AWS-LC Cryptographic Module (dynamic)

Certificate #4759

Webpage information

Status active
Validation dates 14.08.2024
Sunset date 13-08-2029
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
Description AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
Tested configurations
  • Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor with PAA
  • Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor without PAA
  • Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA
  • Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA
  • Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor with PAA
  • Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor without PAA
  • Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA
  • Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA
  • Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor with PAA
  • Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor without PAA
  • Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA
  • Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA
Vendor Amazon Web Services Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-128, AES-192, AES-, AES-256, CAST, HMAC, CMAC
Asymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-Hellman
Hash functions
SHA-1, SHA-256, SHA-3, MD4, MD5, RIPEMD-160, PBKDF2, PBKDF
Schemes
MAC
Protocols
SSH, TLS, TLS 1.2, TLS 1.3, TLS 1.0
Randomness
DRBG, RNG
Elliptic Curves
P-224, P-256, P-384, P-521, secp256k1
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS

Trusted Execution Environments
PSP, SSC

Security level
Level 1
Side-channel analysis
timing attacks

Standards
FIPS 2, FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 186-5, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS140-3, FIPS180-4, FIPS186-4, FIPS186-5, FIPS197, FIPS198-1, SP 800-132, SP 800-38A, SP 800-38E, SP 800-38F, SP 800-38C, SP 800-38D, PKCS#1, RFC 7627, RFC5288, RFC8446, RFC 4253, RFC 6668, RFC 5288, ISO/IEC 24759

File metadata

Title FIPS 140-3 Non-Proprietary Security Policy
Author gburlea
Creation date D:20240813165130+00'00'
Modification date D:20240813165130+00'00'
Pages 44
Creator Microsoft Word

