 220
AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of
SP 800-38E. The XTS mode shall only be used for the cryptographic protection of data on
storage devices. It shall not be used for other purposes, such as the encryption of data in
transit.
Key Derivation using SP 800-132 PBKDF2
The module provides password-based key derivation (PBKDF2), compliant with SP 800-132.
The module supports option 1a from Section 5.4 of SP 800-132, in which the Master Key
(MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance with
SP 800-132 and FIPS 140-3 IG D.N, the following requirements shall be met:
• Derived keys shall only be used in storage applications. The MK shall not be used for
other purposes. The module accepts a minimum length of 112 bits for the MK or DPK.
• Passwords or passphrases, used as an input for the PBKDF2, shall not be used as
cryptographic Keys.
• The minimum length of the password or passphrase accepted by the module is 14
characters. This results in the estimated probability of guessing the password to be
at most 10-14. Combined with the minimum iteration count as described below, this
provides an acceptable trade-off between user experience and security against
brute-force attacks.
• A portion of the salt, with a length of at least 128 bits (this is verified by the module
to determine the service is approved), shall be generated randomly using the SP 800-
90Ar1 DRBG provided by the module.
• The iteration count shall be selected as large as possible, if the time required to
generate the key using the entered password is acceptable for the users. The module
restricts the minimum iteration count to be 1000.
Compliance to SP 800-56ARev3 assurances
The module offers ECDH shared secret computation services compliant to the SP 800-
56ARev3 and meeting IG D.F scenario 2 path (1). To meet the required assurances listed in
section 5.6 of SP 800-56ARev3, the module shall be used together with an application that
implements the “TLS protocol” and the following steps shall be performed.
• The entity using the module, must use the module's "Key Pair Generation" service for
generating ECDH ephemeral keys. This meets the assurances required by key pair
owner defined in the section 5.6.2.1 of SP 800-56ARev3.
• As part of the module's shared secret computation (SSC) service, the module
internally performs the public key validation on the peer's public key passed in as
input to the SSC function. This meets the public key validity assurance required by
the sections 5.6.2.2.1/5.6.2.2.2 of SP 800-56Arev3.
• The module does not support static keys therefore the "assurance of peer's
possession of private key" is not applicable.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 34 of 60
2.8 RBG and Entropy
N/A for this module.
N/A for this module.
The module provides an SP800-90Arev1-compliant Deterministic Random Bit Generator
(DRBG) using CTR_DRBG mechanism with AES-256 for generation of key components of
asymmetric keys, and random number generation. The DRBG is seeded with 256-bit of
entropy input provided from an external entity to the module. This corresponds to scenario 2
(b) of IG 9.3.A i.e., the DRBG that receives a LOAD command with entropy obtained from
inside the physical perimeter of the operational environment but outside of module's
cryptographic boundary. The calling application shall use an entropy source that meets the
security strength required for the CTR_DRBG as shown in NIST SP 800-90Arev1, Table 3 and
should return an error if minimum strength cannot be met.
Per the IG 9.3.A requirement, the module includes the caveat "No assurance of the minimum
strength of generated keys".
2.9 Key Generation
The module implements Cryptographic Key Generation (CKG, vendor affirmed), compliant
with SP 800-133Rev2. When random values are required, they are obtained from the SP
800-90ARev1 approved DRBG, compliant with Section 4 of SP 800-133Rev2. The following
methods are implemented:
ECDSA (FIPS 186-5, A.2.2 Rejection Sampling): P-224, P-256, P 384, P-521 elliptic curves with
112-256 bits of key strength.
RSA (FIPS 186-5, A.1.3 Random Probable Primes): 2048, 3072, 4096 bits with 112, 128, 149
bits of key strength.
Additionally, the module implements the following key derivation methods per SP800-
133Rev2 section 6.2:
KDA HKDF (SP 800-56CRev1): 112-256 bits of key strength, using (HMAC) SHA-1, SHA2-224,
SHA2-256, SHA2-384, SHA2-512.
PBKDF (SP 800-133Rev2, option 1a): 112-256 bits of key strength, using (HMAC) SHA-1,
SHA2-224, SHA2-256, SHA2-384, SHA2-512.
SSH KDF (SP 800-135Rev1): 112-256 bits of key strength, using AES-128, AES-192, AES-256
with SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512.
KDF TLS (SP 800-135Rev1): 112-256 bits of key strength, using SHA2-256, SHA2-384, SHA2-
512.
2.10 Key Establishment
The module implements SSP agreement and SSP transport methods as listed in the Security
Function Implementations table.
2.11 Industry Protocols
The module implements the SSH key derivation function for use in the SSH protocol (RFC
4253 and RFC 6668).
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 35 of 60
GCM with internal IV generation in the approved mode is compliant with versions 1.2 and 1.3
of the TLS protocol (RFC 5288 and 8446) and shall only be used in conjunction with the TLS
protocol. Additionally, the module implements the TLS 1.2 and TLS 1.3 key derivation
functions for use in the TLS protocol.
