| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 3/16/2030 |
| Caveat | When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys) |
| Vendor | Dynatrace LLC |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A3358 |
| AES-CCM | A3358 |
| AES-CFB1 | A3358 |
| AES-CFB128 | A3358 |
| AES-CFB8 | A3358 |
| AES-CMAC | A3358 |
| AES-CTR | A3358 |
| AES-ECB | A3358 |
| AES-GCM | A3358 |
| AES-GMAC | A3358 |
| AES-KW | A3358 |
| AES-KWP | A3358 |
| AES-OFB | A3358 |
| Counter DRBG | A3358 |
| DSA KeyGen (FIPS186-4) | A3358 |
| DSA PQGGen (FIPS186-4) | A3358 |
| DSA PQGVer (FIPS186-4) | A3358 |
| DSA SigGen (FIPS186-4) | A3358 |
| DSA SigVer (FIPS186-4) | A3358 |
| ECDSA KeyGen (FIPS186-4) | A3358 |
| ECDSA KeyVer (FIPS186-4) | A3358 |
| ECDSA SigGen (FIPS186-4) | A3358 |
| ECDSA SigVer (FIPS186-4) | A3358 |
| HMAC-SHA-1 | A3358 |
| HMAC-SHA2-224 | A3358 |
| HMAC-SHA2-256 | A3358 |
| HMAC-SHA2-384 | A3358 |
| HMAC-SHA2-512 | A3358 |
| KAS-ECC-SSC Sp800-56Ar3 | A3358 |
| KAS-FFC-SSC Sp800-56Ar3 | A3358 |
| KDF TLS | A3358 |
| RSA KeyGen (FIPS186-4) | A3358 |
| RSA SigGen (FIPS186-4) | A3358 |
| RSA SigGen (FIPS186-4) | A3358 |
| RSA SigGen (FIPS186-4) | A3358 |
| RSA SigVer (FIPS186-4) | A3358 |
| RSA SigVer (FIPS186-4) | A3358 |
| RSA SigVer (FIPS186-4) | A3358 |
| SHA-1 | A3358 |
| SHA2-224 | A3358 |
| SHA2-256 | A3358 |
| SHA2-384 | A3358 |
| SHA2-512 | A3358 |
| TLS v1.3 KDF | A3359 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Physical Security | N/A |
| Non-Invasive Security | N/A |
| Sensitive Security Parameter Management | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Dynatrace Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C3,C5,C6 clue;
class I3,I5,I6 infer;
class R3,R5,R6 risk;
class E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Dynatrace Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C3 clueHigh;
class C5,C6 clueLow;Dynatrace LLC Dynatrace Cryptographic Module Software Version: 1.1 FIPS Security Level: 1 Document Version: 0.9 Prepared for: Prepared by: Dynatrace LLC
Waltham, MA 02451 United States of America Corsec Security, Inc.
Fairfax, VA 22033 United States of America Phone: +1 781 530 1000 www.dynatrace.com Phone: +1 703 267 6050 www.corsec.com
February 6, 2025 Abstract This is a non-proprietary Cryptographic Module Security Policy for the Dynatrace Cryptographic Module (software version: 1.1) from Dynatrace LLC (Dynatrace). This Security Policy describes how the Dynatrace Cryptographic Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). This document also describes how to run the module in a secure Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Dynatrace Cryptographic Module is referred to in this document as Dynatrace Cryptographic Module or the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:
February 6, 2025 Table of Contents 1. 2. 2.1 2.2 2.3 2.4 3. 4. 4.1 4.2 4.3 5. 6. 7. 8. 9. 9.1 9.2 9.3 9.4 9.5 Appendix A. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
Appendix B. February 6, 2025 Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 List of Tables List of Figures Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 1 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | 1 |
| 7 | 7 | Physical Security | N/A |
| 8 | 8 | Non-Invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-Cycle Assurance | 1 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
| provides software intelligence to simplify cloud complexity and accelerate digital | |
|---|---|
| transformation. With automatic and intelligent observability at scale, their all-in-one platform delivers precise | |
| answers about the performance and security of applications, the underlying infrastructure, and the experience of | |
| all users to enable organizations to innovate faster, collaborate more efficiently, and deliver more value with | |
| dramatically less effort. |
1. February 6, 2025 underlying infrastructure, and end user experiences. Dynatrace consists of OneAgent, ActiveGate, and Cluster software components. Dynatrace OneAgent software is installed on hosts to automatically discover and collect monitoring data from an information technology environment. Important metrics can be forwarded to a Dynatrace Cluster either directly or via a Dynatrace ActiveGate. The Dynatrace Cryptographic Module 1.1 is a cryptographic library embedded in Dynatrace’s OneAgent and ActiveGate application software. The Dynatrace Cryptographic Module v1.1 supplies the cryptographic functionality for encryption and decryption, digital signature functions, hashing, message authentication, key establishment, and random number generation in support of general data protection functionality and secure communications protocols, including TLS1 1.2/1.3. The Dynatrace Cryptographic Module is validated at the FIPS 140-3 section levels shown in Table 1. [Number Below] N/A N/A N/A
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # |
|---|---|---|---|---|---|
| 1 | Red Hat Enterprise Linux 8.2 | Dell PowerEdge R440 | Intel® Xeon Silver 4214R | With PAA | 1 |
| 2 | Red Hat Enterprise Linux 8.2 | Dell PowerEdge R440 | Intel® Xeon Silver 4214R | Without PAA | 2 |
| 1 | Alpine Linux (musl libc) for containers 3.4-3.13 | x86-64 | 1 | ||
| 2 | Amazon Linux 2 | ARM64 (AArch64), x86-64 | 2 | ||
| 3 | Amazon Linux AMI 2014.03 - 2018.03 | x86-64 | 3 | ||
| 4 | Bottlerocket 1.x | x86-64 | 4 | ||
| 5 | CentOS 7.x, 8.x | ARM64 (AArch64), x86-64, ppc64le | 5 | ||
| 6 | CentOS Stream 8 | ARM64 (AArch64), ppc64le, x86-64 | 6 | ||
| 7 | Debian 8, 9, 10 | x86-64 | 7 | ||
