ExtraHop Cryptographic Module

Certificate #4561

Webpage information ?

Status revoked
Revoked reason Non-conformance to the FIPS 140-3 standard identified
Validation dates 28.08.2023
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in approved mode. No assurance of the minimum strength of generated keys
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The ExtraHop Cryptographic Module 1.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).
Tested configurations
  • ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 with PAA
  • ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 without PAA
  • ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 with PAA
  • ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 without PAA
  • ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 with PAA
  • ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 without PAA
Vendor ExtraHop Networks, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, CAST, CAST5, RC4, RC5, RC2, DES, Triple-DES, TDES, ChaCha20, Poly1305, IDEA, Blowfish, Camellia, ARIA, SM4, SEED, HMAC, CMAC
Asymmetric Algorithms
ECDH, ECDSA, EdDSA, ECC, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-256, SHA3-224, SHA3-384, SHA3-256, SHA3-512, SHA-3, Blake2, MD4, MD5, RIPEMD, PBKDF, PBKDF2
Schemes
MAC, Key Agreement, Key agreement
Protocols
SSH, TLS, TLS v1.2, TLS v1.3, TLS 1.2, TLS 1.3
Randomness
DRBG, RNG, RBG
Elliptic Curves
P-224, P-256, P-384, P-521, P-192, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, B-163, K-163
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XEX, XTS

JavaCard API constants
SM2
Trusted Execution Environments
PSP, SSC
Vendor
Microsoft

Security level
Level 1

Standards
FIPS 140-3, FIPS PUB 186-4, FIPS PUB 198-1, FIPS PUB 197, FIPS PUB 202, FIPS PUB 180-4, NIST SP 800-38A, NIST SP 800-38B, NIST SP 800-38C, NIST SP 800-38D, NIST SP 800-38E, NIST SP 800-38F, NIST SP 800-132, NIST SP 800-67, SP 800-38A, SP 800-38B, NIST SP 800-52, PKCS#1, PKCS #1, RFC25, RFC 8446, RFC 5288, RFC 5246, ISO/IEC 19790, ISO/IEC 24579, ISO/IEC 19790:2012, ISO/IEC 19790:2021

