FIPS 140-2 Non-Proprietary Security Policy
Allegro Cryptographic Engine Software
Version: 6.3.3
FIPS Security Level: 1
Document Version: 0.3
Allegro Software Development Corporation
1740 Massachusetts Avenue
Boxborough, MA 01719
Telephone: (978) 264-6600
Fax: (978) 266-2839
www.allegrosoft.com
Copyright © 2022 Allegro Software Development Corporation All
Rights Reserved
Allegro Software Development Corporation
1740 Massachusetts Avenue
Boxborough, MA 01719
Telephone: (978) 264-6600
Fax: (978) 266-2839
www.allegrosoft.com
Copyright © 2022 Allegro Software Development Corporation
All Rights Reserved
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3
Allegro Cryptographic Engine
June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
3
Contents
1 Introduction................................................................................................................................4
2 Allegro Cryptographic Engine..................................................................................................5
3 Secure Operation......................................................................................................................22
4 Acronyms..................................................................................................................................24
List of Figures
Figure 2-1. Allegro Cryptographic Engine Logical Cryptographic Boundary..........................................7
List of Tables
Table 2-1. Security Level Per FIPS 140-2 Section...................................................................................6
Table 2-2. FIPS-Approved Algorithm Implementations..........................................................................8
Table 2-3. FIPS Logical Interface Mapping...........................................................................................11
Table 2-4. Crypto Officer Services.........................................................................................................12
Table 2-5. User Services........................................................................................................................12
Table 2-6. List of Cryptographic Keys, Cryptographic Key Components, and CSPs.............................15
1 INTRODUCTION
Allegro Cryptographic Engine
© 2022Allegro Software Development Corporation
4
This document is the non-proprietary Cryptographic Module Security Policy for the Allegro
Cryptographic Engine from Allegro Software Development Corporation. It describes how the Allegro
Cryptographic Engine meets the security requirements of Federal Information Processing Standards
(FIPS) Publication 140-2, as well as how to run the module in the secure FIPS-Approved mode of
operation. This security policy was prepared as part of the Level 1 FIPS 140-2 validation of the
module. It may be reproduced and distributed only in its original entirety including its copyright
notice and without any revision.
The Allegro Cryptographic Engine is referred to in this document as ACE, the crypto module, or the
module.
2 ALLEGRO CRYPTOGRAPHIC ENGINE
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
5
2.1 Cryptographic Module Specification
The Allegro Cryptographic Engine (ACE) is a general-purpose, software cryptographic module
providing FIPS 140-2 Approved cryptography that can be used by calling applications via a C
language Application Programming Interface. ACE meets the overall requirements applicable to a
multi-chip stand-alone embodiment at Level 1 security of FIPS 140-2. ACE is a shared
cryptographic library providing symmetric and asymmetric encryption and decryption, message
digest, message authentication, random number generation, key generation, digital signature
generation and verification, and other cryptographic functionality.
The module is packaged as a shared object for Linux Mint Version 18. The module also includes a
data file that is used for verifying the integrity of the module. ACE has been validated as a
cryptographic module on Linux Mint Version 18.
The module was evaluated in the following configurations.
• Intel NUC6i7KYK with an Intel Core i7 processor running Linux Mint Version 18.
• Intel NUC6i7KYK with an Intel Core i7 processor running Linux Mint Version 18 with support
for Intel AES-NI instructions.
As a software cryptographic module that executes on a general purpose computer, the module
depends upon the physical characteristics of the host platform. Its physical cryptographic boundary is
defined by the enclosure around the host system on which it executes.
The module’s logical cryptographic boundary includes the two files that are needed for operation.
On Linux Mint Version 18: libfipsace.so and libfipsace.dat. The file, libfipsace.dat, is used to verify
the integrity of the libfipsace.so file with the use of a HMAC-SHA-256 digest.
The logical interface of the module is its Application Programming Interface (API) which a calling
application must utilize to invoke the cryptographic services of the module, pass input data to the
module and receive output data and status from the module.
ACE meets the overall requirements applicable at Level 1 security of FIPS 140-2.
