This page was not yet optimized for use on mobile devices.

Arista Crypto Module v3.0 [Software, Software IPsec]

Certificate #4790

Webpage information

Status	active
Validation dates	06.09.2024
Sunset date	05-09-2029
Standard	FIPS 140-3
Security level	1
Type	Software
Embodiment	Multi-Chip Stand Alone
Caveat	Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
Exceptions	Roles, services, and authentication: Level 2 Physical security: N/A Non-invasive security: N/A Mitigation of other attacks: N/A
Description	Arista's crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency. This validation is for the library contained within the CloudEOS Router products and all its related SKUs, which includes SS-CLOUDEOS-VR-CV-100M-B-1M, SS-CLOUDEOS-VR-CVS-100M-B-1M, SS-CLOUDEOS-VR-CV-1G-B-1M, SS-CLOUDEOS-VR-CVS-1G-B-1M, SS-CLOUDEOS-VR-CV-10G-B-1M, SS-CLOUDEOS-VR-CVS-10G-B-1M, SS-CVPATH-CloudEOS-100M-E-CVS-B-1M, SS-CVPATH-CloudEOS-1G-E-CVS-B-1M, SS-CVPATH-CloudEOS-10G-E-CVS-B-1M and any other future SKUs which use the validated library for the CloudEOS Router product.
Tested configurations	CloudEOS version 4.29 on QEMU version 2.0.0 on Linux 3.10.0-1160.el7.x86_64 running on a Supermicro SYS-1029U-TR-CTO with an Intel Xeon Gold 6240R with PAA CloudEOS version 4.29 on QEMU version 2.0.0 on Linux 3.10.0-1160.el7.x86_64 running on a Supermicro SYS-1029U-TR-CTO with an Intel Xeon Gold 6240R without PAA
Vendor	Arista Networks, Inc.
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms

AES, AES-, AES-256, CAST5, CAST, RC2, RC5, DES, Triple-DES, TDEA, IDEA, Blowfish, Camellia, SEED, HMAC, CMAC

Asymmetric Algorithms

RSA 2048, ECDHE, ECDH, ECDSA, ECC, Diffie-Hellman, DHE, DH, DSA

Hash functions

SHA-1, SHA256, SHA-256, MD4, MD5

Schemes

MAC, Key Exchange, Key Agreement, Key agreement

Protocols

SSH, SSHv2, TLS, TLS v1.2, TLS 1.2, TLS v1.0, TLS 1.0, DTLS, IKEv1, IKEv2, IKE, IPsec

Randomness

DRBG, RBG

Libraries

OpenSSL

Elliptic Curves

P-256, P-384, P-521, P-224, secp256r1, secp384r1, secp521r1

Block cipher modes

ECB, CBC, CTR, GCM, CCM, XTS

TLS cipher suites

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_256_CCM, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_128_CCM, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CCM_8, TLS_DHE_RSA_WITH_AES_256_CCM, TLS_DHE_RSA_WITH_AES_128_CCM_8, TLS_DHE_RSA_WITH_AES_128_CCM, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Trusted Execution Environments

SSC

Security level

Level 1, level 1

Standards

FIPS 140-3, FIPS PUB 140-3, FIPS186-4, FIPS 186-4, SP 800-140B, SP 800-135, SP 800-38D, SP 800-38F, SP 800-90B, SP 800-140E, SP 800-108, SP 800-90A, SP 800-56a, PKCS 1, PKCS#1, PKCS #1, RFC7627, RFC5288, RFC 7296, RFC 4106, RFC 4581, ISO/IEC 24759

File metadata

Creation date	D:20240706070311-04'00'
Modification date	D:20240706070311-04'00'
Pages	35
Creator	Microsoft® Word for Microsoft 365
Producer	Microsoft® Word for Microsoft 365

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates Feed

15.12.2025

The certificate data changed.
Certificate changed

The state was updated.

The following values were inserted: {'policy_json_hash': None}.

The following properties were deleted: ['policy_convert_garbage'].
20.10.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The date_sunset property was set to 2029-09-05.
08.09.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The validation_history property was updated.
04.04.2025

The certificate data changed.
Certificate changed

The PDF extraction data was updated.