| 8 | EulerOS 2,3, 2.5, 2.8 | x86-64 | 8 | ||
| 9 | EulerOS 2.8 | ARM64 (AArch64) | 9 | ||
| 10 | Fedora 32-24 | x86-64 | 10 | ||
| 11 | Google Container-Optimized OS 81 LTS, 85 LTS, 89 LTS | x86-64 | 11 | ||
| 12 | openSUSE 15.2, 15.3 | ppc64le, x86-64 | 12 |
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # |
|---|---|---|---|---|---|
| 1 | Red Hat Enterprise Linux 8.2 | Dell PowerEdge R440 | Intel® Xeon Silver 4214R | With PAA | 1 |
| 2 | Red Hat Enterprise Linux 8.2 | Dell PowerEdge R440 | Intel® Xeon Silver 4214R | Without PAA | 2 |
| 1 | Alpine Linux (musl libc) for containers 3.4-3.13 | x86-64 | 1 | ||
| 2 | Amazon Linux 2 | ARM64 (AArch64), x86-64 | 2 | ||
| 3 | Amazon Linux AMI 2014.03 - 2018.03 | x86-64 | 3 | ||
| 4 | Bottlerocket 1.x | x86-64 | 4 | ||
| 5 | CentOS 7.x, 8.x | ARM64 (AArch64), x86-64, ppc64le | 5 | ||
| 6 | CentOS Stream 8 | ARM64 (AArch64), ppc64le, x86-64 | 6 | ||
| 7 | Debian 8, 9, 10 | x86-64 | 7 | ||
| 8 | EulerOS 2,3, 2.5, 2.8 | x86-64 | 8 | ||
| 9 | EulerOS 2.8 | ARM64 (AArch64) | 9 | ||
| 10 | Fedora 32-24 | x86-64 | 10 | ||
| 11 | Google Container-Optimized OS 81 LTS, 85 LTS, 89 LTS | x86-64 | 11 | ||
| 12 | openSUSE 15.2, 15.3 | ppc64le, x86-64 | 12 | ||
| 13 | Oracle Linux 6.x, 7.x, 8.x | x86-64 | 13 | ||
| 14 | Red Hat Enterprise Linux 6.9+, 7.x, 8.x | s390x | 14 | ||
| 15 | Red Hat Enterprise Linux 6.x | x86-64 | 15 | ||
| 16 | Red Hat Enterprise Linux 7.x, 8.x | ppc64le, x86-64 | 16 | ||
| 17 | Red Hat Enterprise Linux CoreOS 4.5, 4.6, 4.7 | x86-64 | 17 | ||
| 18 | SUSE Linux Enterprise Server 11.4 | x86-64 | 18 | ||
| 19 | SUSE Linux Enterprise Server 12.1+, 15.x | s390x | 19 | ||
| 20 | SUSE Linux Enterprise Server 15.3 | ppc64le, x86-64 | 20 | ||
| 21 | SUSE Linux Enterprise Server 15.x | ARM64 (AArch64) | 21 | ||
| 22 | Ubuntu 14.04 LTS | x86-64 | 22 | ||
| 23 | Ubuntu 16.04 LTS, 18.04 LTS | ppc64le, x86-64 | 23 | ||
| 24 | Ubuntu 18.04 LTS | ARM64 (AArch64), s390x | 24 | ||
| 25 | Ubuntu 20.04 LTS, 20.10, 21.04 | ARM64 (AArch64), ppc64le, s390x, x86-64 | 25 | ||
| 26 | IBM AIX 6.1 TL9 SP9+, 7.1 TL5, 7.2 TL3, 7.2 TL4, 7.2 TL5 | POWER8 64bit-only, POWER9 64bit- only | 26 | ||
| 27 | Solaris 10 1/13+, 11.x | SPARC, x86-64, x86 | 27 | ||
| 28 | Windows Desktop 8.1, 20H2, 21H1, 1507, 1607, 1809, 1909, 2004 | x86-64 | 28 | ||
| 29 | Windows Server 20H2, 1909, 2004, 2008 R2, 2012, 2012 R2, 2016, 2019 | x86-64 | 29 | ||
| 30 | Windows Server - Nano All versions supported | x86-64 | 30 | ||
| 31 | IBM z/OS 2.3, 2.4, 2.5 | 31 | |||
| 32 | DB2 11, 12 | 32 | |||
| 33 | MQ 8.0, 9.0, 9.1 | 33 | |||
| 34 | DL/I | 34 |
Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 # 4.5, 4.6, 4.7 Please refer to https://www.dynatrace.com/support/help/technology-support/ for details on the vendor affirmed OEs. The cryptographic module maintains validation compliance when operating on any general-purpose computer (GPC) provided that the GPC uses any single-user operating system/mode specified on the validation certificate, or another compatible single-user operating system. The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when ported to an operational environment not listed on the validation certificate. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| AES-CBC4 FIPS PUB5 197 NIST SP 800-38A | A3358 | CBC | 128, 192, 256 | Encryption/Decryption |
| AES-CCM NIST SP 800-38C | A3358 | CCM | 128, 192, 256 | Encryption/Decryption |
| AES-CFB16 FIPS PUB7 197 NIST SP 800-38A | A3358 | CFB1 | 128, 192, 256 | Encryption/Decryption |
| AES-CFB128 FIPS PUB8 197 NIST SP 800-38A | A3358 | CFB128 | 128, 192, 256 | Encryption/Decryption |
| AES-CFB8 FIPS PUB9 197 NIST SP 800-38A | A3358 | CFB8 | 128, 192, 256 | Encryption/Decryption |
| AES-CMAC10 NIST SP 800-38B | A3358 | CMAC | 128, 192, 256 | MAC Generation/Verification |
| AES-CTR11 FIPS PUB12 197 NIST SP 800-38A | A3358 | CTR | 128, 192, 256 | Encryption/Decryption |
| AES-ECB13 FIPS PUB14 197 NIST SP 800-38A | A3358 | ECB | 128, 192, 256 | Encryption/Decryption |
| AES-GCM15 NIST SP 80- 38D | A3358 | GCM (internal IV) | 128, 192, 256 | Encryption/Decryption |
| AES-GMAC16 NIST SP 800-38D | A3358 | GMAC | 128, 192, 256 | Encryption/Decryption |
| AES-KW17 NIST SP 800-38F | A3358 | KW | 128, 192, 256 | Encryption/Decryption |
| AES-KWP18 NIST SP 800-38F | A3358 | KWP | 128, 192, 256 | Encryption/Decryption |
| AES-OFB19 FIPS PUB20 197 NIST SP 800-38A | A3358 | OFB | 128, 192, 256 | Encryption/Decryption |
| Counter DRBG21 NIST SP 800-90Arev1 | A3358 | Counter-based | 256-bit AES-CTR | Deterministic Random Bit Generation |
| DSA22 KeyGen (FIPS186-4) FIPS PUB 186-4 | A3358 | DSA KeyGen | 2048/224, 2048/256, 3072/256 | Key Pair Generation |
| DSA PQGGen (FIPS186-4) FIPS PUB 186-4 | A3358 | DSA PQGGen | 2048/224, 2048/256, 3072/256 (SHA2-224, SHA2-256, SHA2-384, SHA2-512) | Domain Parameter Generation |
| DSA PQGVer (FIPS186-4) FIPS PUB 186-4 | A3358 | DSA PQGVer | 2048/224, 2048/256, 3072/256 (SHA2-224, SHA2-256, SHA2-384, SHA2-512) | Domain Parameter Verification |
| DSA SigGen (FIPS186-4) FIPS PUB 186-4 | A3358 | DSA SigGen | 2048/224, 2048/256, 3072/256 (SHA2-224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Generation |
| DSA SigVer (FIPS186-4) FIPS PUB 186-4 | A3358 | DSA SigVer | 1024/160, 2048/224, 2048/256, 3072/256 (SHA- 1, SHA2-224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Verification 1024-bit keys are for legacy use only. |
| ECDSA23 KeyGen (FIPS186-4) FIPS PUB 186-4 | A3358 | ECDSA KeyGen. Secret generation mode: Testing candidates | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Key Pair Generation |
