| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Firmware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 7/17/2029 |
| Caveat | When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g. Keys). |
| Vendor | Motorola Solutions, Inc. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Physical Security | 1 |
| Sensitive Security Parameter Management | 1 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Motorola Solutions Cryptographic Firmware Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>R01.13.00</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-Test</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C3,C5,C6 clue;
class I1,I3,I5,I6 infer;
class R1,R3,R5,R6 risk;
class E1,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Motorola Solutions Cryptographic Firmware Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>R01.13.00</i><br/>src: certificate.firmwareVersions"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-Test</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C3 clueHigh;
class C5,C6 clueLow;Motorola Solutions Cryptographic Firmware Module Firmware Version: R01.13.00 Document Version: 1.0 Date: July 16, 2024 Prepared by: www.acumensecurity.net Motorola Solutions, Inc. © 2024 Version 1.0 Public Material
Introduction Federal Information Processing Standards Publication 140-3
140 validation. Validated is the term given to a module that is documented and tested against the FIPS
More information is available on the CMVP website at: https://csrc.nist.gov/projects/cryptographic-module-validation-program About this Document This non-proprietary Cryptographic Module Security Policy for the Motorola Solutions Cryptographic Firmware Module provides an overview of the product and a high-level description of how it meets the overall Level 1 security requirements of FIPS 140-3. The Motorola Solutions Cryptographic Firmware Module may also be referred to as the “module” in this document. Disclaimer The contents of this document are subject to revision without notice due to continued progress in methodology, design, and manufacturing. Motorola Solutions, Inc. shall have no liability for any error or damages of any kind resulting from the use of this document. Notices This document may be freely reproduced and distributed in its entirety without modification. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material
| # | Section | Page |
|---|---|---|
| Introduction | 2 | |
| Disclaimer | 2 | |
| Notices | 2 | |
| 1 | General | 4 |
| 2 | Cryptographic Module Specification | 5 |
| 2.1 | Modes of Operation | 5 |
| 2.2 | Cryptographic Functionality | 6 |
| 2.3 | Module Description and Cryptographic Boundary | 7 |
| 2.4 | Security Rules and Guidance | 8 |
| 3 | Cryptographic Module Interfaces | 8 |
| 4 | Roles, Services, and Authentication | 9 |
| 5 | Software/Firmware Security | 12 |
| 6 | Operational Environment | 12 |
| 7 | Physical Security | 12 |
| 8 | Non-invasive Security | 13 |
| 9 | Sensitive Security Parameters Management | 13 |
| 10 | Self-Tests | 15 |
| 10.1 | Automatic Self-Test | 15 |
| 10.2 | Operator Initiated Self-Test | 16 |
| 11 | Life-Cycle Assurance | 16 |
| 12 | Mitigation of Other Attacks | 17 |
| References and Definitions | 18 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 1 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | 1 |
| 7 | 7 | Physical Security | 1 |
| 8 | 8 | Non-invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 1 |
| 10 | 10 | Self-Tests | 1 |
| 11 | 11 | Life-Cycle Assurance | 1 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
1. This document defines the cryptographic module security policy for the Motorola Solutions Cryptographic Firmware Module (Firmware version: R01.13.00), also referred to as the “module” hereafter. The module is a multichip standalone embodiment. It contains specification of the security rules, under which the cryptographic module operates, including the security rules derived from the requirements of the FIPS 140-3 standard. The following table lists the level of validation for each area in FIPS 140-3: N/A N/A Table 1