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
6
Table 2-1 shows the security level claimed for each of the eleven sections of FIPS 140-2:
Table 2-1. Security Level Per FIPS 140-2 Section
Section Section Title Level
1 Cryptographic Module Specification 1
2 Cryptographic Module Ports and Interfaces 1
3 Roles, Services, and Authentication 1
4 Finite State Model 1
5 Physical Security N/A
6 Operational Environment 1
7 Cryptographic Key Management 1
8 EMI/EMC 1
9 Self-tests 1
10 Design Assurance 1
11 Mitigation of Other Attacks N/A
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
7
D
AllegroCryptographic
Engine
Host Application
Operating System
Figure 2-1 shows a logical block diagram of the module executing in memory and its interactions
with surrounding software components, as well as the module’s logical cryptographic boundary. ACE
supports an Application Programming Interface (API) which provides logical interfaces between the
calling application and the module’s services.
Figure 2-1. Allegro Cryptographic Engine Logical Cryptographic Boundary
OS Calls
ata in/out,
Status out,
Control in
Module Logical Boundary
Application
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
8
The Allegro Cryptographic Engine implements the FIPS-Approved algorithms listed in Table 2-2.
Table 2-2. FIPS-Approved Algorithm Implementations
Algorithm Certificate Number
AES encryption/decryption
Modes: ECB, CBC, CTR, CFB1, CFB8, CFB128, OFB, CCM
Key sizes: 128, 192, and 256 bits
A2685
AES wrap/unwrap
Key sizes: 128, 192, and 256 bits
A2685
AES-GCM encryption/decryption and message authentication
Key sizes: 128, 192, and 256 bits
A2685
XTS-AES encryption/decryption with XTS_128- and XTS_256-bit keys A2685
AES CMAC generation and
verification Key sizes: 128, 192, and
256 bits
A2685
RSA (FIPS186-4) key pair generation
Key sizes: 2048 and 3072 bits
A2685
RSA (FIPS186-4) (ANSI X9.31) Signature generation
Key sizes: 2048 and 3072 bits
A2685
RSA (FIPS186-4) (ANSI X9.31) Signature
verification Key sizes: 2048 and 3072 bits
A2685
RSA (FIPS186-4) (PKCS #1 v1.5) Signature
generation Key sizes: 2048 and 3072 bits
A2685
RSA (FIPS186-4) (PKCS #1 v1.5) Signature
verification Key sizes: 2048 and 3072 bits
A2685
RSA (FIPS186-4) (PSS) Signature
generation Key sizes: 2048 and 3072 bits
A2685
RSA (FIPS186-4) (PSS) Signature
verification Key sizes: 2048 and 3072 bits
A2685
ECDSA (FIPS186-4) key pair generation
NIST curves: P-224, P-256, P-384, and P- 521
A2685
ECDSA (FIPS186-4) signature generation
NIST curves: P-224, P-256, P-384, and P-
521
A2685
ECDSA (FIPS186-4) signature verification
NIST curves: P-224, P-256, P-384, and P-
521
A2685
SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 A2685
HMAC with SHA-1, SHA-224, SHA-256. SHA-384, and SHA-512 A2685
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
9
Algorithm Certificate Number
KAS-ECC-SSC Key Agreement Scheme (SP800-56A rev 3) NIST
curves: P-224, P-256, P-384, and P-521
A2685
CVL (TLS Key Derivation Functions v 1.0/1.1 and 1.2) (SP 800-135) A2685
SP 800-90A Hash_DRBG (SHA-224, SHA-256, SHA-384, SHA-512) A2685
• KTS (AES Cert. #A2685 key wrapping; key establishment methodology provides between
128 and 256 bits of encryption strength)
• KTS (AES Cert. #A2685 and HMAC Cert. #A2685, key wrapping; key establishment
methodology provides between 128 and 256 bits of encryption strength)
Caveats:
• The module generates keys per Scenario 1 of IG 7.8.
• The module includes Cryptographic key generation (CKG) as per IG D.12 (vendor affirmation).
• The module implements MD5 for use with TLS communications, which is allowed in the
FIPS- approved mode of operation.
• The module provides key derivation functions for use in TLS. No parts of the TLS protocol,
other than the TLS KDF, have been tested by the CAVP and CMVP.
The module employs the following key establishment methodologies, which are allowed for use in a
FIPS-approved mode of operation:
• RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption
strength)
The list of approved vendor affirmed cryptographic functions includes CKG (Cryptographic Key
Generation) in accordance with IG D.12.