| ECDSA KeyVer (FIPS186-4) FIPS PUB 186-4 | A3358 | ECDSA KeyVer | B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 | Public Key Validation Curves B-163, K-163, and P-192 are for legacy use only. |
| ECDSA SigGen (FIPS186-4) FIPS PUB 186-4 | A3358 | ECDSA SigGen | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 SHA2-224, SHA2-256, SHA2-384, SHA2-512 () | Digital Signature Generation |
| ECDSA SigVer (FIPS186-4) FIPS PUB 186-4 | A3358 | ECDSA SigVer | B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Verification Curves B-163, K-163, and P-192 are for legacy use only. |
| HMAC SHA-1 FIPS PUB 198-1 | A3358 | SHA-1 | MAC: 160 | Message Authentication |
| HMAC SHA2-224 FIPS PUB 198-1 | A3358 | SHA2-224 | MAC: 224 Key Length: 112-524288 Increment 8 | Message Authentication |
| HMAC SHA2-256 FIPS PUB 198-1 | A3358 | SHA2-256 | MAC: 256 Key Length: 112-524288 Increment 8 | Message Authentication |
| HMAC SHA2-384 FIPS PUB 198-1 | A3358 | SHA2-384 | MAC: 384 Key Length: 112-524288 Increment 8 | Message Authentication |
| HMAC SHA2-512 FIPS PUB 198-1 | A3358 | SHA2-512 | MAC: 512 Key Length: 112-524288 Increment 8 | Message Authentication |
| KAS-ECC-SSC24 NIST SP 800-56Arev3 | A3358 | ephemeralUnified | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Shared Secret Computation |
| KAS-FFC-SSC25 NIST SP 800-56Arev3 | A3358 | dhEphem | 2048/224 (FB), 2048/256 (FC) | Shared Secret Computation |
| KDF TLS CVL26 NIST SP 800-135rev1 | A3358 | KDF (TLS v1.0/1.1, v1.2) | SHA2-256, SHA2-384, SHA2-512 | Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| RSA27 KeyGen (FIPS186-4) FIPS PUB 186-4 | A3358 | Key generation mode: B.3.3 | 2048, 3072, 4096 | Key Pair Generation |
| RSA SigGen (FIPS186-4) FIPS PUB 186-4 | A3358 | X9.31 | 2048, 3072, 4096 (SHA2- 256, SHA2-384, SHA2-512) | Digital Signature Generation |
| PKCS#1 v1.5 | PKCS#1 v1.5 | 2048, 3072, 4096 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Generation | |
| PSS28 | PSS28 | 2048, 3072, 4096 (SHA2- 224, SHA2-256, SHA2-384, SHA2-512) | Digital Signature Generation | |
| RSA SigVer (FIPS186-4) FIPS PUB 186-4 | A3358 | X9.31 | 1024, 2048, 3072, 4096 (SHA-1, SHA2-256, SHA2- 384, SHA2-512) | Digital Signature Verification 1024-bit keys are for legacy use only. |
| PKCS#1 v1.5 | PKCS#1 v1.5 | 1024, 2048, 3072, 4096 (SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512) | Digital Signature Verification 1024-bit keys are for legacy use only. | |
| PSS29 | PSS29 | 1024, 2048, 3072, 4096 (SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512) | Digital Signature Verification 1024-bit keys are for legacy use only. | |
| SHA-1 FIPS PUB 180-4 | A3358 | SHA-1 | Message Length: 0-65528 Increment 8 | Message Digest |
| SHA2-224 FIPS PUB 180-4 | SHA2-224 | Message Length: 0-65528 Increment 8 | Message Digest | |
| SHA2-256 FIPS PUB 180-4 | SHA2-256 | Message Length: 0-65528 Increment 8 | Message Digest | |
| SHA2-384 FIPS PUB 180-4 | SHA2-384 | Message Length: 0-65528 Increment 8 | Message Digest | |
| SHA2-512 FIPS PUB 180-4 | SHA2-512 | Message Length: 0-65528 Increment 8 | Message Digest | |
| TLS v1.3 KDF CVL NIST SP 800-135rev1 RFC 8446 | A3359 | KDF (TLS v1.3) | SHA2-256, SHA2-384 | Key Derivation No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. |
| KAS30 NIST SP 800-56Arev3 NIST SP 800-135rev1 | KAS-ECC-SSC A3358 TLS KDF A3358 | NIST SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2) | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 curves providing between 112 and 256 bits of encryption strength | Key Agreement |
| KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 8446 | KAS-ECC-SSC A3358 TLS v1.3 KDF A3359 | NIST SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2) | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 curves providing between 112 and 256 bits of encryption strength | Key Agreement |
| KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 | KAS-FFC-SSC A3358 TLS KDF A3358 | NIST SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2) | 2048-bit key providing 112 bits of encryption strength | Key Agreement |
| KAS NIST SP 800-56Arev3 NIST SP 800-135rev1 RFC 8446 | KAS-FFC-SSC A3358 TLS v1.3 KDF A3359 | NIST SP 800-56Arev3. KAS-FFC per IG D.F Scenario 2 path (2) | 2048-bit key providing 112 bits of encryption strength | Key Agreement |
| KTS NIST SP 800-38B | AES-CMAC A3358 | NIST SP 800-38B and NIST SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strength | Key Wrap/Unwrap |
| KTS31 NIST SP 800-38C | AES-CCM A3358 | NIST SP 800-38C and NIST SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strength | Key Wrap/Unwrap |
| KTS NIST SP 800-38D | AES-GCM A3358 | NIST SP 800-38D and NIST SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strength | Key Wrap/Unwrap |
| KTS NIST SP 800-38D | AES-GMAC A3358 | NIST SP 800-38D and NIST SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strength | Key Wrap/Unwrap |
| KTS NIST SP 800-38F | AES-KW A3358 | NIST SP 800-38F. KTS (key wrapping and unwrapping) | 128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strength | Key Wrap/Unwrap |
| KTS NIST SP 800-38F | AES-KWP A3358 | NIST SP 800-38F. KTS (key wrapping and unwrapping) | 128, 192, and 256-bit keys provide between 128 and 256 bits of encryption strength | Key Wrap/Unwrap |
| CKG32 NIST SP 800-133rev2 | Vendor Affirmed | Cryptographic Key Generation |
2.2 February 6, 2025 Algorithm Implementations The module implements cryptographic algorithms in the following providers:
3 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.
Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
24 KAS-ECC-SSC
25 KAS-FFC-SSC
CVL
Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
PSS
February 6, 2025 D.G. D.G. D.G. D.G. NOTE: The module offers algorithms in the Approved mode of operation that provide less than 112 bits of security strength. These algorithms are Approved for legacy use only (refer to NIST SP 800-131Arev2 for additional details). KTS
| Name | Use Function | Use / Function |
|---|---|---|
| AES | Cert. #A3358, Key Unwrapping (allowed per FIPS 140-3 IG D.G) | Symmetric key unwrapping (using any Approved unauthenticated mode) For legacy use only. |
| AES-GCM (non-approved with external IV) | Encryption/Decryption | |
| AES-OCB33 | Authenticated Encryption/Decryption | |
| AES-XTS | Encryption/Decryption | |
| ANSI X9.31 RNG (with 128-bit AES core) | Random Number Generation | |
| ARIA | Encryption/Decryption | |
| Blake2 | Encryption/Decryption | |
| Blowfish | Encryption/Decryption | |
| CAST, CAST5 | Encryption/Decryption | |
| Camellia | Encryption/Decryption | |
| ChaCha20 | Encryption/Decryption |
| Name | Use Function | Use / Function |
|---|---|---|
| AES | Cert. #A3358, Key Unwrapping (allowed per FIPS 140-3 IG D.G) | Symmetric key unwrapping (using any Approved unauthenticated mode) For legacy use only. |
| AES-GCM (non-approved with external IV) | Encryption/Decryption | |
| AES-OCB33 | Authenticated Encryption/Decryption | |
| AES-XTS | Encryption/Decryption | |
| ANSI X9.31 RNG (with 128-bit AES core) | Random Number Generation | |
| ARIA | Encryption/Decryption | |
| Blake2 | Encryption/Decryption | |
| Blowfish | Encryption/Decryption | |
| CAST, CAST5 | Encryption/Decryption | |
| Camellia | Encryption/Decryption | |
| ChaCha20 | Encryption/Decryption | |
| DES | Encryption/Decryption | |
| DH (non-approved with key sizes below 2048 bits) | Key Agreement | |
| DSA (non-approved with key sizes below the minimums Approved for the Approved mode) | Key Pair Generation; Digital Signature Generation; Digital Signature Verification | |
| DSA, ECDSA, and RSA (non-approved when used with SHA-1 outside the TLS protocol) | Digital Signature Generation | |
| ECDH (non-approved with curves P-192, K-163, B-163, and non-NIST curves) | Key Agreement | |
| ECDSA (non-approved with curves P-192, K-163, B- 163, and non-NIST curves) | Key Pair Generation; Digital Signature Generation; Digital Signature Verification | |
| EdDSA34 | Key Pair Generation; Digital Signature Generation; Digital Signature Verification | |
| HKDF35 | Key Derivation | |
| IDEA | Encryption/Decryption | |
| KDF (non-approved when using TLS 1.0/1.1) | Key Derivation | |
| MD2, MD4, MD5 | Message Digest | |
| PBKDF2 | Password-Based Key Derivation | |
| Poly1305 | Message Authentication Code | |
| RC236, RC4, RC5 | Encryption/Decryption | |
| RIPEMD | Message Digest | |
| RMD160 | Message Digest | |
| RSA (non-approved with non-approved/untested key sizes, and functions) | Key Pair Generation; Digital Signature Generation; Digital Signature Verification; Key Transport | |
| SEED | Encryption/Decryption | |
| SHA3 | Message Digest | |
| SM2, SM3, SM3 | Message Digest | |
| Triple DES (non-approved) | Encryption/Decryption; MAC Generation/Verification; Key Wrapping/Unwrapping | |
| Whirlpool | Message Digest |
February 6, 2025 The vendor affirms the following cryptographic security methods:
Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 2.3 Cryptographic Boundary As a software cryptographic module, the module has no physical components. The physical perimeter of the cryptographic module is defined by each host device on which the module is installed. Figure 1 below illustrates a block diagram of a typical GPC and the module’s physical perimeter.
Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
Hardware Management February 6, 2025 DVD Network Interface RAM HDD Clock Generator SCSI/SATA Controller LEDs/LCD Serial CPU I/O Hub Audio Cache Power Interface PCI/PCIe Slots USB BIOS Graphics Controller PCI/PCIe Slots External Power Supply KEY: BIOS
February 6, 2025 libssl HMAC digest Calling Application KEY: libcrypto Cryptographic Boundary Physical Perimeter Data Input Data Output Control Input Control Output Status Output System Calls Operating System CPU Memory Storage Ports Host Device Figure 2
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| Physical data input port(s) of the tested platforms | Physical data input port(s) of the tested platforms | Data Input • API input arguments that provide input data for processing | • Data to be encrypted, decrypted, signed, verified, or hashed • Keys to be used in cryptographic services • Random seed material for the module’s DRBG • Keying material to be used as input to key establishment services |
| Physical data output port(s) of the tested platforms | Physical data output port(s) of the tested platforms | Data Output • API output arguments that return generated or processed data back to the caller | • Data that has been encrypted, decrypted, or verified • Digital signatures • Hashes • Random values generated by the module’s DRBG • Keys established using module’s key establishment methods |
| Physical control input port(s) of the tested platforms | Physical control input port(s) of the tested platforms | Control Input • API input arguments that are used to initialize and control the operation of the module | • API commands invoking cryptographic services • Modes, key sizes, etc. used with cryptographic services |
| Physical status output port(s) of the tested platforms | Physical status output port(s) of the tested platforms | Status Output • API call return values | • Status information regarding the module • Status information regarding the invoked service/operation |
| Name | Roles | Input | Output |
|---|---|---|---|
| Show Status | CO | API call parameters | Current operational status |
| Perform self-tests on-demand | CO | Re-instantiate module; API call parameters | Status |
| Zeroize | CO | Restart calling application; reboot or power-cycle host platform | None |
| Show versioning information | CO | API call parameters | Module name, version |
| Perform symmetric encryption | User | API call parameters, key, plaintext | Status, ciphertext |
| Perform symmetric decryption | User | API call parameters, key, ciphertext | Status, plaintext |
| Generate symmetric digest | User | API call parameters, key, plaintext | Status, digest |
| Verify symmetric digest | User | API call parameters, digest | Status |
| Perform authenticated symmetric encryption | User | API call parameters, key, plaintext | Status, ciphertext |
| Perform authenticated symmetric decryption | User | API call parameters, key, ciphertext | Status, plaintext |
| Generate random number | User | API call parameters | Status, random bits |
| Perform keyed hash operations | User | API call parameters, key, message | Status, MAC37 |
| Perform hash operation | User | API call parameters, message | Status, hash |
