All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1]

Certificate#4854StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorApple Inc.
Medium review priority  ·  no TCB surface named  ·  last validated 21 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date10/27/2026
CaveatInterim validation. When operated in approved mode
VendorApple Inc.

Approved Algorithms (88)

AlgorithmACVP Cert
AES-CBCA2793
AES-CBCA2794
AES-CBCA2865
AES-CBCA2866
AES-CCMA2796
AES-CCMA2868
AES-CFB128A2793
AES-CFB128A2794
AES-CFB128A2865
AES-CFB128A2866
AES-CFB8A2794
AES-CFB8A2866
AES-CTRA2794
AES-CTRA2796
AES-CTRA2866
AES-CTRA2868
AES-ECBA2793
AES-ECBA2794
AES-ECBA2796
AES-ECBA2865
AES-ECBA2866
AES-ECBA2868
AES-GCMA2796
AES-GCMA2868
AES-KWA2794
AES-KWA2866
AES-OFBA2793
AES-OFBA2794
AES-OFBA2865
AES-OFBA2866
AES-XTSA2793
AES-XTSA2865
Counter DRBGA2794
Counter DRBGA2796
Counter DRBGA2866
Counter DRBGA2868
ECDSA KeyGen (FIPS186-4)A2797
ECDSA KeyGen (FIPS186-4)A2869
ECDSA KeyVer (FIPS186-4)A2797
ECDSA KeyVer (FIPS186-4)A2869
ECDSA SigGen (FIPS186-4)A2797
ECDSA SigGen (FIPS186-4)A2869
ECDSA SigVer (FIPS186-4)A2797
ECDSA SigVer (FIPS186-4)A2869
HMAC-SHA-1A2797
HMAC-SHA-1A2869
HMAC-SHA2-224A2797
HMAC-SHA2-224A2869
HMAC-SHA2-256A2797
HMAC-SHA2-256A2798
HMAC-SHA2-256A2869
HMAC-SHA2-256A2870
HMAC-SHA2-384A2795
HMAC-SHA2-384A2797
HMAC-SHA2-384A2867
HMAC-SHA2-384A2869
HMAC-SHA2-512A2795
HMAC-SHA2-512A2797
HMAC-SHA2-512A2867
HMAC-SHA2-512A2869
HMAC-SHA2-512/256A2795
HMAC-SHA2-512/256A2797
HMAC-SHA2-512/256A2867
HMAC-SHA2-512/256A2869
RSA SigGen (FIPS186-4)A2797
RSA SigGen (FIPS186-4)A2869
RSA SigVer (FIPS186-4)A2797
RSA SigVer (FIPS186-4)A2869
SHA-1A2797
SHA-1A2869
SHA2-224A2797
SHA2-224A2869
SHA2-256A2797
SHA2-256A2798
SHA2-256A2869
SHA2-256A2870
SHA2-384A2795
SHA2-384A2797
SHA2-384A2867
SHA2-384A2869
SHA2-512A2795
SHA2-512A2797
SHA2-512A2867
SHA2-512A2869
SHA2-512/256A2795
SHA2-512/256A2797
SHA2-512/256A2867
SHA2-512/256A2869

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1]
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery<br/>update</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Self-test<br/>Show Status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1]
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery<br/>update</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Self-test<br/>Show Status</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>IKEV<br/>IPSEC<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Apple Inc. Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1] October 2024 Prepared for: Apple One Apple Park Way Cupertino, CA 95014 Prepared by: atsec information security corporation

4516 Seton Center Parkway, Suite 250

Austin, TX 78759 www.atsec.com

Page 2

Trademarks Apple’s trademarks applicable to this document are listed in https://www.apple.com/legal/intellectualproperty/trademark/appletmlist.html. Other company, product, and service names may be trademarks or service marks of others. This document may be reproduced and distributed only in its original entirely without revision.

2 of 35
Page 3
Table of Contents
#SectionPage
Page 4
List of Tables
ItemPage
Table 1 - Security Levels5
Table 2 - Tested Operational Environments6
Table 3 - Vendor Affirmed Operational Environments7
Table 4 - Modes of Operation7
Table 5 - Vendor Affirmed Algorithms7
Table 6 - Approved Algorithms10
Table 7 - Non-Approved Algorithms Not Allowed in the Approved Mode of Operation12
Table 8 - Executable Code Sets12
Table 9 - Ports and Interfaces13
Table 10 - Roles14
Table 11 - Security Function Implementations14
Table 12 - Approved Services16
Table 13 - Non-Approved Services17
Table 14 - SSPs24
Table 15 – Entropy Sources24
Table 16 - Storage Areas25
Table 17 – Pre-Operational Self-Tests26
Table 18 - Self-Tests27
Table 19- Error states28
Page 5
1 General

This document is the non-proprietary FIPS 140-3 Security Policy for Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1] cryptographic module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for a Security Level 1 module. This document provides all tables and diagrams (when applicable) required by NIST SP 800-140B. The column names of the tables follow the template tables provided in NIST SP 800-140B. Table 1 describes the individual security areas of FIPS 140-3, as well as the Security Levels of those individual areas. ISO/IEC 24759 Section FIPS 140-3 Section Title Security Level 6.[Number Below]

1 General 1

2 Cryptographic Module Specification 1

3 Cryptographic Module Interfaces 1

4 Roles, Services, and Authentication 1

5 Software/Firmware Security 1

6 Operational Environment 1

7 Physical Security Not Applicable

8 Non-invasive Security Not Applicable

9 Sensitive Security Parameter Management 1

10 Self-tests 1

11 Life-cycle Assurance 1

12 Mitigation of Other Attacks Not Applicable

Table 1 - Security Levels This document may be reproduced and distributed only in its original entirely without revision.

5 of 35
Page 6
2 Cryptographic Module Specification

The Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1] cryptographic module (hereafter referred to as “the module”) is a Software module running on a multi-chip standalone general-purpose computing platform. The version of module is 12.0. The module provides implementations of low-level cryptographic primitives to the Device OS’s (iOS 15, iPadOS 15, watchOS 8, tvOS 15, T2 OS 12 and macOS 12 Monterey) Security Framework and Common Crypto.

