Junos® OS Evolved MACsec Cryptographic Library

Certificate #4820

Webpage information ?

Status active
Validation dates 02.10.2024
Sunset date 01-10-2026
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When operated with module Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 in approved mode, and module Junos® OS Evolved Kernel Cryptographic Module version 2.0 validated to FIPS 140-3 under Cert. #4776, operating in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates random strings whose strength is modified by available entropy
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description Junos® OS Evolved MACsec Cryptographic Library is a shared library in software, which provides cryptographic services for key wrapping, key derivation and random number generation.
Tested configurations
  • Junos® OS Evolved 22.4 running on Juniper Networks® Packet Transport Router Model PTX10001-36MR with Intel® Xeon® D-2163IT without PAA
Vendor Juniper Networks, Inc.
References

This certificate's webpage directly references 2 certificates, transitively this expands into 2 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-, CAST, HMAC, CMAC
Schemes
MAC, Key Agreement
Randomness
DRBG, RNG
Libraries
OpenSSL
Block cipher modes
ECB, CBC, GCM

Security level
Level 1, level 1

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS197, FIPS198-1, FIPS140-3, SP 800-140B, ISO/IEC 24759

File metadata

Creation date D:20240903192022Z00'00'
Modification date D:20240903192022Z00'00'
Pages 24
Producer macOS Version 13.6.9 (Build 22G830) Quartz PDFContext

References

Outgoing
  • 4776 - active - Junos® OS Evolved Kernel Cryptographic Module
  • 4775 - active - Junos® OS Evolved OpenSSL Cryptographic Module

Heuristics ?

No heuristics are available for this certificate.

References ?

Updates ?

  • 08.10.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4820,
  "dgst": "5a02ef00b4ef9b91",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES-ECBA4156",
        "AES-KWA4156",
        "HMAC DRBGA3605",
        "AES-CMACA4156",
        "HMAC-SHA2-256A4249"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4776",
          "4775"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4776",
          "4775"
        ]
      }
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": [
        "4776",
        "4775"
      ]
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4776",
          "4775"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4776",
          "4775"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "4776",
        "4775"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 6
        }
      },
      "crypto_protocol": {},
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2
        },
        "MAC": {
          "MAC": 14
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "atsec": {
          "atsec": 26
        }
      },
      "fips_cert_id": {
        "Cert": {
          "#4156": 1,
          "#4775": 1,
          "#4776": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES key 128, 256": 1,
          "AES-CMAC #4156": 1,
          "SHA2-256": 3
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 2
        }
      },
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 10
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 33,
          "FIPS PUB 140-3": 2,
          "FIPS140-3": 1,
          "FIPS197": 4,
          "FIPS198-1": 2
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-140B": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 21,
            "AES-": 1
          },
          "CAST": {
            "CAST": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 8,
            "HMAC": 10
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20240903192022Z00\u002700\u0027",
      "/ModDate": "D:20240903192022Z00\u002700\u0027",
      "/Producer": "macOS Version 13.6.9 (Build 22G830) Quartz PDFContext",
      "pdf_file_size_bytes": 480994,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16794",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=36211",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=36214",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf",
          "http://www.juniper.net/",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=36215",
          "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4776.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16790",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16694",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16792",
          "https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
          "http://www.atsec.com/",
          "http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=36213",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4775.pdf",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16788",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=36209",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=36210",
          "http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 24
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "e046321e149f9f7f9418a9eadcc3535e20467f9e119d3861e6525d94164603dd",
    "policy_txt_hash": "913d12e3dc26ceed44debef6c0e140560530f371f907bd0917350256f2b9b267"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated with module Junos\u00ae OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 in approved mode, and module Junos\u00ae OS Evolved Kernel Cryptographic Module version 2.0 validated to FIPS 140-3 under Cert. #4776, operating in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates random strings whose strength is modified by available entropy",
    "certificate_pdf_url": null,
    "date_sunset": "2026-10-01",
    "description": "Junos\u00ae OS Evolved MACsec Cryptographic Library is a shared library in software, which provides cryptographic services for key wrapping, key derivation and random number generation.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {
      "4775": 1,
      "4776": 1
    },
    "module_name": "Junos\u00ae OS Evolved MACsec Cryptographic Library",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "1.2",
    "tested_conf": [
      "Junos\u00ae OS Evolved 22.4 running on Juniper Networks\u00ae Packet Transport Router Model PTX10001-36MR with Intel\u00ae Xeon\u00ae D-2163IT without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-10-02",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Juniper Networks, Inc.",
    "vendor_url": "http://www.juniper.net"
  }
}