| Generate DSA domain parameters | User | API call parameters | Status, domain parameters |
| Verify DSA domain parameters | User | API call parameters | Status, domain parameters |
| Generate asymmetric key pair | User | API call parameters | Status, key pair |
| Verify ECDSA public key | User | API call parameters, key | Status |
| Generate digital signature | User | API call parameters, key, message | Status, signature |
| Verify digital signature | User | API call parameters, key, signature, message | Status |
| Perform key wrap | User | API call parameters, encryption key, key | Status, encrypted key |
| Perform key unwrap | User | API call parameters, decryption key, key | Status, decrypted key |
| Compute shared secret | User | API call parameters | Status, shared secret |
| Derive TLS keys | User | API call parameters, TLS pre- master secret | Status, TLS keys |
| Perform key agreement functions | User | API call parameters | Status, symmetric key |
4. February 6, 2025 Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods. 4.1 Authorized Roles The module supports two roles that authorized operators can assume:
Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
4.2 February 6, 2025 Authentication Methods The module does not support authentication methods; operators implicitly assume an authorized role based on the service selected. 4.3 Services Descriptions of the approved services available to the authorized roles are provided in Table 9 below. This module is a software library that provides cryptographic functionality to calling applications. As such, the security functions provided by the module are considered the module’s security services. Indicators for Approved services (in the case of this module, those security functions with algorithm validation certificates and all required self-tests) are provided via API return value. When invoking a security function, the calling application provides inputs via an internal structure, or “context”. Upon each service invocation, the module will determine if the invoked security function is an Approved service. To access the resulting value, the calling application must pass the finalized context to the indicator API associated with that security function (note the indicator check must be performed prior to any context cleanup is performed). The indicator API will return “1” to indicate the usage of an Approved service. Indicators for services providing non-Approved security functions (as well as for services not requiring an indicator) will have a value other than “1”, ensuring that the indicators for Approved services are unambiguous. Additional details on the APIs used for the Approved service indicators are provided in Appendix A below. The keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| Show Status | Return Approved mode status | CO | None | None | N/A | N/A |
| Perform self- tests on- demand | Perform pre- operational self- tests | CO | Integrity Test Key - libcrypto Integrity Test Key - libssl | None | Integrity Test Key – libcrypto – E Integrity Test Key - libssl – E | API return value |
| Zeroize | Zeroize and de- allocate memory containing sensitive data | CO | All SSPs | None | All SSPs – Z | N/A |
| Show versioning information | Return module versioning information | CO | None | None | N/A | N/A |
| Perform symmetric encryption | Encrypt plaintext data | User | AES key | AES-CBC (Cert. A3358) AES-CCM (Cert. A3358) AES-CFB1 (Cert. A3358) AES-CFB128 (Cert. A3358) AES-CFB8 (Cert. A3358) AES-CTR (Cert. A3358) AES-ECB (Cert. A3358) AES-GMAC (Cert. A3358) AES-KW (Cert. A3358) AES-KWP (Cert. A3358) AES-OFB (Cert. A3358) | AES key – WE | API return value |
| Perform symmetric decryption | Decrypt ciphertext data | User | AES key | AES-CBC (Cert. A3358) AES-CCM (Cert. A3358) AES-CFB1 (Cert. A3358) AES-CFB128 (Cert. A3358) AES-CFB8 (Cert. A3358) AES-CTR (Cert. A3358) AES-ECB (Cert. A3358) AES GMAC (Cert. A3358) AES-KW (Cert. A3358) AES-KWP (Cert. A3358) AES-OFB (Cert. A3358) | AES key – WE | API return value |
| Generate symmetric digest | Generate symmetric digest | User | AES CMAC key AES GMAC key | AES-CMAC (Cert. A3358) AES-GMAC (Cert. A3358) | AES CMAC key – WE AES GMAC key – WE | API return value |
| Verify symmetric digest | Verify symmetric digest | User | AES CMAC key AES GMAC key | AES-CMAC (Cert. A3358) AES-GMAC (Cert. A3358) | AES CMAC key – WE AES GMAC key – WE | API return value |
| Perform authenticated symmetric encryption | Encrypt plaintext using supplied AES GCM key and IV | User | AES GCM key AES GCM IV | AES-GCM (Cert. A3358) | AES GCM key – WE AES GCM IV – WE | API return value |
| Perform authenticated symmetric decryption | Decrypt ciphertext using supplied AES GCM key and IV | User | AES GCM key AES GCM IV | AES-GCM (Cert. A3358) | AES GCM key – WE AES GCM IV – WE | API return value |
| Generate random number | Return random bits to the calling application | User | DRBG entropy input DRBG seed DRBG ‘V’ value DRBG ‘Key’ value | Counter DRBG (Cert. A3358) | DRBG entropy input – WE DRBG seed – GE DRBG ‘V’ value – GE DRBG ‘Key’ value – GE | API return value |
| Perform keyed hash operations | Compute a message authentication code | User | HMAC key | HMAC SHA-1 (Cert. A3358) HMAC SHA2-224 (Cert. A3358) HMAC SHA2-256 (Cert. A3358) HMAC SHA2-384 (Cert. A3358) HMAC SHA2-512 (Cert. A3358) | HMAC key – WE | API return value |
| Perform hash operation | Compute a message digest | User | None | SHA-1 (Cert. A3358) SHA2-224 (Cert. A3358) SHA2-256 (Cert. A3358) SHA2-384 (Cert. A3358) SHA2-512 (Cert. A3358) | N/A | API return value |
| Generate DSA domain parameters | Generate DSA domain parameters | User | None | DSA PQGGen (FIPS186-4) (Cert. A3358) | N/A | API return value |
| Verify DSA domain parameters | Verify DSA domain parameters | User | None | DSA PQGVer (FIPS186-4) (Cert. A3358) | N/A | API return value |
| Generate asymmetric key pair | Generate a public/private key pair | User | DSA public key DSA private key ECDSA public key ECDSA private key RSA public key RSA private key | DSA KeyGen (FIPS186-4) (Cert. A3358) ECDSA KeyGen (FIPS186-4) (Cert. A3358) RSA KeyGen (FIPS186-4) (Cert. A3358) | DSA public key – GR DSA private key – GR ECDSA public key – GR ECDSA private key – GR RSA public key – GR RSA private key – GR | API return value |
| Verify ECDSA public key | Verify an ECDSA public key | User | ECDSA public key | ECDSA KeyVer (FIPS186-4) (Cert. A3358) | ECDSA public key – W | API return value |
| Generate digital signature | Generate a digital signature | User | DSA private key ECDSA private key RSA private key | DSA SigGen (FIPS186-4) (Cert. A3358) ECDSA SigGen (FIPS186-4) (Cert. A3358) RSA SigGen (FIPS186-4) (Cert. A3358) | DSA private key – WE ECDSA private key – WE RSA private key – WE | API return value |
