EOS MACsec Bravo Hybrid Module

Certificate #3420

Webpage information

Status historical
Historical reason SP 800-56Arev3 transition
Validation dates 27.03.2019 , 09.04.2019
Standard FIPS 140-2
Security level 1
Type Firmware-Hybrid
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode and installed, initialized and configured as specified in Section 8.1 of the Security Policy
Exceptions
  • Mitigation of Other Attacks: N/A
Description Arista’s crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency.
Version (Hardware) P/Ns Credo MACsec chip CMX42550 and Renesas Security chip R5H30211 or N313X; Chassis: DCS-7508N, Version 06.00; DCS-7512N, Version 00.06; DCS-7516N, Version 10.00; Supervisor: DCS-7500E-SUP, Version 01.02; DCS-7500-SUP2, Version 03.03; DCS-7516-SUP2, Version 10.00; Linecard: DCS-7500R2M-36CQ-LC, Version 21.01; Fixed Hardware: DCS-7280SRAM-48C6, Version 21.00; DCS-7280SRM-40CX2, Version 21.00; DCS-7280CR2M-30, Version 20.01
Version (Firmware) 1.0
Tested configurations
  • Arista Networks DCS-7280CR2M-30 with Credo MACsec chip CMX42550 and EOSv4 Firmware Version 1.0 (single-user mode)
  • Arista Networks DCS-7280SRAM-48C6 with Credo MACsec chip CMX42550 and EOSv4 Firmware Version 1.0
  • Arista Networks DCS-7280SRM-40CX2 with Credo MACsec chip CMX42550 and EOSv4 Firmware Version 1.0
  • Arista Networks DCS-7500E-SUP 01.02 with EOSv4 Firmware Version 1.0
  • Arista Networks DCS-7500R2M-36CQ-LC 21.01 with Credo MACsec chip CMX42550
  • Arista Networks DCS-7500-SUP2 03.03 with EOSv4 Firmware Version 1.0
  • Arista Networks DCS-7508N Chassis 06.00
  • Arista Networks DCS-7512N Chassis 00.06
  • Arista Networks DCS-7516N Chassis 10.00
  • Arista Networks DCS-7516-SUP2 10.00 with EOSv4 Firmware Version 1.0
Vendor [email protected]
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, CAST5, RC2, RC5, DES, TDEA, IDEA, Blowfish, Camellia, SEED, HMAC, CMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, DH, DSA
Hash functions
MD4, MD5
Schemes
MAC, Key Exchange, Key Agreement
Protocols
SSH, SSHv2, TLS, TLS v1.0, DTLS
Randomness
TRNG, DRBG, RNG
Libraries
OpenSSL
Block cipher modes
ECB, CBC, CTR, GCM, CCM
TLS cipher suites
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256

Standards
FIPS PUB 202, RFC 4851, RFC 4581

File metadata

Title Microsoft Word - 3i - Arista Networks Inc - EOS MACSec Bravo Hybrid Security Policy v1.4.docx
Author lgarcia
Creation date D:20190404104228-07'00'
Modification date D:20190404104228-07'00'
Pages 41
Creator PScript5.dll Version 5.2.2
Producer Acrobat Distiller 17.0 (Windows)

References

Outgoing
  • 2759 - historical - CryptoServer CSe

Heuristics

No heuristics are available for this certificate.