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # | |
|---|---|---|---|---|---|---|
| 1 | Mentor Graphics Nucleus 3.0 (version 2013.08.1) | Texas Instrument (TI) OMAP-L138 C6000 DSP+ARM | ARM926EJ-S | N/A | 1 | |
| 2 | Texas Instrument (TI) DSP/BIOS (version 5.41.04.18) | Texas Instrument (TI) OMAP-L138 C6000 DSP+ARM | TMS320C674x | N/A | 2 | |
| 1 | Enea OSE, Version 5.8 | Motorola Solutions GRV 8000 Comparator, NXP QorIQ P1021 | 1 |
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # | |
|---|---|---|---|---|---|---|
| 1 | Mentor Graphics Nucleus 3.0 (version 2013.08.1) | Texas Instrument (TI) OMAP-L138 C6000 DSP+ARM | ARM926EJ-S | N/A | 1 | |
| 2 | Texas Instrument (TI) DSP/BIOS (version 5.41.04.18) | Texas Instrument (TI) OMAP-L138 C6000 DSP+ARM | TMS320C674x | N/A | 2 | |
| 1 | Enea OSE, Version 5.8 | Motorola Solutions GRV 8000 Comparator, NXP QorIQ P1021 | 1 |
| Name | CAVP Cert | Mode Method | Key Size | Use Function | |
|---|---|---|---|---|---|
| AES [FIPS 197] | A2228 | CBC [SP 800-38A] | Key Size: 256 | Encrypt, Decrypt | |
| ECB [SP 800-38A] | ECB [SP 800-38A] | Key Size: 256 | Encrypt, Decrypt | ||
| GCM [SP 800-38D]1 | GCM [SP 800-38D]1 | Key Size: 256 | Encrypt, Decrypt | ||
| KW [SP 800-38F] | KW [SP 800-38F] | Key Size: 256 | Encrypt, Decrypt | ||
| OFB [SP 800-38A] | OFB [SP 800-38A] | Key Size: 256 | Encrypt, Decrypt | ||
| DRBG [SP800-90Ar1] | CTR | AES-256 | Deterministic Random Bit Generation | ||
| ECDSA [FIPS 186-4] | P-384 | Key Generation, Supported only on OE #1. | |||
| HMAC [FIPS 198-1] | HMAC-SHA2-384 | (1024 bit) | Message authentication, Code Integrity tests | ||
| KAS-ECC [SP 800- 56Ar3] | P-384 with SHA2- 256 | Key Establishment provides 192 bits of encryption strength, Supported only on OE#1 | ECC (Initiator, | ||
| pair generation, | P-384 with SHA2- 384 | pair generation, | |||
| validation, One- | P-384 with SHA2- 512 | validation, One- | |||
| KTS [IG D.G] | AES-KW | Key Size: 256 | Key Wrap provides 256 bits of encryption strength | ||
| KTS [IG D.G] | GCM | Key Size: 256 | Key Wrap provides 256 bits of encryption strength | ||
| PBKDF [SP 800-132] | Option 1a Option 2a (using HMAC) | sLen = 16 – 512 bytes C = 1 – 5000 SHA2-256, SHA2- 384, SHA2-512 | Password-Based Key Derivation. Supported only on OE #1. | ||
| SHS [FIPS 180-4] | SHA2-256 SHA2-384 SHA2-512 | N/A | Message Digest Generation, Password Obfuscation | ||
| CKG | Vendor Affirmed | CTR_DRBG | N/A | Symmetric key and asymmetric key seed |
2.2 Cryptographic Functionality The module’s supported cryptographic functions are listed in the following tables: N/A N/A #1. Per IG C.H option 2, the module generates 96-bit GCM IVs randomly as specified in SP800-38D section 8.2.2 using an approved DRBG (Cert. #A2228), that is internal to the module’s boundary. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material
| Name | CAVP Cert | Use Function | Description |
|---|---|---|---|
| AES MAC3 | AES MAC3 | [IG D.C] AES MAC for Project 25 APCO OTAR (Cert. #A2228) | |
| DES | DES Encryption/Decryption – ECB, OFB and CBC Mode. |
| Name | CAVP Cert | Use Function | Description |
|---|---|---|---|
| AES MAC3 | AES MAC3 | [IG D.C] AES MAC for Project 25 APCO OTAR (Cert. #A2228) | |
| DES | DES Encryption/Decryption – ECB, OFB and CBC Mode. |
Table 4
Logical Perimeter Figure 1 – Logical cryptographic boundary and physical boundary 2.4 Security Rules and Guidance The module enforces the following security rules:
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| 1 | 1 | Data input | API entry point data input stack parameters |
| 2 | 2 | Data output | API entry point data output stack parameters |
| 3 | 3 | Control input | API entry point and corresponding stack parameters |
| 4 | 4 | Status output | API entry point return values and status stack parameters |
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|---|
| Self-Test | CO | Power-up/Run Self-Test command | Status: Success/Error | |||||