No parts of the SSH, TLS, other than those mentioned above, have been tested by the CAVP
and CMVP.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 36 of 60
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces
Physical
Port
Logical
Interface(s)
Data That Passes
N/A Data Input API input parameters for data.
N/A Data Output API output parameters for data.
N/A Control Input API function calls.
N/A Status Output API return codes, error message.
Table 10: Ports and Interfaces
As a Software module, the module interfaces are defined as Software or Firmware Module
Interfaces (SMFI), and there are no physical ports. The module does not implement a control
output interface.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 37 of 60
4 Roles, Services, and Authentication
4.1 Authentication Methods
N/A for this module.
The module does not support authentication.
4.2 Roles
Name Type Operator Type Authentication Methods
Crypto Officer Role CO None
Table 11: Roles
The module does not support concurrent operators.
4.3 Approved Services
Name Description Indicator Inputs Outputs Security
Functions
SSP
Access
Encryption Encryption Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
AES key,
plaintext
Ciphertext Encryption/Decrypt
ion with AES
Crypto
Officer
- AES Key:
W,E
Decryption Decryption Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
AES key,
ciphertext
Plaintext Encryption/Decrypt
ion with AES
Crypto
Officer
- AES Key:
W,E
Authenticate
d Encryption
Authenticated
Encryption
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
AES key,
plaintext
Ciphertext Authenticated
Encryption/Decrypt
ion with AES CCM
Authenticated
Encryption/Decrypt
ion with AES GCM
Crypto
Officer
- AES Key:
W,E
Authenticate
d Decryption
Authenticated
Decryption
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
AES key,
ciphertext
Plaintext Authenticated
Encryption/Decrypt
ion with AES CCM
Authenticated
Encryption/Decrypt
ion with AES GCM
Crypto
Officer
- AES Key:
W,E
Key
Wrapping
Encrypting a key Return value 1
from the
function: FIPS_
service_
AES key
wrapping
key, Key
Wrapped
key
Key
Wrapping/Unwrapp
ing with AES KW,
AES-KWP
Crypto
Officer
- AES Key:
W,E
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 38 of 60
Name Description Indicator Inputs Outputs Security
Functions
SSP
Access
indicator_
check_approve
d()
to be
wrapped
Key
Wrapping/Unwrapp
ing with AES GCM
Key
Wrapping/Unwrapp
ing with AES CCM
Key
unwrapping
Decrypting a key Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
AES key
unwrappi
ng key,
Key to be
unwrappe
d
Unwrappe
d key
Key
Wrapping/Unwrapp
ing with AES KW,
AES-KWP
Key
Wrapping/Unwrapp
ing with AES GCM
Key
Wrapping/Unwrapp
ing with AES CCM
Crypto
Officer
- AES Key:
W,E
Message
Authenticati
on
Generation
MAC computation Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
AES key
or HMAC
key,
message
MAC tag Message
Authentication
Generation with
HMAC
Message
Authentication
Generation with
AES
Crypto
Officer
- HMAC
Key: W,E
Message
Digest
Generating
message digest
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
Message Message
digest
Message Digest
with SHA
Crypto
Officer
Random
Number
Generation
Generating
random numbers
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
Output
length
Random
bytes
Random Number
Generation with
DRBG
Crypto
Officer
- Entropy
Input: W,E
- DRBG
Seed: G,E
- DRBG
Internal
State (V,
Key):
G,W,E
Key
Generation
Generating a key
pair
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
Modulus
size /
Curve
RSA public
key, RSA
private
key / EC
public
key, EC
private
key
Key Generation
with RSA
Key Generation
with ECDSA
Crypto
Officer
- RSA
Public Key
: G,R
- RSA
Private
Key: G,R
- EC Public
Key: G,R
- EC
Private
Key: G,R
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 39 of 60
Name Description Indicator Inputs Outputs Security
Functions
SSP
Access
Key
Verification
Verifying the
public key
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
Public key Success/
error
Key Verification
with ECDSA
Crypto
Officer
- EC Public
Key: W,E
Signature
Generation
Generating
signature
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
Message,
EC private
key or
RSA
private
key
Digital
signature
Signature
Generation with
RSA
Signature
Generation with
ECDSA
Crypto
Officer
- RSA
Private
Key: W,E
- EC
Private
Key: W,E
Signature
Verification
Verifying
signature
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d(
Signature,
EC public
key or
RSA
public key
Digital
signature
verificatio
n result
Signature
Verification with
ECDSA
Signature
Verification with
RSA
Crypto
Officer
- RSA
Public Key
: W,E
- EC Public
Key: W,E
Shared
Secret
Computation
Calculating the
Shared Secret
Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
EC public
key, EC
private
key
Shared
Secret
Shared Secret
Computation with
EC Diffie-Hellman
Crypto
Officer
- EC Public
Key: W,E
- EC
Private
Key: W,E
- Shared
Secret: G,R
Key
Derivation
with TLS
KDF
Deriving Keys Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
TLS Pre-
Master
Secret /
TLS
Master
Secret
TLS
Master
secret /
TLS
Derived
Key
(AES/HMA
C)
Key Derivation with
TLS KDF
Crypto
Officer
- TLS Pre-
Master
Secret:
W,E
- TLS
Master
Secret :
G,W,E
- TLS
Derived
Key
(AES/HMAC
): G
Key
Derivation
with PBKDF
Deriving Keys Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
Password,
salt,
iteration
count
PBKDF
Derived
Key
Key Derivation with
PBKDF
Crypto
Officer
- PBKDF
Derived
Key: G,R
-
Password:
W,E
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 40 of 60
Name Description Indicator Inputs Outputs Security
Functions
SSP
Access
Key
Derivation
with KDA
HKDF
Deriving Keys Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
Shared
Secret,
Key
Length,
Digest
KDA
Derived
Key
Key Derivation with
KDA HKDF
Crypto
Officer
- KDA
Derived
Key: G,R
- Shared
Secret:
W,E
Key
Derivation
with SSH
KDF
Deriving Keys Return value 1
from the
function: FIPS_
service_
indicator_
check_approve
d()
Shared
Secret,
Key
Length
SSH
Derived
Key
Key Derivation with
SSH KDF
Crypto
Officer
- SSH
Derived
Key: G,R
- Shared
Secret:
W,E
Zeroization Zeroize SSP in
volatile memory
N/A SSP N/A None Crypto
Officer
- AES Key:
Z
- HMAC
Key: Z
- Entropy
Input: Z
- DRBG
Seed: Z
- DRBG
Internal
State (V,
Key): Z
- RSA
Public Key
: Z
- RSA
Private
Key: Z
- RSA
Private
Key: Z
- EC Public
Key: Z
- EC
Private
Key: Z
- Shared
Secret: Z
- TLS Pre-
Master
Secret: Z
- TLS
Master
Secret : Z
- TLS
Derived
Key
(AES/HMAC
): Z
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 41 of 60
Name Description Indicator Inputs Outputs Security
Functions
SSP
Access
- TLS
Derived
Key
(AES/HMAC
): Z
-
Password:
Z
-
Intermedia
te Key
Generation
Value: Z
On-Demand
Self-test
Initiate power-on
self-tests by reset
N/A N/A Pass or
fail
Shared Secret
Computation with
EC Diffie-Hellman
Key
Wrapping/Unwrapp
ing with AES KW,
AES-KWP
Key
Wrapping/Unwrapp
ing with AES GCM
Key
Wrapping/Unwrapp
ing with AES CCM
Encryption/Decrypt
ion with AES
Signature
Generation with
RSA
Signature
Generation with
ECDSA
Key Generation
with RSA
Key Generation
with ECDSA
Key Generation
with RSA
Signature
Verification with
ECDSA
Signature
Verification with
RSA
Key Verification
with ECDSA
Key Derivation with
TLS KDF
Key Derivation with
SSH KDF
Key Derivation with
KDA HKDF
Key Derivation with
PBKDF
Message Digest
Crypto
Officer
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 42 of 60
Name Description Indicator Inputs Outputs Security
Functions
SSP
Access
with SHA
Random Number
Generation with
DRBG
Message
Authentication
Generation with
HMAC
Message
Authentication
Generation with
AES
Authenticated
Encryption/Decrypt
ion with AES CCM
Authenticated
Encryption/Decrypt
ion with AES GCM
On-Demand
Integrity
Test
Initiate integrity
test on-demand
N/A N/A Pass or
fail
Message
Authentication
Generation with
HMAC
Crypto
Officer
Show Status Show status of
the module state
N/A N/A Module
status
None Crypto
Officer
Show
Version
Show the version
of the module
using
awslc_version_stri
ng
N/A N/A Module
name and
version
None Crypto
Officer
Table 12: Approved Services
For the above table, the convention below applies when specifying the access permissions
(types) that the service has for each SSP.
• R = Read: The SSP is read from the module (e.g., the SSP is output).
• W = Write: The SSP is updated, imported, or written to the module.
• E = Execute: The module uses the SSP in performing a cryptographic operation.
• Z = Zeroize: The module zeroizes the SSP.
For the role, CO indicates “Crypto Officer”.
The module implements a service indicator that indicates whether the invoked service is
approved. The service indicator is a return value 1 from the
FIPS_service_indicator_check_approved function. This function is used together with two
other functions. The usage is as follows:
• STEP 1: Should be called before invoking the service.
int before = FIPS_service_indicator_before_call();
• STEP 2: Make a service call i.e., API function for performing a service.
Func();
• STEP 3: Should be called after invoking the service.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 43 of 60
int after = FIPS_service_indicator_after_call();
• STEP 4: Return value 1 indicates approved service was invoked.
int ret = FIPS_service_indicator_check_approved(before, after);
Alternatively, all the above steps can be done by using a single call using the function
CALL_SERVICE_AND_CHECK_APPROVED(approved, func).