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
10
Allegro Software Development Corporation affirms compliance with SP 800-132 for the full
implementation of PBKDF21. The Allegro Cryptographic Engine requires the password to be at least
ten characters in length, the iteration count is at least 1000, the salt is at least 128 bits in length and
that the master key output from the PBDKF2 is at least 112 bits in length. Master keys may be used
as Device Protection Keys (option 1(a) from section 5.4 of SP 800-132) or they may be used with a
key derivation function to produce a Device Protection Key (option 1(b) from section 5.4 of SP 800-
132).
2.2 Cryptographic Module Ports and Interfaces
As a software cryptographic module, the module’s physical and electrical characteristics, manual
controls and physical indicators are those of the host system. The host system provides physical
ports that the operating system or applications may use. The cryptographic module does not access or
control the physical interface ports or physical indicators of the physical host system.
The module’s Application Programming Interface provides the following logical interfaces defined by
FIPS 140-2:
• Data input
• Data output
• Control input
• Status output
The host’s physical ports are enumerated in Table 2-3 and characterized using the interface
definitions of FIPS 140-2. Additionally, the logical interface column of Table 2-3 describes the
logical interfaces supported by the ACE API.
1 PBKDF2 – Password-Based Key Derivation Function 2 - PBKDF2 is published in Internet Engineering Task Force
Request for Comments (RFC) 2898 and maps to PBKDF defined in NIST SP 800-132
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
11
Table 2-3. FIPS Logical Interface Mapping
FIPS-140-2
Interface
Physical Interface
Intel NUC6i7KYK
Logical Interface
Data Input Keyboard (1) Input data passed via ACE API calls as function
USB (4) arguments or in memory buffers referenced by
802.11ac (1) function arguments
Bluetooth (1)
Ethernet (1)
SD card slot (1)
Infra-red (1)
Microphone (1)
Data HDMI (1) Data returned by ACE API calls using function arguments
Output Mini DisplayPort (1) and related memory buffers
USB (4)
802.11ac (1)
Bluetooth (1)
Ethernet (1)
SD card (1)
Headset jack (1)
Speaker/TOSLINK port (1)
Thunderbolt port (1)
Control Keyboard(1) ACE API function calls that initialize and control the
Input USB (4) operation of the module.
802.11ac(1)
Bluetooth (1)
Ethernet (1)
SD card (1) Infra-
red (1)
Microphone (1)
Power input (1)
Power switch (1)
Status HDMI (1) Values returned from ACE API calls.
Output Mini DisplayPort (1)
USB (4)
802.11ac (1)
Bluetooth (1)
Ethernet (1)
SD card (1)
Headset jack (1)
Speaker/TOSLINK port (1)
Thunderbolt port (1)
2.3 Roles, Services and Authentication
The Allegro Cryptographic Engine supports the Crypto Officer role and the User role. The
Maintenance role is not supported. An operator must be successfully authenticated by the operating
system before accessing the module. The Module does not identify or authenticate the operator that is
accessing the Module. Roles are assumed implicitly based on the service that is accessed by the
operator. Only one operator assuming a specific role may operate the module at any time.
Services associated with each role are listed in Sections 2.3.1 and 2.3.2.
The keys and CSPs listed in Table 2-4, and Table 2-5 indicate the type of access required using the
following notation:
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
12
• R – Read: The CSP is read.
• W – Write: The CSP is established, generated, modified, or zeroized.
• X – Execute: The CSP is used within an Approved or Allowed security function mechanism.
2.3.1 Crypto Officer Role and Services
The Crypto Officer (CO) role is assumed to perform the initial installation of the module onto the
Operating System. The CO role initializes the module for operation (AllegroTaskInit) as well as
performs zeroization of all keys and CSPs during de-initialization (AllegroTaskDeInit). The CO role
can also perform on-demand self-tests (AcRunSelfTest). Descriptions of the services available to the
CO are provided in Table 2-4.
Table 2-4. Crypto Officer Services
Service Description CSP and Type of Access
AcInit() Initialize the module for use in FIPS mode None
AcDeInit() Zeroize all keys and CSPs
Disable Crypto Services
All CSPs – W
AcRunSelfTest() Run cryptographic self-tests on-demand None
2.3.2 User Role and Services
The User role is assumed when services such as random number generation, digest calculation,
encryption and decryption, key wrapping and unwrapping, message authentication and signature
generation and verification are requested. The User role services are described in Table 2-5.
Table 2-5. User Services
Service Description CSP and Type of Access
AcGenerateRandomNumbers() Generate random data DRBG Entropy – R/X
DRBG ‘V’ Value –W/R
DRBG ‘C’ Value –W/R
AcDigest()
AcDigestInit()
AcDigestUpdate(
) AcDigestFinal()
Create message digest from input data None
AcDigestClone() Duplicate a message digest None
AcKeyedDigestInit()
AcDigestUpdate()
AcDigestFinal()
Create a keyed message digest of input data HMAC Key – R/X
AES GMAC Key – R/X
AES CMAC Key – R/X
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
13
Service Description CSP and Type of Access
AcSign()
AcSignInit()
AcSignUpdate(
) AcSignFinal()
Create a digital signature RSA Private Key – R/X
ECDSA Private Key – R/X
AcSignDigestBuffer() Create a digital signature for a previously
computed message digest
RSA Private Key – R/X
ECDSA Private Key – R/X
AcVerify()
AcVerifyInit()
AcVerifyUpdate(
) AcVerifyFinal()
Verify a digital signature None
AcVerifyDigestBuffer() Verify a digital signature for a previously
computed digest
None
AcEncryptInit()
AcEncryptUpdate(
) AcEncryptFinal()
Encrypt or decrypt a block of data AES Key – R/X
AES CCM Key – R/X
AES GCM Key – R/X
XTS-AES Key – R/X
AcGenerateKey() Generate symmetric keys AES Key – W
AES GCM Key – W
AES GCM IV – W
AES CMAC Key –
W XTS-AES Key –
W KEK – W
AcGenerateKeyPair() Generate asymmetric key pairs RSA Private Key – W
RSA Public Key – W
ECDH Private Key – W
ECDH Public Key – W
ECDSA Private Key – W
ECDSA Public Key – W
AcBuildKeyPairFromParams() Generate asymmetric key pairs using
specific key parameters
RSA Private Key – W
RSA Public Key – W
ECDH Private Key – W
ECDH Public Key – W
ECDSA Private Key – W
ECDSA Public Key – W
AcExportKey() Wrap/encrypt a key KEK – R/X
AcImportKey() Unwrap/decrypt an encrypted key KEK – W/X
AcKeySize() Return the key size for a selected Key All Keys – R
AcKeyExchange() Establish a shared secret using ECDH ECDH Private Key – R/X
AcDeriveKey() Derive a key from an existing key’s data TLS Session Key – W
PBKDF2 DPK – W
AcReleaseHandle() Zeroize Keys All Keys – W
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
14
Service Description CSP and Type of Access
AcAceLibraryState() Query whether library is in the soft error
state
None
2.4 Finite State Model
The Module implements the finite state model detailed in submission item 4A.
2.5 Physical Security
The physical security requirements of FIPS 140-2 do not apply because the module is a software
module.
2.6 Operational Environment
This module operates in a modifiable operational environment as described by the FIPS 140-2
definition. The operating systems that were tested run user processes in logically separate process
spaces. When the module is present in memory, the operating system protects the module’s memory
space from unauthorized access. The module functions entirely within the process space of the calling
application, satisfying the FIPS 140-2 requirement for a single user mode of operation.
The module was tested in the following configurations:
• Linux Mint 18 Cinnamon running on an Intel NUC System with Intel i7-6770HQ with PAA;
• Linux Mint 18 Cinnamon running on an Intel NUC System with Intel i7-6770HQ without PAA (single-user
mode)
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
15
2.7 Cryptographic Key Management
The module supports the CSPs listed in Table 2-6.2 3
Table 2-6. List of Cryptographic Keys, Cryptographic Key Components, and CSPs
CSP CSP Type Generation / Input Output Storage Zeroization Use
AES Key AES 128-, Internally Output Keys are not Unload module; Encrypt and
192-, or
256-bit key
Generated via
approved
DRBG;
using
module
API via
persistently
stored by
the module
API call;
Remove Power
decrypt blocks of
data
or Input via API
through GPC
GPC INT
Path
INT Path
AES GCM
Key
AES 128-, Internally Output Keys are not Unload module; Encrypt and
192-, or
256-bit key
Generated via
approved
DRBG;
using
module
API via
persistently
stored by
the module
API call;
Remove Power
decrypt blocks of
data; Keyed
Message
or Input via API
through GPC
GPC INT
Path
Authentication
Code
INT Path
AES GCM IV >= 96 bits of Internally Output Keys are not Unload module; IV input to AES
random
data4
Generated via
approved
DRBG
using
module
API via
persistently
stored by
the module
API call;
Remove Power
GCM function
GPC INT
Path
XTS-AES Key AES Internally Output Keys are not Unload module; Storage
XTS_128- or
AES
XTS_256-
bit key
Generated via
approved
DRBG;
or Input via API
through GPC
using
module
API via
GPC
INT
Path
persistently
stored by
the module
API call;
