Progress Software Corporation FIPS 140-2 Security Policy Progress LoadMaster FIPS Object Module Version: 3.0.8 Date: July 11, 2024 Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 2 of 40 Copyright Notice This document may be freely reproduced and distributed whole and intact including this copyright notice. Copyright © 2024 Progress Software Corporation. Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 3 of 40 Modification History Version Description Release Date 1.0 Initial Draft July 14, 2023 1.1 Second Draft March 22, 2024 1.2 Third Draft July 11, 2024 Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 4 of 40 Table of Contents FIPS 140-2 Overview..................................................................................................................................................6 1. Introduction.......................................................................................................................................................7 1.1 Scope.........................................................................................................................................................7 1.2 Module Overview ......................................................................................................................................7 1.3 Module Boundary......................................................................................................................................8 2. Security Level.....................................................................................................................................................9 3. Tested Configurations......................................................................................................................................10 4. Ports and Interfaces.........................................................................................................................................11 5. Roles,ServicesandAuthentication..................................................................................................................12 5.1 Roles........................................................................................................................................................12 5.2 Services....................................................................................................................................................12 6. Physical Security ..............................................................................................................................................15 7. Operational Environment.................................................................................................................................16 8. Cryptographic Algorithms and Key Management.............................................................................................17 8.1 Cryptographic Algorithms........................................................................................................................17 8.2 Critical Security Parameters (CSP’s) and Public Keys................................................................................25 8.3 Key Generation and Entropy....................................................................................................................27 9. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) ......................................................28 10. Self-tests..........................................................................................................................................................29 10.1 Power-On Self-Tests.................................................................................................................................29 10.2 Conditional Self-Tests...............................................................................................................................30 10.3 Assurances...............................................................................................................................................30 10.4 Critical Function Tests..............................................................................................................................30 11. Mitigation of Other Attacks..............................................................................................................................31 12. CryptoOfficerand UserGuidance....................................................................................................................32 12.1 AES-GCM Usage.......................................................................................................................................32 12.2 Triple-DES Usage......................................................................................................................................32 12.3 Miscellaneous..........................................................................................................................................32 Appendix A: Installation and Usage Guidance..........................................................................................................33 Appendix B: Compilers.............................................................................................................................................35 Appendix C: Glossary ...............................................................................................................................................36 Appendix D: Table of References.............................................................................................................................38 Appendix E: Trademarks..........................................................................................................................................40 Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 5 of 40 List of Tables Table 1– Security Levels for each FIPS 140-2 Area..................................................................................................................9 