| Verify digital signature | Verify a digital signature | User | DSA public key ECDSA public key RSA public key | DSA SigVer (FIPS186-4) (Cert. A3358) ECDSA SigVer (FIPS186-4) (Cert. A3358) RSA SigVer (FIPS186-4) (Cert. A3358) | DSA public key – WE ECDSA public key – WE RSA public key – WE | API return value |
| Perform key wrap | Perform key wrap | User | AES key AES GCM key AES GCM IV | KTS (AES-CCM) (Cert. A3358) KTS (AES-GCM) (Cert. A3358) KTS (AES-GMAC) (Cert. A3358) KTS (AES-CMAC) (Cert. A3358) KTS (AES-KW) (Cert. A3358) KTS (AES-KWP) (Cert. A3358) | AES key – WE AES GCM key – WE AES GCM IV – WE | API return value |
| Perform key unwrap | Perform key unwrap | User | AES key AES GCM key AES GCM IV | KTS (AES-CCM) (Cert. A3358) KTS (AES-GCM) (Cert. A3358) KTS (AES-GMAC) (Cert. A3358) KTS (AES-CMAC) (Cert. A3358) KTS (AES-KW) (Cert. A3358) KTS (AES-KWP) (Cert. A3358) | AES key – WE AES GCM key – WE AES GCM IV – WE | API return value |
| Compute shared secret | Compute DH/ECDH shared secret suitable for use as input to a TLS KDF | User | DH public key DH private key ECDH public key ECDH private key TLS pre-master secret | KAS-ECC-SSC Sp800-56Ar3 (Cert. A3358) KAS-FFC-SSC Sp800-56Ar3 (Cert. A3358) | DH public key – WE DH private key – WE ECDH public key – WE ECDH private key – WE TLS pre-master secret – GE | API return value |
| Derive TLS keys | Derive TLS session and integrity keys | User | TLS pre-master secret TLS master secret AES key AES GCM key AES GCM IV HMAC key | TLS KDF (Cert. A3358) TLS v1.3 KDF (Cert. A3359) | TLS pre-master secret – WE TLS master secret – GE AES key – GR AES GCM key – GR AES GCM IV – GR HMAC key – GR | API return value |
| Perform key agreement functions | Establish symmetric key using DH/ECDH key agreement | User | DH public key DH private key ECDH public key ECDH private key TLS pre-master secret TLS master secret AES key AES GCM key AES GCM IV HMAC key | KAS (KAS-ECC_SSC/TLS KDF) (Certs. A3358, A3358) KAS (KAS-ECC_SSC/TLS v1.3 KDF) (Certs. A3358, A3359) KAS (KAS-FFC_SSC/TLS KDF) (Certs. A3358, A3358) KAS (KAS-FFC_SSC/TLS v1.3 KDF) (Certs. A3358, A3359) | DH public key – WE DH private key – WE ECDH public key – WE ECDH private key – WE TLS pre-master secret – GE TLS master secret – GE AES key – GR AES GCM key – GR AES GCM IV – GR HMAC key – GR | API return value |
February 6, 2025 N/A * Per FIPS 140-3 IG 2.4.C, the Show Status, Zeroize, and Show Versioning Information services do not require an Approved service indicator. The following services/algorithms are allowed for legacy use only:
| Name | Description | Roles | Approved Functions | Indicator |
|---|---|---|---|---|
| Perform data encryption (non-approved) | Perform symmetric data encryption | User | AES -GCM (non-approved), ARIA, Blake2, Blowfish, Camellia, CAST, CAST5, ChaCha20, DES, IDEA, RC2, RC4, RC5, SEED, SM4, Triple DES (non-approved), XTS-AES | API return value |
| Perform data decryption (non-approved) | Perform symmetric data decryption | User | AES -GCM (non-approved), ARIA, Blake2, Blowfish, Camellia, CAST, CAST5, ChaCha20, DES, IDEA, RC2, RC4, RC5, SEED, SM4, Triple DES, XTS-AES | API return value |
| Perform MAC operations (non-approved) | Perform message authentication operations | User | Poly1305, Triple DES/CMAC (non-approved) | API return value |
| Perform hash operation (non-approved) | Perform hash operation | User | MD2, MD4, MD5, RIPEMD, RMD160, SHA-3, SM2, SM3, SM4, Whirlpool | API return value |
| Perform digital signature functions (non-approved) | Perform digital signature functions | User | DSA (non-approved), ECDSA (non-approved), RSA (non- approved) | API return value |
| Perform key agreement functions (non-approved) | Perform key agreement functions | User | DH (non-approved), ECDH (non-approved) | API return value |
| Perform key wrap (non- approved) | Perform key wrap/unwrap functions | User | AES -GCM (non-approved), Triple DES/CMAC (non- approved) | API return value |
| Perform key encapsulation (non-approved) | Perform key encapsulation functions | User | RSA (non-approved) | API return value |
| Perform key un- encapsulation (non- approved) | Perform key un-encapsulation functions | User | RSA (non-approved) | API return value |
| Perform key derivation functions (non-approved) | Perform key derivation functions | User | HKDF, PBKDF2, TLS 1.0/1.1 KDF | API return value |
| Perform authenticated encryption/decryption (non- approved) | Perform authenticated encryption/decryption | User | AES-OCB | API return value |
| Generate random number (non-approved) | Perform random number generation | User | ANSI X9.31 RNG (with 128-bit AES core) | API return value |
| Generate asymmetric key pair (non-approved) | Perform key pair generation | User | DSA (non-approved), ECDSA (non-approved), RSA (non- approved) | API return value |
February 6, 2025 Table 10
6. February 6, 2025 Operational Environment The Dynatrace Cryptographic Module comprises a software cryptographic library that executes in a modifiable operational environment. The cryptographic module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environment provides the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators. Please refer to section 2.1 of this document for a list/description of the applicable operational environments. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
7. February 6, 2025 Physical Security This section is not applicable. Per section 7.7.1 of ISO/IEC 19790:2021, the requirements of this section are “applicable to hardware and firmware modules, and hardware and firmware components of hybrid modules”. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
8. February 6, 2025 Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques references in ISO/IEC 19790:2021 Annex F. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
| Name | Strength | Security Function | Generation | Establishment | Storage | Zeroization | Use | Import Export |
|---|---|---|---|---|---|---|---|---|
| Integrity Test Key - libcrypto (not an SSP) | 256 bits | HMAC SHA2-256 (Cert. A3358) | Hardcoded in the module image | Plaintext in RAM | Not subject to zeroization requirements | Pre- operational verification of libcrypto library | ||
| Integrity Test Key - libssl (not an SSP) | 256 bits | HMAC SHA2-256 (Cert. A3358) | Hardcoded in the module image | Plaintext in RAM | Not subject to zeroization requirements | Pre- operational verification of libssl library | ||
| AES key (CSP) | Between 128 and 256 bits | AES-CBC (Cert. A3358) AES-CCM (Cert. A3358) AES-CFB1 (Cert. A3358) AES-CFB128 (Cert. A3358) AES-CFB8 (Cert. A3358) AES-CTR (Cert. A3358) AES-ECB (Cert. A3358) AES-KW (Cert. A3358) AES-KWP (Cert. A3358) KTS (AES-CCM) (Cert. A3358) KTS (AES-KW) (Cert. A3358) KTS (AES-KWP) (Cert. A3358) | Derived via TLS KDF | Not persistently stored by the module | Unload module; Remove power | Symmetric encryption, decryption | Imported in plaintext via API parameter Never exported [MD/EE] | |
