Dynatrace LLC
Dynatrace Cryptographic Module
Software Version: 1.1
FIPS 140-3 Non-Proprietary Security Policy
FIPS Security Level: 1
Document Version: 0.9
Prepared for: Prepared by:
Dynatrace LLC Corsec Security, Inc.
1601 Trapelo Road, Suite 116 12600 Fair Lakes Circle, Suite 210
Waltham, MA 02451 Fairfax, VA 22033
United States of America United States of America
Phone: +1 781 530 1000 Phone: +1 703 267 6050
www.dynatrace.com www.corsec.com
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 2 of 44
Abstract
This is a non-proprietary Cryptographic Module Security Policy for the Dynatrace Cryptographic Module (software
version: 1.1) from Dynatrace LLC (Dynatrace). This Security Policy describes how the Dynatrace Cryptographic
Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3,
which details the U.S. and Canadian government requirements for cryptographic modules. More information
about the FIPS 140-3 standard and validation program is available on the Cryptographic Module Validation
Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and
the Canadian Centre for Cyber Security (CCCS).
This document also describes how to run the module in a secure Approved mode of operation. This policy was
prepared as part of the Level 1 FIPS 140-3 validation of the module. The Dynatrace Cryptographic Module is
referred to in this document as Dynatrace Cryptographic Module or the module.
References
This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3
cryptographic module security policy. More information is available on the module from the following sources:
• The Dynatrace website (www.dynatrace.com) contains information on the full line of products from
Dynatrace.
• The search page on the CMVP website (https://csrc.nist.gov/Projects/cryptographic-module-validation-
program/Validated-Modules/Search) can be used to locate and obtain vendor contact information for
technical or sales-related questions about the module.
Document Organization
ISO/IEC 19790 Annex B uses the same section naming convention as ISO/IEC 19790 section 7 - Security
requirements. For example, Annex B section B.2.1 is named “General” and B.2.2 is named “Cryptographic module
specification,” which is the same as ISO/IEC 19790 section 7.1 and section 7.2, respectively. Therefore, the format
of this Security Policy is presented in the same order as indicated in Annex B, starting with “General” and ending
with “Mitigation of other attacks.” If sections are not applicable, they have been marked as such in this document.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 3 of 44
Table of Contents
1. General..................................................................................................................................................6
2. Cryptographic Module Specification .......................................................................................................7
2.1 Operational Environments......................................................................................................................7
2.2 Algorithm Implementations....................................................................................................................9
2.3 Cryptographic Boundary...................................................................................................................... 15
2.4 Modes of Operation............................................................................................................................. 17
3. Cryptographic Module Interfaces .........................................................................................................18
4. Roles, Services, and Authentication......................................................................................................19
4.1 Authorized Roles.................................................................................................................................. 19
4.2 Authentication Methods...................................................................................................................... 20
4.3 Services ................................................................................................................................................ 20
5. Software/Firmware Security ................................................................................................................24
6. Operational Environment.....................................................................................................................25
7. Physical Security ..................................................................................................................................26
8. Non-Invasive Security ..........................................................................................................................27
9. Sensitive Security Parameter Management ..........................................................................................28
9.1 Keys and Other SSPs ............................................................................................................................ 28
9.2 DRBGs................................................................................................................................................... 31
9.3 SSP Storage Techniques....................................................................................................................... 31
9.4 SSP Zeroization Methods..................................................................................................................... 32
9.5 RBG Entropy Sources ........................................................................................................................... 32
10. Self-Tests.............................................................................................................................................33
10.1 Pre-Operational Self-Tests................................................................................................................... 33
10.2 Conditional Self-Tests .......................................................................................................................... 33
10.3 On-Demand Self-Testing...................................................................................................................... 34
10.4 Self-Test Failure Handling .................................................................................................................... 34
11. Life-Cycle Assurance.............................................................................................................................35
11.1 Secure Installation ............................................................................................................................... 35
11.2 Initialization ......................................................................................................................................... 35
11.3 Startup ................................................................................................................................................. 35
11.4 Administrator Guidance....................................................................................................................... 35
11.5 Non-Administrator Guidance............................................................................................................... 36
11.6 Common Vulnerabilities and Exposures.............................................................................................. 37
11.6.1 Applicable CVEs....................................................................................................................... 37
11.6.2 CVE Mitigation Plan ................................................................................................................ 37
12. Mitigation of Other Attacks..................................................................................................................38
Appendix A. Approved Service Indicators...........................................................................................39
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 4 of 44
Appendix B. Acronyms and Abbreviations..........................................................................................42
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 5 of 44
List of Tables
Table 1 – Security Level per FIPS 140-3 Section.........................................................................................................6
Table 2 – Tested Operational Environments..............................................................................................................7
Table 3 – Vendor-Affirmed Operational Environments .............................................................................................7
Table 4 – Approved Algorithms..................................................................................................................................9
Table 5 – Non-Approved Algorithms Allowed in the Approved Mode of Operation.............................................. 14
Table 6 – Non-Approved Algorithms Not Allowed in the Approved Mode of Operation....................................... 14
Table 7 – Ports and Interfaces................................................................................................................................. 18
Table 8 – Roles, Service Commands, Input and Output.......................................................................................... 19
Table 9 – Approved Services ................................................................................................................................... 21
Table 10 – Non-Approved Services ......................................................................................................................... 23
Table 11 – Keys........................................................................................................................................................ 28
Table 13 – Non-Deterministic Random Number Generation Specification ............................................................ 32
Table 12 – CVEs ....................................................................................................................................................... 37
Table 14 – Acronyms and Abbreviations................................................................................................................. 42
List of Figures
Figure 1 – GPC Block Diagram ................................................................................................................................. 16
Figure 2 – Module Block Diagram (with Cryptographic Boundaries)...................................................................... 17
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 6 of 44
1. General
Dynatrace LLC provides software intelligence to simplify cloud complexity and accelerate digital
transformation. With automatic and intelligent observability at scale, their all-in-one platform delivers precise
answers about the performance and security of applications, the underlying infrastructure, and the experience of
all users to enable organizations to innovate faster, collaborate more efficiently, and deliver more value with
dramatically less effort.
Dynatrace is a software intelligence platform. The system provides data on the performance of applications,
underlying infrastructure, and end user experiences. Dynatrace consists of OneAgent, ActiveGate, and Cluster
software components. Dynatrace OneAgent software is installed on hosts to automatically discover and collect
monitoring data from an information technology environment. Important metrics can be forwarded to a
Dynatrace Cluster either directly or via a Dynatrace ActiveGate.
The Dynatrace Cryptographic Module 1.1 is a cryptographic library embedded in Dynatrace’s OneAgent and
ActiveGate application software. The Dynatrace Cryptographic Module v1.1 supplies the cryptographic
functionality for encryption and decryption, digital signature functions, hashing, message authentication, key
establishment, and random number generation in support of general data protection functionality and secure
communications protocols, including TLS1
1.2/1.3.
The Dynatrace Cryptographic Module is validated at the FIPS 140-3 section levels shown in Table 1.
Table 1 – Security Level per FIPS 140-3 Section
ISO/IEC 24579 Section 6.
[Number Below]
FIPS 140-3 Section Title Security Level
1 General 1
2 Cryptographic Module Specification 1
3 Cryptographic Module Interfaces 1
4 Roles, Services, and Authentication 1
5 Software/Firmware Security 1
6 Operational Environment 1
7 Physical Security N/A
8 Non-Invasive Security N/A
9 Sensitive Security Parameter Management 1
10 Self-tests 1
11 Life-Cycle Assurance 1
12 Mitigation of Other Attacks N/A
The module has an overall security level of 1.
1 TLS – Transport Layer Security
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 7 of 44
2. Cryptographic Module Specification
The Dynatrace Cryptographic Module 1.1 is a software module with a multi-chip standalone embodiment. The
module is designed to operate within a modifiable operational environment.
2.1 Operational Environments
The module was tested and found to be compliant with FIPS 140-3 requirements on the environment listed in
Table 2.
Table 2 – Tested Operational Environments
# Operating System Hardware Platform Processor PAA/Acceleration
1 Red Hat Enterprise Linux 8.2 Dell PowerEdge R440 Intel® Xeon Silver 4214R With PAA
2 Red Hat Enterprise Linux 8.2 Dell PowerEdge R440 Intel® Xeon Silver 4214R Without PAA
The module is designed to utilize the AES-NI2
extended instruction set when available on the host platform’s CPU
for processor algorithm acceleration (PAA) of its AES implementation.
The vendor affirms the module’s continued validation compliance when operating on the environments listed in
Table 3.
