AWS-LC Cryptographic Module

Certificate #4631

Webpage information ?

Status active
Validation dates 06.10.2023
Sunset date 05-10-2028
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in approved mode
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
Tested configurations
  • Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA
  • Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA
  • Amazon Linux 2 running Amazon EC2 c6g.metal with Graviton 2 processor with PAA
  • Amazon Linux 2 running Amazon EC2 c6g.metal with Graviton 2 processor without PAA
  • Ubuntu 20.04 running Amazon EC2 c6g.metal with Graviton 2 processor with PAA
  • Ubuntu 20.04 running Amazon EC2 c6g.metal with Graviton 2 processor without PAA
  • Ubuntu 20.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA
  • Ubuntu 20.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA
Vendor Amazon Web Services Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, CAST, DES, Triple-DES, HMAC, CMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-3, MD4, MD5
Schemes
MAC
Protocols
TLS, TLS 1.0, TLS 1.2, TLS 1.3
Randomness
DRBG, RNG
Elliptic Curves
P-224, P-256, P-384, P-521
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM

Trusted Execution Environments
PSP, SSC

Security level
Level 1, level 1
Side-channel analysis
timing attacks

Standards
FIPS 1, FIPS 140-3, FIPS PUB 140-3, FIPS197, FIPS 186-4, FIPS198-1, FIPS180-4, FIPS186-4, FIPS140-3, PKCS#1, RFC5288, RFC8446, ISO/IEC 24759

File metadata

Title FIPS 140-3 Non-Proprietary Security Policy
Author gburlea
Creation date D:20230911190421+00'00'
Modification date D:20230911190421+00'00'
Pages 38
Creator Microsoft Word

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 06.11.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2023_011123_0711.pdf.
  • 01.11.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4631,
  "dgst": "b567edd38e178dac",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHA2-256A2200",
        "RSA KeyGen (FIPS186-4)A2200",
        "Counter DRBGA2194",
        "HMAC-SHA2-224A2200",
        "SHA2-512A2200",
        "SHA-1A2200",
        "AES-CMACA2194",
        "AES-CTRA2194",
        "RSA SigGen (FIPS186-4)A2200",
        "ECDSA KeyGen (FIPS186-4)A2200",
        "KDF TLSA2200",
        "KAS-ECC-SSC Sp800-56Ar3A2200",
        "HMAC-SHA-1A2200",
        "ECDSA KeyVer (FIPS186-4)A2200",
        "AES-CBCA2194",
        "SHA2-512/256A2200",
        "AES-GMACA2197",
        "ECDSA SigVer (FIPS186-4)A2200",
        "SHA2-224A2200",
        "SHA2-384A2200",
        "AES-CCMA2194",
        "AES-KWA2194",
        "ECDSA SigGen (FIPS186-4)A2200",
        "AES-GCMA2197",
        "HMAC-SHA2-256A2200",
        "HMAC-SHA2-384A2200",
        "AES-ECBA2197",
        "HMAC-SHA2-512A2200",
        "RSA SigVer (FIPS186-4)A2200",
        "AES-KWPA2194"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 5
          },
          "ECDH": {
            "ECDH": 2
          },
          "ECDSA": {
            "ECDSA": 15
          }
        },
        "FF": {
          "DH": {
            "Diffie-Hellman": 4
          },
          "DSA": {
            "DSA": 1
          }
        },
        "RSA": {
          "RSA 2048": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 5
        },
        "CCM": {
          "CCM": 4
        },
        "CFB": {
          "CFB": 2
        },
        "CTR": {
          "CTR": 3
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 13
        },
        "OFB": {
          "OFB": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "TLS": {
          "TLS": {
            "TLS": 25,
            "TLS 1.0": 1,
            "TLS 1.2": 4,
            "TLS 1.3": 5
          }
        }
      },
      "crypto_scheme": {
        "MAC": {
          "MAC": 4
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 12,
          "P-256": 16,
          "P-384": 12,
          "P-521": 12
        }
      },
      "eval_facility": {
        "atsec": {
          "atsec": 41
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES 256": 2,
          "AES key 128": 1,
          "AES-256": 1,
          "HMAC-SHA-1": 2,
          "PKCS#1": 2,
          "RSA 2048": 1,
          "SHA-1": 5,
          "SHA-3": 1,
          "SHA2- 256": 1,
          "SHA2-224": 5,
          "SHA2-256": 13,
          "SHA2-384": 6,
          "SHA2-512": 5,
          "SHA2-512 2048": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 1
        }
      },
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 3
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 5
          },
          "SHA3": {
            "SHA-3": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 17
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "timing attacks": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 1": 4,
          "FIPS 140-3": 47,
          "FIPS 186-4": 3,
          "FIPS PUB 140-3": 2,
          "FIPS140-3": 1,
          "FIPS180-4": 2,
          "FIPS186-4": 2,
          "FIPS197": 7,
          "FIPS198-1": 2
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "PKCS": {
          "PKCS#1": 1
        },
        "RFC": {
          "RFC5288": 1,
          "RFC8446": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 36,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 2
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 2
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 4,
            "HMAC": 10
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 1
        },
        "IBM": {
          "SSC": 3
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "gburlea",
      "/CreationDate": "D:20230911190421+00\u002700\u0027",
      "/Creator": "Microsoft Word",
      "/ModDate": "D:20230911190421+00\u002700\u0027",
      "/Title": "FIPS 140-3 Non-Proprietary Security Policy",
      "pdf_file_size_bytes": 614520,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://gcc.gnu.org/gcc-7/",
          "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "https://github.com/ninja-build/ninja/releases",
          "http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38G.pdf",
          "https://github.com/awslabs/aws-lc/archive/refs/tags/AWS-LC-FIPS-1.0.2.zip",
          "https://golang.org/dl/",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf",
          "http://www.ietf.org/rfc/rfc3447.txt",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
          "http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
          "http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
          "http://csrc.nist.gov/publications/drafts/800-90/sp800-90b_second_draft.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
          "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
          "https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
          "http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
          "http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 38
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "507c1c59d66616863357f07dba9f3321349dfab9941dfb801b587db209549504",
    "policy_txt_hash": "c0c2c89d9121ddfcd7e3a56196952e2ed51b6e26e685463fb11a35b390312f69"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in approved mode",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2023_011123_0711.pdf",
    "date_sunset": "2028-10-05",
    "description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It \u0456s based on code from the Google BoringSSL project and the OpenSSL project.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "AWS-LC Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "AWS-LC FIPS 1.0.2",
    "tested_conf": [
      "Amazon Linux 2  running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
      "Amazon Linux 2  running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA",
      "Amazon Linux 2 running Amazon EC2 c6g.metal with Graviton 2 processor with PAA",
      "Amazon Linux 2 running Amazon EC2 c6g.metal with Graviton 2 processor without PAA",
      "Ubuntu 20.04 running Amazon EC2 c6g.metal with Graviton 2 processor with PAA",
      "Ubuntu 20.04 running Amazon EC2 c6g.metal with Graviton 2 processor without PAA",
      "Ubuntu 20.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
      "Ubuntu 20.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-10-06",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Amazon Web Services Inc.",
    "vendor_url": "http://aws.amazon.com"
  }
}