4.4 Non-Approved Services
Name Description Algorithms Role
Encryption Encryption AES with OFB or CFB1, CFB8 modes
AES GCM, GCM, GMAC, XTS with keys not listed in Table
5
AES using aes_*_generic function
AES GMAC using aes_*_generic
RSA encryption primitive with PKCS#1 v1.5 and OAEP
padding
CO
Decryption Decryption AES with OFB or CFB1, CFB8 modes
AES GCM, GCM, GMAC, XTS with keys not listed in Table
5
AES using aes_*_generic function
AES GMAC using aes_*_generic
CO
Message
Authentication
Generation
MAC computation AES GMAC using aes_*_generic
HMAC-MD4, HMAC-MD5, HMAC-SHA1, HMAC-SHA-3,
HMAC-RIPEMD-160
CO
Message Digest Generating
message digest
MD4
MD5 (outside of TLS)
SHAKE, RIPEMD-160, SHA-3
CO
Signature Generation Generating
signatures
RSA using keys less than 2048 bits
RSA without hashing
SHA-1, SHA-3
CO
Signature Verification Verifying
signatures
RSA using keys less than 1024 bits
RSA without hashing
CO
Key Generation Generating key
pair
RSA using RSA_generate_key_ex
ECDSA using EC_KEY_generate_key
CO
Shared Secret
Computation
Calculating
shared secret
Curve secp256k1
Diffie Hellman
CO
Key Derivation Deriving TLS
keys
TLS KDF using any SHA algorithms other than SHA2-
256, SHA2-384, SHA2-512; or TLS KDF using non-
extended master secret
CO
Key Encapsulation Encrypting a key RSA CO
Key Un-
encapsulation
Decrypting a key RSA CO
Table 13: Non-Approved Services
4.5 External Software/Firmware Loaded
The module does not support loading of external software or firmware.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 44 of 60
5 Software/Firmware Security
5.1 Integrity Techniques
The integrity of the module is verified by comparing a HMAC value calculated at run time on
the bcm.o file, with the HMAC-SHA2-256 value stored within the module that was computed
at build time.
5.2 Initiate on Demand
The module provides on-demand integrity test. The integrity test can be performed on
demand by reloading the module. Additionally, the integrity test can be performed using the
On-Demand Integrity Test service, which calls the BORINGSSL_integrity_test function.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 45 of 60
6 Operational Environment
6.1 Operational Environment Type and Requirements
Type of Operational Environment: Modifiable
How Requirements are Satisfied:
The module should be compiled and installed as stated in section 11. The user should
confirm that the module is installed correctly by following steps 4 and 5 listed in section 11.
6.2 Configuration Settings and Restrictions
Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as
well as other tracing mechanisms offered by the Linux environment such as ftrace or
systemtap, shall not be used in the operational environment. The use of any of these tools
implies that the cryptographic module is running in a non-validated operational
environment.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 46 of 60
7 Physical Security
7.1 Mechanisms and Actions Required
N/A for this module.
The module is comprised of software only and therefore this section is not applicable.
7.4 Fault Induction Mitigation
7.5 EFP/EFT Information
Temp/Voltage
Type
Temperature
or Voltage
EFP
or
EFT
Result
LowTemperature
HighTemperature
LowVoltage
HighVoltage
Table 14: EFP/EFT Information
7.6 Hardness Testing Temperature Ranges
Temperature
Type
Temperature
LowTemperature
HighTemperature
Table 15: Hardness Testing Temperatures
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 47 of 60
8 Non-Invasive Security
8.1 Mitigation Techniques
The module claims no non-invasive security techniques.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 48 of 60
9 Sensitive Security Parameters Management
9.1 Storage Areas
Storage
Area
Name
Description Persistence
Type
RAM Temporary storage for SSPs used by the module as part of service execution.
The module does not perform persistent storage of SSPs
Dynamic
Table 16: Storage Areas
9.2 SSP Input-Output Methods
Name From To Format
Type
Distribution
Type
Entry
Type
SFI or
Algorithm
API input
parameters
Operator calling
application (TOEPP)
Cryptographic
module
Plaintext Manual Electronic
API output
parameters
Cryptographic
module
Operator calling
application (TOEPP)
Plaintext Manual Electronic
Table 17: SSP Input-Output Methods
The module does not support entry and output of SSPs beyond the physical perimeter of the
operational environment. The SSPs are provided to the module via API input parameters in
the plaintext form and output via API output parameters in the plaintext form to and from
the calling application running on the same operational environment.
9.3 SSP Zeroization Methods
Zeroization
Method
Description Rationale Operator Initiation
Free Cipher
Handle
Zeroizes the SSPs
contained within
the cipher handle.
Memory occupied by
SSPs is overwritten
with zeroes, which
renders the SSP values
irretrievable.
By calling the appropriate zeroization
functions: OpenSSL_cleanse,
EVP_CIPHER_CTX_cleanup,
EVP_AEAD_CTX_zero, HMAC_CTX_cleanup,
CTR_DRBG_clear, RSA_free, EC_KEY_free
Module Reset De-allocates the
volatile memory
used to store
SSPs
Volatile memory used
by the module is
overwritten within
nanoseconds when
power is removed.
By unloading and reloading the module.
Automatically Automatically
zeroized when no
longer needed
Memory occupied by
SSPs is overwritten
with zeros, which
renders the SSP values
irretrievable.