Table 3 – Vendor-Affirmed Operational Environments
# Operating System Processor
1 Alpine Linux (musl libc) for containers
3.4-3.13
x86-64
2 Amazon Linux 2 ARM64 (AArch64), x86-64
3 Amazon Linux AMI 2014.03 - 2018.03 x86-64
4 Bottlerocket 1.x x86-64
5 CentOS 7.x, 8.x ARM64 (AArch64), x86-64, ppc64le
6 CentOS Stream 8 ARM64 (AArch64), ppc64le, x86-64
7 Debian 8, 9, 10 x86-64
8 EulerOS 2,3, 2.5, 2.8 x86-64
9 EulerOS 2.8 ARM64 (AArch64)
10 Fedora 32-24 x86-64
11 Google Container-Optimized OS
81 LTS, 85 LTS, 89 LTS
x86-64
12 openSUSE 15.2, 15.3 ppc64le, x86-64
2 AES-NI – Advanced Encryption Algorithm New Instructions
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 8 of 44
# Operating System Processor
13 Oracle Linux 6.x, 7.x, 8.x x86-64
14 Red Hat Enterprise Linux 6.9+, 7.x, 8.x s390x
15 Red Hat Enterprise Linux 6.x x86-64
16 Red Hat Enterprise Linux 7.x, 8.x ppc64le, x86-64
17 Red Hat Enterprise Linux CoreOS
4.5, 4.6, 4.7
x86-64
18 SUSE Linux Enterprise Server 11.4 x86-64
19 SUSE Linux Enterprise Server
12.1+, 15.x
s390x
20 SUSE Linux Enterprise Server 15.3 ppc64le, x86-64
21 SUSE Linux Enterprise Server 15.x ARM64 (AArch64)
22 Ubuntu 14.04 LTS x86-64
23 Ubuntu 16.04 LTS, 18.04 LTS ppc64le, x86-64
24 Ubuntu 18.04 LTS ARM64 (AArch64), s390x
25 Ubuntu 20.04 LTS, 20.10, 21.04 ARM64
(AArch64), ppc64le, s390x, x86-64
26 IBM AIX 6.1 TL9 SP9+, 7.1 TL5,
7.2 TL3, 7.2 TL4, 7.2 TL5
POWER8 64bit-only, POWER9 64bit-
only
27 Solaris 10 1/13+, 11.x SPARC, x86-64, x86
28 Windows Desktop
8.1, 20H2, 21H1, 1507, 1607,
1809, 1909, 2004
x86-64
29 Windows Server
20H2, 1909, 2004, 2008 R2, 2012,
2012 R2, 2016, 2019
x86-64
30 Windows Server - Nano
All versions supported
x86-64
31 IBM z/OS 2.3, 2.4, 2.5 -
32 DB2 11, 12 -
33 MQ 8.0, 9.0, 9.1 -
34 DL/I -
Please refer to https://www.dynatrace.com/support/help/technology-support/ for details on the vendor affirmed
OEs.
The cryptographic module maintains validation compliance when operating on any general-purpose computer
(GPC) provided that the GPC uses any single-user operating system/mode specified on the validation certificate,
or another compatible single-user operating system. The CMVP makes no statement as to the correct operation
of the module or the security strengths of the generated keys when ported to an operational environment not
listed on the validation certificate.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 9 of 44
2.2 Algorithm Implementations
The module implements cryptographic algorithms in the following providers:
• Dynatrace Cryptographic Module (libcrypto) version 1.1 (Cert. A3358)
• Dynatrace Cryptographic Module (libssl) version 1.1 (Cert. A3359)
Validation certificates for each Approved security function are listed in Table 4.
Table 4 – Approved Algorithms
CAVP Cert3 Algorithm and Standard Mode / Method Description / Key Size(s) /
Key Strengths
Use / Function
Dynatrace Cryptographic Module (libcrypto)
A3358 AES-CBC4
FIPS PUB5 197
NIST SP 800-38A
CBC 128, 192, 256 Encryption/Decryption
A3358 AES-CCM
NIST SP 800-38C
CCM 128, 192, 256 Encryption/Decryption
A3358 AES-CFB16
FIPS PUB7 197
NIST SP 800-38A
CFB1 128, 192, 256 Encryption/Decryption
A3358 AES-CFB128
FIPS PUB8 197
NIST SP 800-38A
CFB128 128, 192, 256 Encryption/Decryption
A3358 AES-CFB8
FIPS PUB9 197
NIST SP 800-38A
CFB8 128, 192, 256 Encryption/Decryption
A3358 AES-CMAC10
NIST SP 800-38B
CMAC 128, 192, 256 MAC Generation/Verification
A3358 AES-CTR11
FIPS PUB12
197
NIST SP 800-38A
CTR 128, 192, 256 Encryption/Decryption
A3358 AES-ECB13
FIPS PUB14 197
NIST SP 800-38A
ECB 128, 192, 256 Encryption/Decryption
A3358 AES-GCM15
NIST SP 80- 38D
GCM (internal IV) 128, 192, 256 Encryption/Decryption
3 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.
4 CBC – Cipher Block Chaining
5
PUB – Publication
6 CFB – Cipher Feedback
7 PUB – Publication
8 PUB – Publication
9
PUB – Publication
10 CMAC – Cipher-Based Message Authentication Code
11 CTR – Counter
12 PUB – Publication
13 ECB – Electronic Code Book
14
PUB – Publication
15 GCM – Galois Counter Mode
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 10 of 44
CAVP Cert3 Algorithm and Standard Mode / Method Description / Key Size(s) /
Key Strengths
Use / Function
A3358 AES-GMAC16
NIST SP 800-38D
GMAC 128, 192, 256 Encryption/Decryption
A3358 AES-KW17
NIST SP 800-38F
KW 128, 192, 256 Encryption/Decryption
A3358 AES-KWP18
NIST SP 800-38F
KWP 128, 192, 256 Encryption/Decryption
A3358 AES-OFB19
FIPS PUB20
197
NIST SP 800-38A
OFB 128, 192, 256 Encryption/Decryption
A3358 Counter DRBG21
NIST SP 800-90Arev1
Counter-based 256-bit AES-CTR Deterministic Random Bit
Generation
A3358 DSA22 KeyGen (FIPS186-4)
FIPS PUB 186-4
DSA KeyGen 2048/224, 2048/256,
3072/256
Key Pair Generation
A3358 DSA PQGGen (FIPS186-4)
FIPS PUB 186-4
DSA PQGGen 2048/224, 2048/256,
3072/256 (SHA2-224,
SHA2-256, SHA2-384,
SHA2-512)
Domain Parameter Generation
A3358 DSA PQGVer (FIPS186-4)
FIPS PUB 186-4
DSA PQGVer 2048/224, 2048/256,
3072/256 (SHA2-224,
SHA2-256, SHA2-384,
SHA2-512)
Domain Parameter Verification
A3358 DSA SigGen (FIPS186-4)
FIPS PUB 186-4
DSA SigGen 2048/224, 2048/256,
3072/256 (SHA2-224,
SHA2-256, SHA2-384,
SHA2-512)
Digital Signature Generation
A3358 DSA SigVer (FIPS186-4)
FIPS PUB 186-4
DSA SigVer 1024/160, 2048/224,
2048/256, 3072/256 (SHA-
1, SHA2-224, SHA2-256,
SHA2-384, SHA2-512)
Digital Signature Verification
1024-bit keys are for legacy use
only.
A3358 ECDSA23 KeyGen (FIPS186-4)
FIPS PUB 186-4
ECDSA KeyGen.
Secret generation
mode: Testing
candidates
B-233, B-283, B-409, B-571,
K-233, K-283, K-409, K-571,
P-224, P-256, P-384, P-521
Key Pair Generation
A3358 ECDSA KeyVer (FIPS186-4)
FIPS PUB 186-4
ECDSA KeyVer B-163, B-233, B-283, B-409,
B-571, K-163, K-233, K-283,
K-409, K-571, P-192, P-224,
P-256, P-384, P-521
Public Key Validation
Curves B-163, K-163, and P-192 are
for legacy use only.
16 GMAC – Galois Message Authentication Code
17
KW – Key Wrap
18 KWP – Key Wrap with Padding
19 OFB – Output Feedback
20 PUB – Publication
21 DRBG – Deterministic Random Bit Generator
22
DSA – Digital Signature Algorithm
23 ECDSA – Elliptic Curve Digital Signature Algorithm
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 11 of 44
CAVP Cert3 Algorithm and Standard Mode / Method Description / Key Size(s) /
Key Strengths
Use / Function
A3358 ECDSA SigGen (FIPS186-4)
FIPS PUB 186-4
ECDSA SigGen B-233, B-283, B-409, B-571,
K-233, K-283, K-409, K-571,
P-224, P-256, P-384, P-521
SHA2-224, SHA2-256,
SHA2-384, SHA2-512 ()
Digital Signature Generation
A3358 ECDSA SigVer (FIPS186-4)
FIPS PUB 186-4
ECDSA SigVer B-163, B-233, B-283, B-409,
B-571, K-163, K-233, K-283,
K-409, K-571, P-192, P-224,
P-256, P-384, P-521 (SHA-1,
SHA2-224, SHA2-256,
SHA2-384, SHA2-512)
Digital Signature Verification
Curves B-163, K-163, and P-192 are
for legacy use only.
A3358 HMAC SHA-1
FIPS PUB 198-1
SHA-1 MAC: 160
Key Length: 112-524288
Increment 8
Message Authentication
A3358 HMAC SHA2-224
FIPS PUB 198-1
SHA2-224 MAC: 224
Key Length: 112-524288
Increment 8
Message Authentication
A3358 HMAC SHA2-256
FIPS PUB 198-1
SHA2-256 MAC: 256
Key Length: 112-524288
Increment 8
Message Authentication
A3358 HMAC SHA2-384
FIPS PUB 198-1
SHA2-384 MAC: 384
Key Length: 112-524288
Increment 8
Message Authentication
A3358 HMAC SHA2-512
FIPS PUB 198-1
SHA2-512 MAC: 512
Key Length: 112-524288
Increment 8
Message Authentication
A3358 KAS-ECC-SSC24
NIST SP 800-56Arev3
ephemeralUnified B-233, B-283, B-409, B-571,
K-233, K-283, K-409, K-571,
P-224, P-256, P-384, P-521
Shared Secret Computation
A3358 KAS-FFC-SSC25
NIST SP 800-56Arev3
dhEphem 2048/224 (FB), 2048/256
(FC)
Shared Secret Computation
A3358 KDF TLS
CVL26
NIST SP 800-135rev1
KDF (TLS v1.0/1.1,
v1.2)
SHA2-256, SHA2-384,
SHA2-512
Key Derivation
No part of the TLS protocol, other
than the KDF, has been tested by
the CAVP and CMVP.