Remove Power
encryption or
decryption
INT Path
2 The minimum number of entropy bits generated by the module for use in key generation is 256 bits.
3 When the module generates symmetric keys or seeds used for generating asymmetric keys, unmodified DRBG output is
used as the symmetric key or as the seed for generating the asymmetric keys.
4 IV generation is per IG A.5 scenario 2.
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
16
CSP CSP Type Generation / Input Output Storage Zeroization Use
AES CMAC AES 128-, Internally Output Keys are not Unload module; Keyed Message
Key 192-, or
256-bit key
Generated via
approved
DRBG;
using
module
API via
persistently
stored by
the module
API call;
Remove Power
Authentication
Code
or Input via API
through GPC
GPC INT
Path
INT Path
HMAC Key 112- to 512- Internally Output Keys are not Unload module; Keyed Message
bit HMAC Generated via using persistently API call; Authentication
Key approved
DRBG;
module
API via
stored by
the module
Remove Power Code
or Input via API
through GPC
GPC INT
Path
INT Path
Key AES 128-, Internally Output Keys are not Unload module; Key Wrapping /
Encryption 192-, 256- Generated via using persistently API call; Key Unwrapping
Key (KEK) bit key or
RSA 2048-,
3072-bit key
approved
DRBG;
or
Internally
Generated via
module
API via
GPC
INT
Path
stored by
the module
Remove Power
PBKDF2;
or Input via API
through GPC
INT Path
PBKDF2 DPK 112-bits of Internally Output Keys are not Unload module; Protection of
data Generated using persistently API call; stored data
module
API via
stored by
the module Remove Power
GPC INT
Path
PBKDF2
Password
>= 80-bits
of data
Input via
API through
GPC INT
Path
Never Never Unload module;
Remove Power
Application data
passed as input to
PBKDF2
calculation
RSA Private 2048- or Internally Output Keys are not Unload module; Signature
Key 3072-bit Generated via using persistently API call; Generation;
RSA Private
Key
approved
DRBG;
module
API via
stored by
the module
Remove Power Decryption
or Input via API
through GPC
GPC INT
Path
INT Path
ECDSA NIST Internally Output Keys are not Unload module; Signature
Private Key Recommend Generated via encrypted persistently API call; Generation
ed Curves:
P- 224,
P-256,
P- 384
or P-
521
approved
DRBG;
or Input via API
through GPC
INT Path
via KEK;
Output
using
module
API via
stored by
the module
Remove Power
GPC INT
Path
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
17
CSP CSP Type Generation / Input Output Storage Zeroization Use
ECDH Private NIST Internally Output Keys are not Unload module; Establish Shared
Components Recommend generated via using persistently API call; Secret
ed Curves: approved module stored by Remove Power
P-224, DRBG; or API via the module
P-256,
P-384 or
P- 521
Input via
API through
GPC INT
Path
GPC INT
Path
TLS RSA
Premaster
Secret
Random
material
Input via
API through
GPC INT
Path
Never Not
persistently
stored by
the module
Unload module;
API call;
Remove Power
Input to TLS
Master Secret
generation
TLS Master
Secret
Random
material
Internally
Generated
using TLS
KDF
Never Not
persistently
stored by
the module
Unload module;
API call;
Remove Power
Master secret
used for deriving
TLS encryption
keys, session key
and integrity key
TLS Session
Key
Shared
TLS
symmetric
key
Internally
Generated
using TLS
KDF
Never Keys are not
persistently
stored by
the module
Unload module;
API call;
Remove Power
Encrypt/Decrypt
communications
over TLS
TLS Integrity
Key
HMAC
SHA-1 key
Internally
Generated
using TLS
KDF
Never Keys are not
persistently
stored by
the module
N/A Protects the
integrity of data
sent over TLS
DRBG
Entropy
random
material
Generated by
Host GPC
Processor (Intel
Core i7)
Never Not
persistently
stored by
the module
Unload module;
API call;
Remove Power
Entropy material
for Hash_DRBG
DRBG Seed random
material
Internally
generated
Never Not stored
by the
module
Unload module;
Remove Power
Seed material for
Hash_DRBG
DRBG ‘C’
Value
Internal
Hash_DRB
G state
value
Internally
Generated
Never Not
