This page was not yet optimized for use on mobile
devices.
Amazon Linux 2023 Kernel Cryptographic API
Known vulnerabilities detected
Our automated heuristics have identified vulnerabilities that may be associated with this certificate. See the CVEs section for details.Certificate #4808
Webpage information
Security policy
Symmetric Algorithms
AES, AES-128, AES-192, AES-256, CAST, HMAC, HMAC-SHA-512, HMAC-SHA-384, HMAC-SHA-224, HMAC-SHA-256, CMACAsymmetric Algorithms
ECDH, ECDSA, Diffie-Hellman, DHHash functions
SHA-1, SHA-256, SHA-512, SHA-224, SHA-384, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-3, PBKDF2Schemes
MAC, Key AgreementProtocols
IKEv2, IPsecRandomness
DRBG, RNG, RBGElliptic Curves
P-256, P-384Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSTrusted Execution Environments
PSP, SSCSecurity level
Level 1Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS 186-5, SP 800-38A, SP 800-38C, SP 800-38B, SP 800-38D, SP 800-38F, SP 800-38E, SP 800-90A, SP 800-90B, PKCS#1, RFC 4106, RFC 7296, ISO/IEC 24759File metadata
| Title | FIPS 140-3 Non-Proprietary Security Policy |
|---|---|
| Author | Grigori Burlea |
| Creation date | D:20240920085415+00'00' |
| Modification date | D:20240920085415+00'00' |
| Pages | 36 |
| Creator | Microsoft Word |
Heuristics
Automated inference - use with caution
All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.CPE matches
- cpe:2.3:o:amazon:amazon_linux:2023.0:*:*:*:*:*:*:*
- cpe:2.3:o:amazon:amazon_linux:2023.1:*:*:*:*:*:*:*
- cpe:2.3:o:amazon:amazon_linux:2023.2:*:*:*:*:*:*:*
- cpe:2.3:o:amazon:amazon_linux:2023.3:*:*:*:*:*:*:*
- cpe:2.3:o:amazon:amazon_linux:2023.4:*:*:*:*:*:*:*
- cpe:2.3:o:amazon:amazon_linux:2023.5:*:*:*:*:*:*:*
- cpe:2.3:o:amazon:amazon_linux:2023.6:*:*:*:*:*:*:*
- cpe:2.3:o:amazon:amazon_linux:2023.7:*:*:*:*:*:*:*
- cpe:2.3:o:amazon:amazon_linux:2023.8:*:*:*:*:*:*:*
Related CVEs
| ID | Links | Severity | CVSS Score | Published on | ||
|---|---|---|---|---|---|---|
| Base | Exploitability | Impact | ||||
| CVE-2024-6387 | HIGH | 8.1 | 5.9 | 01.07.2024 | ||
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4808,
"dgst": "e919459e6234a3df",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES-CMACA4566",
"HMAC-SHA3-512A4557",
"SHA2-512A4571",
"AES-CCMA4566",
"HMAC-SHA3-256A4557",
"AES-GMACA4566",
"SHA3-224A4557",
"AES-XTS Testing Revision 2.0A4566",
"SHA3-512A4557",
"AES-ECBA4568",
"HMAC-SHA2-224A4571",
"SHA3-256A4557",
"KAS-ECC-SSC Sp800-56Ar3A4551",
"Counter DRBGA4568",
"HMAC-SHA3-384A4557",
"KAS-FFC-SSC Sp800-56Ar3A4551",
"AES-CBCA4566",
"HMAC DRBGA4571",
"Hash DRBGA4571",
"SHA2-256A4571",
"SHA-1A4571",
"AES-GCMA4568",
"SHA2-384A4571",
"ECDSA KeyGen (FIPS186-4)A4551",
"AES-CTRA4566",
"HMAC-SHA-1A4571",
"SHA3-384A4557",
"RSA SigVer (FIPS186-4)A4571",
"HMAC-SHA2-256A4571",
"AES-CBC-CS3A4566",
"HMAC-SHA3-224A4557",
"Safe Primes Key GenerationA4551",
"HMAC-SHA2-384A4571",
"AES-CFB128A4566",
"AES-OFBA4566",
"HMAC-SHA2-512A4571",
"SHA2-224A4571",
"AES-KWA4566"
]
},
"cpe_matches": {
"_type": "Set",
"elements": [
"cpe:2.3:o:amazon:amazon_linux:2023.0:*:*:*:*:*:*:*",
"cpe:2.3:o:amazon:amazon_linux:2023.5:*:*:*:*:*:*:*",
"cpe:2.3:o:amazon:amazon_linux:2023.4:*:*:*:*:*:*:*",
"cpe:2.3:o:amazon:amazon_linux:2023.3:*:*:*:*:*:*:*",
"cpe:2.3:o:amazon:amazon_linux:2023.6:*:*:*:*:*:*:*",
"cpe:2.3:o:amazon:amazon_linux:2023.1:*:*:*:*:*:*:*",
"cpe:2.3:o:amazon:amazon_linux:2023.7:*:*:*:*:*:*:*",
"cpe:2.3:o:amazon:amazon_linux:2023.8:*:*:*:*:*:*:*",
"cpe:2.3:o:amazon:amazon_linux:2023.2:*:*:*:*:*:*:*"
]
},
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"2023"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": {
"_type": "Set",
"elements": [
"CVE-2024-6387"
]
},
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 4
},
"ECDSA": {
"ECDSA": 2
}
},
"FF": {
"DH": {
"DH": 23,
"Diffie-Hellman": 11
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 5
},
"CCM": {
"CCM": 4
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 4
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 18
},
"OFB": {
"OFB": 2
},
"XTS": {
"XTS": 9
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKEv2": 1
},
"IPsec": {
"IPsec": 7
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1
},
"MAC": {
"MAC": 7
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 14,
"P-384": 14
}
},
"eval_facility": {
"atsec": {
"atsec": 38
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES-128": 3,
"AES-192": 2,
"AES-256": 2,
"HMAC- SHA-224": 1,
"HMAC- SHA-256": 2,
"HMAC-SHA- 256": 2,
"HMAC-SHA- 384": 4,
"HMAC-SHA- 512": 4,
"HMAC-SHA-1": 8,
"HMAC-SHA-224": 2,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 4,
"HMAC-SHA-512": 16,
"PKCS#1": 18,
"SHA- 512": 1,
"SHA-1": 10,
"SHA-224": 6,
"SHA-256": 14,
"SHA-3": 2,
"SHA-384": 4,
"SHA-512": 11,
"SHA3-224": 2,
"SHA3-256": 5,
"SHA3-384": 3,
"SHA3-512": 4
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"PBKDF": {