2.1 Tested Operational Environments

# Operating System Hardware Platform Processor PAA/Acceleration

1 iPadOS 15 iPad (5th generation) Apple A Series A9 With and without PAA

2 iPadOS 15 iPad Pro 9.7-inch Apple A Series A9X With and without PAA

3 iPadOS 15 iPad (7th generation) Apple A Series A10 Fusion With and without PAA

4 iPadOS 15 iPad Pro 10.5 inch Apple A Series A10X Fusion With and without PAA

5 iPadOS 15 iPad mini (5th generation) Apple A Series A12 Bionic With and without PAA

6 iPadOS 15 iPad Pro 11-inch (1st generation) Apple A Series A12X Bionic With and without PAA

7 iPadOS 15 iPad Pro 11-inch (2nd generation) Apple A Series A12Z Bionic With and without PAA

8 iPadOS 15 iPad (9th generation) Apple A Series A13 Bionic With and without PAA

9 iPadOS 15 iPad Air (4th generation) Apple A Series A14 Bionic With and without PAA

10 iPadOS 15 iPad mini (6th generation) Apple A Series A15 Bionic With and without PAA

11 iPadOS 15 iPad Pro 11-inch (3rd generation) Apple M Series M1 With and without PAA

12 iOS 15 iPhone 6S Apple A Series A9 With and without PAA

13 iOS 15 iPhone 7 Plus Apple A Series A10 Fusion With and without PAA

14 iOS 15 iPhone X Apple A Series A11 Bionic With and without PAA

15 iOS 15 iPhone XS Max Apple A Series A12 Bionic With and without PAA

16 iOS 15 iPhone 11 Pro Apple A Series A13 Bionic With and without PAA

17 iOS 15 iPhone 12 Apple A Series A14 Bionic With and without PAA

18 iOS 15 iPhone 13 Pro Max Apple A Series A15 Bionic With and without PAA

19 watchOS 8 Apple Watch Series S3 Apple S Series S3 With and without PAA

20 watchOS 8 Apple Watch Series S4 Apple S Series S4 With and without PAA

21 watchOS 8 Apple Watch Series S5 Apple S Series S5 With and without PAA

22 watchOS 8 Apple Watch Series S6 Apple S Series S6 With and without PAA

23 watchOS 8 Apple Watch Series S7 Apple S Series S7 With and without PAA

24 tvOS 15 Apple TV 4K Apple A Series A10X Fusion With and without PAA

25 tvOS 15 Apple TV 4K (2nd generation) Apple A Series A12 Bionic With and without PAA

26 T2OS 12 Apple Security Chip T2 Apple T Series T2 With and without PAA

27 macOS 12 Monterey MacBook Pro (13-inch, M1, 2020) Apple M Series M1 With and without PAA

28 macOS 12 Monterey MacBook Pro 14-inch Apple M Series M1 Pro With and without PAA

29 macOS 12 Monterey MacBook Pro 16-inch Apple M Series M1 Max With and without PAA

Table 2 - Tested Operational Environments

2.2 Vendor-affirmed Operational Environments

# Operating System Hardware Platform

1 iPadOS 15 iPad Pro 12.9-inch
2 iPadOS 15 iPad (6th generation)

3 iPadOS 15 iPad Pro 12.9-inch (2nd generation)

4 iPadOS 15 iPad Air (3rd generation)

5 iPadOS 15 iPad (8th generation)

This document may be reproduced and distributed only in its original entirely without revision.

6 of 35
Page 7

# Operating System Hardware Platform

6 iPadOS 15 iPad Pro 12.9-inch (3rd generation)

7 iPadOS 15 iPad Pro 12.9-inch (4th generation)

8 iPadOS 15 iPad Pro 12.9-inch (5th generation)

9 iOS 15 iPhone SE
10 iOS 15 iPhone 6S Plus
11 iOS 15 iPhone 7
12 iOS 15 iPhone 8
13 iOS 15 iPhone 8 Plus
14 iOS 15 iPhone XS
15 iOS 15 iPhone XR
16 iOS 15 iPhone 11
17 iOS 15 iPhone 11 Pro Max

18 iOS 15 iPhone SE (2nd generation)

19 iOS 15 iPhone 12 mini
20 iOS 15 iPhone 12 Pro
21 iOS 15 iPhone 12 Pro Max
22 iOS 15 iPhone 13 mini
23 iOS 15 iPhone 13
24 iOS 15 iPhone 13 Pro
25 watchOS 8 Apple Watch SE
26 macOS 12 Monterey MacBook Air
27 macOS 12 Monterey Mac mini
28 macOS 12 Monterey iMac (24-inch)

Table 3 - Vendor Affirmed Operational Environments The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.

2.3 Modes of operation

The module operates in Approved and Non-Approved mode of operation. The mode is implicit and is based on the service utilized. The table below provides a summary of the implementation. Name Description Type Status Indicator Approved Approved mode of operation is entered when the Approved return a '1' from fips_allowed_mode() for block cipher mode module utilizes the services that use the security mode functions and fips_allowed() for all other services to indicate functions listed in the Table 5 and Table 6. the executed cryptographic algorithm was approved Non- Non-Approved mode of operation is entered Non- return a '0' from fips_allowed_mode() for block cipher Approved when the module utilizes non-approved security Approved functions and fips_allowed() for all other services to indicate mode functions in Table 7. mode the executed cryptographic algorithm was non-approved Table 4 - Modes of Operation

2.4 Vendor Affirmed Algorithms

Algorithm Algorithm Properties Use / Function CKG [SP800-133r2] Vendor affirmed Cryptographic key Generation for ECDSA key pair; FIPS 140-3 IG D.H and SP800-133r2 (asymmetric) section 4 example 1 Table 5 - Vendor Affirmed Algorithms This document may be reproduced and distributed only in its original entirely without revision.