A3358 RSA27 KeyGen (FIPS186-4)
FIPS PUB 186-4
Key generation mode:
B.3.3
2048, 3072, 4096 Key Pair Generation
A3358 RSA SigGen (FIPS186-4)
FIPS PUB 186-4
X9.31 2048, 3072, 4096 (SHA2-
256, SHA2-384, SHA2-512)
Digital Signature Generation
PKCS#1 v1.5 2048, 3072, 4096 (SHA2-
224, SHA2-256, SHA2-384,
SHA2-512)
Digital Signature Generation
24 KAS-ECC-SSC – Key Agreement Scheme – Elliptic Curve Cryptography - Shared Secret Computation
25 KAS-FFC-SSC – Key Agreement Scheme - Finite Field Cryptography - Shared Secret Computation
26
CVL – Component Validation List
27 RSA – Rivest Shamir Adleman
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 12 of 44
CAVP Cert3 Algorithm and Standard Mode / Method Description / Key Size(s) /
Key Strengths
Use / Function
PSS28 2048, 3072, 4096 (SHA2-
224, SHA2-256, SHA2-384,
SHA2-512)
Digital Signature Generation
A3358 RSA SigVer (FIPS186-4)
FIPS PUB 186-4
X9.31 1024, 2048, 3072, 4096
(SHA-1, SHA2-256, SHA2-
384, SHA2-512)
Digital Signature Verification
1024-bit keys are for legacy use
only.
PKCS#1 v1.5 1024, 2048, 3072, 4096
(SHA-1, SHA2-224, SHA2-
256, SHA2-384, SHA2-512)
Digital Signature Verification
1024-bit keys are for legacy use
only.
PSS29 1024, 2048, 3072, 4096
(SHA-1, SHA2-224, SHA2-
256, SHA2-384, SHA2-512)
Digital Signature Verification
1024-bit keys are for legacy use
only.
A3358 SHA-1
FIPS PUB 180-4
SHA-1 Message Length:
0-65528 Increment 8
Message Digest
SHA2-224
FIPS PUB 180-4
SHA2-224 Message Length:
0-65528 Increment 8
Message Digest
SHA2-256
FIPS PUB 180-4
SHA2-256 Message Length:
0-65528 Increment 8
Message Digest
SHA2-384
FIPS PUB 180-4
SHA2-384 Message Length:
0-65528 Increment 8
Message Digest
SHA2-512
FIPS PUB 180-4
SHA2-512 Message Length:
0-65528 Increment 8
Message Digest
Dynatrace Cryptographic Module (libssl)
A3359 TLS v1.3 KDF
CVL
NIST SP 800-135rev1
RFC 8446
KDF (TLS v1.3) SHA2-256, SHA2-384 Key Derivation
No part of the TLS protocol, other
than the KDF, has been tested by
the CAVP and CMVP.
Security Function Implementations (SFIs)
KAS-ECC-SSC
A3358
TLS KDF
A3358
KAS30
NIST SP 800-56Arev3
NIST SP 800-135rev1
NIST SP 800-56Arev3.
KAS-ECC per IG D.F
Scenario 2 path (2)
B-233, B-283, B-409, B-571,
K-233, K-283, K-409, K-571,
P-224, P-256, P-384, P-521
curves providing between
112 and 256 bits of
encryption strength
Key Agreement
KAS-ECC-SSC
A3358
TLS v1.3 KDF
A3359
KAS
NIST SP 800-56Arev3
NIST SP 800-135rev1
RFC 8446
NIST SP 800-56Arev3.
KAS-ECC per IG D.F
Scenario 2 path (2)
B-233, B-283, B-409, B-571,
K-233, K-283, K-409, K-571,
P-224, P-256, P-384, P-521
curves providing between
112 and 256 bits of
encryption strength
Key Agreement
28 PSS – Probabilistic Signature Scheme
29
PSS – Probabilistic Signature Scheme
30 KAS – Key Agreement Scheme
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 13 of 44
CAVP Cert3 Algorithm and Standard Mode / Method Description / Key Size(s) /
Key Strengths
Use / Function
KAS-FFC-SSC
A3358
TLS KDF
A3358
KAS
NIST SP 800-56Arev3
NIST SP 800-135rev1
NIST SP 800-56Arev3.
KAS-FFC per IG D.F
Scenario 2 path (2)
2048-bit key providing 112
bits of encryption strength
Key Agreement
KAS-FFC-SSC
A3358
TLS v1.3 KDF
A3359
KAS
NIST SP 800-56Arev3
NIST SP 800-135rev1
RFC 8446
NIST SP 800-56Arev3.
KAS-FFC per IG D.F
Scenario 2 path (2)
2048-bit key providing 112
bits of encryption strength
Key Agreement
AES-CMAC
A3358
KTS
NIST SP 800-38B
NIST SP 800-38B and
NIST SP 800-38F. KTS
(key wrapping and
unwrapping) per IG
D.G.
128, 192, and 256-bit keys
provide between 128 and
256 bits of encryption
strength
Key Wrap/Unwrap
AES-CCM
A3358
KTS31
NIST SP 800-38C
NIST SP 800-38C and
NIST SP 800-38F. KTS
(key wrapping and
unwrapping) per IG
D.G.
128, 192, and 256-bit keys
provide between 128 and
256 bits of encryption
strength
Key Wrap/Unwrap
AES-GCM
A3358
KTS
NIST SP 800-38D
NIST SP 800-38D and
NIST SP 800-38F. KTS
(key wrapping and
unwrapping) per IG
D.G.
128, 192, and 256-bit keys
provide between 128 and
256 bits of encryption
strength
Key Wrap/Unwrap
AES-GMAC
A3358
KTS
NIST SP 800-38D
NIST SP 800-38D and
NIST SP 800-38F. KTS
(key wrapping and
unwrapping) per IG
D.G.
128, 192, and 256-bit keys
provide between 128 and
256 bits of encryption
strength
Key Wrap/Unwrap
AES-KW
A3358
KTS
NIST SP 800-38F
NIST SP 800-38F. KTS
(key wrapping and
unwrapping)
128, 192, and 256-bit keys
provide between 128 and
256 bits of encryption
strength
Key Wrap/Unwrap
AES-KWP
A3358
KTS
NIST SP 800-38F
NIST SP 800-38F. KTS
(key wrapping and
unwrapping)
128, 192, and 256-bit keys
provide between 128 and
256 bits of encryption
strength
Key Wrap/Unwrap
Vendor Affirmed
Vendor
Affirmed
CKG32
NIST SP 800-133rev2
- - Cryptographic Key Generation
NOTE: The module offers algorithms in the Approved mode of operation that provide less than 112 bits of security strength. These
algorithms are Approved for legacy use only (refer to NIST SP 800-131Arev2 for additional details).
31
KTS – Key Transport Scheme
32 CKG – Cryptographic Key Generation
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 14 of 44
The vendor affirms the following cryptographic security methods:
• Cryptographic key generation – In compliance with sections 4 and 5.1 of NIST SP 800-133rev2, the module
uses its Approved DRBG to generate random values and seeds used for asymmetric key generation. The
generated seed is an unmodified output from the DRBG. The cryptographic module invokes a GET function
to obtain entropy for random number generation (the module requests 256 bits of entropy from the
calling application per request), and then passively receives entropy from the calling application while
having no knowledge of the entropy source and exercising no control over the amount or the quality of
the obtained entropy.
The calling application and its entropy sources are located within the operational environment inside the
module’s physical perimeter but outside the cryptographic boundary. Thus, there is no assurance of the
minimum strength of the generated SSPs (e.g., keys).
The module implements the non-Approved but allowed algorithms shown in Table 5 below.
Table 5 – Non-Approved Algorithms Allowed in the Approved Mode of Operation
Algorithm Caveat Use / Function
AES Cert. #A3358, Key Unwrapping (allowed per FIPS
140-3 IG D.G)
Symmetric key unwrapping (using any
Approved unauthenticated mode)
For legacy use only.
The module does not offer non-Approved algorithms allowed for use in the Approved mode of operation with no
security claimed on their use.
The module employs the non-Approved algorithms shown in Table 6 below. These algorithms shall not be used in
the module’s Approved mode of operation.
Table 6 – Non-Approved Algorithms Not Allowed in the Approved Mode of Operation
Algorithm Use / Function
AES-GCM (non-approved with external IV) Encryption/Decryption
AES-OCB33 Authenticated Encryption/Decryption
AES-XTS Encryption/Decryption
ANSI X9.31 RNG (with 128-bit AES core) Random Number Generation
ARIA Encryption/Decryption
Blake2 Encryption/Decryption
Blowfish Encryption/Decryption
CAST, CAST5 Encryption/Decryption
Camellia Encryption/Decryption
ChaCha20 Encryption/Decryption
33 OCB – Offset Codebook
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 15 of 44
Algorithm Use / Function
DES Encryption/Decryption
DH (non-approved with key sizes below 2048 bits) Key Agreement
DSA (non-approved with key sizes below the
minimums Approved for the Approved mode)
Key Pair Generation; Digital Signature Generation; Digital
Signature Verification
DSA, ECDSA, and RSA (non-approved when used with
SHA-1 outside the TLS protocol)
Digital Signature Generation
ECDH (non-approved with curves P-192, K-163, B-163,
and non-NIST curves)
Key Agreement
ECDSA (non-approved with curves P-192, K-163, B-
163, and non-NIST curves)
Key Pair Generation; Digital Signature Generation; Digital
Signature Verification
EdDSA34 Key Pair Generation; Digital Signature Generation; Digital
Signature Verification
HKDF35 Key Derivation
IDEA Encryption/Decryption
KDF (non-approved when using TLS 1.0/1.1) Key Derivation
MD2, MD4, MD5 Message Digest
PBKDF2 Password-Based Key Derivation
Poly1305 Message Authentication Code
RC236, RC4, RC5 Encryption/Decryption
RIPEMD Message Digest
RMD160 Message Digest
RSA (non-approved with non-approved/untested key
sizes, and functions)
Key Pair Generation; Digital Signature Generation; Digital
Signature Verification; Key Transport
SEED Encryption/Decryption
SHA3 Message Digest
SM2, SM3, SM3 Message Digest
Triple DES (non-approved) Encryption/Decryption; MAC Generation/Verification; Key
Wrapping/Unwrapping
Whirlpool Message Digest
2.3 Cryptographic Boundary
As a software cryptographic module, the module has no physical components. The physical perimeter of the
cryptographic module is defined by each host device on which the module is installed. Figure 1 below illustrates
a block diagram of a typical GPC and the module’s physical perimeter.