persistently
stored by
the module
Unload module;
API call;
Remove Power
Used for
Hash_DRB
G
DRBG ‘V’
Value
Internal
Hash_DRB
G state
value
Internally
Generated
Never Not
persistently
stored by
the module
Unload module;
API call;
Remove Power
Used for
Hash_DRB
G
HMAC key
for Code
Integrity test
HMAC
SHA256 key
Internally
stored in data
memory
Never Internally
stored in
data
memory
N/A Integrity test
HMAC key
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
18
CSP CSP Type Generation / Input Output Storage Zeroization Use
RSA Public 2048- or Internally Output Keys are not Unload module; Digital Signature
Key 3072-bit generated; or using persistently API call; Verification;
RSA Public Input via API module stored by Remove Power Encryption
Key API via the module
GPC INT
Path
ECDSA Public NIST Internally Output Keys are not Unload module; Digital Signature
Key Recommend Generated; or using persistently API call; Verification
ed Curves:
P-224,
P-256, P-
384 or
Input via
API through
GPC INT
Path
module
API via
GPC
INT
Path
stored by
the module
Remove Power
P-521
ECDH Public NIST Internally Output Keys are not Unload module; Establish Shared
Components Recommend generated via using persistently API call; Secret
ed Curves: approved module stored by Remove Power
P-224, DRBG; or API via the module
P-256,
P- 384
or P-
521
Input via
API through
GPC INT
Path
GPC INT
Path
Entropy Caveats:
The module generates entropy as described in the IG 7.14, scenario 1(b).
The module uses /dev/random as a NDRNG to seed the DRBG.
The minimum number of bits of entropy requested per each GET function call is 1024.
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
19
2.8 EMC/EMI
The Allegro Cryptographic Engine is a software module. The only electromagnetic interference
produced when it is executing is produced by the target on which the module resides and executes.
FIPS 140-2 requires that the host systems on which FIPS 140-2 testing is performed meet the Federal
Communications Commission (FCC) EMI and EMC requirements for business use as defined in
Subpart B, Class A of FCC 47 Code of Federal Regulations Part 15. However, all systems sold in the
United States must meet these applicable FCC requirements.
2.9 Self-Tests
The Allegro Cryptographic Engine performs power-up self-tests automatically each time the module
is loaded into memory. Conditional self-tests are performed each time the module needs to generate a
new random number or a new asymmetric key pair, or when establishing a new Diffie-Hellman Key
Agreement. The module’s random bit generator will perform critical function tests as needed to assure
its security. While the module is performing these self-tests, all data output interfaces are inhibited.
If any self-test fail, the module’s data output interfaces will be inhibited. Only control input and status
output commands will be allowed to execute. To correct an on-demand self-test or conditional self-
test error, the module must be restarted by calling the AllegroTaskInit() service after the module has
been de-initialized.
To correct a power-up self-test error, the module must be reloaded into memory by terminating the
host application and then restarting the host application. If the power-up self-test fails after restarting
the host application, it will be necessary to re-install the module.
2.9.1 Power-Up Self-Tests
The Allegro Cryptographic Engine performs the following self-tests at power-up:
• Software integrity check using HMAC SHA-256 Message Authentication Code
• Algorithm Self- Tests
– AES KAT
– AES CMAC KAT
– RSA Signature Generation KAT
– RSA Signature Verification KAT
– ECDSA Sign/Verify Pairwise Consistency Test
– SHA-1 KAT
– HMAC with SHA-1 KAT, SHA-224, SHA-256, SHA-384, SHA-512 KAT
– SHA-224, SHA-256, SHA-384, SHA-512 KAT
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
20
– EC Diffie-Hellman Primitive ‘Z’ Computation KAT
– SP 800-90A Hash_DRBG KAT
– TLS KDF KAT
All Known Answer Tests may be called on-demand by calling the AcRunSelfTest()service.