7 of 35
Page 8
2.5 Approved Algorithms

The table below lists all Approved or Vendor-affirmed security functions of the module, including specific key size(s) employed for approved services, and implemented modes of operation. CAVP Cert. Algorithm and Mode / Method Description / Key Size(s) / Key Use / Function Standard Strength(s) A2793, A2865 AES CBC Key Size / Key Strength: 128, 192, 256 Symmetric Encryption (asm_arm) [FIPS 197] bits and Decryption [SP 800-38A] A2794, A2866 (c_asm) AES CBC Key Size / Key Strength: 128, 192, 256 Symmetric Encryption [FIPS 197] bits and Decryption [SP 800-38A] A2796, A2868 AES CCM Key Size / Key Strength: 128, 192, 256 Symmetric Encryption (vng_asm) [FIPS 197] bits and Decryption [SP 800-38A] [SP 800-38C] [SP 800-38D] A2793, A2865 AES CFB128 Key Size / Key Strength: 128, 192, 256 Symmetric Encryption (asm_arm) [FIPS 197] bits and Decryption [SP 800-38A] A2794, A2866 (c_asm) AES CFB128 Key Size / Key Strength: 128, 192, 256 Symmetric Encryption [FIPS 197] bits and Decryption [SP 800-38A] A2794, A2866 (c_asm) AES CFB8 Key Size / Key Strength: 128, 192, 256 Symmetric Encryption [FIPS 197] bits and Decryption [SP 800-38A] A2794, A2866 (c_asm) AES CTR Key Size / Key Strength: 128, 192, 256 Symmetric Encryption [FIPS 197] bits and Decryption [SP 800-38A] A2796, A2868 AES CTR Key Size / Key Strength: 128, 192, 256 Symmetric Encryption (vng_asm) [FIPS 197] bits and Decryption [SP 800-38A] [SP 800-38C] [SP 800-38D] A2793, A2865 AES ECB Key Size / Key Strength: 128, 192, 256 Symmetric Encryption (asm_arm) [FIPS 197] bits and Decryption [SP 800-38A] A2794, A2866 (c_asm) AES ECB Key Size / Key Strength: 128, 192, 256 Symmetric Encryption [FIPS 197] bits and Decryption [SP 800-38A] A2796, A2868 AES ECB Key Size / Key Strength: 128, 192, 256 Symmetric Encryption (vng_asm) [FIPS 197] bits and Decryption [SP 800-38A] This document may be reproduced and distributed only in its original entirely without revision.

8 of 35
Page 9

CAVP Cert. Algorithm and Mode / Method Description / Key Size(s) / Key Use / Function Standard Strength(s) A2796, A2868 AES GCM Key Size / Key Strength: 128, 192, 256 Symmetric Encryption (vng_asm) [FIPS 197] bits and Decryption [SP 800-38A] [SP 800-38C] [SP 800-38D] A2793, A2865 AES OFB Key Size / Key Strength: 128, 192, 256 Symmetric Encryption (asm_arm) [FIPS 197] bits and Decryption [SP 800-38A] A2794, A2866 (c_asm) AES OFB Key Size / Key Strength: 128, 192, 256 Symmetric Encryption [FIPS 197] bits and Decryption [SP 800-38A] A2793, A2865 AES XTS Key Size / Key Strength: 128, 256 bits Symmetric Encryption (asm_arm) [FIPS 197] and Decryption [SP 800-38E] A2794, A2866 (c_asm) KTS (AES) AES-KW Key Size / Key Strength: 128, 192, 256 Key Wrapping [SP 800-38F] bits A2794, A2866 (c_asm) DRBG CTR_DRBG: AES-128, Key Size / Key Strength: 128, 256 bits Random Number [SP800-90ARev1] AES-256 Derivation Function Enabled, No Generation Prediction Resistance A2796, A2868 DRBG CTR_DRBG: AES-128, Key Size / Key Strength: 128, 256 bits Random Number (vng_asm) [SP800-90ARev1] AES-256 Derivation Function Enabled, No Generation Prediction Resistance A2797, A2869 (vng_ltc) RSA PKCS#1 v1.5 and PKCS Key Size: 2048, 3072, 4096 bits Digital Signature [FIPS 186-4] PSS Key Strength: from 112 to 150 bits Generation A2797, A2869 (vng_ltc) RSA PKCS#1 v1.5 and PKCS Key Size: 1024 (legacy), 2048, 3072, Digital Signature [FIPS 186-4] PSS 4096 bits Verification Key Strength: from 80 to 150 bits A2797, A2869 (vng_ltc) ECDSA Key Pair Generation Curve: P-224, P-256, P-384, P-521 Asymmetric Key ANSI X9.62 (CKG) using method in Key Strength: from 112 to 256 bits Generation [FIPS 186-4] Section 4 example 1 of SP 800-133r2. [FIPS 186-4] Appendix B.4.2 Testing Candidates A2797, A2869 (vng_ltc) ECDSA N/A Curve: P-224, P-256, P-384, P-521 bits Asymmetric Key ANSI X9.62 Key Strength: from 112 to 256 bits Validation [FIPS 186-4] A2797, A2869 (vng_ltc) ECDSA SHA2-224, SHA2-256, Curve: P-224, P-256, P-384, P-521 bits Digital Signature ANSI X9.62 SHA2-384, SHA2-512 Key Strength: from 112 to 256 bits Generation [FIPS 186-4] A2797, A2869 (vng_ltc) ECDSA SHA1 (legacy), SHA2- Curve: P-224, P-256, P-384, P-521 bits Digital Signature ANSI X9.62 224, SHA2-256, SHA2- Key Strength: from 112 to 256 bits Verification [FIPS 186-4] 384, SHA2-512 A2797, A2869 (vng_ltc) SHS SHA-1 N/A Message Digest [FIPS 180-4] This document may be reproduced and distributed only in its original entirely without revision.

9 of 35
Page 10

CAVP Cert. Algorithm and Mode / Method Description / Key Size(s) / Key Use / Function Standard Strength(s) A2797, A2869 (vng_ltc) SHS SHA-224 N/A Message Digest [FIPS 180-4] A2797, A2869 (vng_ltc) SHS SHA-256 N/A Message Digest [FIPS 180-4] A2797, A2869 (vng_ltc) SHS SHA-384 N/A Message Digest [FIPS 180-4] A2797, A2869 (vng_ltc) SHS SHA-512 N/A Message Digest [FIPS 180-4] A2797, A2869 (vng_ltc) SHS SHA-512/256 N/A Message Digest [FIPS 180-4] A2795, A2867 (c_ltc) SHS SHA-384 N/A Message Digest [FIPS 180-4] A2795, A2867 (c_ltc) SHS SHA-512 N/A Message Digest [FIPS 180-4] A2795, A2867 (c_ltc) SHS SHA-512/256 N/A Message Digest [FIPS 180-4] A2798, A2870 SHS SHA-256 for all CPUs in N/A Message Digest (vng_neon) [FIPS 180-4] Table 2 except S3) A2797, A2869 (vng_ltc) HMAC SHA-1 Key Size: 128 - 262144 bits Message [FIPS 198] Key Strength: 128 bits authentication (MAC) A2797, A2869 (vng_ltc) HMAC SHA-224 Key Size: 224 - 262144 bits Message [FIPS 198] Key Strength: 224 bits authentication (MAC) A2797, A2869 (vng_ltc) HMAC SHA-256 Key Size: 256 - 262144 bits Message [FIPS 198] Key Strength: 256 bits authentication (MAC) A2797, A2869 (vng_ltc) HMAC SHA-384 Key Size: 384 - 262144 bits Message [FIPS 198] Key Strength: 384 bits authentication (MAC) A2797, A2869 (vng_ltc) HMAC SHA-512 Key Size: 512 - 262144 bits Message [FIPS 198] Key Strength: 512 bits authentication (MAC) A2797, A2869 (vng_ltc) HMAC SHA-512/256 Key Size: 512 - 262144 bits Message [FIPS 198] Key Strength: 256 bits authentication (MAC) A2795, A2867 (c_ltc) HMAC SHA-384 Key Size: 384 - 262144 bits Message [FIPS 198] Key Strength: 384 bits authentication (MAC) A2795, A2867 (c_ltc) HMAC SHA-512 Key Size: 512 - 262144 bits Message [FIPS 198] Key Strength: 512 bits authentication (MAC) A2795, A2867 (c_ltc) HMAC SHA-512/256 Key Size: 512 - 262144 bits Message [FIPS 198] Key Strength: 256 bits authentication (MAC) A2798, A2870 HMAC SHA-256 (for all CPUs Key Size: 256 - 262144 bits Message (vng_neon) [FIPS 198] in Table 2 except S3) Key Strength: 256 bits authentication (MAC) Table 6 - Approved Algorithms This document may be reproduced and distributed only in its original entirely without revision.