34 EdDSA – Edwards-curve Digital Signature Algorithm
35
HKDF – Hash Message Authentication Code-Based Extract-and-Expand Key Derivation Function
36 RC – Rivest Cipher
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 16 of 44
Power
Interface
I/O Hub
Network
Interface
Clock
Generator
CPU
RAM
Cache
HDD
Hardware
Management
External
Power Supply
SCSI/SATA
Controller
PCI/PCIe
Slots
DVD
USB
BIOS
PCI/PCIe
Slots
Graphics
Controller
BIOS – Basic Input/Output System
CPU – Central Processing Unit
SATA – Serial Advanced Technology Attachment
SCSI – Small Computer System Interface
PCI – Peripheral Component Interconnect
LED – Light Emitting Diode
PCIe – PCI express
HDD – Hard Disk Drive
DVD – Digital Video Disc
USB – Universal Serial Bus
RAM – Random Access Memory
LCD – Liquid Crystal Display
KEY:
Audio
LEDs/LCD
Serial
Figure 1 – GPC Block Diagram
The module’s cryptographic boundary consists of all functionalities contained within the module’s compiled
source code and comprises the following components:
• libcrypto (cryptographic primitives library file)
• libssl (TLS protocol library file)
• HMAC digest file for libcrypto and libssl integrity checks (digest file name dependent on file name of
library/executable to which the libcrypto and libssl components are statically linked)
The cryptographic boundary is the contiguous perimeter that surrounds all memory-mapped functionality
provided by the module when loaded and stored in the host device’s memory. The module is entirely contained
within the physical perimeter.
Figure 2 shows the logical block diagram of the module executing in memory and its interactions with surrounding
software components, as well as the module’s physical perimeter and cryptographic boundary.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 17 of 44
Ports
Storage
Memory
CPU
Operating System
libcrypto
Host Device
Calling
Application
libssl
HMAC
digest
KEY:
Cryptographic Boundary
Physical Perimeter
Data Input
Data Output
Control Input
Control Output
Status Output
System Calls
Figure 2 – Module Block Diagram (with Cryptographic Boundaries)
2.4 Modes of Operation
The module supports two modes of operation: Approved and Non-Approved. The module operates in the
Approved mode when all pre-operational self-tests have completed successfully, and only Approved services are
invoked. Table 4 and Table 5 list the Approved and allowed algorithms, while Table 9 provides descriptions of the
Approved services.
The module alternates on a service-by-service basis between Approved and non-Approved modes of operation.
The module will switch to the non-Approved mode upon execution of a non-Approved service. The module will
switch back to the Approved mode upon execution of an Approved service. Table 6 lists the non-Approved
algorithms implemented by the module, while Table 10 below lists the services that constitute the non-Approved
mode.
When following the guidance in section 11.5 of this document, CSPs are not shared between Approved and non-
Approved services and modes of operation.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 18 of 44
3. Cryptographic Module Interfaces
FIPS 140-3 defines the following logical interfaces for cryptographic modules:
• Data Input
• Data Output
• Control Input
• Control Output
• Status Output
As a software library, the cryptographic module has no direct access to any of the host platform’s physical ports,
as it communicates only to the calling application via its well-defined API. A mapping of the approved interfaces
and the module’s logical ports and interfaces can be found in Table 7. Note that the module does not output
control information, and thus has no specified control output interface.
Table 7 – Ports and Interfaces
Physical Port Logical Interface Data That Passes Over Port/Interface
Physical data input port(s) of
the tested platforms
Data Input
• API input arguments that provide
input data for processing
• Data to be encrypted, decrypted, signed,
verified, or hashed
• Keys to be used in cryptographic services
• Random seed material for the module’s
DRBG
• Keying material to be used as input to
key establishment services
Physical data output port(s) of
the tested platforms
Data Output
• API output arguments that return
generated or processed data back
to the caller
• Data that has been encrypted,
decrypted, or verified
• Digital signatures
• Hashes
• Random values generated by the
module’s DRBG
• Keys established using module’s key
establishment methods
Physical control input port(s) of
the tested platforms
Control Input
• API input arguments that are
used to initialize and control the
operation of the module
• API commands invoking cryptographic
services
• Modes, key sizes, etc. used with
cryptographic services
Physical status output port(s)
of the tested platforms
Status Output
• API call return values
• Status information regarding the module
• Status information regarding the invoked
service/operation
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 19 of 44
4. Roles, Services, and Authentication
The sections below describe the module’s authorized roles, services, and operator authentication methods.
4.1 Authorized Roles
The module supports two roles that authorized operators can assume:
• Crypto Officer - The CO role performs cryptographic initialization or management functions and general
security services.
• User – The User role performs general security services, including cryptographic operations and other
approved security functions.
The module does not support multiple concurrent operators. The calling application that loaded the module is its
only operator.
Table 8 below lists the supported roles, along with the services (including input and output) available to each role.
Table 8 – Roles, Service Commands, Input and Output
Role Service Input Output
CO Show Status API call parameters Current operational status
CO Perform self-tests on-demand Re-instantiate module; API
call parameters
Status
CO Zeroize Restart calling application;
reboot or power-cycle host
platform
None
CO Show versioning information API call parameters Module name, version
User Perform symmetric encryption API call parameters, key,
plaintext
Status, ciphertext
User Perform symmetric decryption API call parameters, key,
ciphertext
Status, plaintext
User Generate symmetric digest API call parameters, key,
plaintext
Status, digest
User Verify symmetric digest API call parameters, digest Status
User Perform authenticated symmetric
encryption
API call parameters, key,
plaintext
Status, ciphertext
User Perform authenticated symmetric
decryption
API call parameters, key,
ciphertext
Status, plaintext
User Generate random number API call parameters Status, random bits
User Perform keyed hash operations API call parameters, key,
message
Status, MAC37
User Perform hash operation API call parameters,
message
Status, hash
User Generate DSA domain parameters API call parameters Status, domain
parameters
37 MAC – Message Authentication Code
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 20 of 44
Role Service Input Output
User Verify DSA domain parameters API call parameters Status, domain
parameters
User Generate asymmetric key pair API call parameters Status, key pair
User Verify ECDSA public key API call parameters, key Status
User Generate digital signature API call parameters, key,
message
Status, signature
User Verify digital signature API call parameters, key,
signature, message
Status
User Perform key wrap API call parameters,
encryption key, key
Status, encrypted key
User Perform key unwrap API call parameters,
decryption key, key
Status, decrypted key
User Compute shared secret API call parameters Status, shared secret
User Derive TLS keys API call parameters, TLS pre-
master secret
Status, TLS keys
User Perform key agreement functions API call parameters Status, symmetric key
4.2 Authentication Methods
The module does not support authentication methods; operators implicitly assume an authorized role based on
the service selected.
4.3 Services
Descriptions of the approved services available to the authorized roles are provided in Table 9 below.
This module is a software library that provides cryptographic functionality to calling applications. As such, the
security functions provided by the module are considered the module’s security services. Indicators for Approved
services (in the case of this module, those security functions with algorithm validation certificates and all required
self-tests) are provided via API return value.
When invoking a security function, the calling application provides inputs via an internal structure, or “context”.
Upon each service invocation, the module will determine if the invoked security function is an Approved service.
To access the resulting value, the calling application must pass the finalized context to the indicator API associated
with that security function (note the indicator check must be performed prior to any context cleanup is performed).
The indicator API will return “1” to indicate the usage of an Approved service. Indicators for services providing
non-Approved security functions (as well as for services not requiring an indicator) will have a value other than
“1”, ensuring that the indicators for Approved services are unambiguous. Additional details on the APIs used for
the Approved service indicators are provided in Appendix A below.
The keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the
following notation:
• G = Generate: The module generates or derives the SSP.
• R = Read: The SSP is read from the module (e.g., the SSP is output).
• W = Write: The SSP is updated, imported, or written to the module.
• E = Execute: The module uses the SSP in performing a cryptographic operation.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 21 of 44
• Z = Zeroize: The module zeroizes the SSP.