| Load Entropy | CO | Entropy Input String | N/A | |||||
| Get Module Status | CO | Get module status command | Module initialization status, Approved mode status | |||||
| Get Module Version | CO | Get module version command | “libALG Library R01.13.00 – Copyright 2021 Motorola Solutions, Inc.” | |||||
| Configure Approved Mode | CO | Approved mode enabled/Approved mode disabled | Enable/Disable | |||||
| Utility | CO | Module query for algorithm/key status | Algorithm/key status information | |||||
| Encrypt | CO | Encryption key, plaintext | Ciphertext or error status | |||||
| Decrypt | CO | Decryption key, ciphertext | Plaintext or error status | |||||
| AES Key Wrapping | CO | Encryption key, input data | Wrapped key | |||||
| AES Key Unwrapping | CO | Decryption key, input data | Unwrapped data | |||||
| Generate OTAR MAC | CO | Input data | MAC Key | |||||
| DRBG | CO | Entropy input data | Pseudo-random number | |||||
| Hashing | CO | Hash algorithm, input data | Hashed output | |||||
| HMAC-SHA | CO | Hash Key, input data | digest | |||||
| Zeroize | CO | N/A | N/A | |||||
| PBKDF | CO | Password, iteration count, salt, hash algorithm | Derived key | |||||
| ECDSA Key Gen | CO | Private key | Private key/Public key | |||||
| KAS-ECC | CO | Private key, Public Key of Remote Party (Host B) | ECDH Shared Secret/KDF Derived Key | |||||
| Self-Test | Automatic: See section 10.1 | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Load Entropy | Load external entropy to seed the DRBG | CO | Entropy Input string | N/A | W,E,Z | ”fips_mode = 1” | ||
| Get Module Status | Show the module status | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Get Module Version | Get module version number | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Configure Approved Mode | Set/Unset module to Approved mode | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Utility | Key check and other services | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Encrypt | Encryption of voice and data | CO | AES-256 Key | AES | W,E,Z | ”fips_mode = 1” | ||
| Decrypt | Decryption of voice and data | CO | AES-256 Key | AES | W,E,Z | ”fips_mode = 1” | ||
| AES Key Wrapping | Used for the encryption of keys. | CO | AES-256 Key Wrap Key | KTS (AES- KW or AES- GCM) | W,E,Z | ”fips_mode = 1” | ||
| AES Key Unwrapping | Used for the decryption of keys. | CO | AES-256 Key Wrap Key | KTS (AES- KW or AES- GCM) | W,E,Z | ”fips_mode = 1” |
Table 7
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|---|
| ECDSA Key Gen | CO | Private key | Private key/Public key | |||||
| KAS-ECC | CO | Private key, Public Key of Remote Party (Host B) | ECDH Shared Secret/KDF Derived Key | |||||
| Self-Test | Automatic: See section 10.1 | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Load Entropy | Load external entropy to seed the DRBG | CO | Entropy Input string | N/A | W,E,Z | ”fips_mode = 1” | ||
| Get Module Status | Show the module status | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Get Module Version | Get module version number | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Configure Approved Mode | Set/Unset module to Approved mode | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Utility | Key check and other services | CO | N/A | N/A | N/A | ”fips_mode = 1” | ||
| Encrypt | Encryption of voice and data | CO | AES-256 Key | AES | W,E,Z | ”fips_mode = 1” | ||
| Decrypt | Decryption of voice and data | CO | AES-256 Key | AES | W,E,Z | ”fips_mode = 1” | ||
| AES Key Wrapping | Used for the encryption of keys. | CO | AES-256 Key Wrap Key | KTS (AES- KW or AES- GCM) | W,E,Z | ”fips_mode = 1” | ||
| AES Key Unwrapping | Used for the decryption of keys. | CO | AES-256 Key Wrap Key | KTS (AES- KW or AES- GCM) | W,E,Z | ”fips_mode = 1” | ||
| Generate OTAR MAC | Used to generate MAC (Message Authentication Code) as defined in [OTAR]. | CO | OTAR MAC Key | AES MAC | W,E,Z | ”fips_mode = 1” | ||