| AES GCM key (CSP) | Between 128 and 256 bits | AES-GCM (Cert. A3358) KTS (AES-GCM) (Cert. A3358) | Derived via TLS KDF | Not persistently stored by the module | Unload module; Remove power | Authenticate d symmetric encryption, decryption | Imported in plaintext via API parameter Never exported | |
| AES CMAC key (CSP) | Between 128 and 256 bits | AES-CMAC (Cert. A3358) KTS (AES-CMAC) (Cert. A3358) | Not persistently stored by the module | Unload module; Remove power | MAC generation, verification | Imported in plaintext via API parameter Never exported [MD/EE] | ||
| AES GMAC key (CSP) | Between 128 and 256 bits | AES-GMAC (Cert. A3358) KTS (AES-GMAC) (Cert. A3358) | Not persistently stored by the module | Unload module; Remove power | MAC generation, verification | Imported in plaintext via API parameter Never exported [MD/EE] | ||
| HMAC key (CSP) | Between 160 and 512 bits | HMAC SHA-1 (Cert. A3358) HMAC SHA2-224 (Cert. A3358) HMAC SHA2-256 (Cert. A3358) HMAC SHA2-384 (Cert. A3358) HMAC SHA2-512 (Cert. A3358) | Derived via TLS KDF | Not persistently stored by the module | Unload module; Remove power | Keyed hash | Imported in plaintext via API parameter Never exported [MD/EE] | |
| DSA private key (CSP) | 112 or 128 bits | DSA SigGen (FIPS186-4) (Cert. A3358) | Generated internally via Approved DRBG | Not persistently stored by the module | Unload module; Remove power | Digital signature generation | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| DSA public key (PSP) | 112 or 128 bits | DSA SigVer (FIPS186-4) (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | Digital signature verification | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| ECDSA private key (CSP) | Between 112 and 256 bits | ECDSA SigGen (FIPS186-4) (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | Digital signature generation | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| ECDSA public key (PSP) | Between 112 and 256 bits | ECDSA SigVer (FIPS186- 4) (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | Digital signature verification | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| RSA private key (CSP) | Between 112 and 150 bits | RSA SigGen (FIPS186-4) (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | Digital signature generation, asymmetric decryption | Imported in plaintext via API parameter Exported in plaintext via API parameter | |
| RSA public key (PSP) | Between 80 and 150 bits | RSA SigVer (FIPS186-4) (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | Digital signature verification, asymmetric encryption 1024-bit keys for legacy use (digital signature verification) only | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| DH private key (CSP) | 112 bits | KAS-SSC-FFC (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | DH shared secret computation | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| DH public key (PSP) | 112 bits | KAS-SSC-FFC (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | DH shared secret computation | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| ECDH private key (CSP) | Between 112 and 256 bits | KAS-SSC-ECC (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | ECDH shared secret computation | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| ECDH public key (PSP) | Between 112 and 256 bits | KAS-SSC-ECC (Cert. A3358) | Generated internally via approved DRBG | Not persistently stored by the module | Unload module; Remove power | ECDH shared secret computation | Imported in plaintext via API parameter Exported in plaintext via API parameter [MD/EE] | |
| AES GCM IV (CSP) | AES-GCM (Cert. A3358) | Generated internally in compliance with the provisions of a peer-to-peer industry standard protocol | Not persistently stored by the module | Unload module; Remove power | Initialization vector for AES GCM | |||
| TLS pre-master secret (CSP) | Between 112 and 256 bits | TLS KDF (Cert. A3358) TLS v1.3 KDF (Cert. A3359) | Not persistently stored by the module | Unload module; Remove power | Derivation of the TLS master secret | Imported in plaintext via API parameter Never exported [MD/EE] | ||
| TLS master secret (CSP) | 256 bits | TLS KDF (Cert. A3358) TLS v1.3 KDF (Cert. A3359) | Derived internally using the TLS pre- master secret via TLS KDF | Not persistently stored by the module | Unload module; Remove power | Derivation of the AES/AES- GCM key and HMAC key used for securing TLS connections | ||
| DRBG entropy input (CSP) | 256 bits | Counter DRBG (Cert. A3358) | Not persistently stored by the module | Unload module; Remove power | Entropy material for DRBG | Imported in plaintext via API parameter Never exported [MD/EE] | ||
| DRBG seed (CSP) | 256 bits | Counter DRBG (Cert. A3358) | Generated internally using nonce along with DRBG entropy input | Not persistently stored by the module | Unload module; Remove power | Seeding material for DRBG | ||
| DRBG ‘V’ value (CSP) | 128 bits | Counter DRBG (Cert. A3358) | Generated internally | Not persistently stored by the module | Unload module; Remove power | State values for DRBG | ||
| DRBG ‘Key’ value (CSP) | 256 bits | Counter DRBG (Cert. A3358) | Generated internally | Not persistently stored by the module | Unload module; Remove power | State values for DRBG |
February 6, 2025
February 6, 2025 Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 9.2 DRBGs The module implements the following Approved DRBG(s):
| Name | Key Size | |
|---|---|---|
| Details | Minimum Number | Entropy Source(s) |
| of Bits of Entropy | of Bits of Entropy | |
| 256 bits of seed material are provided to the module’s DRBG by the calling application. The calling application and its entropy sources are outside the module’s cryptographic boundary. The calling application shall use entropy sources that meet the security strength required for the CTR_DRBG as shown in NIST SP 800-90Arev1, Table 3. This entropy shall be supplied by means of a callback function. The callback function must return an error if the minimum entropy strength cannot be met. | 256 | Calling application |
9.4 February 6, 2025 SSP Zeroization Methods Maintenance, including protection and zeroization, of any keys and CSPs that exist outside the module’s cryptographic boundary are the responsibility of the end-user. For the zeroization of keys in volatile memory, module operators can unload the module from memory or reboot/power-cycle the host device. 9.5 Table 12
February 6, 2025 10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions. 10.1 Pre-Operational Self-Tests The module performs the following pre-operational self-test(s):
Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 To ensure all CASTs are performed prior to the first operational use of the associated algorithm, all CASTs are performed during the module’s initial power-up sequence. The SHA and HMAC KATs are performed prior to the pre-operational software integrity test; all other CASTs are executed after the successful completion of the software integrity test.
Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:
February 6, 2025
| CVE Number | Severity | Mitigation |
|---|---|---|
| CVE-2023-3446 | Low | Before calling DH_check(), DH_check_ex(), or EVP_PKEY_param_check(), operator should verify that the DH key or DH parameters were obtained from a trusted source. |
| CVE-2023-3817 | Low | Before calling DH_check(), DH_check_ex(), or EVP_PKEY_param_check(), operator should verify that the DH key or DH parameters were obtained from a trusted source. |
| CVE-2024-4741 | Low | Applications should not directly call the SSL_free_buffers function. |
February 6, 2025 not wrap. If a sequence number needs to wrap, the TLS implementation is responsible for either rekeying or terminating the connection. The module supports the TLS 1.3 GCM cipher suite from section 3.3.1.2 of NIST SP 800-52rev2. The AES GCM IV generation is performed internally, is compliant with the RFC 8446, and shall only be used for the TLS 1.3 protocol to be compliant with scenario 5 in FIPS 140-3 IG C.H; thus, the module is compliant with NIST SP 800-52rev2. The module also supports internal IV generation using the module’s Approved DRBG. The IV is at least 96 bits in length per section 8.2.2 of NIST SP 800-38D. Per NIST SP 800-38D and scenario 2 of FIPS 140-3 IG C.H, the DRBG generates outputs such that the (key/IV) pair collision probability is less than 2-32. In the event that power to the module is lost and subsequently restored, the calling application must ensure that any AES-GCM keys used for encryption or decryption are re-distributed.
The following table lists the applicable CVEs impacting the module, as well as methods of mitigation. Table 13
Post-submission, the module has been continually updated to provide mitigations for the CVEs listed above. These mitigations will be included in a future revalidation of the module. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 12. Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
February 6, 2025 Appendix A. Approved Service Indicators This appendix specifies the APIs that are externally accessible and return the Approved service indicators. Synopsis #include <openssl/service_indicator.h> #include <openssl/ssl.h> int EVP_cipher_get_service_indicator(EVP_CIPHER_CTX *ctx); int DSA_get_service_indicator(DSA * ptr_dsa, DSA_MODES_t mode); int RSA_key_get_service_indicator(RSA * ptr_rsa); int PBKDF_get_service_indicator(); int EVP_Digest_get_service_indicator(EVP_MD_CTX *ctx); int EC_key_get_service_indicator(EC_KEY *ec_key); int CMAC_get_service_indicator(CMAC_CTX *cmac_ctx, CMAC_MODE_t mode); int HMAC_get_service_indicator(HMAC_CTX *ctx); int TLSKDF_get_service_indicator(EVP_PKEY_CTX *tls_ctx); int TLS1_3_kdf_get_service_indicator(EVP_MD *md); int TLS1_3_get_service_indicator(SSL *s); int DRBG_get_service_indicator(RAND_DRBG *drbg); Description These APIs are high-level interfaces that return the Approved service indicator value based on the parameter(s) passed to them.
February 6, 2025
February 6, 2025 EVP_CIPHER_CTX_cleanup(ctx); //Decrypt ctx = EVP_CIPHER_CTX_new(); EVP_DecryptInit_ex(ctx, cipher, NULL, key, NULL); EVP_CIPHER_CTX_set_key_length(ctx, 24); EVP_DecryptUpdate(ctx, pltmp, &outLen, citmp, 8); // Check the indicator fprintf(stdout,"EVP_des_ede3_ecb (NID %i) decrypt indicator = %i\n", NID, EVP_cipher_get_service_indicator(ctx)); EVP_CIPHER_CTX_cleanup(ctx); EVP_CIPHER_CTX_free(ctx); } Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
| Name | Term | Definition |
|---|---|---|
| AES | AES | Advanced Encryption Standard |
| ANSI | ANSI | American National Standards Institute |
| API | API | Application Programming Interface |
| CAST | CAST | Cryptographic Algorithm Self-Test |
| CBC | CBC | Cipher Block Chaining |
| CCCS | CCCS | Canadian Centre for Cyber Security |
| CCM | CCM | Counter with Cipher Block Chaining - Message Authentication Code |
| CFB | CFB | Cipher Feedback |
| CKG | CKG | Cryptographic Key Generation |
| CMAC | CMAC | Cipher-Based Message Authentication Code |
| CMVP | CMVP | Cryptographic Module Validation Program |
| CO | CO | Cryptographic Officer |
| CPU | CPU | Central Processing Unit |
| CTR | CTR | Counter |
| CVL | CVL | Component Validation List |
| DEP | DEP | Default Entry Point |
| DES | DES | Data Encryption Standard |
| DH | DH | Diffie-Hellman |
| DRBG | DRBG | Deterministic Random Bit Generator |
| DSA | DSA | Digital Signature Algorithm |
| ECB | ECB | Electronic Code Book |
| ECC | ECC | Elliptic Curve Cryptography |
| ECC CDH | ECC CDH | Elliptic Curve Cryptography Cofactor Diffie-Hellman |
| ECDH | ECDH | Elliptic Curve Diffie-Hellman |
| ECDSA | ECDSA | Elliptic Curve Digital Signature Algorithm |
| EMI/EMC | EMI/EMC | Electromagnetic Interference /Electromagnetic Compatibility |
| FFC | FFC | Finite Field Cryptography |
| FIPS | FIPS | Federal Information Processing Standard |
| GCM | GCM | Galois/Counter Mode |
| GMAC | GMAC | Galois Message Authentication Code |
| GPC | GPC | General-Purpose Computer |
| HMAC | HMAC | (keyed-) Hash Message Authentication Code |
| KAS | KAS | Key Agreement Scheme |
| KAT | KAT | Known Answer Test |
| KDF | KDF | Key Derivation Function |
| KTS | KTS | Key Transport Scheme |
| KW | KW | Key Wrap |
| KWP | KWP | Key Wrap with Padding |
| MD | MD | Message Digest |
| NIST | NIST | National Institute of Standards and Technology |
| OCB | OCB | Offset Codebook |
| OFB | OFB | Output Feedback |
| OS | OS | Operating System |
| PBKDF | PBKDF | Password-Based Key Derivation Function |
| PCT | PCT | Pairwise Consistency Test |
| PKCS | PKCS | Public Key Cryptography Standard |
| PSS | PSS | Probabilistic Signature Scheme |
| PUB | PUB | Publication |
| RC | RC | Rivest Cipher |
| RNG | RNG | Random Number Generator |
| RSA | RSA | Rivest Shamir Adleman |
| SHAKE | SHAKE | Secure Hash Algorithm KECCAK |
| SHA | SHA | Secure Hash Algorithm |
| SHS | SHS | Secure Hash Standard |
| SP | SP | Special Publication |
| TDES | TDES | Triple Data Encryption Standard |
| TLS | TLS | Transport Layer Security |
| XEX | XEX | XOR Encrypt XOR |
| XTS | XTS | XEX-Based Tweaked-Codebook Mode with Ciphertext Stealing |
February 6, 2025 Appendix B. Acronyms and Abbreviations Table 14 provides definitions for the acronyms and abbreviations used in this document. Table 14
February 6, 2025 Dynatrace Cryptographic Module 1.1 ©2025 Dynatrace LLC
Prepared by: Corsec Security, Inc.
Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com www.corsec.com