10 of 35
Page 11
2.6 Non-Approved Algorithms Allowed in the Approved Mode of Operation

There are no non-Approved but “Allowed functions” with security claimed algorithms in approved mode.

2.7 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No

Security Claimed There are no non-Approved Allowed functions with no security claimed algorithms in approved mode.

2.8 Non-Approved Algorithms Not Allowed in the Approved Mode of Operation

The table below lists the non-Approved algorithms and security functions that are used in the non-Approved mode of operation: Algorithm/Functions Use / Function RSA Signature Generation PKCS#1 v1.5 and PSS Signature Generation Key Size < 2048 RSA Signature Verification PKCS#1 v1.5 and PSS Signature Verification Key Size < 1024 RSA Key Wrapping OAEP, PKCS#1 v1.5 and -PSS schemes Ed25519 Key Agreement Key Generation Signature Generation Signature Verification ANSI X9.63 KDF Hash based Key Derivation Function RFC6637 Key Derivation Function HKDF [SP800-56C] Key Derivation Function DES Encryption / Decryption Key Size 56-bits CAST5 Encryption / Decryption Key Sizes 40 to 128-bits in 8-bit increments AES-GCM using external IV Authenticated Encryption / Decryption RC4 Encryption / Decryption Key Sizes 8 to 4096-bits RC2 Encryption / Decryption Key Sizes 8 to 1024-bits MD2 Message Digest Digest size 128-bit MD4 Message Digest Digest size 128-bit MD5 Message Digest Digest size 128-bit RIPEMD Message Digest Digest size 160-bits ECDSA PKG: Curve P-192 with security strength of 96 bits PKV: Curve P-192 Signature Generation: Curve P-192 Signature Verification: Curve P-192 Key Pair Generation for compact point representation of points Integrated Encryption Scheme on elliptic curves (ECIES) Hybrid Encryption scheme Blowfish Encryption / Decryption OMAC (One-Key CBC MAC) MAC generation / verification This document may be reproduced and distributed only in its original entirely without revision.

11 of 35
Page 12

Algorithm/Functions Use / Function Triple-DES [SP 800-67] Encryption/Decryption with modes CBC, ECB Table 7 - Non-Approved Algorithms Not Allowed in the Approved Mode of Operation

2.9 Module components

Package/File Names Software Version Integrity Test Implemented corecrypto-1217.40.11 12.0 HMAC-SHA-256 Table 8 - Executable Code Sets The module cryptographic boundary is delineated by the dotted green rectangle in the Figure

  1. The Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1] executes within the kernel space of the computing platforms and operating systems listed in Table 2 - Tested Operational Environments. In the block diagram below, the Kernel Extension (KEXT) is a bundle that performs low-level tasks. KEXTs run in kernel space, which gives them elevated privileges and the ability to perform tasks that user-space apps can’t. The tested operational environment’s physical perimeter (TOEPP) is represented by the most exterior black line in the block diagram Figure
  2. Figure 1 - Block diagram This document may be reproduced and distributed only in its original entirely without revision.
12 of 35
Page 13
3 Cryptographic Module Interfaces

The underlying logical interfaces of the module are the C language Kernel Interfaces (KPIs). In detail these interfaces are described in (Table 9 ): Physical Ports Logical Interface1 Data that passes over port/interface As a software-only Data Input Data inputs are provided in the variables passed in the KPI and callable service module, the module does invocations, generally through caller-supplied buffers not have physical ports. Data Output Data outputs are provided in the variables passed in the KPI and callable service Physical Ports are invocations, generally through caller-supplied buffers interpreted to be the Control Input Control inputs which control the mode of the module are provided through dedicated physical ports of the parameters, namely the kernel module plist whose information is supplied to the module hardware platform on by the kernel module loader. which it runs Status Output Status output is provided in return codes and through messages. Documentation for each KPI lists possible return codes. A complete list of all return codes returned by the C language KPIs within the module is provided in the header files and the KPI documentation. Messages are also documented in the KPI documentation. Table 9 - Ports and Interfaces The module is optimized for library use within the Device OS kernel space and does not contain any terminating assertions or exceptions. It is implemented as a Device OS dynamically loadable library. The dynamically loadable library is loaded into the Device OS kernel and its cryptographic functions are made available to Device OS kernel services only. Any internal error detected by the module is returned to the caller with an appropriate return code. The calling Device OS kernel service must examine the return code and act accordingly. The module communicates any error status synchronously through the use of its documented return codes, thus indicating the module’s status. Caller-induced or internal errors do not reveal any sensitive material to callers. The module does not implement a Control Output Logical Interface This document may be reproduced and distributed only in its original entirely without revision.

13 of 35
Page 14
4 Roles, services, and authentication
4.1 Roles

The module supports a single instance of one authorized role: The Crypto Officer. No support is provided for multiple concurrent operators. Name Type Operator Type Authentication Method Crypto Officer Role CO Implicit Table 10 - Roles

4.2 Authentication

FIPS 140-3 does not require an authentication mechanism for level 1 modules. Therefore, the module does not support an authentication mechanism for Crypto Officer. The Crypto Officer role is authorized to access all services provided by the module (see Table 12 - Approved Services and Table 13 - Non-Approved Services below).

