Module Name
AgileSec FIPS Module
Validation Dates
02/06/2019
Caveat
When operated in FIPS mode and the module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
AgileSec FIPS Module is a component of AgileSec SDK. It provides secure and optimized implementations of FIPS 140-2 approved cryptographic algorithms. The design of AgileSec SDK uses plug-and-play cryptographic providers, which are sets of cryptographic algorithms implemented to support various international or custom cryptographic standards.
Tested Configuration(s)
- Android 8.1.0 on Qualcomm Snapdragon 800 @ 2.26GHz processor running on Nexus 5X with PAA
- Android 8.1.0 on Qualcomm Snapdragon 800 @ 2.26GHz processor running on Nexus 5X without PAA
- FreeBSD 11.1-RELEASE-p1 on Vmware ESX 6.5.0 on Intel Xeon CPU ES-2630 v3 @ 2.4GHz processor running on Dell PowerEdge R730xd with PAA
- FreeBSD 11.1-RELEASE-p1 on Vmware ESX 6.5.0 on Intel Xeon CPU ES-2630 v3 @ 2.4GHz processor running on Dell PowerEdge R730xd without PAA
- Linux colibri imx6 4.1.41-2.7.3+g82f0f4f on ARMv7 processor running on Radio module Texas Instruments WL1837MOD (single-user mode)
- OSX 10.12 on Intel Core i5 CPU @ 1.4GHz processor running on Apple Mac mini with PAA
- OSX 10.12 on Intel Core i5 CPU @ 1.4GHz processor running on Apple Mac mini without PAA
- Ubuntu 18.04 on Vmware ESXi 6.5.0 on Intel Xeon CPU ES-2630 v3 @ 2.4GHz processor running on Dell PowerEdge R730xd with PAA
- Ubuntu 18.04 on Vmware ESXi 6.5.0 on Intel Xeon CPU ES-2630 v3 @ 2.4GHz processor running on Dell PowerEdge R730xd without PAA
- Windows Server 2012 R2 Standard on Vmware ESXi 6.5.0 on Intel Xeon CPU ES-2630 v3 @ 2.4GHz processor running on Dell PowerEdge R730xd with PAA
- Windows Server 2012 R2 Standard on Vmware ESXi 6.5.0 on Intel Xeon CPU ES-2630 v3 @ 2.4GHz processor running on Dell PowerEdge R730xd without PAA
FIPS Algorithms
AES |
Cert. #5534 |
CKG |
vendor affirmed |
CVL |
Cert. #1977 |
DRBG |
Cert. #2192 |
DSA |
Cert. #1419 |
ECDSA |
Cert. #1489 |
HMAC |
Cert. #3686 |
KAS |
Cert. #189 |
KTS |
AES Cert. #5534, key wrapping; key establishment methodology
provides between 128 and 256 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Cert. #2968 |
SHA-3 |
Cert. #50 |
SHS |
Cert. #4441 |
Triple-DES |
Cert. #2787 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1977, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1977, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG