Module Name
Cryptographic Module for Fognigma
Validation Dates
09/12/2018;10/05/2018
Caveat
When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy and operated in FIPS mode. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.
Security Level Exceptions
- Roles, Services, and Authentication: Level 2
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Cryptographic Module for Fognigma is a general purpose cryptographic module integrated in the Fognigma platform to provide FIPS 140-2 validated cryptography for the protection of sensitive information. This module provides the cryptographic services that are used by the Fognigma platform to generate its Virtual Private Network (VPN).
Tested Configuration(s)
- Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with PAA (gcc Compiler Version 4.9)
- Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without PAA (gcc Compiler Version 4.9)
- Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with PAA (gcc Compiler Version 4.9)
- Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without PAA (gcc Compiler Version 4.9)
- Debian 9 running on Intel Atom E3845 (x86) with PAA (gcc Compiler Version 6.3.0)
- Debian 9 running on Intel Atom E3845 (x86) without PAA (gcc Compiler Version 6.3.0)
- iOS 8.1 32-bit running on Apple A7 (ARMv8) with PAA (clang Compiler Version 600.0.56)
- iOS 8.1 32-bit running on Apple A7 (ARMv8) without PAA (clang Compiler Version 600.0.56)
- iOS 8.1 64-bit running on Apple A7 (ARMv8) with PAA (clang Compiler Version 600.0.56)
- iOS 8.1 64-bit running on Apple A7 (ARMv8) without PAA (clang Compiler Version 600.0.56)
- Linux 3.10 32-bit running on Intel Atom E3845 (x86) with PAA (gcc Compiler Version 4.8.1)
- Linux 3.10 32-bit running on Intel Atom E3845 (x86) without PAA (gcc Compiler Version 4.8.1)
- Linux 3.12 running on NXP T2080 (PPC) (gcc Compiler Version 4.9.2)
- Raspbian 9 (Stretch) running on ARMv7 with PAA (gcc Compiler Version 6.3.0)
- Raspbian 9 (Stretch) running on ARMv7 without PAA (gcc Compiler Version 6.3.0)
- Ubuntu 16.04 LTS (Xenial) running on Intel® Xeon® E5 (family) with PAA (gcc Compiler Version 5.4.0) (single-user mode)
- Ubuntu 16.04 LTS (Xenial) running on Intel® Xeon® E5 (family) without PAA (gcc Compiler Version 5.4.0)
FIPS Algorithms
| AES |
Certs. #3264, #3451, #3751, #4469 and #5687 |
| CVL |
Certs. #472, #534, #699, #1181 and #2078 |
| DRBG |
Certs. #723, #845, #1027, #1451 and #2301 |
| DSA |
Certs. #933, #970, #1040, #1195 and #1463 |
| ECDSA |
Certs. #620, #698, #801, #1091 and #1541 |
| HMAC |
Certs. #2063, #2197, #2452, #2966 and #3788 |
| RSA |
Certs. #1664, #1766, #1928, #2444 and #3060 |
| SHS |
Certs. #2702, #2847, #3121, #3681 and #4559 |
| Triple-DES |
Certs. #1853, #1942, #2086, #2399 and #2850 |
Allowed Algorithms
EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15 or 2.0.16
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