References

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 3420,
  "dgst": "7c6cb0b8e3dce468",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHS#4399",
        "CVL#1933",
        "HMAC#3636",
        "KBKDF#235",
        "DRBG#2158",
        "AES#4471",
        "CVL#1935",
        "AES#5482",
        "CVL#1934",
        "KTS#3636",
        "RSA#2944",
        "KTS#5482",
        "KAS#183",
        "ECDSA#1469"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.0",
        "10.00",
        "06.00",
        "01.02",
        "21.01",
        "21.00",
        "20.01",
        "00.06",
        "03.03"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "2759"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "2759"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "2759"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDH": {
            "ECDH": 2
          },
          "ECDSA": {
            "ECDSA": 17
          }
        },
        "FF": {
          "DH": {
            "DH": 6
          },
          "DSA": {
            "DSA": 3
          }
        },
        "RSA": {
          "RSA 2048": 2
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "CCM": {
          "CCM": 6
        },
        "CTR": {
          "CTR": 5
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 13
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 41
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 10,
          "SSHv2": 9
        },
        "TLS": {
          "DTLS": {
            "DTLS": 1
          },
          "TLS": {
            "TLS": 23,
            "TLS v1.0": 4
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2
        },
        "KEX": {
          "Key Exchange": 1
        },
        "MAC": {
          "MAC": 7
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1410": 2,
          "#2759": 1,
          "#3636": 1,
          "#5482": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128/256": 1,
          "AES 256": 1,
          "AES CBC 128/256": 2,
          "AES Cert. #5482": 1,
          "AES [197": 2,
          "DSA (Cert. #1410": 2,
          "DSA6": 1,
          "HMAC Cert. #3636": 2,
          "HMAC [198": 1,
          "RSA 2048": 2,
          "SHA(1": 38,
          "SHA(256": 1,
          "SHS [180": 1
        }
      },
      "fips_security_level": {},
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 1
          },
          "MD5": {
            "MD5": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 11
        },
        "RNG": {
          "RNG": 1
        },
        "TRNG": {
          "TRNG": 3
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS PUB 202": 1
        },
        "RFC": {
          "RFC 4581": 1,
          "RFC 4851": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 35
          },
          "CAST": {
            "CAST5": 1
          },
          "RC": {
            "RC2": 1,
            "RC5": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1
          },
          "DES": {
            "DES": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 13,
            "HMAC": 7
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 1
          },
          "Camellia": {
            "Camellia": 1
          },
          "IDEA": {
            "IDEA": 1
          },
          "SEED": {
            "SEED": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {
        "TLS": {
          "TLS_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_256_CBC_SHA256": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "lgarcia",
      "/CreationDate": "D:20190404104228-07\u002700\u0027",
      "/Creator": "PScript5.dll Version 5.2.2",
      "/ModDate": "D:20190404104228-07\u002700\u0027",
      "/Producer": "Acrobat Distiller 17.0 (Windows)",
      "/Title": "Microsoft Word - 3i - Arista Networks Inc - EOS MACSec Bravo Hybrid Security Policy v1.4.docx",
      "pdf_file_size_bytes": 1585901,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 41
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "fd1c4517906fe06cf96817130cdf3117a525a0c6ffbbee796744505eb833f5f7",
    "policy_txt_hash": "09101eafef6cef6f2da0faedbccccad7a090df4ab63d8d762f64439e512d4b77"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 8.1 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPSConsolidatedMarch2019.pdf",
    "date_sunset": null,
    "description": "Arista\u2019s crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "1.0",
    "historical_reason": "SP 800-56Arev3 transition",
    "hw_versions": "P/Ns Credo MACsec chip CMX42550 and Renesas Security chip R5H30211 or N313X; Chassis: DCS-7508N, Version 06.00; DCS-7512N, Version 00.06; DCS-7516N, Version 10.00; Supervisor: DCS-7500E-SUP, Version 01.02; DCS-7500-SUP2, Version 03.03; DCS-7516-SUP2, Version 10.00; Linecard: DCS-7500R2M-36CQ-LC, Version 21.01; Fixed Hardware: DCS-7280SRAM-48C6, Version 21.00; DCS-7280SRM-40CX2, Version 21.00; DCS-7280CR2M-30, Version 20.01",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "EOS MACsec Bravo Hybrid Module",
    "module_type": "Firmware-Hybrid",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": null,
    "tested_conf": [
      "Arista Networks DCS-7280CR2M-30 with Credo MACsec chip CMX42550 and EOSv4 Firmware Version 1.0 (single-user mode)",
      "Arista Networks DCS-7280SRAM-48C6 with Credo MACsec chip CMX42550 and EOSv4 Firmware Version 1.0",
      "Arista Networks DCS-7280SRM-40CX2 with Credo MACsec chip CMX42550 and EOSv4 Firmware Version 1.0",
      "Arista Networks DCS-7500E-SUP 01.02 with EOSv4 Firmware Version 1.0",
      "Arista Networks DCS-7500R2M-36CQ-LC 21.01 with Credo MACsec chip CMX42550",
      "Arista Networks DCS-7500-SUP2 03.03 with EOSv4 Firmware Version 1.0",
      "Arista Networks DCS-7508N Chassis 06.00",
      "Arista Networks DCS-7512N Chassis 00.06",
      "Arista Networks DCS-7516N Chassis 10.00",
      "Arista Networks DCS-7516-SUP2 10.00 with EOSv4 Firmware Version 1.0"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2019-03-27",
        "lab": "UL Verification Services, Inc.",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2019-04-09",
        "lab": "UL Verification Services, Inc.",
        "validation_type": "Update"
      }
    ],
    "vendor": "[email\u00a0protected]",
    "vendor_url": "/cdn-cgi/l/email-protection"
  }
}