4.3 Services

Name Type Description SF Properties Algorithm Properties KTS KTS SP 800-38F, IG D.G. AES Key 128, 192, and 256-bit AES keys providing AES-KW/ A2794, A2866 Wrapping and Unwrapping 128, 192, or 256 bits of encryption strength Table 11 - Security Function Implementations The module implements a dedicated KPI function to indicate if a requested service utilizes an approved security function. For services listed in Table 12 - Approved Services, the indicator function returns 1 to indicate that the security function is approved. Name Description Indicator Inputs Outputs Approved Security Roles Access Functions rights to Keys and/ or SSPs Symmetric Executes AES- 1 AES key, plaintext data ciphertext data AES-CBC, AES-CCM, CO W, E Encryption mode encrypt AES-CFB128, AESoperation CFB8, AES-CTR, AESECB, AES-GCM, AESOFB, AES-XTS Symmetric Executes AES- 1 AES key, ciphertext plaintext data AES-CBC, AES-CCM, CO W, E Decryption mode decrypt data AES-CFB128, AESoperation CFB8, AES-CTR, AESECB, AES-GCM, AESOFB, AES-XTS This document may be reproduced and distributed only in its original entirely without revision.

14 of 35
Page 15

Name Description Indicator Inputs Outputs Approved Security Roles Access Functions rights to Keys and/ or SSPs AES Key Wrapping Executes AES- 1 AES key wrapping key, wrapped key AES-KW CO W, E key wrapping unwrapped key operation AES Key Executes AES- 1 AES key wrapping key, unwrapped key AES-KW CO W, E Unwrapping key unwrapping wrapped key operation Message Digest Generate a 1 Message message digest SHA-1, SHA-224, SHA- CO N/A Generation digest for the 256, SHA-384, SHArequested 512, SHA-512/256 algorithm Message Generate a 1 HMAC key, MAC MAC HMAC-SHA-1, HMAC- CO W, E Authentication Message algorithm, message SHA-224, HMAC-SHACode (MAC) Authentication 256, HMAC-SHA-384, Generation Code HMAC-SHA-512, HMAC-SHA-512/256 Signature Sign a message 1 RSA private key, computed signature RSA SigGen CO W, E generation (RSA) with a specified message, hash RSA private key algorithm Signature Verify the 1 RSA public key, digital pass/fail result of RSA SigVer CO W, E verification (RSA) signature of a signature, message, digital signature message with a hash algorithm verification specified RSA public key Signature Sign a message 1 ECDSA private key, computed signature ECDSA SigGen CO W, E generation (ECDSA) with a specified message, hash ECDSA private algorithm key Signature Verify the 1 ECDSA public key, pass/fail result of ECDSA SigVer CO W, E verification (ECDSA) signature of a digital signature, digital signature message with a message, hash verification specified ECDSA algorithm public key Random number Generate 1 Output length Random bit-string CTR_DRBG (Entropy CO E/ G, W, E generation Random number Input, DRBG seed, / G, W, E Internal state V value and key) key pair generation Generate a 1 key size ECDSA Key Pair ECDSA KeyGen, CKG CO G, R (ECDSA) keypair for a requested elliptic curve Public key Verify a public 1 ECDSA public key pass/fail result of key ECDSA KeyVer CO E, W validation (ECDSA) key for a pair verification requested elliptic curve Zeroization Release all 1 N/A N/A N/A CO Z resources of symmetric crypto function context This document may be reproduced and distributed only in its original entirely without revision.

15 of 35
Page 16

Name Description Indicator Inputs Outputs Approved Security Roles Access Functions rights to Keys and/ or SSPs Release all 1 N/A N/A N/A CO Z resources of hash context Release of all 1 N/A N/A N/A CO Z resources of asymmetric crypto function context Self-test Execute the 1 None pass/fail results of self- Algorithms listed in CO N/A CASTs tests table Conditional selftest Show Status Return the None None status output N/A CO N/A module status Show Module Info Return Module None None name and version N/A CO N/A Base Name and information Module Version Number Table 12 - Approved Services The abbreviations of the access rights to keys and SSPs have the following interpretation: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. N/A= The service does not access any SSP during its operation Service Description Algorithms Accessed Role Triple-DES encryption / decryption TDES-CBC, TDES-ECB Triple-DES CO RSA Key Wrapping The CAST does not perform the full KTS, only the raw RSA RSA encrypt/decrypt CO encrypt/ decrypt. RSA Signature Generation RSA Signature Generation CO PKCS#1 v1.5 and PSS Signature Generation Key Size < 2048 RSA Signature Verification RSA Signature Verification CO PKCS#1 v1.5 and PSS Signature Verification Key Size < 1024 ECDSA Key-pair Generation (PKG) ECDSA PKG and PKV using curve P-192 ECDSA Key Generation, CO and ECDSA Key Validation (PKV) ECDSA Key Validation ECDSA Signature Generation ECDSA Signature Generation using curve P-192 ECDSA Signature Generation CO ECDSA Signature Verification ECDSA Signature Verification using curve P-192 ECDSA Signature Verification CO This document may be reproduced and distributed only in its original entirely without revision.

16 of 35
Page 17

Service Description Algorithms Accessed Role ECDSA Key Pair Generation for Key Pair Generation for compact point representation of ECDSA Key Generation CO compact point representation of points points Ed25519 Key Generation Ed25519 Key Generation Ed25519 Key Generation CO Ed25519 Signature Generation EdDSA Signature Generation over Curve25519 Ed25519 Sig Generation CO Ed25519 Signature Verification EdDSA Signature Verification over Curve25519 Ed25519 Sig Verification CO Ed25519 Key Agreement Ed25519 Key Agreement Ed25519 Key Agreement CO ECIES Elliptic Curve encrypt ECIES Encrypt CO ANSI X9.63 Key Derivation SHA-1 hash-based key derivation function SHA-1 CO SP800-56C Key Derivation (HKDF) SHA-256 hash-based key derivation function SHA-256 CO RFC 6637 Key Derivation SHA hash based key derivation function SHA-256, SHA-512, AES-128, CO AES-256 OMAC Message Authentication One-Key CBC MAC using 128-bit key OMAC CO Code Generation and Verification Message digest generation. Message digest generation using non-approved algorithms MD2, MD4, MD5, RIPEMD CO Authenticated Encryption / Encrypt a plaintext / Decrypt a ciphertext AES-GCM using external IV CO decryption (other) symmetric encryption / symmetric encryption / decryption using non-approved Blowfish, CAST5, DES, RC2, RC4 CO decryption algorithms Table 13 - Non-Approved Services This document may be reproduced and distributed only in its original entirely without revision.

