This page was not yet optimized for use on mobile devices.

Arista Crypto Module v3.0 [Software, Software IPsec]

Certificate #4790

Webpage information ?

Status	active
Validation dates	06.09.2024
Sunset date	05-09-2026
Standard	FIPS 140-3
Security level	1
Type	Software
Embodiment	Multi-Chip Stand Alone
Caveat	Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
Exceptions	Roles, services, and authentication: Level 2 Physical security: N/A Non-invasive security: N/A Mitigation of other attacks: N/A Documentation requirements: N/A Cryptographic module security policy: N/A
Description	Arista's crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency. This validation is for the library contained within the CloudEOS Router products and all its related SKUs, which includes SS-CLOUDEOS-VR-CV-100M-B-1M, SS-CLOUDEOS-VR-CVS-100M-B-1M, SS-CLOUDEOS-VR-CV-1G-B-1M, SS-CLOUDEOS-VR-CVS-1G-B-1M, SS-CLOUDEOS-VR-CV-10G-B-1M, SS-CLOUDEOS-VR-CVS-10G-B-1M, SS-CVPATH-CloudEOS-100M-E-CVS-B-1M, SS-CVPATH-CloudEOS-1G-E-CVS-B-1M, SS-CVPATH-CloudEOS-10G-E-CVS-B-1M and any other future SKUs which use the validated library for the CloudEOS Router product.
Tested configurations	CloudEOS version 4.29 on QEMU version 2.0.0 on Linux 3.10.0-1160.el7.x86_64 running on a Supermicro SYS-1029U-TR-CTO with an Intel Xeon Gold 6240R with PAA CloudEOS version 4.29 on QEMU version 2.0.0 on Linux 3.10.0-1160.el7.x86_64 running on a Supermicro SYS-1029U-TR-CTO with an Intel Xeon Gold 6240R without PAA
Vendor	Arista Networks, Inc.
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Security policy ?

Security target PDF TXT

Symmetric Algorithms

AES, AES-, AES-256, CAST5, CAST, RC2, RC5, DES, Triple-DES, TDEA, IDEA, Blowfish, Camellia, SEED, HMAC, CMAC

Asymmetric Algorithms

RSA 2048, ECDHE, ECDH, ECDSA, ECC, Diffie-Hellman, DHE, DH, DSA

Hash functions

SHA-1, SHA256, SHA-256, MD4, MD5

Schemes

MAC, Key Exchange, Key Agreement, Key agreement

Protocols

SSH, TLS, TLS v1.2, TLS 1.2, TLS v1.0, TLS 1.0, DTLS, IKEv1, IKEv2, IKE, IPsec

Randomness

DRBG, RBG

Libraries

OpenSSL

Elliptic Curves

P-256, P-384, P-521, P-224, secp256r1, secp384r1, secp521r1

Block cipher modes

ECB, CBC, CTR, GCM, CCM, XTS

TLS cipher suites

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_256_CCM, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_128_CCM, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CCM_8, TLS_DHE_RSA_WITH_AES_256_CCM, TLS_DHE_RSA_WITH_AES_128_CCM_8, TLS_DHE_RSA_WITH_AES_128_CCM, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Trusted Execution Environments

SSC

Security level

Level 1, level 1

Standards

FIPS 140-3, FIPS PUB 140-3, FIPS186-4, FIPS 186-4, SP 800-140B, SP 800-135, SP 800-38D, SP 800-38F, SP 800-90B, SP 800-140E, SP 800-108, SP 800-90A, SP 800-56a, PKCS 1, PKCS#1, PKCS #1, RFC7627, RFC5288, RFC 7296, RFC 4106, RFC 4581, ISO/IEC 24759

File metadata

Creation date	D:20240706070311-04'00'
Modification date	D:20240706070311-04'00'
Pages	35
Creator	Microsoft® Word for Microsoft 365
Producer	Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

14.10.2024 The certificate data changed.
Certificate changed

The web extraction data was updated.
- The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf.
09.09.2024 The certificate was first processed.