| DRBG | Used for random number, IV and key generation using DRBG [SP 800-90Ar1]. | CO | Entropy Input string/ SP 800- 90Ar1 Seed/ SP 800- 90Ar1 Internal State (“V” and “Key”) | DRBG (output directly used for CKG) CKG | G,R,W | ”fips_mode = 1” | ||
| Hashing | Used to generate SHA2- 256/384/512 message digest. | CO | N/A | SHS | N/A | ”fips_mode = 1” | ||
| HMAC-SHA | Used to calculate data integrity codes with HMAC. | CO | Keyed Hash Key | HMAC | W,E | ”fips_mode = 1” | ||
| Zeroize4 | Zeroize all SSPs | CO | All | N/A | Z | ”fips_mode = 1” | ||
| PBKDF5 | Used to generate keys using PBKDF [SP 800-132] | CO | PBKDF Secret Value DPK | PBKDF | W,E G,R | ”fips_mode = 1” | ||
| ECDSA Key Gen | Used for generating asymmetric key pair | CO | ECDSA Private Key, ECDSA Public Key | ECDSA | G,R | ”fips_mode = 1” | ||
| KAS-ECC | Used for key agreement process using ECDH | CO | ECDH Shared Secret, KDF Derived Key, ECDH Private Key, ECDH Public | KAS-ECC | G,R,W,E | ”fips_mode = 1” |
The SSPs modes of access shown in Table 9, are defined as:
W,E,Z SP 80090Ar1 N/A G,R,W N/A W,E N/A Z W,E G,R G,R G,R,W,E The Zeroize service zeroizes the key in the volatile memory by power cycling the module. As per NIST SP 800-132, keys generated by the module shall be used as recommend in Section 5.4 of [132]. Any other use of the approved PBKDF is non‐conformant. In approved mode the operator shall enter a password no less than 8 hexadecimal digits in length. The probability of guessing the password will be equal to 1:168. Due to the computational limitations of this embedded operational environment, the iteration count associated with the PBKDF should not exceed 5000. The minimum iteration count is 1, however it shall be selected as large as possible. Keys derived from passwords may only be used in storage applications. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material
| Name | Description | Roles | Approved Functions | Indicator |
|---|---|---|---|---|
| Encrypt | Encryption of voice and data | CO | DES | ”fips_mode = 0” |
| Decrypt | Decryption of voice and data | CO | DES | ”fips_mode = 0” |
| Name | Description | Roles | Approved Functions | Indicator |
|---|---|---|---|---|
| Encrypt | Encryption of voice and data | CO | DES | ”fips_mode = 0” |
| Decrypt | Decryption of voice and data | CO | DES | ”fips_mode = 0” |
Table 9 – Approved Services Table 10 – Non-Approved Services
| Name | Key Size | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | |||||||||
| Used to derived SP 800-90Ar1 seed | Variable (384-bit minimum) | Entropy Input string | N/A | External | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Derived from the Entropy Input string. Used in AES IV, ECDSA Private Key, and ECDH Private Key generation | 384-bit | SP 800- 90Ar1 Seed | DRBG (A2228) | Internal | N/A | N/A | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| CTR_DRBG state | N/A | SP 800- 90Ar1 Internal State (“V” and “Key”) | DRBG (A2228) CKG | Internal | N/A | N/A | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used in HMAC function | Variable (192-bit minimum) | Keyed Hash Key | HMAC (A2228) | External | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used in data encryption / decryption | 256-bit | AES-256 Key | AES (A2228) | External | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset /End of data processing | ||||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | |||||||||
| Used in key encryption / decryption | 256-bit | AES-256 Key Wrap Key | KTS (A2228) | External | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset /End of data processing | ||||||||||||||
