BoringCrypto

Certificate #4735

Webpage information ?

Status active
Validation dates 23.07.2024
Sunset date 22-07-2029
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.
Tested configurations
  • Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 32-bit with PAA
  • Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 32-bit without PAA
  • Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 64-bit with PAA
  • Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 64-bit without PAA
  • Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 32-bit with PAA
  • Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 32-bit without PAA
  • Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 64-bit with PAA
  • Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 64-bit without PAA
  • Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 32-bit with PAA
  • Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 32-bit without PAA
  • Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 64-bit with PAA
  • Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 64-bit without PAA
  • Android 13 running on Google Pixel 6 Pro with Google Tensor 32-bit with PAA
  • Android 13 running on Google Pixel 6 Pro with Google Tensor 32-bit without PAA
  • Android 13 running on Google Pixel 6 Pro with Google Tensor 64-bit with PAA
  • Android 13 running on Google Pixel 6 Pro with Google Tensor 64-bit without PAA
  • Android 13 running on Google Pixel 7 Pro with Google Tensor G2 32-bit with PAA
  • Android 13 running on Google Pixel 7 Pro with Google Tensor G2 32-bit without PAA
  • Android 13 running on Google Pixel 7 Pro with Google Tensor G2 64-bit with PAA
  • Android 13 running on Google Pixel 7 Pro with Google Tensor G2 64-bit without PAA
  • Debian Linux 5.17.11 (Rodete) running on n2d with AMD EPYC 7B12 with PAA
  • Debian Linux 5.17.11 (Rodete) running on n2d with AMD EPYC 7B12 without PAA
  • Google Prodimage with Linux 4.15.0 running on n1 with Intel Xeon E5 2696 v4 with PAA
  • Google Prodimage with Linux 4.15.0 running on n1 with Intel Xeon E5 2696 v4 without PAA
  • Google Prodimage with Linux 4.15.0 running on Tau t2a with Ampere Altra with PAA
  • Google Prodimage with Linux 4.15.0 running on Tau t2a with Ampere Altra without PAA
  • Google Prodimage with Linux 5.10.120 running on IN762 with PAA
  • Google Prodimage with Linux 5.10.120 running on IN762 without PAA
Vendor Google, LLC.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, CAST, DES, Triple-DES, HMAC
Asymmetric Algorithms
ECDSA, ECC, DH, Diffie-Hellman
Hash functions
SHA-1, MD4, MD5
Schemes
MAC, Key Agreement
Protocols
SSL, TLS, TLS 1.2, TLS v1.2
Randomness
DRBG
Libraries
BoringSSL
Elliptic Curves
P-224, P-256, P-384, P-521
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM

Trusted Execution Environments
PSP
Vendor
Qualcomm

Security level
Level 1

Standards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS PUB 140-3, NIST SP 800-52, NIST SP 800-38D, SP 800-38A, SP 800-38C, SP 800-38D, SP 800-38F, SP 800-52, SP 800-56A, SP 800-90A, SP 800-131A, SP 800-133, SP 800-135, PKCS 1, RFC 5288, RFC 5246, ISO/IEC 24759, ISO/IEC 19790