Table 9 – Approved Services
Service Description Approved Security Function(s) Keys and/or SSPs Roles Access Rights to Keys and/or
SSPs
Indicator
Show Status Return Approved
mode status
None None CO N/A N/A
Perform self-
tests on-
demand
Perform pre-
operational self-
tests
None Integrity Test Key -
libcrypto
Integrity Test Key -
libssl
CO Integrity Test Key – libcrypto –
E
Integrity Test Key - libssl – E
API return
value
Zeroize Zeroize and de-
allocate memory
containing
sensitive data
None All SSPs CO All SSPs – Z N/A
Show
versioning
information
Return module
versioning
information
None None CO N/A N/A
Perform
symmetric
encryption
Encrypt plaintext
data
AES-CBC (Cert. A3358)
AES-CCM (Cert. A3358)
AES-CFB1 (Cert. A3358)
AES-CFB128 (Cert. A3358)
AES-CFB8 (Cert. A3358)
AES-CTR (Cert. A3358)
AES-ECB (Cert. A3358)
AES-GMAC (Cert. A3358)
AES-KW (Cert. A3358)
AES-KWP (Cert. A3358)
AES-OFB (Cert. A3358)
AES key User AES key – WE API return
value
Perform
symmetric
decryption
Decrypt
ciphertext data
AES-CBC (Cert. A3358)
AES-CCM (Cert. A3358)
AES-CFB1 (Cert. A3358)
AES-CFB128 (Cert. A3358)
AES-CFB8 (Cert. A3358)
AES-CTR (Cert. A3358)
AES-ECB (Cert. A3358)
AES GMAC (Cert. A3358)
AES-KW (Cert. A3358)
AES-KWP (Cert. A3358)
AES-OFB (Cert. A3358)
AES key User AES key – WE API return
value
Generate
symmetric
digest
Generate
symmetric digest
AES-CMAC (Cert. A3358)
AES-GMAC (Cert. A3358)
AES CMAC key
AES GMAC key
User AES CMAC key – WE
AES GMAC key – WE
API return
value
Verify
symmetric
digest
Verify symmetric
digest
AES-CMAC (Cert. A3358)
AES-GMAC (Cert. A3358)
AES CMAC key
AES GMAC key
User AES CMAC key – WE
AES GMAC key – WE
API return
value
Perform
authenticated
symmetric
encryption
Encrypt plaintext
using supplied
AES GCM key and
IV
AES-GCM (Cert. A3358) AES GCM key
AES GCM IV
User AES GCM key – WE
AES GCM IV – WE
API return
value
Perform
authenticated
symmetric
decryption
Decrypt
ciphertext using
supplied AES
GCM key and IV
AES-GCM (Cert. A3358) AES GCM key
AES GCM IV
User AES GCM key – WE
AES GCM IV – WE
API return
value
Generate
random
number
Return random
bits to the calling
application
Counter DRBG (Cert. A3358) DRBG entropy input
DRBG seed
DRBG ‘V’ value
DRBG ‘Key’ value
User DRBG entropy input – WE
DRBG seed – GE
DRBG ‘V’ value – GE
DRBG ‘Key’ value – GE
API return
value
Perform
keyed hash
operations
Compute a
message
authentication
code
HMAC SHA-1 (Cert. A3358)
HMAC SHA2-224 (Cert. A3358)
HMAC SHA2-256 (Cert. A3358)
HMAC SHA2-384 (Cert. A3358)
HMAC SHA2-512 (Cert. A3358)
HMAC key User HMAC key – WE API return
value
Perform hash
operation
Compute a
message digest
SHA-1 (Cert. A3358)
SHA2-224 (Cert. A3358)
SHA2-256 (Cert. A3358)
SHA2-384 (Cert. A3358)
SHA2-512 (Cert. A3358)
None User N/A API return
value
Generate DSA
domain
parameters
Generate DSA
domain
parameters
DSA PQGGen (FIPS186-4) (Cert.
A3358)
None User N/A API return
value
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 22 of 44
Service Description Approved Security Function(s) Keys and/or SSPs Roles Access Rights to Keys and/or
SSPs
Indicator
Verify DSA
domain
parameters
Verify DSA
domain
parameters
DSA PQGVer (FIPS186-4) (Cert. A3358) None User N/A API return
value
Generate
asymmetric
key pair
Generate a
public/private
key pair
DSA KeyGen (FIPS186-4) (Cert. A3358)
ECDSA KeyGen (FIPS186-4) (Cert.
A3358)
RSA KeyGen (FIPS186-4) (Cert. A3358)
DSA public key
DSA private key
ECDSA public key
ECDSA private key
RSA public key
RSA private key
User DSA public key – GR
DSA private key – GR
ECDSA public key – GR
ECDSA private key – GR
RSA public key – GR
RSA private key – GR
API return
value
Verify ECDSA
public key
Verify an ECDSA
public key
ECDSA KeyVer (FIPS186-4) (Cert.
A3358)
ECDSA public key User ECDSA public key – W API return
value
Generate
digital
signature
Generate a
digital signature
DSA SigGen (FIPS186-4) (Cert. A3358)
ECDSA SigGen (FIPS186-4) (Cert.
A3358)
RSA SigGen (FIPS186-4) (Cert. A3358)
DSA private key
ECDSA private key
RSA private key
User DSA private key – WE
ECDSA private key – WE
RSA private key – WE
API return
value
Verify digital
signature
Verify a digital
signature
DSA SigVer (FIPS186-4) (Cert. A3358)
ECDSA SigVer (FIPS186-4) (Cert.
A3358)
RSA SigVer (FIPS186-4) (Cert. A3358)
DSA public key
ECDSA public key
RSA public key
User DSA public key – WE
ECDSA public key – WE
RSA public key – WE
API return
value
Perform key
wrap
Perform key
wrap
KTS (AES-CCM) (Cert. A3358)
KTS (AES-GCM) (Cert. A3358)
KTS (AES-GMAC) (Cert. A3358)
KTS (AES-CMAC) (Cert. A3358)
KTS (AES-KW) (Cert. A3358)
KTS (AES-KWP) (Cert. A3358)
AES key
AES GCM key
AES GCM IV
User AES key – WE
AES GCM key – WE
AES GCM IV – WE
API return
value
Perform key
unwrap
Perform key
unwrap
KTS (AES-CCM) (Cert. A3358)
KTS (AES-GCM) (Cert. A3358)
KTS (AES-GMAC) (Cert. A3358)
KTS (AES-CMAC) (Cert. A3358)
KTS (AES-KW) (Cert. A3358)
KTS (AES-KWP) (Cert. A3358)
AES key
AES GCM key
AES GCM IV
User AES key – WE
AES GCM key – WE
AES GCM IV – WE
API return
value
Compute
shared secret
Compute
DH/ECDH shared
secret suitable
for use as input
to a TLS KDF
KAS-ECC-SSC Sp800-56Ar3 (Cert.
A3358)
KAS-FFC-SSC Sp800-56Ar3 (Cert.
A3358)
DH public key
DH private key
ECDH public key
ECDH private key
TLS pre-master secret
User DH public key – WE
DH private key – WE
ECDH public key – WE
ECDH private key – WE
TLS pre-master secret – GE
API return
value
Derive TLS
keys
Derive TLS
session and
integrity keys
TLS KDF (Cert. A3358)
TLS v1.3 KDF (Cert. A3359)
TLS pre-master secret
TLS master secret
AES key
AES GCM key
AES GCM IV
HMAC key
User TLS pre-master secret – WE
TLS master secret – GE
AES key – GR
AES GCM key – GR
AES GCM IV – GR
HMAC key – GR
API return
value
Perform key
agreement
functions
Establish
symmetric key
using DH/ECDH
key agreement
KAS (KAS-ECC_SSC/TLS KDF) (Certs.
A3358, A3358)
KAS (KAS-ECC_SSC/TLS v1.3 KDF)
(Certs. A3358, A3359)
KAS (KAS-FFC_SSC/TLS KDF) (Certs.
A3358, A3358)
KAS (KAS-FFC_SSC/TLS v1.3 KDF)
(Certs. A3358, A3359)
DH public key
DH private key
ECDH public key
ECDH private key
TLS pre-master secret
TLS master secret
AES key
AES GCM key
AES GCM IV
HMAC key
User DH public key – WE
DH private key – WE
ECDH public key – WE
ECDH private key – WE
TLS pre-master secret – GE
TLS master secret – GE
AES key – GR
AES GCM key – GR
AES GCM IV – GR
HMAC key – GR
API return
value
* Per FIPS 140-3 IG 2.4.C, the Show Status, Zeroize, and Show Versioning Information services do not require an Approved service indicator.
The following services/algorithms are allowed for legacy use only:
• Digital signature verification using ECDSA with curves B-163, K-163, and P-192
• Digital signature verification using DSA with key lengths of 1024 bits
• Digital signature verification using RSA with modulus lengths of 1024 bits
• Digital signature verification using SHA-1
Table 10 below lists the non-approved services available to module operators.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 23 of 44
Table 10 – Non-Approved Services
Service Description Algorithm(s) Accessed Role Indicator
Perform data encryption
(non-approved)
Perform symmetric data
encryption
AES -GCM (non-approved),
ARIA, Blake2, Blowfish,
Camellia, CAST, CAST5,
ChaCha20, DES, IDEA, RC2,
RC4, RC5, SEED, SM4, Triple
DES (non-approved), XTS-AES
User API return value
Perform data decryption
(non-approved)
Perform symmetric data
decryption
AES -GCM (non-approved),
ARIA, Blake2, Blowfish,
Camellia, CAST, CAST5,
ChaCha20, DES, IDEA, RC2,
RC4, RC5, SEED, SM4, Triple
DES, XTS-AES
User API return value
Perform MAC operations
(non-approved)
Perform message
authentication operations
Poly1305, Triple DES/CMAC
(non-approved)
User API return value
Perform hash operation
(non-approved)
Perform hash operation MD2, MD4, MD5, RIPEMD,
RMD160, SHA-3, SM2, SM3,
SM4, Whirlpool
User API return value
Perform digital signature
functions (non-approved)
Perform digital signature
functions
DSA (non-approved), ECDSA
(non-approved), RSA (non-
approved)
User API return value
Perform key agreement
functions (non-approved)
Perform key agreement
functions
DH (non-approved), ECDH
(non-approved)
User API return value
Perform key wrap (non-
approved)
Perform key wrap/unwrap
functions
AES -GCM (non-approved),
Triple DES/CMAC (non-
approved)
User API return value
Perform key encapsulation
(non-approved)
Perform key encapsulation
functions
RSA (non-approved) User API return value
Perform key un-
encapsulation (non-
approved)
Perform key un-encapsulation
functions
RSA (non-approved) User API return value
Perform key derivation
functions (non-approved)
Perform key derivation
functions
HKDF, PBKDF2, TLS 1.0/1.1
KDF
User API return value
Perform authenticated
encryption/decryption (non-
approved)
Perform authenticated
encryption/decryption
AES-OCB User API return value
Generate random number
(non-approved)
Perform random number
generation
ANSI X9.31 RNG (with 128-bit
AES core)
User API return value
Generate asymmetric key
pair (non-approved)
Perform key pair generation DSA (non-approved), ECDSA
(non-approved), RSA (non-
approved)
User API return value
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 24 of 44
5. Software/Firmware Security
All software components within the cryptographic boundary are verified using an approved integrity technique
implemented within the cryptographic module itself. The module implements an integrity test technique
consisting of a single encompassing HMAC SHA2-256 digest file that covers both library files; failure of the integrity
test will cause the module to enter a critical error state. Details regarding the keys used for the integrity checks
can be found in Table 11.