| Used in Key Derivation | Variable (64-bit minimum ) | PBKDF Secret Value | PBKDF (A2228) | External 6 | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Derived by the PBKDF using the PBKDF Secret Value | 128-bit minimum | DPK | PBKDF (A2228) | Internal | Export (electr onic) | Internally computed | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used for AES MAC | 256-bit | OTAR MAC Key | AES MAC | External | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used to generate ECDH Public Key | 192-bit | ECDH Private Key | KAS- ECC (A2228) | External or Internal | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used to generate KDF derived key | 192-bit | ECDH Shared Secret | KAS- ECC (A2228) | Internal | Export (electr onic) | Internally computed | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used for ECDSA | 192-bit | ECDSA Private Key | ECDSA (A2228) | External or Internal | Import or Export (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used in KAS-ECC | Variable (128-bit minimum) | KDF Derived Key | KAS- ECC (A2228) | Internal | Export (electr onic) | Internally computed | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used in key exchange | 192-bit | ECDH Public Key | KAS- ECC (A2228) | Internal | Export (electr onic) | Internally computed | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | |||||||||
| Used in key exchange | 192-bit | ECDH Remote Party Public Key | KAS- ECC (A2228) | External | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used for ECDSA | 192-bit | ECDSA Public Key | ECDSA (A2228) | Internal | Export (electr onic) | Internally computed | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Entropy sources | Minimum number of bits of | Entropy sources | Details | |||||||||||||||||||
| 384 (minimum seed length for AES-256 CTR_DRBG) | Entropy Input String | The entropy for seeding the SP 800-90Ar1 DRBG is determined by the user operator of the module which is outside of the module’s cryptographic boundary. To be compliant, the target application shall supply at least 384 bits of entropy in order to meet the security strength required for the random number generation mechanism as shown in [SP 800- 90Ar1] Table 3 (CTR_DRBG) and set required bits into the module by calling module defined API function. Since entropy is loaded passively into the module, there is no assurance of the minimum strength of generated keys. |
3, the embodiment is defined as multiple-chip standalone and is designed to meet Level 1 security requirements. 8. Non-invasive Security Not Applicable. The module does not implement non-invasive security measures. N/A N/A N/A N/A / Strength SP 80090Ar1 SP 80090Ar1 N/A Motorola Solutions, Inc. © 2024 Version 1.0 Public Material
/ KASExternal KASInternal KASInternal Use & related keys ) Zeroisation Establishment Storage Generation Security Function and Cert. Number Strength Key/SSP Name/Type KASInternal Password generated externally. Salt may be generated externally or internally according to SP 800-133. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material
| Name | Key Size | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| P S S / y e K | P S S / y e K | e p y T / e m a N | h t g n e r t S | y t ir u c e S | d n a n o it c n u F | r e b m u N .t r e C | n o it a r e n e G | t r o p x E / t r o p m I | t n e m h s ilb a t s E | e g a r o t S | n o it a s io r e Z | d e t a le r & e s U | s y e k | |||||||||
| Used in key exchange | 192-bit | ECDH Remote Party Public Key | KAS- ECC (A2228) | External | Import (electr onic) | Input via API in plaintext | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Used for ECDSA | 192-bit | ECDSA Public Key | ECDSA (A2228) | Internal | Export (electr onic) | Internally computed | Volatile memory (plaintext) | Power Cycle/Reset | ||||||||||||||
| Entropy sources | Minimum number of bits of | Entropy sources | Details | |||||||||||||||||||
| 384 (minimum seed length for AES-256 CTR_DRBG) | Entropy Input String | The entropy for seeding the SP 800-90Ar1 DRBG is determined by the user operator of the module which is outside of the module’s cryptographic boundary. To be compliant, the target application shall supply at least 384 bits of entropy in order to meet the security strength required for the random number generation mechanism as shown in [SP 800- 90Ar1] Table 3 (CTR_DRBG) and set required bits into the module by calling module defined API function. Since entropy is loaded passively into the module, there is no assurance of the minimum strength of generated keys. |