2.9.2 Conditional Self-Tests
The Allegro Cryptographic Engine performs the following conditional self-tests when needed:
• Conditional Self Tests (CSTs)
– RSA Pairwise Consistency Test
– ECDSA Pairwise Consistency Test
– EC Diffie-Hellman Public Key Assurance Test
– AES-XTS Key Validation Test in accordance with the IG A.9 requirements
– Repetition Count Test and Adaptive Proportion Test for NDRNG (Entropy Source)
– Continuous Random Number Generator test for DRBG
2.9.3 Critical Functions Self-Tests
Critical function tests are performed conditionally by the module any time a random number is
generated using the SP 800-90A Hash_DRBG. The SP 800-90A Hash_DRBG contains three critical
functions; DRBG Instantiate, DRBG Generate and DRBG Reseed. The instantiation test is tested
during power-up and any time that a new DRBG instance is created. The generation test is performed
during power-up and conditionally when new random data must be generated. The reseed test is
performed during power-up and conditionally when the reseed counter has reached its pre-determined
maximum value and the DRBG needs to be reseeded. If any of these critical function tests fail, the
module will transition to a soft error state. Follow the guidance in Section 2.9 to correct the error
state.
The Allegro Cryptographic Engine performs the following critical function tests:
• SP 800-90A DRBG Instantiation Critical Function Test
• SP 800-90A DRBG Generate Critical Function Test
• SP 800-90A DRBG Reseed Critical Function Test
2.10 Design Assurance
Allegro uses Perforce Server as their configuration management tool to track the progress and
design of their source code and product manuals. To ensure secure delivery of the Allegro
Cryptographic Engine, Allegro places the module onto a DVD and ships the DVD via FedEx.
Tracking numbers are used to track the progress of the shipment to the customer. FedEx requires the
FIPS 140-2 Non-Proprietary Security Policy, Version 6.3.3 June 30, 2022
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
21
recipient of the product to sign for the package to ensure the product arrives securely to the intended
recipient.
2.11 Mitigation of Other Attacks
This section is not applicable. The module does not attempt to mitigate specific attacks.
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
22
3 SECURE OPERATION
The Allegro Cryptographic Engine meets Level 1 requirements for FIPS 140-2. The sections below
describe how to operate the module in FIPS-Approved mode of operation.
3.1 Initial Setup
Initial setup for the Allegro Cryptographic Engine consists of installing the host operating system,
Linux Mint 18, creating a new user account on the Operating System and providing that user account
with a password. After creating a new user account and password, the CO shall follow the CO
Guidance in Section 3.2.1 to use ACE in its FIPS-Approved mode of operation.
3.1.1 Operating System Configuration
The host operating system will provide the operational environment required for the module to meet
Level 1 FIPS-140 security specifications.
To run ACE in its FIPS-Approved mode of operation, a new user account shall be created on the OS.
After logging into the Admin account, the CO will create a new user account following the guidelines
of the OS user manual. When creating a new user, the CO shall require a password to log into the
account. The CO shall refer to all administrative and guidance documents in order to create a new
user account on the Operating System.
3.2 Secure Management
The Cryptographic Officer is in charge of the secure management and handling of the ACE
cryptographic module. The Allegro Cryptographic Engine is shipped on a DVD and delivered via
FedEx. A tracking number is provided to the CO in order to track the progress of the shipment and
ensure secure delivery of the module. The CO shall sign for the DVD upon arrival and shall maintain
control of the DVD throughout its lifetime. Following the secure delivery of the module, the CO shall
follow the steps outlined in Section 3.1.1 for proper configuration of the Operating System prior to
installing the module onto the OS.
3.2.1 CO Guidance
As explained in the sections above, the CO is in charge of setting up the host Operating System and
receiving the DVD containing the cryptographic module, installation guides, user guides, and other
supporting documentation. The CO shall follow the installation procedures detailed in the included
installation guides to properly install the Allegro Cryptographic Engine onto the operating system.