The module’s integrity check is performed automatically at module instantiation (i.e., when the module is loaded
into memory for execution) without action from the module operator. The CO can initiate the pre-operational
tests on demand by restarting the calling application, rebooting/power-cycling the host server, or issuing the
FIPS_selftest() API command.
The Dynatrace Cryptographic Module is not delivered to end-users as a standalone offering. Rather, it is a pre-
built integrated component of Dynatrace’s application software. Dynatrace does not provide end-users with any
mechanisms to directly access the module, its source code, its APIs, or any information sent to/from the module.
Thus, end-users have no ability to independently load the module onto target platforms. No configuration steps
are required to be performed by end-users, and no end-user action is required to initialize the module for
operation. The module is designed with a default entry point (DEP) that ensures that the pre-operational tests
and conditional CASTs are initiated automatically when the module is loaded.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 25 of 44
6. Operational Environment
The Dynatrace Cryptographic Module comprises a software cryptographic library that executes in a modifiable
operational environment.
The cryptographic module has control over its own SSPs. The process and memory management functionality of
the host device’s OS prevents unauthorized access to plaintext private and secret keys, intermediate key
generation values and other SSPs by external processes during module execution. The module only allows access
to SSPs through its well-defined API. The operational environment provides the capability to separate individual
application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications
of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the
operational environment. Processes that are spawned by the module are owned by the module and are not owned
by external processes/operators.
Please refer to section 2.1 of this document for a list/description of the applicable operational environments.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 26 of 44
7. Physical Security
This section is not applicable. Per section 7.7.1 of ISO/IEC 19790:2021, the requirements of this section are
“applicable to hardware and firmware modules, and hardware and firmware components of hybrid modules”.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 27 of 44
8. Non-Invasive Security
This section is not applicable. There are currently no approved non-invasive mitigation techniques references in
ISO/IEC 19790:2021 Annex F.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 28 of 44
9. Sensitive Security Parameter
Management
9.1 Keys and Other SSPs
The module supports the keys and other SSPs listed in Table 11.
Table 11 – Keys
Key/SSP
Name/Type
Strength Security Function and
Cert. Number
Generation Import / Export Establishment Storage Zeroization Use & Related
Keys
Keys
Integrity Test
Key - libcrypto
(not an SSP)
256 bits HMAC SHA2-256
(Cert. A3358)
- - Hardcoded in
the module
image
Plaintext in
RAM
Not subject to
zeroization
requirements
Pre-
operational
verification
of libcrypto
library
Integrity Test
Key - libssl
(not an SSP)
256 bits HMAC SHA2-256
(Cert. A3358)
- - Hardcoded in
the module
image
Plaintext in
RAM
Not subject to
zeroization
requirements
Pre-
operational
verification
of libssl
library
AES key
(CSP)
Between 128
and 256 bits
AES-CBC
(Cert. A3358)
AES-CCM
(Cert. A3358)
AES-CFB1
(Cert. A3358)
AES-CFB128
(Cert. A3358)
AES-CFB8
(Cert. A3358)
AES-CTR
(Cert. A3358)
AES-ECB
(Cert. A3358)
AES-KW
(Cert. A3358)
AES-KWP
(Cert. A3358)
KTS (AES-CCM)
(Cert. A3358)
KTS (AES-KW)
(Cert. A3358)
KTS (AES-KWP)
(Cert. A3358)
- Imported in
plaintext via API
parameter
Never exported
[MD/EE]
Derived via TLS
KDF
Not
persistently
stored by
the module
Unload
module;
Remove power
Symmetric
encryption,
decryption
AES GCM key
(CSP)
Between 128
and 256 bits
AES-GCM
(Cert. A3358)
KTS (AES-GCM)
(Cert. A3358)
- Imported in
plaintext via API
parameter
Never exported
Derived via TLS
KDF
Not
persistently
stored by
the module
Unload
module;
Remove power
Authenticate
d symmetric
encryption,
decryption
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 29 of 44
Key/SSP
Name/Type
Strength Security Function and
Cert. Number
Generation Import / Export Establishment Storage Zeroization Use & Related
Keys
[MD/EE]
AES CMAC key
(CSP)
Between 128
and 256 bits
AES-CMAC
(Cert. A3358)
KTS (AES-CMAC)
(Cert. A3358)
- Imported in
plaintext via API
parameter
Never exported
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
MAC
generation,
verification
AES GMAC key
(CSP)
Between 128
and 256 bits
AES-GMAC
(Cert. A3358)
KTS (AES-GMAC)
(Cert. A3358)
- Imported in
plaintext via API
parameter
Never exported
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
MAC
generation,
verification
HMAC key
(CSP)
Between 160
and 512 bits
HMAC SHA-1
(Cert. A3358)
HMAC SHA2-224
(Cert. A3358)
HMAC SHA2-256
(Cert. A3358)
HMAC SHA2-384
(Cert. A3358)
HMAC SHA2-512
(Cert. A3358)
- Imported in
plaintext via API
parameter
Never exported
[MD/EE]
Derived via TLS
KDF
Not
persistently
stored by
the module
Unload
module;
Remove power
Keyed hash
DSA private
key
(CSP)
112 or 128
bits
DSA SigGen (FIPS186-4)
(Cert. A3358)
Generated
internally via
Approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
Digital
signature
generation
DSA public key
(PSP)
112 or 128
bits
DSA SigVer (FIPS186-4)
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
Digital
signature
verification
ECDSA private
key
(CSP)
Between 112
and 256 bits
ECDSA SigGen
(FIPS186-4)
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
Digital
signature
generation
ECDSA public
key
(PSP)
Between 112
and 256 bits
ECDSA SigVer (FIPS186-
4)
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
Digital
signature
verification
RSA private key
(CSP)
Between 112
and 150 bits
RSA SigGen (FIPS186-4)
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
- Not
persistently
stored by
the module
Unload
module;
Remove power
Digital
signature
generation,
asymmetric
decryption
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 30 of 44
Key/SSP
Name/Type
Strength Security Function and
Cert. Number
Generation Import / Export Establishment Storage Zeroization Use & Related
Keys
[MD/EE]
RSA public key
(PSP)
Between 80
and 150 bits
RSA SigVer (FIPS186-4)
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
Digital
signature
verification,
asymmetric
encryption
1024-bit keys
for legacy
use (digital
signature
verification)
only
DH private key
(CSP)
112 bits KAS-SSC-FFC
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
DH shared
secret
computation
DH public key
(PSP)
112 bits KAS-SSC-FFC
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
DH shared
secret
computation
ECDH private
key
(CSP)
Between 112
and 256 bits
KAS-SSC-ECC
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
ECDH shared
secret
computation
ECDH public
key
(PSP)
Between 112
and 256 bits
KAS-SSC-ECC
(Cert. A3358)
Generated
internally via
approved
DRBG
Imported in
plaintext via API
parameter
Exported in
plaintext via API
parameter
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
ECDH shared
secret
computation
Other SSPs
AES GCM IV
(CSP)
- AES-GCM
(Cert. A3358)
Generated
internally in
compliance
with the
provisions of a
peer-to-peer
industry
standard
protocol
- - Not
persistently
stored by
the module
Unload
module;
Remove power
Initialization
vector for
AES GCM
TLS pre-master
secret
(CSP)
Between 112
and 256 bits
TLS KDF
(Cert. A3358)
TLS v1.3 KDF
(Cert. A3359)
- Imported in
plaintext via API
parameter
Never exported
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
Derivation of
the TLS
master
secret
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 31 of 44
Key/SSP
Name/Type
Strength Security Function and
Cert. Number
Generation Import / Export Establishment Storage Zeroization Use & Related
Keys
TLS master
secret
(CSP)
256 bits TLS KDF
(Cert. A3358)
TLS v1.3 KDF
(Cert. A3359)
- - Derived
internally using
the TLS pre-
master secret
via TLS KDF
Not
persistently
stored by
the module
Unload
module;
Remove power
Derivation of
the AES/AES-
GCM key and
HMAC key
used for
securing TLS
connections
DRBG entropy
input
(CSP)
256 bits Counter DRBG
(Cert. A3358)
- Imported in
plaintext via API
parameter
Never exported
[MD/EE]
- Not
persistently
stored by
the module
Unload
module;
Remove power
Entropy
material for
DRBG
DRBG seed
(CSP)
256 bits Counter DRBG
(Cert. A3358)
Generated
internally using
nonce along
with DRBG
entropy input
- - Not
persistently
stored by
the module
Unload
module;
Remove power
Seeding
material for
DRBG
DRBG ‘V’ value
(CSP)
128 bits Counter DRBG
(Cert. A3358)
Generated
internally
- - Not
persistently
stored by
the module
Unload
module;
Remove power
State values
for DRBG
DRBG ‘Key’
value
(CSP)
256 bits Counter DRBG
(Cert. A3358)
Generated
internally
- - Not
persistently
stored by
the module
Unload
module;
Remove power
State values
for DRBG
9.2 DRBGs
The module implements the following Approved DRBG(s):
• Counter-based DRBG
This DRBG is used to generate random values at the request of the calling application. Outputs from the DRBGs
are also used in the generation of seeds for asymmetric key pair generation.