17 of 35
Page 18
5 Software/Firmware security
5.1 Integrity Techniques

The Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1], which is made up of a single component, is provided in the form of binary executable code. A software integrity test is performed on the runtime image of the module. The HMAC-SHA256 implemented in the module is used as the approved algorithm for the integrity test. If the test fails, the module enters an error state where no cryptographic services are provided, and data output is prohibited i.e., the module is not operational.

5.2 On-Demand Integrity Test

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. Integrity test on demand is performed by power-cycling the computing platform . This document may be reproduced and distributed only in its original entirely without revision.

18 of 35
Page 19
6 Operational Environment

The Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1] operates in a modifiable operational environment per FIPS 140-3 level 1 specifications. The module is supplied as part of Device OS, a commercially available general-purpose operating system executing on the computing platforms specified in section 2. This document may be reproduced and distributed only in its original entirely without revision.

19 of 35
Page 20
7 Physical Security

The FIPS 140-3 physical security requirements do not apply to the Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1], since it is a software module. This document may be reproduced and distributed only in its original entirely without revision.

20 of 35
Page 21
8 Non-invasive Security

Currently, the ISO/IEC 19790:2012 non-invasive security area is not required by FIPS 140-3 (see NIST SP 800140F). The requirements of this area are not applicable to the module. This document may be reproduced and distributed only in its original entirely without revision.

21 of 35
Page 22
9 Sensitive Security Parameter Management

The following table summarizes the keys and Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module: Key/ SSP Strength Security Generation Impor Estab Storage Zeroisation Use and Name / Function and t/ lishm related Type Cert. Number Export ent keys AES Key / 128 to 256 AES-CBC (A2792, N/A Import N/A RAM Automatic Use: CSP bits A2794, A2865, from zeroisation when Symmetric A2866) calling structure is Encryption AES-CCM (A2796, applicat deallocated or and A2868) ion when the system Decryption AES-CFB128 No is powered down Related (A2793, A2794, Export keys: N/A A2865, A2866) AES-CFB8 (A27494, A2866) AES-CTR (A2794, A2796, A2866, A2868) AES-ECB (A2793, A2794, A2796, A2865, A2866, A2868) AES-GCM (A2796, A2868) AES-OFB (A2794, A2866) AES-XTS (A2793, A2865) AES Key- 128 to 256 AES-KW N/A Import N/A RAM Automatic Use: Key wrapping key bits (A2794, A2866) from zeroisation when Wrapping / CSP calling structure is Related applicat deallocated or keys: N/A ion when the system No is powered down Export HMAC Key / 128-256 HMAC-SHA-1, N/A Import N/A RAM Automatic Use: CSP bits HMAC-SHA-224, from zeroisation when Message HMAC-SHA-256, calling structure is authenticati HMAC-SHA-384, applicat deallocated or on code HMAC-SHA-512, ion when the system generation HMAC-SHA- No is powered down (HMAC) 512/256 Export Related (A2797, A2869, keys: N/A A2795, A2867, A2798, A2870) ECDSA public 112 to 256 ECDSA KeyGen The key pairs Import N/A RAM Automatic Use: Digital key bits (A2797, A2869) are generated and zeroisation when Signature (including conformant to Export structure is verification intermediate SP800-133r2 to deallocated or Related keygen (CKG) using calling when the system keys: DRBG values) PSP FIPS186-4 Key applicat is powered internal This document may be reproduced and distributed only in its original entirely without revision.

22 of 35
Page 23

Key/ SSP Strength Security Generation Impor Estab Storage Zeroisation Use and Name / Function and t/ lishm related Type Cert. Number Export ent keys Generation ion. down. state, method, and Interme Intermediate ECDSA the random diate keygen values private key ECDSA value used in keygen are zeroized Use: Digital private key the key values before the Signature (including generation is are not module returns generation intermediate generated output. from the key Related keygen using SP800- generation keys: DRBG values) CSP 90ARev1 function. internal DRBG state, ECDSA public key RSA public 112 to 150 RSA SigGen, N/A Import N/A RAM Automatic Use: Digital key / PSP bits RSA SigVer from zeroisation when Signature (A2797, A2869) calling structure is verification applicat deallocated or Related ion when the system keys: DRBG No is powered internal Export. down. state, RSA private key RSA private Use: Digital key / CSP Signature generation Related keys: DRBG internal state, RSA public key DRBG 256 bits Random Number Obtained from N/A N/A RAM When the system Use Entropy Generation two entropy is powered down Random Input / CSP E14, E15 (see PUD sources Number (IG D.L) referenced in Generation section 11.2) Related keys: DRBG seed DRBG Seed / 256 bits CTR_DRBG Derived from N/A N/A RAM When the system Use CSP (IG D.L) (A2797, A2869, entropy input is powered down Random A2796, A2868, string as Number A2795, A2867, defined by Generation A2794, A2866) SP800- Related 90ARev1 keys: DRBG entropy input, DRBG internal state DRBG 256 bits CTR_DRBG Derived from N/A N/A RAM When the system Use: internal state: (A2797, A2869, seed as is powered down Random V value and A2796, A2868, defined by Number Key / CSP (IG A2795, A2867, SP800- Generation D.L) A2794, A2866) 90Arev1 Related keys: DRBG seed This document may be reproduced and distributed only in its original entirely without revision.

23 of 35
Page 24
9.1 Random Number Generation

A NIST approved deterministic random bit generator based on a block cipher as specified in NIST [SP 80090ARev1] is used. The DRBG is a CTR_DRBG using AES-256 with derivation function and without prediction resistance. The random numbers used for key generation are all generated by CTR_DRBG in this module. Per section 10.2.1.1 of [SP 800-90ARev1], the internal state of CTR_DRBG is the value V and Key. The module performs DRBG health tests according to section 11.3 of [SP800-90Arev1]. The module also performs DRBG health tests according to section 11.3 of [SP800-90ARev1]. No non-DRBG functions or instances are able to access the DRBG internal state The deterministic random bit generators are seeded by “read_random”. The read_random is the kernel space interface. Two entropy sources (one non-physical entropy source and one physical entropy source) residing within the TOEPP provide the random bits. The output of entropy pool provides 256-bits of entropy to seed and reseed SP800-90ARev1 DRBG during initialization (seed) and reseeding (reseed). Name Minimum number of Conditioning Components (CAVP number if bits of entropy vetted) ESV Cert #E14: 256 bits The entropy source consists of twenty-four Free Ring Apple corecrypto physical entropy Oscillator (FROs) with a vetted conditioning function SHAsource 256 (ACVP cert. # C1223) ESV Cert #E15: 256 bits The non-physical entropy source is based upon interrupt Apple corecrypto non-physical timings with a vetted conditioning function SHA-256 (ACVP entropy source certs. # A2797, A2869 Table 15

9.2 Key/SSP Generation

The module generates Keys and SSPs in accordance with FIPS 140-3 IG D.H. The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric (ECDSA) keys as per [SP800-133r2] section 4 example 1 (vendor affirmed), compliant with [FIPS186-4], and using DRBG compliant with [SP800-90ARev1]. A seed (i.e., the random value) used in asymmetric key generation is obtained from [SP800-90ARev1] DRBG. The key generation service for ECDSA as well as the [SP 800-90ARev1] DRBG have been ACVT tested with algorithm certificates found in Table 6.