"PBKDF2": 3
},
"SHA": {
"SHA1": {
"SHA-1": 10
},
"SHA2": {
"SHA-224": 6,
"SHA-256": 14,
"SHA-384": 4,
"SHA-512": 11
},
"SHA3": {
"SHA-3": 2,
"SHA3-224": 4,
"SHA3-256": 5,
"SHA3-384": 3,
"SHA3-512": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 18
},
"RNG": {
"RBG": 2,
"RNG": 2
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 49,
"FIPS 180-4": 2,
"FIPS 186-4": 8,
"FIPS 186-5": 2,
"FIPS 197": 13,
"FIPS 198-1": 7,
"FIPS 202": 2,
"FIPS PUB 140-3": 2
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-38A": 10,
"SP 800-38B": 2,
"SP 800-38C": 3,
"SP 800-38D": 5,
"SP 800-38E": 3,
"SP 800-38F": 3,
"SP 800-90A": 1,
"SP 800-90B": 1
},
"PKCS": {
"PKCS#1": 9
},
"RFC": {
"RFC 4106": 3,
"RFC 7296": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 41,
"AES-128": 3,
"AES-192": 2,
"AES-256": 2
},
"CAST": {
"CAST": 3
}
},
"constructions": {
"MAC": {
"CMAC": 3,
"HMAC": 20,
"HMAC-SHA-224": 1,
"HMAC-SHA-256": 1,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 8
}
}
},
"tee_name": {
"AMD": {
"PSP": 2
},
"IBM": {
"SSC": 1
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Grigori Burlea",
"/CreationDate": "D:20240920085415+00\u002700\u0027",
"/Creator": "Microsoft Word",
"/ModDate": "D:20240920085415+00\u002700\u0027",
"/Title": "FIPS 140-3 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 635327,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37163",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17142",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17135",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17140",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17149",
"https://datatracker.ietf.org/doc/html/rfc4106",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37180",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/105",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17151",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17141",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17144",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17150",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17155",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17147",
"http://www.atsec.com/",
"https://docs.aws.amazon.com/linux/al2023/ug/fips-mode.html",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17138",
"https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
"https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17145",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17152",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17143",
"https://www.ietf.org/rfc/rfc3447.txt",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Br1.pdf",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17136",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17139",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17153",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17148",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=17146",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37179",
"https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/entropy/E105_PublicUse.pdf",
"https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 36
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "a88820fbf273585ffa65f329e0366ba6f6c98f98b84ca56d35a85489337b0270",
"policy_txt_hash": "202ba4e9a9f4657c9156b0b35d9af5870071cfc2b52460c7d0c25248a9f7a431"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy.",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
"date_sunset": "2029-09-22",
"description": "The Amazon Linux 2023 Kernel Cryptographic API provides cryptographic services to Linux kernel space software components and user space via the AF_ALG interface.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Amazon Linux 2023 Kernel Cryptographic API",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "kernel 6.1.41-64.118.amzn2023, 6.1.41-64.118.fips.amzn2023; libkcapi 1.4.0-105.amzn2023",
"tested_conf": [
"Amazon Linux 2023 on EC2 c6i.metal running on Intel Xeon Platinum 8375C with PAA",
"Amazon Linux 2023 on EC2 c6i.metal running on Intel Xeon Platinum 8375C without PAA",
"Amazon Linux 2023 on EC2 c7g.metal running on AWS Graviton3 with PAA",
"Amazon Linux 2023 on EC2 c7g.metal running on AWS Graviton3 without PAA",
"SnowOS 1.0 on AWS Snowball running on AMD EPYC 7702 with PAA",
"SnowOS 1.0 on AWS Snowball running on AMD EPYC 7702 without PAA",
"SnowOS 1.0 on AWS Snowblade running on Intel Xeon Gold 6314U with PAA",
"SnowOS 1.0 on AWS Snowblade running on Intel Xeon Gold 6314U without PAA",
"SnowOS 1.0 on AWS Snowcone running on Intel Atom C3558 with PAA",
"SnowOS 1.0 on AWS Snowcone running on Intel Atom C3558 without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-09-23",
"lab": "atsec information security corporation",
"validation_type": "Initial"
}
],
"vendor": "Amazon Web Services, Inc.",
"vendor_url": "http://www.amazon.com"
}
}