Junos® OS Evolved Kernel Cryptographic Module

Certificate #4776

Webpage information ?

Status active
Validation dates 03.09.2024
Sunset date 02-09-2026
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When operated in the approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy with module Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 operating in the approved mode. The module generates random strings whose strengths are modified by available entropy.
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The Juniper Kernel Cryptographic Module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.
Tested configurations
  • Junos® OS Evolved version 22.4 running on Juniper Networks® Packet Transport Router Model PTX10001-36MR with Intel® Xeon® D-2163IT with PAA
  • Junos® OS Evolved version 22.4 running on Juniper Networks® Packet Transport Router Model PTX10001-36MR with Intel® Xeon® D-2163IT without PAA
Vendor Juniper Networks, Inc.
References

This certificate's webpage directly references 1 certificates, transitively this expands into 2 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-, CAST, HMAC, CMAC
Hash functions
SHA-1
Schemes
MAC
Randomness
DRBG, RNG, RBG
Libraries
OpenSSL
Block cipher modes
ECB, CBC, CTR, GCM, XTS

Security level
Level 1, level 1
Side-channel analysis
Fault Induction

Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 198-1, FIPS 180-4, SP 800-38A, SP 800-38B, SP 800-38E, SP 800-90A, SP 800-90B, PKCS#1

File metadata

Creation date D:20240829104637Z00'00'
Modification date D:20240829104637Z00'00'
Pages 46
Producer macOS Versione 13.4.1 (c) (Build 22F770820d) Quartz PDFContext

References

Outgoing
  • 4775 - active - Junos® OS Evolved OpenSSL Cryptographic Module
Incoming
  • 4775 - active - Junos® OS Evolved OpenSSL Cryptographic Module
  • 4820 - active - Junos® OS Evolved MACsec Cryptographic Library
  • 4878 - active - Juniper Express 4 MACsec Cryptographic Module

Heuristics ?

No heuristics are available for this certificate.

References ?

Updates ?

  • 18.11.2024 The certificate data changed.
    Certificate changed

    The computed heuristics were updated.

    • The policy_processed_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4878']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4878']}}} data.
    • The module_processed_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4878']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4878']}}} data.
  • 14.10.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf.
  • 08.10.2024 The certificate data changed.
    Certificate changed

    The computed heuristics were updated.

    • The policy_processed_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4820']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4820']}}} data.
    • The module_processed_references property was updated, with the {'directly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4820']}}, 'indirectly_referenced_by': {'__add__': {'_type': 'Set', 'elements': ['4820']}}} data.
  • 09.09.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4776,
  "dgst": "e408bd948222ee13",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "AES-XTS Testing Revision 2.0A3602",
        "HMAC-SHA2-512A3605",
        "SHA2-256A3605",
        "SHA2-384A3605",
        "SHA-1A3605",
        "AES-CBCA3602",
        "AES-CTRA3602",
        "Hash DRBGA3605",
        "HMAC-SHA2-384A3605",
        "HMAC DRBGA3605",
        "HMAC-SHA-1A3605",
        "HMAC-SHA2-256A3605",
        "Counter DRBGA3602",
        "SHA2-512A3605",
        "AES-ECBA3602",
        "HMAC-SHA2-224A3605",
        "SHA2-224A3605",
        "AES-CMACA3602"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4820",
          "4775",
          "4878"
        ]
      },
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4775"
        ]
      },
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4820",
          "4776",
          "4775",
          "4878"
        ]
      },
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4776",
          "4775"
        ]
      }
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": [
        "4775"
      ]
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4820",
          "4775",
          "4878"
        ]
      },
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "4775"
        ]
      },
      "indirectly_referenced_by": {
        "_type": "Set",
        "elements": [
          "4820",
          "4776",
          "4775",
          "4878"
        ]
      },
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "4776",
          "4775"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "4775"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 1
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 1
        },
        "GCM": {
          "GCM": 2
        },
        "XTS": {
          "XTS": 9
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 10
        }
      },
      "crypto_protocol": {},
      "crypto_scheme": {
        "MAC": {
          "MAC": 7
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "atsec": {
          "atsec": 2
        }
      },
      "fips_cert_id": {
        "Cert": {
          "#4775": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "HMAC- SHA-1": 4,
          "HMAC-SHA- 1": 12,
          "HMAC-SHA-1": 28,
          "PKCS#1": 4,
          "SHA-1": 29,
          "SHA2-224": 22,
          "SHA2-256": 45,
          "SHA2-384": 22,
          "SHA2-512": 28
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 29
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 102
        },
        "RNG": {
          "RBG": 2,
          "RNG": 1
        }
      },
      "side_channel_analysis": {
        "FI": {
          "Fault Induction": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 51,
          "FIPS 180-4": 21,
          "FIPS 198-1": 25,
          "FIPS PUB 140-3": 2
        },
        "NIST": {
          "SP 800-38A": 13,
          "SP 800-38B": 4,
          "SP 800-38E": 6,
          "SP 800-90A": 16,
          "SP 800-90B": 2
        },
        "PKCS": {
          "PKCS#1": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 25,
            "AES-": 2
          },
          "CAST": {
            "CAST": 167
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 3,
            "HMAC": 49
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20240829104637Z00\u002700\u0027",
      "/ModDate": "D:20240829104637Z00\u002700\u0027",
      "/Producer": "macOS Versione 13.4.1 (c) (Build 22F770820d) Quartz PDFContext",
      "pdf_file_size_bytes": 785462,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf",
          "https://www.ietf.org/rfc/rfc3447.txt",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
          "http://www.atsec.com/",
          "https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
          "https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
          "http://www.juniper.net/",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 46
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "b977fcc787657ee671139f88db4706a76b9c5dccdc2b339dfad4f3ea2b6737d3",
    "policy_txt_hash": "f964170d40ebf753ac94092902ad293c26a4a55caf81cb3cbbcb44384f28ee19"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in the approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy with module Junos\u00ae OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 operating in the approved mode. The module generates random strings whose strengths are modified by available entropy.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
    "date_sunset": "2026-09-02",
    "description": "The Juniper Kernel Cryptographic Module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {
      "4775": 1
    },
    "module_name": "Junos\u00ae OS Evolved Kernel Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "2.0",
    "tested_conf": [
      "Junos\u00ae OS Evolved version 22.4 running on Juniper Networks\u00ae Packet Transport Router Model PTX10001-36MR with Intel\u00ae Xeon\u00ae D-2163IT with PAA",
      "Junos\u00ae OS Evolved version 22.4 running on Juniper Networks\u00ae Packet Transport Router Model PTX10001-36MR with Intel\u00ae Xeon\u00ae D-2163IT without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-09-03",
        "lab": "ATSEC INFORMATION SECURITY CORP",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Juniper Networks, Inc.",
    "vendor_url": "http://www.juniper.net"
  }
}