N/A
Table 18: SSP Zeroization Methods
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 49 of 60
9.4 SSPs
Name Description Size -
Strengt
h
Type -
Category
Generate
d By
Establishe
d By
Used By
AES Key AES key used
for
encryption,
decryption,
and
computing
MAC tags
128-256
bits -
128-256
bits
Symmetric
key - CSP
Key
Wrapping/Unwrappin
g with AES KW, AES-
KWP
Key
Wrapping/Unwrappin
g with AES GCM
Key
Wrapping/Unwrappin
g with AES CCM
Encryption/Decryptio
n with AES
Message
Authentication
Generation with AES
Authenticated
Encryption/Decryptio
n with AES CCM
Authenticated
Encryption/Decryptio
n with AES GCM
HMAC Key HMAC key for
Message
Authenticatio
n Generation
112-
524288
bits -
112-256
bits
Authenticatio
n key - CSP
Message
Authentication
Generation with
HMAC
Entropy
Input
Entropy input
used to seed
the DRBGs
256 bits
- 256 bits
Entropy - CSP Random Number
Generation with
DRBG
DRBG Seed DRBG seed
derived from
entropy input
as defined in
SP 800-90Ar1
256 bits
- 256 bits
DRBG seed -
CSP
Random
Number
Generation
with DRBG
Random Number
Generation with
DRBG
DRBG
Internal
State (V,
Key)
Internal state
of CTR_DRBG
256 bits -
256 bits
Internal state
- CSP
Random
Number
Generation
with DRBG
Random Number
Generation with
DRBG
RSA Public
Key
RSA public
key used for
RSA key
generation,
signature
verification
1024,
2048,
3072,
4096 bits
- 80-150
bits
Public key -
PSP
Key
Generation
with RSA
Key Generation with
RSA
Signature Verification
with RSA
RSA Private
Key
RSA private
key used for
RSA key
generation,
signature
generation
2048,
3072,
4096 bits
- 112-150
bits
Private key -
CSP
Key
Generation
with RSA
Signature Generation
with RSA
Key Generation with
RSA
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 50 of 60
Name Description Size -
Strengt
h
Type -
Category
Generate
d By
Establishe
d By
Used By
EC Public
Key
EC public key
used for EC
key
generation,
key
verification,
signature
verification,
shared secret
computation
P-224, P-
256, P-
384, P-
521 -
112-256
bits
Public key -
PSP
Key
Generation
with ECDSA
Shared Secret
Computation with EC
Diffie-Hellman
Key Generation with
ECDSA
Signature Verification
with ECDSA
EC Private
Key
EC private key
used for EC
key
generation,
key
verification,
signature
generation,
shared secret
computation
P-224, P-
256, P-
384, P-
521 -
112-256
bits
Private key -
CSP
Key
Generation
with ECDSA
Shared Secret
Computation with EC
Diffie-Hellman
Signature Generation
with ECDSA
Key Generation with
ECDSA
Shared
Secret
Shared Secret
generated by
KAS-ECC-SSC
P-224, P-
256, P-
384, P-
521 -
112-256
bits
Shard secret -
CSP
Shared
Secret
Computation
with EC
Diffie-
Hellman
Key Derivation with
TLS KDF
Key Derivation with
SSH KDF
Key Derivation with
KDA HKDF
TLS Pre-
Master
Secret
TLS Pre-
Master secret
used for
deriving the
TLS Master
Secret
112-256
bits - N/A
TLS pre-
master secret
- CSP
Key Derivation with
TLS KDF
Key Derivation with
KDA HKDF
TLS Master
Secret
TLS Master
secret used
for deriving
the TLS
Derived Key
384 bits -
N/A
TLS master
secret - CSP
Key
Derivation
with TLS
KDF
Key
Derivation
with KDA
HKDF
Key Derivation with
TLS KDF
Key Derivation with
KDA HKDF
TLS Derived
Key
(AES/HMAC)
TLS Derived
Key from TLS
Master Secret
AES: 128-
256 bits
HMAC:
112 to
256 bits
- AES:
128-256
bits
HMAC:
112 to
256 bits
Symmetric
key - CSP
Key
Derivation
with TLS
KDF
Key Derivation with
TLS KDF
KDA Derived
Key
KDA HKDF
derived key
112 to
256 bits -
N/A
Symmetric
key - CSP
Key
Derivation
with KDA
HKDF
Key Derivation with
KDA HKDF
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 51 of 60
Name Description Size -
Strengt
h
Type -
Category
Generate
d By
Establishe
d By
Used By
SSH Derived
Key
SSH KDF
derived key
112 to
256 bits -
N/A
Symmetric
key - CSP
Key
Derivation
with SSH
KDF
Key Derivation with
SSH KDF
PBKDF
Derived Key
PBKDF
derived key
112 to
256 bits -
N/A
Symmetric
key - CSP
Key
Derivation
with PBKDF
Key Derivation with
PBKDF
Password Password for
PBKDF
112-
524288
bits - N/A
Password -
CSP
Key Derivation with
PBKDF