File metadata

Title FIPS 140-3 Non-Proprietary Security Policy
Author Corsec Security, Inc.
Creation date D:20230712104617-04'00'
Modification date D:20230712104617-04'00'
Pages 39
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 12.02.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The status property was set to revoked.
    • The historical_reason property was set to None.
    • The revoked_reason property was set to Non-conformance to the FIPS 140-3 standard identified.
  • 02.01.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The status property was set to historical.
    • The historical_reason property was set to Non-conformance to the FIPS 140-3 standard identified.
    • The date_sunset property was set to None.
  • 18.09.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4561,
  "dgst": "315ef9b31f21c15d",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES-CCMA2293",
        "TDES-CFB1A2293",
        "SHA3-256A2293",
        "AES-CTRA2293",
        "SHA3-224A2293",
        "SHA3-512A2293",
        "TDES-CBCA2293",
        "AES-CBCA2293",
        "HMAC-SHA3-256A2293",
        "HMAC-SHA3-512A2293",
        "KDF TLSA2293",
        "AES-CMACA2293",
        "AES-CFB128A2293",
        "SHA3-384A2293",
        "DSA KeyGen (FIPS186-4)A2293",
        "AES-OFBA2293",
        "KDF SSHA2293",
        "SHA2-256A2293",
        "AES-KWA2293",
        "ECDSA KeyVer (FIPS186-4)A2293",
        "SHA2-224A2293",
        "HMAC-SHA2-256A2293",
        "Counter DRBGA2293",
        "DSA PQGGen (FIPS186-4)A2293",
        "SHAKE-128A2293",
        "TDES-OFBA2293",
        "AES-GCMA2293",
        "HMAC-SHA2-224A2293",
        "HMAC-SHA3-224A2293",
        "AES-CFB8A2293",
        "TLS v1.3 KDFA2294",
        "RSA KeyGen (FIPS186-4)A2293",
        "DSA PQGVer (FIPS186-4)A2293",
        "ECDSA KeyGen (FIPS186-4)A2293",
        "SHAKE-256A2293",
        "KDA HKDF SP800-56Cr2A2293",
        "AES-XTSA2293",
        "SHA-1A2293",
        "AES-ECBA2293",
        "TDES-CMACA2293",
        "AES-KWPA2293",
        "TDES-CFB8A2293",
        "RSA SigVer (FIPS186-4)A2293",
        "HMAC-SHA2-512A2293",
        "AES-GMACA2293",
        "SHA2-512A2293",
        "PBKDFA2293",
        "HMAC-SHA-1A2293",
        "KAS-FFC-SSC Sp800-56Ar3A2293",
        "RSA SigGen (FIPS186-4)A2293",
        "DSA SigVer (FIPS186-4)A2293",
        "SHA2-384A2293",
        "TDES-ECBA2293",
        "ECDSA SigVer (FIPS186-4)A2293",
        "HMAC-SHA2-384A2293",
        "HMAC-SHA3-384A2293",
        "KAS-ECC-SSC Sp800-56Ar3A2293",
        "TLS v1.2 KDF RFC7627A2293",
        "AES-CFB1A2293",
        "TDES-CFB64A2293"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 3
          },
          "ECDH": {
            "ECDH": 11
          },
          "ECDSA": {
            "ECDSA": 26
          },
          "EdDSA": {
            "EdDSA": 3
          }
        },
        "FF": {
          "DH": {
            "DH": 12,
            "Diffie-Hellman": 2
          },
          "DSA": {
            "DSA": 25
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 8
        },
        "CCM": {
          "CCM": 3
        },
        "CFB": {
          "CFB": 3
        },
        "CTR": {
          "CTR": 5
        },
        "ECB": {
          "ECB": 9
        },
        "GCM": {
          "GCM": 37
        },
        "OFB": {
          "OFB": 8
        },
        "XEX": {
          "XEX": 2
        },
        "XTS": {
          "XTS": 4
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "SSH": {
          "SSH": 18
        },
        "TLS": {
          "TLS": {
            "TLS": 34,
            "TLS 1.2": 3,
            "TLS 1.3": 1,
            "TLS v1.2": 3,
            "TLS v1.3": 2
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 3,
          "Key agreement": 2
        },
        "MAC": {
          "MAC": 11
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-163": 2,
          "B-233": 4,
          "B-283": 4,
          "B-409": 4,
          "B-571": 4,
          "K-163": 4,
          "K-233": 6,
          "K-283": 4,
          "K-409": 4,
          "K-571": 4,
          "P-192": 8,
          "P-224": 14,
          "P-256": 8,
          "P-384": 8,
          "P-521": 8
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1,
          "Certificate6": 4
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES GCM encrypt KAT50": 1,
          "AES-CMAC 128": 1,
          "AES-GCM 128": 1,
          "CVL23": 1,
          "DRBG 9": 1,
          "DRBG27": 1,
          "DSA28": 1,
          "HMAC 128": 2,
          "PKCS #1": 2,
          "PKCS#1": 6,
          "RSA39": 1,
          "SHA-1": 13,
          "SHA-256": 1,
          "SHA-3": 1,
          "SHA2- 256": 6,
          "SHA2- 384": 4,
          "SHA2- 512": 5,
          "SHA2-224": 13,
          "SHA2-256": 17,
          "SHA2-384": 11,
          "SHA2-512": 11,
          "SHA3- 224": 1,
          "SHA3- 256": 1,
          "SHA3- 384": 1,
          "SHA3- 512 112": 1,
          "SHA3-224": 3,
          "SHA3-256": 4,
          "SHA3-384": 3,
          "SHA3-512": 3,