The keywords property was updated, with the {'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 10}}}}} data.
24.02.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The exceptions property was updated.
14.10.2024

The certificate data changed.
Certificate changed

The web extraction data was updated.

The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf.
09.09.2024

The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4790,
  "dgst": "914302698973596f",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHA2-512A3592",
        "AES-CTRA3592",
        "AES-CFB8A3592",
        "AES-CFB1A3592",
        "SHA2-256A3592",
        "KDF SSHA3592",
        "ECDSA KeyGen (FIPS186-4)A3592",
        "KAS-FFC-SSC Sp800-56Ar3A3592",
        "RSA SigGen (FIPS186-4)A3592",
        "ECDSA SigVer (FIPS186-4)A3592",
        "HMAC-SHA2-224A3592",
        "TLS v1.2 KDF RFC7627A3592",
        "HMAC-SHA2-384A3592",
        "ECDSA KeyVer (FIPS186-4)A3592",
        "SHA2-224A3592",
        "HMAC-SHA2-512A3592",
        "ECDSA SigGen (FIPS186-4)A3592",
        "AES-XTS Testing Revision 2.0A3592",
        "AES-CMACA3592",
        "HMAC-SHA-1A3592",
        "HMAC-SHA2-256A3592",
        "KDF IKEv1A3592",
        "KAS-ECC-SSC Sp800-56Ar3A3592",
        "KDF TLSA3592",
        "RSA SigVer (FIPS186-4)A3592",
        "SHA-1A3592",
        "AES-ECBA3592",
        "KDF SP800-108A3592",
        "KTS-IFCA3592",
        "HMAC DRBGA3592",
        "KDF IKEv2A3592",
        "AES-CFB128A3592",
        "AES-GCMA3592",
        "AES-CBCA3592",
        "Counter DRBGA3592",
        "Hash DRBGA3592",
        "SHA2-384A3592",
        "RSA KeyGen (FIPS186-4)A3592",
        "AES-CCMA3592"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "3.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 6,
            "ECDHE": 16
          },
          "ECDSA": {
            "ECDSA": 34
          }
        },
        "FF": {
          "DH": {
            "DH": 7,
            "DHE": 8,
            "Diffie-Hellman": 3
          },
          "DSA": {
            "DSA": 1
          }
        },
        "RSA": {
          "RSA 2048": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 9
        },
        "XTS": {
          "XTS": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 4
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 24,
          "IKEv1": 3,
          "IKEv2": 4
        },
        "IPsec": {
          "IPsec": 41
        },
        "SSH": {
          "SSH": 21,
          "SSHv2": 10
        },
        "TLS": {
          "DTLS": {
            "DTLS": 1
          },
          "TLS": {
            "TLS": 42,
            "TLS 1.0": 1,
            "TLS 1.2": 3,
            "TLS v1.0": 24,
            "TLS v1.2": 4
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2,
          "Key agreement": 2
        },
        "KEX": {
          "Key Exchange": 3
        },
        "MAC": {
          "MAC": 4
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 4,
          "P-256": 12,
          "P-384": 12,
          "P-521": 12,
          "secp256r1": 1,
          "secp384r1": 1,
          "secp521r1": 1
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128, 192": 9,
          "AES 128, 256": 1,
          "AES-256": 1,
          "AES-GCM 256": 1,
          "DRBG 128": 1,
          "HMAC 112": 4,
          "HMAC SHA-1": 9,
          "HMAC-SHA-1": 2,
          "PKCS #1": 1,
          "PKCS 1": 6,
          "PKCS#1": 2,
          "RSA 2048": 1,
          "RSA PKCS #1": 1,
          "SHA-1": 20,
          "SHA-256": 2,
          "SHA2- 224": 4,
          "SHA2- 256": 3,
          "SHA2- 384": 2,
          "SHA2- 512": 1,
          "SHA2-224": 12,
          "SHA2-256": 21,
          "SHA2-384": 19,
          "SHA2-512": 17,
          "SHA256": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 1
        }
      },
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 4
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 20
          },
          "SHA2": {
            "SHA-256": 2,
            "SHA256": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 52
        },
        "RNG": {
          "RBG": 3
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 6,
          "FIPS 186-4": 2,
          "FIPS PUB 140-3": 1,
          "FIPS186-4": 8
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-108": 1,
          "SP 800-135": 2,
          "SP 800-140B": 1,