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4759,
  "dgst": "e0a19cbdac9fda12",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "RSA SigVer (FIPS186-5)A4508",
        "HMAC-SHA2-224A4508",
        "RSA SigGen (FIPS186-5)A4508",
        "SHA2-256A4508",
        "SHA2-384A4508",
        "PBKDFA4508",
        "AES-KWA4501",
        "KAS-ECC-SSC Sp800-56Ar3A4508",
        "KDF SSHA4508",
        "ECDSA KeyGen (FIPS186-5)A4508",
        "RSA SigVer (FIPS186-4)A4507",
        "ECDSA SigGen (FIPS186-5)A4508",
        "SHA2-512/256A4508",
        "AES-CTRA4501",
        "HMAC-SHA2-512/256A4508",
        "Counter DRBGA4501",
        "ECDSA SigVer (FIPS186-4)A4508",
        "SHA2-512A4508",
        "SHA2-224A4508",
        "HMAC-SHA2-256A4508",
        "AES-XTS Testing Revision 2.0A4501",
        "AES-KWPA4501",
        "HMAC-SHA2-384A4508",
        "HMAC-SHA2-512A4508",
        "KDA HKDF Sp800-56Cr1A4508",
        "ECDSA KeyVer (FIPS186-5)A4508",
        "AES-GMACA4504",
        "KDF TLSA4508",
        "AES-CBCA4501",
        "AES-ECBA4504",
        "AES-GCMA4504",
        "SHA-1A4508",
        "AES-CCMA4501",
        "ECDSA SigVer (FIPS186-5)A4508",
        "HMAC-SHA-1A4508",
        "AES-CMACA4501",
        "RSA KeyGen (FIPS186-5)A4508"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDH": {
            "ECDH": 2
          },
          "ECDSA": {
            "ECDSA": 20
          }
        },
        "FF": {
          "DH": {
            "Diffie-Hellman": 1
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 4
        },
        "CCM": {
          "CCM": 5
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 3
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 17
        },
        "OFB": {
          "OFB": 2
        },
        "XTS": {
          "XTS": 10
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "SSH": {
          "SSH": 13
        },
        "TLS": {
          "TLS": {
            "TLS": 52,
            "TLS 1.0": 1,
            "TLS 1.2": 10,
            "TLS 1.3": 6
          }
        }
      },
      "crypto_scheme": {
        "MAC": {
          "MAC": 7
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 18,
          "P-256": 28,
          "P-384": 14,
          "P-521": 20,
          "secp256k1": 4
        }
      },
      "eval_facility": {
        "atsec": {
          "atsec": 47
        }
      },
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES 256": 2,
          "AES- 256": 1,
          "AES-128": 2,
          "AES-192": 2,
          "AES-256": 2,
          "HMAC- SHA-256": 1,
          "HMAC-SHA-1": 8,
          "HMAC-SHA-3": 2,
          "HMAC-SHA1": 2,
          "PKCS#1": 10,
          "SHA-1": 16,
          "SHA-1 and 1024": 1,
          "SHA-256": 1,
          "SHA-3": 4,
          "SHA2- 224": 4,
          "SHA2- 256": 2,
          "SHA2- 384": 1,
          "SHA2-224": 8,
          "SHA2-256": 25,
          "SHA2-384": 12,
          "SHA2-512": 17
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2
        }
      },
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 4
          }
        },
        "PBKDF": {
          "PBKDF": 9,
          "PBKDF2": 8
        },
        "RIPEMD": {
          "RIPEMD-160": 3
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 17
          },
          "SHA2": {
            "SHA-256": 1
          },
          "SHA3": {
            "SHA-3": 4
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 22
        },
        "RNG": {
          "RNG": 3
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "timing attacks": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 51,
          "FIPS 180-4": 1,
          "FIPS 186-4": 6,
          "FIPS 186-5": 15,
          "FIPS 197": 10,
          "FIPS 198-1": 1,
          "FIPS 2": 7,
          "FIPS PUB 140-3": 2,
          "FIPS140-3": 1,
          "FIPS180-4": 1,
          "FIPS186-4": 1,
          "FIPS186-5": 1,
          "FIPS197": 1,
          "FIPS198-1": 1
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-132": 6,
          "SP 800-38A": 2,
          "SP 800-38C": 2,
          "SP 800-38D": 1,
          "SP 800-38E": 1,
          "SP 800-38F": 2
        },
        "PKCS": {
          "PKCS#1": 5
        },
        "RFC": {
          "RFC 4253": 1,
          "RFC 5288": 1,
          "RFC 6668": 1,
          "RFC 7627": 5,
          "RFC5288": 1,
          "RFC8446": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 45,
            "AES-": 4,
            "AES-128": 2,
            "AES-192": 2,
            "AES-256": 2
          },
          "CAST": {
            "CAST": 12
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 3,
            "HMAC": 14
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 6
        },
        "IBM": {
          "SSC": 2
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "gburlea",
      "/CreationDate": "D:20240813165130+00\u002700\u0027",
      "/Creator": "Microsoft Word",
      "/ModDate": "D:20240813165130+00\u002700\u0027",
      "/Title": "FIPS 140-3 Non-Proprietary Security Policy",
      "pdf_file_size_bytes": 639803,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
          "http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
          "http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
          "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
          "http://www.ietf.org/rfc/rfc3447.txt",
          "http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
          "http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
          "http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf",
          "http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
          "http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 44
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "c10681ea2c33c7284deb4e69c6387c56adaf2cfb03bfcabf7ab6ebff9f8b7c0c",
    "policy_txt_hash": "c2204879060635a9668e2612224724108fded69aaf046081db72c13964fd8ee8"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
    "date_sunset": "2029-08-13",
    "description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It \u0456s based on code from the Google BoringSSL project and the OpenSSL project.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "AWS-LC Cryptographic Module (dynamic)",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "AWS-LC FIPS 2.0.0",
    "tested_conf": [
      "Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
      "Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
      "Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
      "Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA",
      "Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
      "Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
      "Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
      "Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA",
      "Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
      "Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
      "Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
      "Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-08-14",
        "lab": "atsec information security corporation",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Amazon Web Services Inc.",
    "vendor_url": "http://aws.amazon.com"
  }
}