Table 2 – Tested Configurations ...........................................................................................................................................10 Table 3 – Physical Port and Logical Interface Mapping.........................................................................................................11 Table 4 – Approved Services and Role Allocation.................................................................................................................14 Table 5 – Non-Approved Services and Role Allocation..........................................................................................................14 Table 6 – FIPS Approved Algorithms.....................................................................................................................................24 Table 7– Allowed Algorithms................................................................................................................................................25 Table 8 – Non-Approved Algorithms ....................................................................................................................................25 Table 9 – Critical Security Parameters ..................................................................................................................................26 Table 10– Public Keys ...........................................................................................................................................................26 Table 11 – Power On Self-Tests.............................................................................................................................................30 Table 12 – Conditional Tests.................................................................................................................................................30 Table 13 – Assurances ..........................................................................................................................................................30 Table 14 – Compilers Used for Each Operational Environment ............................................................................................35 Table 15 – Glossary of Terms................................................................................................................................................37 Table 16 – Standards and Publications Referenced within this Security Policy.....................................................................39 Table 17– Trademarks Referenced within this Security Policy..............................................................................................40 List of Figures Figure 1 – Module Block Diagram..........................................................................................................................................8 Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 6 of 40 FIPS 140-2 Overview Federal Information Processing Standards Publication 140-2 — Security Requirements for Cryptographic Modules specifies requirements for cryptographic modules to be deployed in a Sensitive but Unclassified environment. The National Institute of Standards and Technology (NIST) and Canadian Centre for Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP) run the FIPS 140 program. NVLAP accredits independent testing labs to perform FIPS 140-2 testing; the CMVP validates modules meeting FIPS 140-2 validation. Validated is the term given to a module that is documented and tested against the FIPS 140-2 criteria. More information is available on the CMVP website at: http://csrc.nist.gov/groups/STM/cmvp/index.html About this Document This non-proprietary Cryptographic Module Security Policy for the Progress LoadMaster FIPS Object Module from Progress Software Corporation provides an overview and a high-level description of how it meets the overall Level 1 security requirements of FIPS 140-2. Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 7 of 40 1. Introduction 1.1 Scope This document describes the non-proprietary cryptographic module security policy for the Progress LoadMaster FIPS Object Module, hereafter referred to as “the Module.” It contains specification of the security rules, under which the cryptographic module operates, including the security rules derived from the requirements of the FIPS 140-2 standard. 1.2 Module Overview The Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality. The Module is classified under FIPS 140-2 as a software module, with a multi-chip standalone module embodiment. The physical cryptographic boundary is the general-purpose computer on which the module is installed. The logical cryptographic boundary of the Module is the Progress LoadMaster FIPS Object module, a dynamically loadable library. The Module performs no communication other than with the calling application via APIs that invoke the Module. The module implements both an Approved and non-Approved mode of operation. Use of the Approved algorithms listed in table 6 and allowed algorithms listed in table 7 will place the module in the Approved mode of operation. Use of the non-Approved algorithms listed in table 8 will place the module in the non- Approved mode of operation. Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 8 of 40 1.3 Module Boundary The following block diagram details the Module’s physical and logical boundaries. Figure 1 – Module Block Diagram Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 9 of 40 2. Security Level The following table lists the level of validation for each area in FIPS 140-2: FIPS 140-2 Security Requirement Areas Security Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 3 Mitigation of Other Attacks 1 Overall Level 1 Table 1– Security Levels for each FIPS 140-2 Area The Module meets the overall security level requirements of Level 1. The Module’s software version for this validation is 3.0.8. Please note that this corresponds to version 3.0.8 of the OpenSSL FIPS Provider of which this Module is a rebrand. Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 10 of 40 3. Tested Configurations The Module has been tested on the platforms listed below in Table 2. # Operating System/Hypervisor Hardware Platform Processor Optimizations (Target) Module Version 1 Ubuntu Linux 22.04.1 LTS Dell Inspiron 7591 Intel i7(x64) None 3.0.8 2 Ubuntu Linux 22.04.1 LTS Dell Inspiron 7591 Intel i7(x64) PAA (AES-NI) 3.0.8 3 Debian 11.5 Dell Inspiron 7591 Intel i7(x64) None 3.0.8 4 Debian 11.5 Dell Inspiron 7591 Intel i7(x64) PAA (AES-NI) 3.0.8 5 FreeBSD 13.1 Dell Inspiron 7591 Intel i7(x64) None 3.0.8 6 FreeBSD 13.1 Dell Inspiron 7591 Intel i7(x64) PAA (AES-NI) 3.0.8 7 Windows 10 Dell Inspiron 7591 Intel i7(x64) None 3.0.8 8 Windows 10 Dell Inspiron 7591 Intel i7(x64) PAA (AES-NI) 3.0.8 Table 2 – Tested Configurations See Appendix A for additional information on installation. See Appendix B for a listof the specific compilers used to generate the Module for the respective operational environments. Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 11 of 40 4. Ports and Interfaces The physical ports of the Module are the same as the computer system on which it is executing. The logical interface is a C-language application program interface (API), the mapping of which is described in the following table: Logical Interface Type Description Data Input API entry point data input stack parameters Data Output API entry point data output stack parameters Control Input API entry point and corresponding stack parameters Status Output API entry point return values and status stack parameters Table 3 – Physical Port and Logical Interface Mapping As a software module, control of the physical ports is outside module scope. However, when the module is performing self-tests, or is in an error state, all output on the logical data output interface is inhibited. In error scenarios, the module returns only an error value (no data output is returned). Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 12 of 40 5. Roles, Services and Authentication 5.1 Roles The Module implements both a User Role (User) as well as the Crypto Officer (CO) role. The Module does not support authentication and does not allow concurrent operators. The User and Crypto Officer roles are implicitly assumed by the application accessing services implemented by the Module. 5.2 Services All the services provided by the module can be accessed by both the User and the Crypto Officer roles. The User Role (User) can load the Module and call any of the API functions. The Crypto Officer Role (CO) is responsible for installation of the Module on the host computer system and calling of any API functions. The module provides the following Approved services which utilize algorithms listed in Table 6 and 7: Service Roles (User/CO) Description Initialize X Module initialization. Does not access CSPs. Self-Test X Perform POST self-tests (SELF_TEST_post( )) on demand. Does not access CSPs. Show Status X The Module’s status can be verified by querying the “status” parameter. Does not access CSPs. CSP/Key Zeroization X All services automatically overwrite CSPs stored in allocated memory. Stack cleanup is the responsibility of the calling application. Random Number Generation X Used for random number and symmetric key generation. • Seed or reseed a DRBG instance • Determine security strength of a DRBG instance • Obtain random data Uses and updates Hash_DRBG CSPs, HMAC_DRBG CSPs, CTR_DRBG CSPs Asymmetric Key Generation X Used to generate DSA, ECDSA, RSA , DH, ECDH, X25519 and X448 keys: Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 13 of 40 Service Roles (User/CO) Description • RSA SGK, RSA SVK; DSA SGK, DSA SVK; ECDSA SGK, ECDSA SVK; DH Private, DH Public, ECDH Private, ECDH Public; X25519 Private, X25519 Public, X448 Private and X448 Public keys There is one supported entropy strength for each mechanism and algorithm type, the maximum specified in SP 800-90Ar1 Key Derivation X Used to derive keys using KBKDF, PBKDF2, HKDF, SP 800-56Cr2 One- Step KDF (KDA), SP 800-135 TLS 1.2, SSHv2, ANSI X9.6-2001, ANSI X9.42-2001 KDFs and TLS 1.3 KDF. Symmetric Encrypt/Decrypt X Used to encrypt or decrypt data. Executes using AES EDK, TDES EDK (passed in by the calling application). Symmetric Digest X Used to generate or verify data integrity with CMAC. Executes using AES CMAC Key (passed in by the calling application). Message Digest X Used to generate a SHA-1, SHA-2, or SHA-3 message digest. Does not access CSPs Keyed Hash X Used to generate or verify data integrity with HMAC or KMAC. Executes using HMAC or KMAC Key (passed in by the calling application) Key Transport X Used to encrypt or decrypt a key value on behalf of the calling application (does not establish keys into the module). Executes using RSA KDK, RSA KEK (passed in by the calling application). Key Wrapping X Used to encrypt a key value on behalf of the calling application Executes using AES Key Wrapping Key (passed in by the calling application). Key Agreement X Used to perform key agreement primitives on behalf of the calling application (does not establish keys into the module). Executes using DH Private, DH Public, EC DH Private, EC DH Public, X25519 Private, X25519 Public, X448 Private and X448 Public, RSA SGK, RSA SVK (passed in by the calling application). Progress Software Corporation Version 1.2 Public Material – May be reproduced only in its original entirety (without revision). Page 14 of 40 Service Roles (User/CO) Description Digital Signature X Used to generate or verify RSA, DSA, or ECDSA digital signatures. Executes using RSA SGK, RSA SVK; DSA SGK, DSA SVK; ECDSA SGK, ECDSA SVK (passed in by the calling application). Utility X Miscellaneous helper functions. Does not access CSPs. Table 4 – Approved Services and Role Allocation The module provides the following non-Approved services which utilize algorithms listed in Table 5: Service Roles (User/CO) Description Digital Signature X Used to generate or verify Ed25519 or Ed448 digital signatures. Used to verify RSA digital signatures with 1024