Linux Kernel FIPS Object Module (KFOM) Cryptographic Module

Certificate #4744

Webpage information ?

Status active
Validation dates 29.07.2024
Sunset date 28-07-2029
Standard FIPS 140-3
Security level 1
Type Firmware-Hybrid
Embodiment Multi-Chip Stand Alone
Caveat No assurance of the minimum strength of generated SSPs (e.g., keys). No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.
Exceptions
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The Cisco Linux Kernel FIPS Object Module (KFOM) is a firmware hybrid cryptographic library that serves the operating system kernel. It does not implement any security protocols, instead only allowing for Linux kernel applications access to using approved algorithms.
Version (Hardware) ARMv8 Cortex-A53, Intel Xeon Gold 6138
Version (Firmware) 1.0
Tested configurations
  • Linux 4.9 running on Cisco Meraki MX68CW with ARMv8 Cortex-A53 with PAA
  • Ubuntu 18.04 running on Cisco UCS C220 M5 with Intel Xeon Gold 6138 (Skylake) with PAA
Vendor Cisco Systems, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-128, AES-, AES-256, CAST, HMAC, CMAC
Hash functions
SHA-1
Schemes
MAC
Randomness
DRBG
Block cipher modes
ECB, CBC, CTR, GCM, CCM, XTS

Vendor
Cisco Systems, Inc, Cisco Systems, Cisco

Security level
Level 1, level 1

Standards
FIPS 140-3, FIPS 197, FIPS 180-4, SP 800-140, ISO/IEC 19790, ISO/IEC 24759

File metadata

Title CISCO 831 Security Policy
Subject FIPS 140-2 Security Policy
Author Scott Shorter
Creation date D:20240628170418-04'00'
Modification date D:20240628170431-04'00'
Pages 20
Creator Acrobat PDFMaker 24 for Word
Producer Adobe PDF Library 24.2.121

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 12.08.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf.
  • 03.08.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4744,
  "dgst": "fdba794336e0776e",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "Hash DRBGA1185",
        "HMAC-SHA2-384A1185",
        "SHA2-224A1185",
        "AES-CCMA1185",
        "SHA2-256A1185",
        "SHA2-384A1185",
        "AES-CTRA1185",
        "AES-CBC-CS3A1185",
        "SHA-1A1185",
        "Counter DRBGA1185",
        "AES-GCMA1185",
        "HMAC-SHA2-224A1185",
        "HMAC-SHA2-512A1185",
        "HMAC DRBGA1185",
        "AES-CBCA1185",
        "HMAC-SHA-1A1185",
        "AES-GMACA1185",
        "AES-CMACA1185",
        "SHA2-512A1185",
        "AES-XTSA1185",
        "HMAC-SHA2-256A1185",
        "AES-ECBA1185"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 12
        },
        "CCM": {
          "CCM": 10
        },
        "CTR": {
          "CTR": 14
        },
        "ECB": {
          "ECB": 10
        },
        "GCM": {
          "GCM": 19
        },
        "XTS": {
          "XTS": 11
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {
        "MAC": {
          "MAC": 3
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#3": 2
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES- 192": 1,
          "AES-128": 1,
          "AES-256": 1,
          "HMAC SHA-1": 2,
          "HMAC-SHA-1": 6,
          "PAA 2": 1,
          "SHA-1": 9,
          "SHA2-224": 2,
          "SHA2-256": 4,
          "SHA2-384": 4,
          "SHA2-512": 7
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 2
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 9
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 61
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 9,
          "FIPS 180-4": 1,
          "FIPS 197": 6
        },
        "ISO": {
          "ISO/IEC 19790": 6,
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-140": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 65,
            "AES-": 1,
            "AES-128": 1,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 4,
            "HMAC": 17
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Cisco": {
          "Cisco": 3,
          "Cisco Systems": 1,
          "Cisco Systems, Inc": 22
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Scott Shorter",
      "/Category": "FIPS 140-2 Submission Documentation",
      "/Comments": "",
      "/Company": "Orion Security Solutions",
      "/CreationDate": "D:20240628170418-04\u002700\u0027",
      "/Creator": "Acrobat PDFMaker 24 for Word",
      "/Keywords": "",
      "/ModDate": "D:20240628170431-04\u002700\u0027",
      "/Producer": "Adobe PDF Library 24.2.121",
      "/SourceModified": "D:20240628210405",
      "/Subject": "FIPS 140-2 Security Policy",
      "/Title": "CISCO 831 Security Policy",
      "pdf_file_size_bytes": 631367,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 20
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "40076fd0402fe7e9493eb5f219b781e1a64eb94478428125fbf8d93f6e14eef7",
    "policy_txt_hash": "f3823f78e10efee495dee577a4f78b433173be6e627405c153602c55e3b5fc90"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf",
    "date_sunset": "2029-07-28",
    "description": "The Cisco Linux Kernel FIPS Object Module (KFOM) is a firmware hybrid cryptographic library that serves the operating system kernel. It does not implement any security protocols, instead only allowing for Linux kernel applications access to using approved algorithms.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": "1.0",
    "historical_reason": null,
    "hw_versions": "ARMv8 Cortex-A53, Intel Xeon Gold 6138",
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Linux Kernel FIPS Object Module (KFOM) Cryptographic Module",
    "module_type": "Firmware-Hybrid",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "Linux 4.9 running on Cisco Meraki MX68CW with ARMv8 Cortex-A53 with PAA",
      "Ubuntu 18.04 running on Cisco UCS C220 M5 with Intel Xeon Gold 6138 (Skylake) with PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-07-29",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Cisco Systems, Inc.",
    "vendor_url": "https://www.cisco.com"
  }
}