9.3 Keys/SSPs Establishment

The module provides the following key/SSP establishment services in the Approved mode:

9.4 Keys/SSPs Import/Export

All keys and SSPs that are entered from, or output to module, are entered from or output to the invoking application running on the same device. Keys/ SSPs entered into the module are electronically entered in plain text form. The module only outputs ECDSA keys in plain text form when key generation service is requested by the calling application. This document may be reproduced and distributed only in its original entirely without revision.

24 of 35
Page 25
9.5 Keys/SSPs Storage

Name Description Persistence Type RAM The module stores ephemeral keys/SSPs in RAM provided by the operational dynamic environment. They are received for use or generated by the module only at the command of the calling application. The operating system protects all keys/SSPs through the memory separation and protection mechanisms. No process other than the module itself can access the keys/SSPs in its process’ memory. Table 16 - Storage Areas

9.6 Keys/SSPs Zeroization

Keys and SSPs are explicitly zeroised when the appropriate context object is destroyed or when the system is powered down. Input and output interfaces are inhibited while zeroisation is performed. This document may be reproduced and distributed only in its original entirely without revision.

25 of 35
Page 26
10 Self-tests

While the module is executing the self-tests, services are not available, and input and output are inhibited. If the test fails either pre-operational and conditional self-tests, the module reports an error message indicating the cause of the failure and enters the Error State (See section 10.3). The module permits operators to initiate the pre-operational and conditional self-tests on demand and periodic testing of the module by rebooting the system (i.e., power-cycling).

10.1 Pre-operational Software Integrity Test

The module performs a pre-operational software integrity test automatically when the module is loaded into memory (i.e., at power on) before the module transitions to the operational state. A software integrity test is performed on the runtime image of the Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1] with HMAC-SHA256 which is an approved integrity technique. Prior to using HMAC-SHA-256, a Conditional Cryptographic Algorithm Self-Tests (CASTs) is performed. Algorithm Test Properties Test Method Type Indicator Details HMAC-SHA-256 112-bit key Message Softwar Module The HMAC value of the runtime image is Authentication e successful recalculated and compared with the stored Integrity execution HMAC value pre-computed at compilation time Table 17

10.2 Conditional Self-Tests

10.2.1Conditional Cryptographic Algorithm Self-Tests In addition to the pre-operational software integrity test described in Section 10.1, the module runs the CASTs for all cryptographic functions of each approved cryptographic algorithm implemented by the module each time the module starts. Algorithm Test Properties Test Method Type Indicator Details Condition AES-CBC 128-bit key KAT CAST Module Encryption Test runs at Power-on AES-XTS becomes before the integrity AES-ECB operational test AES-CBC 128-bit key KAT CAST Module Decryption Test runs at Power-on AES-ECB becomes before the integrity operational test AES-CCM 128-bit key KAT CAST Module Authenticated encryption Test runs at Power-on becomes before the integrity operational test AES-CCM 128-bit key KAT CAST Module Authenticated decryption Test runs at Power-on AES-GCM becomes before the integrity operational test CTR_DRBG AES 128-bit key KAT CAST Module KAT and Health test per Test runs at Power-on becomes SP800-90Arev1 section before the integrity This document may be reproduced and distributed only in its original entirely without revision.

26 of 35
Page 27

Algorithm Test Properties Test Method Type Indicator Details Condition operational 11.3 test HMAC-SHA256 SHA2-256 KAT CAST Module CAST is performed prior to Test runs at Power-on becomes module’s pre-operational before the integrity operational software integrity test test HMAC-SHA-1 SHA-1 KAT CAST Module MAC Test runs at Power-on becomes before the integrity operational test HMAC-SHA-512 SHA-512 KAT CAST Module MAC Test runs at Power-on becomes before the integrity operational test SHA-1 CAST is covered by KAT CAST Module Message digest Test runs at Power-on SHA-256 higher level HMAC KAT becomes before the integrity SHA-512 per IG 10.3.B operational test RSA Signature 2048-bit modulus with KAT CAST Module Sign Test runs at Power-on Generation SHA-256 becomes before the integrity operational test RSA Signature 2048-bit modulus with KAT CAST Module Verify Test runs at Power-on Verification SHA-256 becomes before the integrity operational test ECDSA Signature P-224 curve with SHA- KAT CAST Module Sign Test runs at Power-on Generation 224 becomes before the integrity operational test ECDSA Signature P-224 curve with SHA- KAT CAST Module Verify Test runs at Power-on Verification 224 becomes before the integrity operational test Table 18 - Self-Tests 10.2.2Conditional Pairwise Consistency Test The Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1] generates ECDSA asymmetric key pairs and performs a pair-wise consistency tests on the newly generated key pairs.

10.3 Error States

If any of the self-tests described in Sections 10.1, 10.2.1 or 10.2.2 fail, the module reports the cause of the error and enters an error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to power cycle the device which results in the module being reloaded into memory and reperforming the pre-operational test and the Conditional algorithm self-tests. The module will only enter into the operational state after successfully passing the pre-operational self-test and the conditional self-tests. This document may be reproduced and distributed only in its original entirely without revision.

27 of 35
Page 28

State Description Conditions Recovery Indicator Name Method Error State The HMAC-SHA-256 value Pre-operational module reset Error message “FAILED: fipspost_post_integrity” computed over the module did not Software Integrity is sent to the caller match the pre-computed value Test failure Error State The computed value in the Conditional CAST module reset Error message “FAILED:<event>” is sent to the invoked Conditional CAST did not failure caller match the known value (<event> refers to any of the cryptographic functions listed in Table 18 - Self-Tests.) Error State The signature failed to verify Conditional PCT module reset Error message successfully in the Conditional PCT. failure “CCEC_GENERATE_KEY_CONSISTENCY” returned for ECDSA Key Generation Table 19- Error states This document may be reproduced and distributed only in its original entirely without revision.