File metadata

Author Scott Ehrlich
Creation date D:20240719115845-04'00'
Modification date D:20240719115845-04'00'
Pages 29
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 12.08.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf.
  • 24.07.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4735,
  "dgst": "3a5b1fbaad25b1c6",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "RSA SigVer (FIPS186-4)A2811",
        "AES-CBCA2811",
        "KAS-ECC-SSC Sp800-56Ar3A2811",
        "SHA2-512A2811",
        "AES-CCMA2811",
        "AES-CTRA2811",
        "AES-KWA2811",
        "ECDSA SigGen (FIPS186-4)A2811",
        "RSA KeyGen (FIPS186-4)A2811",
        "AES-KWPA2811",
        "SHA-1A2811",
        "HMAC-SHA2-224A2811",
        "ECDSA KeyVer (FIPS186-4)A2811",
        "AES-ECBA2811",
        "HMAC-SHA2-384A2811",
        "HMAC-SHA-1A2811",
        "SHA2-512/256A2811",
        "AES-GCMA2811",
        "KDF TLSA2811",
        "HMAC-SHA2-512A2811",
        "SHA2-384A2811",
        "HMAC-SHA2-256A2811",
        "ECDSA KeyGen (FIPS186-4)A2811",
        "ECDSA SigVer (FIPS186-4)A2811",
        "RSA SigGen (FIPS186-4)A2811",
        "SHA2-256A2811",
        "SHA2-224A2811",
        "Counter DRBGA2811"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDSA": {
            "ECDSA": 23
          }
        },
        "FF": {
          "DH": {
            "DH": 9,
            "Diffie-Hellman": 1
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 7
        },
        "CCM": {
          "CCM": 5
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 5
        },
        "ECB": {
          "ECB": 5
        },
        "GCM": {
          "GCM": 6
        },
        "OFB": {
          "OFB": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "BoringSSL": {
          "BoringSSL": 1
        }
      },
      "crypto_protocol": {
        "TLS": {
          "SSL": {
            "SSL": 1
          },
          "TLS": {
            "TLS": 20,
            "TLS 1.2": 3,
            "TLS v1.2": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 7
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 4,
          "P-256": 10,
          "P-384": 2,
          "P-521": 4
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-256": 1,
          "AES-GCM IV4": 1,
          "HMAC-SHA-1": 6,
          "PAA 10": 1,
          "PAA 11": 1,
          "PAA 12": 1,
          "PAA 13": 1,
          "PAA 14": 1,
          "PAA 15": 1,
          "PAA 17": 1,
          "PAA 18": 1,
          "PAA 2": 1,
          "PAA 3": 1,
          "PAA 4": 1,
          "PAA 5": 1,
          "PAA 6": 1,
          "PAA 7": 1,
          "PAA 8": 1,
          "PAA 9": 1,
          "PKCS 1": 2,
          "SHA-1": 2,
          "SHA-13": 1,
          "SHA2- 384": 2,
          "SHA2-224": 2,
          "SHA2-256": 6,
          "SHA2-384": 1,
          "SHA2-512": 5
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3
        }
      },
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 4
          },
          "MD5": {
            "MD5": 5
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 13
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 13,
          "FIPS 180-4": 2,
          "FIPS 186-4": 3,
          "FIPS 197": 5,
          "FIPS 198-1": 2,
          "FIPS PUB 140-3": 1
        },
        "ISO": {
          "ISO/IEC 19790": 2,
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "NIST SP 800-38D": 1,
          "NIST SP 800-52": 1,
          "SP 800-131A": 1,
          "SP 800-133": 1,
          "SP 800-135": 1,
          "SP 800-38A": 1,
          "SP 800-38C": 1,
          "SP 800-38D": 1,
          "SP 800-38F": 1,
          "SP 800-52": 1,
          "SP 800-56A": 1,
          "SP 800-90A": 1
        },
        "PKCS": {
          "PKCS 1": 1
        },
        "RFC": {
          "RFC 5246": 1,
          "RFC 5288": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 21,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 3
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 3
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 5
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 3
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "Qualcomm": {
          "Qualcomm": 6
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Scott Ehrlich",
      "/CreationDate": "D:20240719115845-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20240719115845-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 642544,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://boringssl.googlesource.com/boringssl.git/+/refs/heads/fips-20220613/crypto/fipsmodule/FIPS.md",
          "https://ci.android.com/builds/submitted/8918218/aosp_arm64-userdebug/latest/manifest_8918218.xml",
          "https://boringssl.googlesource.com/boringssl",
          "https://cmake.org/download/",
          "http://releases.llvm.org/download.html",
          "https://golang.org/dl/",
          "http://www.acumensecurity.net/",
          "https://github.com/ninja-build/ninja/releases",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program",
          "https://git-scm.com/download/linux"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 29
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "e27997d6b26c651e5972990fcf4e62298ceb1381a096a63c266059ab62b9933f",
    "policy_txt_hash": "e68fff4d9fa31b77629d781dc6297676697b6d89d063a379de51f60db31c2bbf"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf",
    "date_sunset": "2029-07-22",
    "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "BoringCrypto",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "2022061300",
    "tested_conf": [
      "Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 32-bit with PAA",
      "Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 32-bit without PAA",
      "Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 64-bit with PAA",
      "Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 64-bit without PAA",
      "Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 32-bit with PAA",
      "Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 32-bit without PAA",
      "Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 64-bit with PAA",
      "Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 64-bit without PAA",
      "Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 32-bit with PAA",
      "Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 32-bit without PAA",
      "Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 64-bit with PAA",
      "Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 64-bit without PAA",
      "Android 13 running on Google Pixel 6 Pro with Google Tensor 32-bit with PAA",
      "Android 13 running on Google Pixel 6 Pro with Google Tensor 32-bit without PAA",
      "Android 13 running on Google Pixel 6 Pro with Google Tensor 64-bit with PAA",
      "Android 13 running on Google Pixel 6 Pro with Google Tensor 64-bit without PAA",
      "Android 13 running on Google Pixel 7 Pro with Google Tensor G2 32-bit with PAA",
      "Android 13 running on Google Pixel 7 Pro with Google Tensor G2 32-bit without PAA",
      "Android 13 running on Google Pixel 7 Pro with Google Tensor G2 64-bit with PAA",
      "Android 13 running on Google Pixel 7 Pro with Google Tensor G2 64-bit without PAA",
      "Debian Linux 5.17.11 (Rodete) running on n2d with AMD EPYC 7B12 with PAA",
      "Debian Linux 5.17.11 (Rodete) running on n2d with AMD EPYC 7B12 without PAA",
      "Google Prodimage with Linux 4.15.0 running on n1 with Intel Xeon E5 2696 v4 with PAA",
      "Google Prodimage with Linux 4.15.0 running on n1 with Intel Xeon E5 2696 v4 without PAA",
      "Google Prodimage with Linux 4.15.0 running on Tau t2a with Ampere Altra with PAA",
      "Google Prodimage with Linux 4.15.0 running on Tau t2a with Ampere Altra without PAA",
      "Google Prodimage with Linux 5.10.120 running on IN762 with PAA",
      "Google Prodimage with Linux 5.10.120 running on IN762 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-07-23",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Google, LLC.",
    "vendor_url": "http://www.google.com"
  }
}