Intermediat
e Key
Generation
Value
Intermediate
key
generation
value
224-4096
bits -
112-256
bits
Intermediate
value - CSP
Key
Generation
with RSA
Key
Generation
with ECDSA
Key Generation with
ECDSA
Key Generation with
RSA
Table 19: SSP Table 1
Name Input -
Output
Storage Storage
Duration
Zeroization Related SSPs
AES Key API input
parameters
API output
parameters
RAM:Plaintext From service
invocation to
service
completion
Free Cipher
Handle
Module Reset
HMAC Key API input
parameters
API output
parameters
RAM:Plaintext From service
invocation to
service
completion
Free Cipher
Handle
Module Reset
Entropy Input API input
parameters
RAM:Plaintext from service
invocation to
service
completion
Automatically DRBG
Seed:Generation Of
DRBG Seed RAM:Plaintext from service
invocation to
service
completion
Automatically Entropy
Input:Derived From
DRBG Internal
State (V, Key)
from service
invocation to
service
completion
Automatically DRBG Seed:Derived
From
RSA Public Key API input
parameters
API output
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
RSA Private
Key:Paired With
RSA Private Key API input
parameters
API output
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
RSA Public Key
:Paired With
EC Public Key API input
parameters
RAM:Plaintext from service
invocation to
Free Cipher
Handle
Module Reset
EC Private Key:Paired
With
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 52 of 60
Name Input -
Output
Storage Storage
Duration
Zeroization Related SSPs
API output
parameters
service
completion
Shared
Secret:Generation Of
EC Private Key API input
parameters
API output
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
EC Public Key:Paired
With
Shared
Secret:Generation Of
Shared Secret API output
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
EC Public
Key:Derived From
EC Private
Key:Derived From
TLS Pre-Master
Secret
API input
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
TLS Master Secret
:Derivation Of
TLS Master
Secret
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
TLS Pre-Master
Secret:Derived From
TLS Derived Key
(AES/HMAC)
API output
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
TLS Master Secret
:Derived From
KDA Derived Key API output
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
Shared
Secret:Derived From
SSH Derived Key API output
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
Shared
Secret:Derived From
PBKDF Derived
Key
API output
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
Password:Derived
From
Password API input
parameters
RAM:Plaintext from service
invocation to
service
completion
Free Cipher
Handle
Module Reset
Derived
Key:Derivation Of
Intermediate Key
Generation
Value
from service
invocation to
service
completion
Automatically RSA Public Key
:Generation Of
RSA Private
Key:Generation Of
EC Public
Key:Generation Of
EC Private
Key:Generation Of
Table 20: SSP Table 2
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 53 of 60
9.5 Transitions
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes,
starting January 1, 2030.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 54 of 60
10 Self-Tests
10.1 Pre-Operational Self-Tests
Algorithm or
Test
Test
Properties
Test Method Test Type Indicator Details
HMAC-SHA2-256
(A4509)
SHA2-256 Message
Authentication
SW/FW
Integrity
Module becomes
operational
Integrity test
for bcm.o
Table 21: Pre-Operational Self-Tests
The module performs the pre-operational self-test automatically when the module is loaded
into memory; the pre-operational self-test is the software integrity test that ensures that the
module is not corrupted. While the module is executing the pre-operational self-test,
services are not available, and input and output are inhibited.
The software integrity test is performed after a set of conditional cryptographic algorithm
self-tests (CASTs). The set of CASTs executed before the software integrity test consists of
HMAC-SHA2-256 KAT, which is used in the pre-operational self-test, and the SHA2-256 KAT.