          "SHS42": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3
        }
      },
      "hash_function": {
        "BLAKE": {
          "Blake2": 3
        },
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 2
          }
        },
        "PBKDF": {
          "PBKDF": 6,
          "PBKDF2": 5
        },
        "RIPEMD": {
          "RIPEMD": 2
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 13
          },
          "SHA2": {
            "SHA-256": 1
          },
          "SHA3": {
            "SHA-3": 1,
            "SHA3-224": 3,
            "SHA3-256": 4,
            "SHA3-384": 3,
            "SHA3-512": 3
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "SM2": 2
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 45
        },
        "RNG": {
          "RBG": 2,
          "RNG": 4
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 20,
          "FIPS PUB 180-4": 1,
          "FIPS PUB 186-4": 5,
          "FIPS PUB 197": 2,
          "FIPS PUB 198-1": 1,
          "FIPS PUB 202": 1
        },
        "ISO": {
          "ISO/IEC 19790": 6,
          "ISO/IEC 19790:2012": 1,
          "ISO/IEC 19790:2021": 1,
          "ISO/IEC 24579": 4
        },
        "NIST": {
          "NIST SP 800-132": 2,
          "NIST SP 800-38A": 1,
          "NIST SP 800-38B": 2,
          "NIST SP 800-38C": 2,
          "NIST SP 800-38D": 6,
          "NIST SP 800-38E": 2,
          "NIST SP 800-38F": 2,
          "NIST SP 800-52": 1,
          "NIST SP 800-67": 2,
          "SP 800-38A": 1,
          "SP 800-38B": 1
        },
        "PKCS": {
          "PKCS #1": 1,
          "PKCS#1": 3
        },
        "RFC": {
          "RFC 5246": 1,
          "RFC 5288": 1,
          "RFC 8446": 1,
          "RFC25": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 98
          },
          "CAST": {
            "CAST": 4,
            "CAST5": 3
          },
          "RC": {
            "RC2": 2,
            "RC4": 3,
            "RC5": 3
          }
        },
        "DES": {
          "3DES": {
            "TDES": 1,
            "Triple-DES": 20
          },
          "DES": {
            "DES": 5
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 23,
            "HMAC": 26
          }
        },
        "djb": {
          "ChaCha": {
            "ChaCha20": 3
          },
          "Poly": {
            "Poly1305": 2
          }
        },
        "miscellaneous": {
          "ARIA": {
            "ARIA": 3
          },
          "Blowfish": {
            "Blowfish": 3
          },
          "Camellia": {
            "Camellia": 3
          },
          "IDEA": {
            "IDEA": 3
          },
          "SEED": {
            "SEED": 3
          },
          "SM4": {
            "SM4": 3
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 6
        },
        "IBM": {
          "SSC": 1
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 2
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Corsec Security, Inc.",
      "/CreationDate": "D:20230712104617-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230712104617-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "FIPS 140-3 Non-Proprietary Security Policy",
      "pdf_file_size_bytes": 886586,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search",
          "http://www.extrahop.com/",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14786",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34903",
          "http://csrc.nist.gov/groups/STM/cmvp",
          "http://www.corsec.com/",
          "mailto:[email protected]",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14787"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 39
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "2caf156a884d9abcacc495f4696817b3e9f5cb2231adfbb5148525d9df60342c",
    "policy_txt_hash": "ecb6c157586183204affae508d27f00080dde87ff63a895d0a8954df3ca89dd6"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in approved mode. No assurance of the minimum strength of generated keys",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2023_010923_0844.pdf",
    "date_sunset": null,
    "description": "The ExtraHop Cryptographic Module 1.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "ExtraHop Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": "Non-conformance to the FIPS 140-3 standard identified",
    "standard": "FIPS 140-3",
    "status": "revoked",
    "sw_versions": "1.0",
    "tested_conf": [
      "ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 with PAA",
      "ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 without PAA",
      "ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 with PAA",
      "ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 without PAA",
      "ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 with PAA",
      "ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-08-28",
        "lab": "Lightship Security, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "ExtraHop Networks, Inc.",
    "vendor_url": "http://www.extrahop.com"
  }
}