Storage Use & related Establishment Zeroisation KASExternal Cert. Number Key/SSP Name/Type Table 11
The module automatically performs pre-operational self-tests and conditional cryptographic algorithm self-tests. Automatic pre-operational self-tests are initiated upon module power-up and must pass in order for the module to initialize and render any security services. A failure of any pre-operational selftest will prevent the module from initializing. Automatic conditional cryptographic algorithm self-tests (CAST) will run prior to the first use of a security service using an approved cryptographic algorithm after module initialization. Failure of a conditional CAST will cause the module to enter the soft error state and a) Pre-Operational Self-Tests
b) Conditional Self-Tests
Self-tests can also be initiated by calling the “Self-Test” service via the API. Operator initiated self-tests via the API can only be invoked after the module has initialized. When initiating self-test via API call, the following tests are performed:
12. Mitigation of Other Attacks Not Applicable. The Module does not implement mitigations of other attacks outside the scope of FIPS 140-3. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material
| Name | Term | Definition | Abbreviation | Full Specification Name |
|---|---|---|---|---|
| [FIPS 140-3] | [FIPS 140-3] | Security Requirements for Cryptographic Modules, March 2019 | ||
| [IG] | [IG] | Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program, November 2021. | ||
| [SP 800-132] | [SP 800-132] | NIST Special Publication 800-132, Recommendation for Password-Based Key Derivation, Part 1: Storage Applications, December 2010 | ||
| [FIPS 186-4] | [FIPS 186-4] | National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4, July 2013. | ||
| [FIPS 197] | [FIPS 197] | National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 2001 | ||
| [FIPS 198-1] | [FIPS 198-1] | National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198- 1, July 2008 | ||
| [FIPS 180-4] | [FIPS 180-4] | National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August 2015 | ||
| [SP 800-38A] | [SP 800-38A] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001 | ||
| [SP 800-38D] | [SP 800-38D] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Special Publication 800- 38D, November 2007 | ||
| [SP 800-38F] | [SP 800-38F] | National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, Special Publication 800-38F, December 2012 | ||
| [SP 800-56Ar3] | [SP 800-56Ar3] | NIST Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, April 2018 | ||
| [SP 800-56Cr2] | [SP 800-56Cr2] | NIST Special Publication 800-56C Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, August 2020 | ||
| [SP 800-90Ar1] | [SP 800-90Ar1] | National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015. | ||
| [OTAR] | [OTAR] | Project 25 – Digital Radio Over-The-Air-Rekeying (OTAR) Messages and Procedures [TIA- 102.AACA-A], September 2014 | ||
| Acronym | Acronym | Definition | ||
| AES | AES | Advanced Encryption Standard | ||
| APCO | APCO | Association of Public-Safety Communications Officials | ||
| CBC | CBC | Cipher Block Chaining | ||
| CKG | CKG | Cryptographic Key Generation | ||
| DRBG | DRBG | Deterministic Random Bit Generator | ||
| ECB | ECB | Electronic Code Book | ||
| ECDH | ECDH | Elliptic Curve Diffie-Hellman | ||
| ECDSA | ECDSA | Elliptic Curve Diffie-Hellman |
References and Definitions Motorola Solutions, Inc. © 2024 Version 1.0 Public Material
| FIPS | Federal Information Processing Standards |
|---|---|
| GCM | Galois/Counter Mode |
| HMAC | Hash-based Message Authentication Code |
| IV | Initialization Vector |
| KAT | Known Answer Test |
| KDA | Key Derivation Algorithm |
| MAC | Message Authentication Code |
| OFB | Output Feedback |
| OTAR | Over The Air Rekeying |
| PBKDF | Password-Based Key Derivation Function |
| PCT | Pairwise Consistency Test |
| SSP | Sensitive Security Parameter |
Motorola Solutions, Inc. © 2024 Version 1.0 Public Material