28 of 35
Page 29
11 Life-cycle assurance
11.1 Delivery and Operation

The module is built into DeviceOS defined in section 2 and delivered with Device OS. There is no standalone delivery of the module as a software library. The vendor’s internal development process guarantees that the correct version of module goes with its intended Device OS version. For additional assurance, the module is digitally signed by vendor, and it is verified during the integration into Device OS. This digital signature-based integrity protection during the delivery/integration process is not to be confused with the HMAC-256 based integrity check performed by the module itself as part of its pre-operational self-tests.

11.2 Administrator Guidance

The Approved mode of operation is configured in the system by default and can only be transitioned into the non-Approved mode by calling one of the non-Approved services listed in Table 13 - Non-Approved Services. If the device starts up successfully, then the module has passed all self-tests and is operating in the Approved mode. The ESV Public Use Document (PUD) reference for physical entropy source is: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validationprogram/documents/entropy/E14_PublicUse.pdf The ESV Public Use Document (PUD) reference for non-physical entropy source is: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validationprogram/documents/entropy/E15_PublicUse.pdf Apple Platform Certifications guide [platform certifications] and Apple Platform Security guide [SEC] are provided by Apple which offers IT System Administrators with the necessary technical information to ensure FIPS 140-3 Compliance of the deployed systems. This guide walks the reader through the system’s assertion of cryptographic module integrity and the steps necessary if module integrity requires remediation.

11.3 Non-Administrator Guidance
11.4 Design and Rules

The Crypto Officer shall consider the following requirements and restrictions when using the module: o AES-GCM internal IV is constructed in compliance with IG C.H scenario

  1. The GCM IV generation follows RFC 4106 and shall only be used for the IPsec protocol version
  2. When the IV in RFC 4106 exhausts the maximum number of possible values for a given security association, either party to the security association that encounters this condition triggers a rekeying with IKEv2 to establish a new encryption key for the security association. The module uses RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED from which the AES-GCM encryption keys are derived. In case the module’s power is lost and then restored, the key used for the AES GCM encryption/decryption shall be re-distributed. This condition is not enforced by the module. This protocol has not been reviewed or tested by the CAVP and CMVP. This document may be reproduced and distributed only in its original entirely without revision.
29 of 35
Page 30
11.5 End of Life

The module secure sanitization is accomplished by first powering the module down, which will zeroize all SSPs within volatile memory. Following the power-down, an uninstall by way of system wipe or system update will zeroize the binary file listed in section 2.9. This document may be reproduced and distributed only in its original entirely without revision.

30 of 35
Page 31
12 Mitigation of other attacks

The module does not claim mitigation of other attacks. This document may be reproduced and distributed only in its original entirely without revision.

31 of 35
Page 32

Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard CAVP Cryptographic Algorithm Validation Program CAST Cryptographic Algorithm Self-Test CAST5 A symmetric-key 64-bit block cipher with 128-bit key CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter Mode DRBG Deterministic Random Bit Generator ECB Electronic Code Book ESVP Entropy Source Validation Program FIPS Federal Information Processing Standards Publication GCM Galois Counter Mode HMAC Hash Message Authentication Code KAT Known Answer Test KDF Key Derivation Function KEXT Kernel Extension KW AES Key Wrap MAC Message Authentication Code KPI Kernel Programming Interface NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PKG Key-Pair Generation PKV Public Key Validation PSS Probabilistic Signature Scheme PUD Public Use Document RSA Rivest, Shamir, Addleman SHA Secure Hash Algorithm SHS Secure Hash Standard TOEPP Tested Operational Environment Physical Perimeter XTS XEX-based Tweaked-codebook mode with cipher text Stealing This document may be reproduced and distributed only in its original entirely without revision.

32 of 35
Page 33

Appendix B. References FIPS140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 SP 800-140x CMVP FIPS 140-3 Related Reference https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-standards FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program August 2023 https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements FIPS140-3_MM CMVP FIPS 140-3 Draft Management Manual https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%201403/Draft%20FIPS-140-3-CMVP%20Management%20Manual%2009-18-2020.pdf SP 800-140 FIPS 140-3 Derived Test Requirements (DTR) https://csrc.nist.gov/publications/detail/sp/800-140/final SP 800-140A CMVP Documentation Requirements https://csrc.nist.gov/publications/detail/sp/800-140a/final SP 800-140B CMVP Security Policy Requirements https://csrc.nist.gov/publications/detail/sp/800-140b/final SP 800-140C CMVP Approved Security Functions https://csrc.nist.gov/publications/detail/sp/800-140c/final SP 800-140D CMVP Approved Sensitive Security Parameter Generation and Establishment Methods https://csrc.nist.gov/publications/detail/sp/800-140d/final SP 800-140E CMVP Approved Authentication Mechanisms https://csrc.nist.gov/publications/detail/sp/800-140e/final SP 800-140F CMVP Approved Non-Invasive Attack Mitigation Test Metrics https://csrc.nist.gov/publications/detail/sp/800140f/final FIPS180-4 Secure Hash Standard (SHS) March 2012 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS186-4 Digital Signature Standard (DSS) July 2013 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS197 Advanced Encryption Standard November 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 http://www.ietf.org/rfc/rfc3447.txt RFC3394 Advanced Encryption Standard (AES) Key Wrap Algorithm September 2002 http://www.ietf.org/rfc/rfc3394.txt This document may be reproduced and distributed only in its original entirely without revision.

33 of 35
Page 34

RFC5649 Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm September 2009 http://www.ietf.org/rfc/rfc5649.txt SP800-38A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP800-38C NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP800-38E NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf SP800-38F NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf SP800-56Cr2 Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf SP800-57 NIST Special Publication 800-57 Part 1 Revision 5 - Recommendation for Key Management Part 1: General May 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf SP800-67 NIST Special Publication 800-67 Revision 1 - Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher January 2012 http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf SP800-90Ar1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP800-90B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP800-108 NIST Special Publication 800-108r1 - Recommendation for Key Derivation Using Pseudorandom Functions Aug 2022 https://doi.org/10.6028/NIST.SP.800-108r1 SP800-131Ar2 Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf SP800-133r2 Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf This document may be reproduced and distributed only in its original entirely without revision.

34 of 35
Page 35

SP800-135 NIST Special Publication 800-135 Revision 1 - Recommendation for Existing Application-Specific Key Derivation Functions December 2011 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf SEC Apple Platform Security https://support.apple.com/guide/security/welcome/web https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf platform certifications Apple Platform Certifications https://support.apple.com/guide/certifications/welcome/web This document may be reproduced and distributed only in its original entirely without revision.

35 of 35