New certificate

A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4790,
  "dgst": "914302698973596f",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES-CTRA3592",
        "KDF TLSA3592",
        "AES-CCMA3592",
        "Counter DRBGA3592",
        "HMAC DRBGA3592",
        "SHA2-256A3592",
        "TLS v1.2 KDF RFC7627A3592",
        "ECDSA SigVer (FIPS186-4)A3592",
        "HMAC-SHA2-256A3592",
        "RSA KeyGen (FIPS186-4)A3592",
        "AES-CFB128A3592",
        "AES-ECBA3592",
        "KDF IKEv2A3592",
        "ECDSA KeyGen (FIPS186-4)A3592",
        "SHA2-224A3592",
        "RSA SigGen (FIPS186-4)A3592",
        "HMAC-SHA2-384A3592",
        "KAS-ECC-SSC Sp800-56Ar3A3592",
        "AES-GCMA3592",
        "HMAC-SHA2-512A3592",
        "Hash DRBGA3592",
        "SHA2-384A3592",
        "SHA-1A3592",
        "AES-CFB8A3592",
        "AES-XTS Testing Revision 2.0A3592",
        "ECDSA SigGen (FIPS186-4)A3592",
        "AES-CBCA3592",
        "KDF SP800-108A3592",
        "HMAC-SHA2-224A3592",
        "HMAC-SHA-1A3592",
        "KDF IKEv1A3592",
        "ECDSA KeyVer (FIPS186-4)A3592",
        "KDF SSHA3592",
        "AES-CFB1A3592",
        "SHA2-512A3592",
        "AES-CMACA3592",
        "RSA SigVer (FIPS186-4)A3592",
        "KTS-IFCA3592",
        "KAS-FFC-SSC Sp800-56Ar3A3592"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "3.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 6,
            "ECDHE": 16
          },
          "ECDSA": {
            "ECDSA": 34
          }
        },
        "FF": {
          "DH": {
            "DH": 7,
            "DHE": 8,
            "Diffie-Hellman": 3
          },
          "DSA": {
            "DSA": 1
          }
        },
        "RSA": {
          "RSA 2048": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 9
        },
        "XTS": {
          "XTS": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 4
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 24,
          "IKEv1": 3,
          "IKEv2": 4
        },
        "IPsec": {
          "IPsec": 41
        },
        "SSH": {
          "SSH": 21
        },
        "TLS": {
          "DTLS": {
            "DTLS": 1
          },
          "TLS": {
            "TLS": 42,
            "TLS 1.0": 1,
            "TLS 1.2": 3,
            "TLS v1.0": 24,
            "TLS v1.2": 4
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2,
          "Key agreement": 2
        },
        "KEX": {
          "Key Exchange": 3
        },
        "MAC": {
          "MAC": 4
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 4,
          "P-256": 12,
          "P-384": 12,
          "P-521": 12,
          "secp256r1": 1,
          "secp384r1": 1,
          "secp521r1": 1
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128, 192": 9,
          "AES 128, 256": 1,
          "AES-256": 1,
          "AES-GCM 256": 1,
          "DRBG 128": 1,
          "HMAC 112": 4,
          "HMAC SHA-1": 9,
          "HMAC-SHA-1": 2,
          "PKCS #1": 1,
          "PKCS 1": 6,
          "PKCS#1": 2,
          "RSA 2048": 1,
          "RSA PKCS #1": 1,
          "SHA-1": 20,
          "SHA-256": 2,
          "SHA2- 224": 4,
          "SHA2- 256": 3,
          "SHA2- 384": 2,
          "SHA2- 512": 1,
          "SHA2-224": 12,
          "SHA2-256": 21,
          "SHA2-384": 19,
          "SHA2-512": 17,
          "SHA256": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 1
        }
      },
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 4
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 20
          },
          "SHA2": {
            "SHA-256": 2,
            "SHA256": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 52
        },
        "RNG": {
          "RBG": 3
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 6,
          "FIPS 186-4": 2,
          "FIPS PUB 140-3": 1,
          "FIPS186-4": 8
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-108": 1,
          "SP 800-135": 2,
          "SP 800-140B": 1,
          "SP 800-140E": 1,
          "SP 800-38D": 3,
          "SP 800-38F": 4,
          "SP 800-56a": 1,
          "SP 800-90A": 3,
          "SP 800-90B": 1
        },
        "PKCS": {
          "PKCS #1": 1,
          "PKCS 1": 3,
          "PKCS#1": 1
        },
        "RFC": {
          "RFC 4106": 1,
          "RFC 4581": 1,
          "RFC 7296": 1,
          "RFC5288": 1,
          "RFC7627": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 26,
            "AES-": 1,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 27,
            "CAST5": 3
          },
          "RC": {
            "RC2": 3,
            "RC5": 3
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "Triple-DES": 4
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 4,
            "HMAC": 39
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 3
          },
          "Camellia": {
            "Camellia": 1
          },
          "IDEA": {
            "IDEA": 3
          },
          "SEED": {
            "SEED": 3
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 9
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_128_CCM": 1,
          "TLS_DHE_RSA_WITH_AES_128_CCM_8": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_256_CCM": 1,
          "TLS_DHE_RSA_WITH_AES_256_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CCM": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CCM": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20240706070311-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20240706070311-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 670560,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 35
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "2932edec7514bedad44472b6800b274398425c6663b07a3668fe0e35c3515f05",
    "policy_txt_hash": "450604e831d8b3c73a41e456631c8b2883f0ce43a9a1c1e7e88028c1ffb15856"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
    "date_sunset": "2026-09-05",
    "description": "Arista\u0027s crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency. This validation is for the library contained within the CloudEOS Router products and all its related SKUs, which includes SS-CLOUDEOS-VR-CV-100M-B-1M, SS-CLOUDEOS-VR-CVS-100M-B-1M, SS-CLOUDEOS-VR-CV-1G-B-1M, SS-CLOUDEOS-VR-CVS-1G-B-1M, SS-CLOUDEOS-VR-CV-10G-B-1M, SS-CLOUDEOS-VR-CVS-10G-B-1M, SS-CVPATH-CloudEOS-100M-E-CVS-B-1M, SS-CVPATH-CloudEOS-1G-E-CVS-B-1M, SS-CVPATH-CloudEOS-10G-E-CVS-B-1M and any other future SKUs which use the validated library for the CloudEOS Router product.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, services, and authentication: Level 2",
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Arista Crypto Module v3.0 [Software, Software IPsec]",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "3.0",
    "tested_conf": [
      "CloudEOS version 4.29 on QEMU version 2.0.0 on Linux 3.10.0-1160.el7.x86_64 running on a Supermicro SYS-1029U-TR-CTO with an Intel Xeon Gold 6240R with PAA",
      "CloudEOS version 4.29 on QEMU version 2.0.0 on Linux 3.10.0-1160.el7.x86_64 running on a Supermicro SYS-1029U-TR-CTO with an Intel Xeon Gold 6240R without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-09-06",
        "lab": "DEKRA Certification, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Arista Networks, Inc.",
    "vendor_url": "http://www.arista.com"
  }
}