The module is shipped in its FIPS-Approved mode of operation. No further configuration is needed
by the CO in order to operate the module in its FIPS-Approved mode of operation. During normal
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
23
Security Policy, Version 6.3.3 January 29, 2019
operation, the User may check the status of the module by attempting to run a service. If the service
executes and does not return an error, the module is operating in FIPS mode.
3.2.1.1 Guidance for Password-Based Key Derivation Function
Passwords passed to the PBKDF2 implemented shall have a length of at least 10 characters and shall
consist of upper- and lower-case letters and numbers (52 letters) and digits (0-9) as well as characters
from the set ~!@#$%^&*. There are 71 different characters that can be used, in any order. The
probability of guessing this password at random is 7110
= 1: 3.3 * 1018
. This provides a password
search space of more than 60 bits.
The length of the random salt used in PBKDF2 must be at least 128 bits. The iteration count used in
PBKDF2 must be at least 1000 and should be as large as is tolerable by the calling application. The
length of the master key generated by PBKDF2 must be at least 112 bits.
The calling application may use the master key the Data Protection Key or it may derive the Data
Protection Key from the master key using a key derivation function. The Data Protection Key shall be
used for storage purposes only and shall use only approved encryption algorithms.
3.2.2 User Guidance
The user shall adhere to the guidelines of this Security Policy.
The User does not have any ability to install or configure the module. Operators in the User role are
able to use the services available to the User role listed in Table 2-4.
The user is responsible for reporting to the Cryptographic Officer if any irregular activity is noticed
During operation, the User may check the status of the module by attempting to run a service. If the
service executes, the module is operating in FIPS mode.
An AES-GCM key may either be generated internally or provided by application code to the
cryptographic module. Initialization vectors provided by application code for use with AES-GCM
must be at least 96 bits long. If the initialization vector is provided by application code, the
probability that the authenticated encryption function will be invoked with the same initialization
vector and the same key on two or more distinct sets of input data shall be no greater than 2-32
. If the
module’s power is lost and then restored, a new key for use with AES-GCM encryption/decryption
must be established.
4 ACRONYMS
Acronym Definition
ACE Allegro Cryptographic Engine
AES Advanced Encryption System
ANSI American National Standards Institute
API Application Programming Interface
CBC Cipher Block Chaining
CCM Counter with CBC-MAC
CFB Cipher Feedback
CMAC Cipher-based Message Authentication Code
CMVP Cryptographic Module Validation Program
CO Cryptographic Officer
CPU Central Processing Unit
CSEC Communications Security Establishment Canada
CSP Critical Security Parameter
CST Conditional Self-Test
CTR Counter
DES Data Encryption Standard
DH Diffie-Hellman
DPK Data Protection Key
DRBG Deterministic Random Bit Generator
DSA Digital Signature Algorithm
DVD Digital Video Disc
EC Elliptic Curve
ECB Electronic Code Book
ECC Elliptic Curve Cryptography
ECDH Elliptic Curve Diffie-Hellman
ECDSA Elliptic Curve Digital Signature Algorithm
EMC Electromagnetic Compatibility
EMI Electromagnetic Interference
FCC Federal Communications Commission
FFC Finite Field Cryptography
FIPS Federal Information Processing Standard
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
25
Acronym Definition
GCM Galois/Counter Mode
GPC General Purpose Computer
HMAC (keyed-) Hash Message Authentication Code
INT Internal
KAS Key Agreement Scheme
KAT Known Answer Test
KEK Key Encrypting Key
MAC Message Authentication Code
NIST National Institute of Standards and Technology
OEM Original Equipment Manufacturer
OFB Output Feedback
OS Operating System
PKDF2 Password-Based Key Derivation Function 2
PKCS Public Key Cryptography Standard
PSS Probabilistic Signature Scheme
RAM Random Access Memory
RSA Rivest Shamir and Adelman
SHA Secure Hash Algorithm
SP Special Publication
SSC Shared Secret Computation
SSH Secure Shell
TLS Transport Layer Security
Triple-DES Triple Data Encryption Standard
USB Universal Serial Bus
XEX XOR-Encrypt-XOR
XOR Exclusive Or
XTS XEX-Based Tweaked-Codebook Mode with Ciphertext Stealing
Allegro Cryptographic Engine
© 2022 Allegro Software Development Corporation
26
Allegro Software Development Corporation
1740 Massachusetts Avenue
Boxborough, MA 01719
www.allegrosoft.com