The module implements the following non-Approved DRBG(s):
• ANSI X9.31 RNG
• Hash-based DRBG (non-approved)
• HMAC-based DRBG (non-approved)
9.3 SSP Storage Techniques
There is no mechanism within the module’s cryptographic boundary for the persistent storage of SSPs. The module
stores DRBG state values for the lifetime of the DRBG instance. The module uses SSPs passed in on the stack by
the calling application and does not store these SSPs beyond the lifetime of the API call.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 32 of 44
9.4 SSP Zeroization Methods
Maintenance, including protection and zeroization, of any keys and CSPs that exist outside the module’s
cryptographic boundary are the responsibility of the end-user. For the zeroization of keys in volatile memory,
module operators can unload the module from memory or reboot/power-cycle the host device.
9.5 RBG Entropy Sources
Table 12 below specifies the module’s entropy sources.
Table 12 – Non-Deterministic Random Number Generation Specification
Entropy Source(s) Minimum Number
of Bits of Entropy
Details
Calling application 256 256 bits of seed material are provided to the module’s DRBG by
the calling application. The calling application and its entropy
sources are outside the module’s cryptographic boundary. The
calling application shall use entropy sources that meet the
security strength required for the CTR_DRBG as shown in NIST SP
800-90Arev1, Table 3. This entropy shall be supplied by means of
a callback function. The callback function must return an error if
the minimum entropy strength cannot be met.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 33 of 44
10. Self-Tests
Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are
performed between the time the cryptographic module is instantiated and before the module transitions to the
operational state. Conditional self-tests are performed by the module during module operation when certain
conditions exist. The following sections list the self-tests performed by the module, their expected error status,
and the error resolutions.
10.1 Pre-Operational Self-Tests
The module performs the following pre-operational self-test(s):
• Software integrity test for libcrypto and libssl (using an HMAC SHA2-256 digest)
10.2 Conditional Self-Tests
The module performs the following conditional self-tests:
• Conditional cryptographic algorithm self-tests (CASTs)
o AES ECB decrypt KAT38
(128-bit)
o AES CCM encrypt KAT (192-bit)
o AES CCM decrypt KAT (192-bit)
o AES GCM encrypt KAT (128-bit)
o AES GCM decrypt KAT (128-bit)
o AES CMAC generate KAT (CBC mode; 128/192/256-bit key lengths)
o AES CMAC verify KAT (CBC mode; 128/192/256-bit key lengths)
o CTR_DRBG KAT (AES, 256-bit, with derivation function)
o CTR_DRBG instantiate/generate/reseed KAT (AES, 256-bit)
o DSA sign KAT (2048-bit; SHA2-256)
o DSA verify KAT (2048-bit; SHA2-256)
o ECDSA sign KAT (P-224 and K-233 curve, SHA2-256)
o ECDSA verify KAT (P-224 and K-233 curve, SHA2-256)
o RSA sign KAT (2048-bit; SHA2-256; PKCS#1.5 scheme)
o RSA verify KAT (2048-bit; SHA2-256; PKCS#1.5 scheme)
o HMAC KATs (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512)
o SHA-1 KAT
o SHA-2 KATs (SHA2-224, SHA2-256, SHA2-384, SHA2-512)
o FFC DH Shared Secret “Z” Computation KAT (2048-bit)
o ECC CDH Shared Secret “Z” Computation KAT (P-224 curve)
o TLS 1.2 KDF KAT
o TLS 1.3 KDF KAT
38 KAT – Known Answer Test
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 34 of 44
To ensure all CASTs are performed prior to the first operational use of the associated algorithm, all CASTs
are performed during the module’s initial power-up sequence. The SHA and HMAC KATs are performed
prior to the pre-operational software integrity test; all other CASTs are executed after the successful
completion of the software integrity test.
• Conditional pair-wise consistency tests (PCTs)
o DSA sign/verify PCT39
o ECDSA sign/verify PCT
o RSA sign/verify PCT
o DH key generation PCT
o ECDH key generation PCT
10.3 On-Demand Self-Testing
The CO can initiate the pre-operational self-tests and conditional CASTs on demand for periodic testing of the
module by re-instantiating the module, rebooting/power-cycling the host device, or issuing the
FIPS_selftest() API command.
10.4 Self-Test Failure Handling
The module reaches the critical error state when any self-test fails. Upon test failure, the module immediately
terminates the calling application’s API call with a returned error code and sets an internal flag, signaling the error
condition. For any subsequent request made by the calling application for cryptographic services, the module will
return a failure indicator, thereby disabling all access to its cryptographic functions, sensitive security parameters
(SSPs), and data output services while the error condition persists.
To recover, the module must be reinitialized by restarting the calling application or via reboot/power-cycle of the
host platform. If the pre-operational self-tests complete successfully, then the module can resume normal
operations. If the module continues to experience self-test failures after reinitializing, then the module will not be
able to resume normal operations, and the CO should contact Dynatrace LLC for assistance.
39 PCT – Pairwise Consistency Test
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 35 of 44
11. Life-Cycle Assurance
The sections below describe how to ensure the module is operating in its validated configuration, including the
following:
• Procedures for secure installation, initialization, startup, and operation of the module
• Maintenance requirements
• Administrator and non-Administrator guidance
Operating the module without following the guidance herein will result in non-compliant behavior and is
outside the scope of this Security Policy.
11.1 Secure Installation
As the module is an integrated component of Dynatrace’s application software, module operators have no ability
to independently load the module onto the target platform. The module and its calling application are to be
installed on a platform specified in section 2.1 or one where portability is maintained. Dynatrace does not provide
any mechanisms to directly access the module, its source code, its APIs, or any information sent between it and
other Dynatrace applications.
11.2 Initialization
This module is designed to support Dynatrace applications, and these applications are the sole consumers of the
cryptographic services provided by the module. No end-user action is required to initialize the module for
operation; the calling application performs any actions required to initialize the module.
The pre-operational integrity test and conditional CASTs are performed automatically via a default entry point
(DEP) when the module is loaded for execution, without any specific action from the calling application or the
end-user. End-users have no means to short-circuit or bypass these actions. Failure of any of the initialization
actions will result in a failure of the module to load for execution.
11.3 Startup
No setup steps are required to be performed by end-users.
11.4 Administrator Guidance
There are no specific management activities required of the CO role to ensure that the module runs securely.
However, if any irregular activity is noticed or the module is consistently reporting errors, then Dynatrace
Customer Support should be contacted.
The following list provides additional guidance for the CO:
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 36 of 44
• The fips_post_status()API can be used to determine the module’s operational status. A non-zero
return value indicates that the module has passed all pre-operational self-tests and is currently in its
Approved mode.
• The OpenSSL_version() API can be used to obtain the module’s versioning information. This
information will include the module name and version, which can be correlated with the module’s
validation record.
11.5 Non-Administrator Guidance
The following list provides additional policies for the User role:
• The cryptographic module’s services are designed to be provided to a calling application. Excluding the
use of the NIST-defined elliptic curves as trusted third-party domain parameters, all other assurances from
FIPS PUB 186-4 (including those required of the intended signatory and the signature verifier) are outside
the scope of the module and are the responsibility of the calling application.
• The module performs assurances for its key agreement schemes as specified in the following sections of
NIST SP 800-56Arev3:
o Section 5.5.2 (for assurances of domain parameter validity)
o Section 5.6.2.1 (for assurances required by the key pair owner)
The module includes the capability to provide the required recipient assurance of ephemeral public key
validity specified in section 5.6.2.2.2 of NIST SP 800-56Arev3. However, since public keys from other
modules are not received directly by this module (those keys are received by the calling application), the
module has no knowledge of when a public key is received. Invocation of the proper module services to
validate another module’s public key is the responsibility of the calling application.
• AES GCM encryption is used in the context of the TLS protocol versions 1.2 and 1.3. To meet the AES GCM
(key/IV) pair uniqueness requirements from NIST SP 800-38D, the module complies with FIPS 140-3 IG C.H
as follows:
o For TLS v1.2, the counter portion of the IV is strictly increasing. When the IV exhausts the
maximum number of possible values for a given session key, a failure in encryption will occur and
a handshake to establish a new encryption key will be required. It is the responsibility of the
module operator (i.e., the first party, client, or server) to trigger this handshake in accordance
with RFC 5246 when this condition is encountered.
The module supports acceptable AES GCM cipher suites from section 3.3.1 of NIST SP 800-52rev2.
The AES GCM IV generation is performed internally, is compliant with the RFC 5288, and shall only
be used for the TLS 1.2 protocol to be compliant with scenario 1 in FIPS 140-3 IG C.H; thus, the
module is compliant with NIST SP 800-52rev2.
o For TLS v1.3, a 64-bit sequence number is maintained separately for reading and writing records.
Each sequence number is set to zero at the beginning of a connection and is incremented by one
after reading or writing each record. Because the size of sequence numbers is 64-bit, they should
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 37 of 44
not wrap. If a sequence number needs to wrap, the TLS implementation is responsible for either
rekeying or terminating the connection.
The module supports the TLS 1.3 GCM cipher suite from section 3.3.1.2 of NIST SP 800-52rev2.