10.2 Conditional Self-Tests
Algorithm or
Test
Test
Properties
Test Method Test
Type
Indicator Details Conditions
AES-CBC
(A4513)
128-bit AES key Encrypt KAT CAST Module is
operational
Encrypt Power up
AES-CBC
(A4510)
128-bit AES key Decrypt KAT CAST Module is
operational
Decrypt Power up
AES-GCM
(A4511)
128-bit AES key Encrypt KAT CAST Module is
operational
Encrypt Power up
AES-GCM
(A4511)
128-bit AES key Decrypt KAT CAST Module is
operational
Decrypt Power up
SHA-1
(A4509)
N/A SHA-1 KAT CAST Module is
operational
Message digest Power up
SHA2-256
(A4509)
N/A SHA2-256 KAT CAST Module is
operational
Message digest Power up
SHA2-512
(A4509)
N/A SHA2-512 KAT CAST Module is
operational
Message digest Power up
HMAC-SHA2-
256 (A4509)
SHA2-256 HMAC KAT CAST Module is
operational
Message
authentication
Power up
Counter
DRBG
(A4513)
AES 256 CTR_DRBG KAT CAST Module is
operational
Seed
Generation
Power up
Counter
DRBG
(A4513)
N/A SP800-90Ar1
Section 11.3
Health Test
CAST Module is
operational
Seed
Generation
Power up
ECDSA
SigGen
(FIPS186-5)
(A4509)
P-256 Curve
and SHA2-256
Sign KAT CAST Module is
operational
Sign Signature
Generation or Key
Generation
service request
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 55 of 60
Algorithm or
Test
Test
Properties
Test Method Test
Type
Indicator Details Conditions
ECDSA SigVer
(FIPS186-4)
(A4509)
P-256 Curve
and SHA2-256
Verify KAT CAST Module is
operational
Verify Signature
verification or Key
Generation
service request
KAS-ECC-SSC
Sp800-56Ar3
(A4509)
P-256 Curve Z computation CAST Module is
operational
Shared secret
computation
Shared secret
computation
request
ECDSA
KeyGen
(FIPS186-5)
(A4509)
Respective
Curve and
SHA2-256
Signature
generation and
verification
PCT Module is
operational
Sign and Verify Key generation
KDF TLS
(A4509)
SHA2-256 TLS 1.2 KAT CAST Module is
operational
Key derivation Power up
KDA HKDF
Sp800-56Cr1
(A4509)
HMAC-SHA2-
256
KDA HKDF KAT CAST Module is
operational
Key derivation Power up
PBKDF
(A4509)
HMAC-SHA2-
256
PBKDF2 KAT CAST Module is
operational
Key derivation Power up
RSA SigGen
(FIPS186-5)
(A4509)
PKCS#1 v1.5
with 2048 bit
key and SHA2-
256
Sign KAT CAST Module is
operational
Sign Signature
Generation or Key
Generation
service request
RSA SigVer
(FIPS186-4)
(A4509)
PKCS#1 v1.5
with 2048 bit
key and SHA2-
256
Verify KAT CAST Module is
operational
Verify Signature
Verification or
Key Generation
service request
RSA KeyGen
(FIPS186-5)
(A4509)
SHA2-256 and
respective keys
Signature
generation and
verification
PCT Module is
operational
Sign and Verify Key generation
Table 22: Conditional Self-Tests
Conditional Cryptographic Algorithm Tests
The module performs self-tests on approved cryptographic algorithms, using the tests
shown in Table 22. Data output through the data output interface is inhibited during the self-
tests. The CASTs are performed in the form of Known Answer Tests (KATs), in which the
calculated output is compared with the expected known answer (that are hard-coded in the
module). A failed match causes a failure of the self-test. If any of these self-tests fails, the
module transitions to error state.
Conditional Pair-Wise Consistency Tests
The module implements RSA and ECDSA key generation service and performs the respective
pairwise consistency test (PCT) using sign and verify functions when the keys are generated
(Table 22). If any of these self-tests fails, the module transitions to error state and is
aborted.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 56 of 60
10.3 Periodic Self-Test Information
Algorithm or Test Test Method Test Type Period Periodic Method
HMAC-SHA2-256
(A4509)
Message
Authentication
SW/FW Integrity On demand Manually
Table 23: Pre-Operational Periodic Information
Algorithm or Test Test Method Test Type Period Periodic Method
AES-CBC (A4513) Encrypt KAT CAST On demand Manually
AES-CBC (A4510) Decrypt KAT CAST On demand Manually
AES-GCM (A4511) Encrypt KAT CAST On demand Manually
AES-GCM (A4511) Decrypt KAT CAST On demand Manually
SHA-1 (A4509) SHA-1 KAT CAST On demand Manually
SHA2-256 (A4509) SHA2-256 KAT CAST On demand Manually
SHA2-512 (A4509) SHA2-512 KAT CAST On demand Manually
HMAC-SHA2-256
(A4509)
HMAC KAT CAST On demand Manually
Counter DRBG
(A4513)
CTR_DRBG KAT CAST On demand Manually
Counter DRBG
(A4513)
SP800-90Ar1
Section 11.3 Health
Test
CAST On demand Manually
ECDSA SigGen
(FIPS186-5)
(A4509)
Sign KAT CAST On demand Manually
ECDSA SigVer
(FIPS186-4)
(A4509)
Verify KAT CAST On demand Manually
KAS-ECC-SSC
Sp800-56Ar3
(A4509)
Z computation CAST On demand Manually
ECDSA KeyGen
(FIPS186-5)
(A4509)
Signature
generation and
verification
PCT On demand Manually
KDF TLS (A4509) TLS 1.2 KAT CAST On demand Manually
KDA HKDF Sp800-
56Cr1 (A4509)
KDA HKDF KAT CAST On demand Manually
PBKDF (A4509) PBKDF2 KAT CAST On demand Manually
RSA SigGen
(FIPS186-5)
(A4509)
Sign KAT CAST On demand Manually
RSA SigVer
(FIPS186-4)
(A4509)
Verify KAT CAST On demand Manually
RSA KeyGen
(FIPS186-5)
(A4509)
Signature
generation and
verification
PCT On demand Manually
Table 24: Conditional Periodic Information
The module does not support periodic self-tests.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 57 of 60
10.4 Error States
Name Description Conditions Recovery
Method
Indicator
Error The library is aborted
with SIGABRT signal.
Module is no longer
operational the data
output interface is
inhibited
Pre-
operational
test failure
Module
reset
Error message is output on the stderr and
then the module is aborted.
PCT
Error
The library is aborted
with SIGABRT signal.
Module is no longer
operational the data
output interface is
inhibited
Conditional
test failure
Module
reset
For CAST failure, an error message is
output on the stderr and then the module
is aborted. For PCT failure, an error
message is output in the error queue and
then the module generates new key, If the
PCT still does not pass, eventually the
module will be aborted after 5 tries.
Table 25: Error States
If the module fails any of the self-tests, the module enters an error state. To recover from
any error state, the module must be rebooted.
10.5 Operator Initiation of Self-Tests
The software integrity tests and the CASTs for AES, SHS, DRBG, HMAC, KAS-ECC-SSC, TLS
KDF, KDA HKDF, PBKDF2 can be invoked by unloading and subsequently re-initializing the
module. The CASTs for ECDSA and RSA can be invoked by requesting the corresponding Key
Generation or Digital Signature services. Additionally, all the CASTs can be invoked by
calling the BORINGSSL_self_test function. The PCTs can be invoked on demand by
requesting the Key Generation service.
10.6 Additional Information
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 58 of 60
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures
The module bcm.o is embedded into the usersapce application which can be obtained by
building the source code at the following location [1]. The set of files specified in the archive
constitutes the complete set of source files of the validated module. There shall be no
additions, deletions, or alterations of this set as used during module build.
[1] https://github.com/aws/aws-lc/archive/refs/tags/AWS-LC-FIPS-2.0.0.zip
The downloaded zip file can be verified by issuing the “sha256sum AWS-LC-FIPS-2.0.0.zip”
command. The expected SHA2-256 digest value is:
6241EC2F13A5F80224EE9CD8592ED66A97D426481066FEAA4EFC6F24E60BBC96
After the zip file is extracted, the instructions listed below will compile the module. The
compilation instructions must be executed separately on platforms that have different
processors and/or operating systems. Due to six possible combinations of OS/processor, the
module count is six (i.e., there are six separate binaries generated, one for each entry listed
in the Tested Operational Environments table).
Amazon Linux 2 and Amazon Linux 2023:
1. s udo yum gr oupi ns t a l l " De ve l opme nt Tool s "
2. s udo yum i ns t a l l c ma ke 3 gol a ng
3. c d a ws - l c - f i ps - 2022- 11- 02/
4. mkdi r bui l d
5. c d bui l d
6. c ma ke 3 - DFI PS=1 . .
7. ma ke
Ubuntu 22.04:
1. s udo a pt - ge t i ns t a l l bui l d- e s s e nt i a l
2. s udo a pt - ge t i ns t a l l c ma ke
3. Ge t l a t e s t Gol a ng a r c hi ve f or your a r c hi t e c t ur e
4. s udo t a r - C / us r / l oc a l - xz f go*. t a r . gz
5. c d a ws - l c - f i ps - 2022- 11- 02/
6. mkdi r bui l d
7. c d bui l d
8. c ma ke - DFI PS=1 - DGO_EXECUTABLE=/ us r / l oc a l / go/ bi n/ go . .
9. ma ke
Upon completion of the build process, the module’s status can be verified by the command
below. If the value obtained is “1” then the module has been installed and configured to
operate in FIPS compliant manner.
. / t ool / bs s l i s f i ps
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 59 of 60
Lastly, the user can call the “show version” service using awslc_version_string function and
the expected output is “AWS-LC FIPS 2.0.0” which is the module version. This will confirm
that the module is in the operational mode. Additionally, the “AWS-LC FIPS” also acts as the
module identifier and the verification of the "static" part can be done using following
command with an application that was used for static linking. The "T" in the output confirms
that the module is statically linked.
Command: nm <application_name> | grep awslc_version_string
Example Output: 0000000000a5bdff T awslc_version_string
11.2 Administrator Guidance
When the module is at end of life, for the GitHub repo, the README will be modified to mark
the library as deprecated. After a 6-month window, more restrictive branch permissions will
be added such that only administrators can read from the FIPS branch.
The module does not possess persistent storage of SSPs. The SSP value only exists in
volatile memory and that value vanishes when the module is powered off. So as a first step
for the secure sanitization, the module needs to be powered off. Then for actual deprecation,
the module will be upgraded to newer version that is approved. This upgrade process will
uninstall/remove the old/terminated module and provide a new replacement.
AWS-LC Cryptographic Module (static) FIPS 140-3 Non-Proprietary Security Policy
2024 Amazon Web Services, Inc., atsec information security.
This document can be reproduced and distributed only whole and intact, including this copyright notice.
Page 60 of 60
12 Mitigation of Other Attacks
12.1 Attack List
RSA timing attacks.
12.2 Mitigation Effectiveness
RSA is vulnerable to timing attacks. In a setup where attackers can measure the time of RSA
decryption or signature operations, blinding must be used to protect the RSA operation from
that attack.
The module provides the mechanism to use the blinding for RSA. When the blinding is on,
the module generates a random value to form a blinding factor in the RSA key before the
RSA key is used in the RSA cryptographic operations.