          "SP 800-140E": 1,
          "SP 800-38D": 3,
          "SP 800-38F": 4,
          "SP 800-56a": 1,
          "SP 800-90A": 3,
          "SP 800-90B": 1
        },
        "PKCS": {
          "PKCS #1": 1,
          "PKCS 1": 3,
          "PKCS#1": 1
        },
        "RFC": {
          "RFC 4106": 1,
          "RFC 4581": 1,
          "RFC 7296": 1,
          "RFC5288": 1,
          "RFC7627": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 26,
            "AES-": 1,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 27,
            "CAST5": 3
          },
          "RC": {
            "RC2": 3,
            "RC5": 3
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "Triple-DES": 4
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 4,
            "HMAC": 39
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 3
          },
          "Camellia": {
            "Camellia": 1
          },
          "IDEA": {
            "IDEA": 3
          },
          "SEED": {
            "SEED": 3
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 9
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_128_CCM": 1,
          "TLS_DHE_RSA_WITH_AES_128_CCM_8": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_256_CCM": 1,
          "TLS_DHE_RSA_WITH_AES_256_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CCM": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CCM": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20240706070311-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20240706070311-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 670560,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 35
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "2932edec7514bedad44472b6800b274398425c6663b07a3668fe0e35c3515f05",
    "policy_txt_hash": "450604e831d8b3c73a41e456631c8b2883f0ce43a9a1c1e7e88028c1ffb15856"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
    "date_sunset": "2029-09-05",
    "description": "Arista\u0027s crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency. This validation is for the library contained within the CloudEOS Router products and all its related SKUs, which includes SS-CLOUDEOS-VR-CV-100M-B-1M, SS-CLOUDEOS-VR-CVS-100M-B-1M, SS-CLOUDEOS-VR-CV-1G-B-1M, SS-CLOUDEOS-VR-CVS-1G-B-1M, SS-CLOUDEOS-VR-CV-10G-B-1M, SS-CLOUDEOS-VR-CVS-10G-B-1M, SS-CVPATH-CloudEOS-100M-E-CVS-B-1M, SS-CVPATH-CloudEOS-1G-E-CVS-B-1M, SS-CVPATH-CloudEOS-10G-E-CVS-B-1M and any other future SKUs which use the validated library for the CloudEOS Router product.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, services, and authentication: Level 2",
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Arista Crypto Module v3.0 [Software, Software IPsec]",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "3.0",
    "tested_conf": [
      "CloudEOS version 4.29 on QEMU version 2.0.0 on Linux 3.10.0-1160.el7.x86_64 running on a Supermicro SYS-1029U-TR-CTO with an Intel Xeon Gold 6240R with PAA",
      "CloudEOS version 4.29 on QEMU version 2.0.0 on Linux 3.10.0-1160.el7.x86_64 running on a Supermicro SYS-1029U-TR-CTO with an Intel Xeon Gold 6240R without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-09-06",
        "lab": "DEKRA Cybersecurity Certification Laboratory",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Arista Networks, Inc.",
    "vendor_url": "http://www.arista.com"
  }
}

Sections

Arista Crypto Module v3.0 [Software, Software IPsec]

Certificate #4790

Webpage information

Security policy

Symmetric Algorithms

Asymmetric Algorithms

Hash functions

Schemes

Protocols

Randomness

Libraries

Elliptic Curves

Block cipher modes

TLS cipher suites

Trusted Execution Environments

Security level

Standards

File metadata

Heuristics

References

Updates Feed

Certificate changed

Certificate changed

Certificate changed

Certificate changed

Certificate changed

Certificate changed

New certificate

Raw data

Sections

Arista Crypto Module v3.0 [Software, Software IPsec]

Certificate #4790

Webpage information

Security policy

Cryptography

Symmetric Algorithms

Asymmetric Algorithms

Hash functions

Schemes

Protocols

Randomness

Libraries

Elliptic Curves

Block cipher modes

TLS cipher suites

Device

Trusted Execution Environments

Security

Security level

Other

Standards

File metadata

Heuristics

References

Updates Feed

Raw data

Toggle raw data