The AES GCM IV generation is performed internally, is compliant with the RFC 8446, and shall only
be used for the TLS 1.3 protocol to be compliant with scenario 5 in FIPS 140-3 IG C.H; thus, the
module is compliant with NIST SP 800-52rev2.
The module also supports internal IV generation using the module’s Approved DRBG. The IV is at least 96
bits in length per section 8.2.2 of NIST SP 800-38D. Per NIST SP 800-38D and scenario 2 of FIPS 140-3 IG
C.H, the DRBG generates outputs such that the (key/IV) pair collision probability is less than 2-32
.
In the event that power to the module is lost and subsequently restored, the calling application must
ensure that any AES-GCM keys used for encryption or decryption are re-distributed.
• The calling application is responsible for ensuring that CSPs are not shared between Approved and non-
Approved services and modes of operation.
• The calling application is responsible for using entropy sources that meet the minimum security strength
of 112 bits required for the CTR_DRBG as shown in NIST SP 800-90Arev1, Table 3.
11.6 Common Vulnerabilities and Exposures
The Common Vulnerabilities and Exposures (CVE) program is a dictionary or glossary of vulnerabilities that have
been identified for specific code bases, such as software applications or open libraries. This list allows interested
parties to acquire the details of vulnerabilities by referring to a unique identifier known as the CVE ID.
11.6.1 Applicable CVEs
The following table lists the applicable CVEs impacting the module, as well as methods of mitigation.
Table 13 – CVEs
CVE Number Severity Mitigation
CVE-2023-3446 Low Before calling DH_check(), DH_check_ex(), or EVP_PKEY_param_check(), operator
should verify that the DH key or DH parameters were obtained from a trusted source.
CVE-2023-3817 Low Before calling DH_check(), DH_check_ex(), or EVP_PKEY_param_check(), operator
should verify that the DH key or DH parameters were obtained from a trusted source.
CVE-2024-4741 Low Applications should not directly call the SSL_free_buffers function.
11.6.2 CVE Mitigation Plan
Post-submission, the module has been continually updated to provide mitigations for the CVEs listed above. These
mitigations will be included in a future revalidation of the module.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 38 of 44
12. Mitigation of Other Attacks
This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1
requirements for this validation.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 39 of 44
Appendix A. Approved Service Indicators
This appendix specifies the APIs that are externally accessible and return the Approved service indicators.
Synopsis
#include <openssl/service_indicator.h>
#include <openssl/ssl.h>
int EVP_cipher_get_service_indicator(EVP_CIPHER_CTX *ctx);
int DSA_get_service_indicator(DSA * ptr_dsa, DSA_MODES_t mode);
int RSA_key_get_service_indicator(RSA * ptr_rsa);
int PBKDF_get_service_indicator();
int EVP_Digest_get_service_indicator(EVP_MD_CTX *ctx);
int EC_key_get_service_indicator(EC_KEY *ec_key);
int CMAC_get_service_indicator(CMAC_CTX *cmac_ctx, CMAC_MODE_t mode);
int HMAC_get_service_indicator(HMAC_CTX *ctx);
int TLSKDF_get_service_indicator(EVP_PKEY_CTX *tls_ctx);
int TLS1_3_kdf_get_service_indicator(EVP_MD *md);
int TLS1_3_get_service_indicator(SSL *s);
int DRBG_get_service_indicator(RAND_DRBG *drbg);
Description
These APIs are high-level interfaces that return the Approved service indicator value based on the parameter(s)
passed to them.
• EVP_cipher_get_service_indicator() is used to return the appropriate Approved service indicator status
for block ciphers like AES and Triple DES.
• DSA_get_service_indicator() is used to return the appropriate Approved service indicator status for the
DSA algorithm and its modes. You must include the mode you want the indicator for, which are specified
in the DSA_MODES_t enum.
• RSA_key_get_service_indicator() is used to return the appropriate Approved service indicator status for
RSA algorithm and its modes.
• PBKDF_get_service_indicator() is used to return the appropriate Approved service indicator status for
PBKDF usage.
• EVP_Digest_get_service_indicator() is used to return the appropriate Approved service indicator status
for SHS algorithms like SHA-1 and SHAKE.
• EC_key_get_service_indicator() is used to return the appropriate Approved service indicator status for
elliptic curve algorithms like ECDSA and its modes.
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 40 of 44
• CMAC_get_service_indicator() is used to return the appropriate Approved service indicator status for
CMAC requests that use AES or Triple DES. You must include the mode you want the indicator for, which
are specified in the CMAC_MODE_t enum.
• HMAC_get_service_indicator() is used to return the appropriate Approved service indicator status for
HMAC requests and the associated SHS algorithm.
• TLSKDF_get_service_indicator() is used to return the appropriate Approved service indicator status for
TLS KDF usage excluding TLS 1.3.
• TLS1_3_kdf_get_service_indicator() is used to return the appropriate Approved service indicator status
for TLS 1.3 KDF usage. This function requires the ssl.h file and is used to call the
TLS1_3_get_service_indicator() function because of the SSL struct requirement. You cannot call
TLS1_3_get_service_indicator() directly unless you have the SSL struct that was used.
• DRBG_get_service_indicator() is used to return the appropriate Approved service indicator status for
DRBG usage.
Return Values
Each function returns “1” when indicating the usage of Approved services and “0” for non-approved services.
Notes
When calling a I<get> function, always call it after the variables have been finalized but before they are freed or
destroyed.
Examples
The code sample below provides examples of how to check the Approved service indicators for Triple DES (3-key,
in ECB mode) encryption and decryption:
int 3des_indicator_test()
{
static EVP_CIPHER *cipher = NULL;
static EVP_CIPHER_CTX *ctx;
int outLen;
unsigned char pltmp[8];
unsigned char citmp[8];
unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
19,20,21,22,23,24};
unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
cipher = EVP_des_ede3_ecb();
//Encrypt
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, cipher, NULL, key, NULL);
EVP_CIPHER_CTX_set_key_length(ctx, 24);
EVP_EncryptUpdate(ctx, citmp, &outLen, plaintext, 8);
// Check the indicator
int NID = EVP_CIPHER_CTX_nid(ctx);
fprintf(stdout,"EVP_des_ede3_ecb (NID %i) encrypt indicator = %i\n", NID, EVP_cipher_get_service_indicator(ctx));
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 41 of 44
EVP_CIPHER_CTX_cleanup(ctx);
//Decrypt
ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(ctx, cipher, NULL, key, NULL);
EVP_CIPHER_CTX_set_key_length(ctx, 24);
EVP_DecryptUpdate(ctx, pltmp, &outLen, citmp, 8);
// Check the indicator
fprintf(stdout,"EVP_des_ede3_ecb (NID %i) decrypt indicator = %i\n", NID, EVP_cipher_get_service_indicator(ctx));
EVP_CIPHER_CTX_cleanup(ctx);
EVP_CIPHER_CTX_free(ctx);
}
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 42 of 44
Appendix B. Acronyms and Abbreviations
Table 14 provides definitions for the acronyms and abbreviations used in this document.
Table 14 – Acronyms and Abbreviations
Term Definition
AES Advanced Encryption Standard
ANSI American National Standards Institute
API Application Programming Interface
CAST Cryptographic Algorithm Self-Test
CBC Cipher Block Chaining
CCCS Canadian Centre for Cyber Security
CCM Counter with Cipher Block Chaining - Message Authentication Code
CFB Cipher Feedback
CKG Cryptographic Key Generation
CMAC Cipher-Based Message Authentication Code
CMVP Cryptographic Module Validation Program
CO Cryptographic Officer
CPU Central Processing Unit
CSP Critical Security Parameter
CTR Counter
CVL Component Validation List
DEP Default Entry Point
DES Data Encryption Standard
DH Diffie-Hellman
DRBG Deterministic Random Bit Generator
DSA Digital Signature Algorithm
ECB Electronic Code Book
ECC Elliptic Curve Cryptography
ECC CDH Elliptic Curve Cryptography Cofactor Diffie-Hellman
ECDH Elliptic Curve Diffie-Hellman
ECDSA Elliptic Curve Digital Signature Algorithm
EMI/EMC Electromagnetic Interference /Electromagnetic Compatibility
FFC Finite Field Cryptography
FIPS Federal Information Processing Standard
GCM Galois/Counter Mode
FIPS 140-3 Non-Proprietary Security Policy, Version 0.9 February 6, 2025
Dynatrace Cryptographic Module 1.1
©2025 Dynatrace LLC
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 43 of 44
Term Definition
GMAC Galois Message Authentication Code
GPC General-Purpose Computer
HMAC (keyed-) Hash Message Authentication Code
KAS Key Agreement Scheme
KAT Known Answer Test
KDF Key Derivation Function
KTS Key Transport Scheme
KW Key Wrap
KWP Key Wrap with Padding
MD Message Digest
NIST National Institute of Standards and Technology
OCB Offset Codebook
OFB Output Feedback
OS Operating System
PBKDF Password-Based Key Derivation Function
PCT Pairwise Consistency Test
PKCS Public Key Cryptography Standard
PSS Probabilistic Signature Scheme
PUB Publication
RC Rivest Cipher
RNG Random Number Generator
RSA Rivest Shamir Adleman
SHAKE Secure Hash Algorithm KECCAK
SHA Secure Hash Algorithm
SHS Secure Hash Standard
SP Special Publication
TDES Triple Data Encryption Standard
TLS Transport Layer Security
XEX XOR Encrypt XOR
XTS XEX-Based Tweaked-Codebook Mode with Ciphertext Stealing
Prepared by:
Corsec Security, Inc.
12600 Fair Lakes Circle, Suite 210
Fairfax, VA 22033
United States of America
Phone: +1 703 267 6050
Email: info@corsec.com
www.corsec.com