All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Motorola Solutions Cryptographic Software Module

Certificate#4871StandardFIPS 140-3Level1TypeSoftware-hybridEmbodimentMulti-Chip Stand AloneStatusActiveVendorMotorola Solutions, Inc.
Medium review priority  ·  no TCB surface named  ·  last validated 20 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware-hybrid
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date11/6/2029
CaveatInterim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g. keys).
VendorMotorola Solutions, Inc.
Hardware versionsIntel Core i7-8700 (6 core), Intel i5-12600

Approved Algorithms (17)

AlgorithmACVP Cert
AES-CBCA3497
AES-ECBA3497
AES-GCMA3497
AES-KWA3497
AES-OFBA3497
Counter DRBGA3497
ECDSA KeyGen (FIPS186-4)A3497
ECDSA SigGen (FIPS186-4)A3497
ECDSA SigVer (FIPS186-4)A3497
HMAC-SHA2-256A3497
HMAC-SHA2-384A3497
HMAC-SHA2-512A3497
KAS-ECC Sp800-56Ar3A3497
PBKDFA3497
SHA2-256A3497
SHA2-384A3497
SHA2-512A3497

Security Levels (Table 1)

Requirement areaLevel
Self-Tests1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Motorola Solutions Cryptographic Software Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-Test</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C3,C5,C6 clue;
  class I3,I5,I6 infer;
  class R3,R5,R6 risk;
  class E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Motorola Solutions Cryptographic Software Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-Test</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Motorola Solutions Cryptographic Software Module Software Version: R01.15.00 Running on Intel Core i7-8700 or Intel i5-12600 Document Version: 1.0 Date: October 16, 2024 Prepared by: www.acumensecurity.net Motorola Solutions, Inc. © 2024 Version 1.0 Public Material

Page 2

Introduction Federal Information Processing Standards Publication 140-3

Page 3
Table of Contents
#SectionPage
Introduction2
Disclaimer2
Notices2
1General4
2Cryptographic Module Specification5
2.1Modes of Operation6
2.2Cryptographic Functionality6
2.3Module Description and Cryptographic Boundary8
2.4Security Rules and Guidance9
3Cryptographic Module Interfaces9
4Roles, Services, and Authentication10
5Software/Firmware Security14
6Operational Environment14
7Physical Security14
8Non-invasive Security14
9Sensitive Security Parameter Management15
10Self-Tests18
10.1Automatic Self-Test18
10.2User Initiated Self-test18
11Life-cycle Assurance19
12Mitigation of Other Attacks19
References and Definitions20
Page 4
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication1
55Software/Firmware security1
66Operational environment1
77Physical security1
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacksN/A

1. This document defines the cryptographic module security policy for the Motorola Solutions Cryptographic Software Module (Software version: R01.15.00 running on Intel Core i7-8700 or Intel i5-12600), also referred to as the “module” hereafter. It contains specification of the security rules, under which the cryptographic module operates, including the security rules derived from the requirements of the FIPS 140-3 standard. The module is a software-hybrid based cryptographic module that runs on a general-purpose computing platform that supports processor algorithm acceleration. The module is classified as a multi-chip standalone module embodiment. The module provides approved cryptographic functionalities via an Application Programming Interface (API) to the application layer. The following table lists the level of validation for each area in FIPS 140-3: N/A N/A Table 1

Page 5
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1Windows 10 EnterpriseMotorola Command Central HUBIntel Core i7- 8700 (6 core)Yes1
2Windows 10 EnterpriseHP Z2 Mini G9 WorkstationIntel i5-12600Yes2
1Microsoft Windows 7 and 10 Professional1HP ZBook 15 G3 Mobile Workstation, Intel Core i7 with AES-NI
2Red Hat OpenShift 3 on Red Hat UBI 72HP DL20 Gen10 server, Intel(R) Xeon(R) E-2236 CPU with AES-NI
3Red Hat OpenShift 4 on Red Hat UBI 83HP DL160 Gen 10 Server, Intel(R) Xeon(R)-S 4215R CPU with AES-NI
4Red Hat OpenShift 4 on Red Hat UBI 84HPE ProLiant DL20 Gen10 server, Intel(R) Xeon(R) E-2236 CPU with AES-NI
5Microsoft Windows 10 IoT Enterprise LTSB 2016 64bit5HP ZBook 15u G4 Mobile Workstation, Intel® Core i7 CPU with AES-NI
6Microsoft Windows 10 IoT Enterprise LTSC 2019 64bitHP ZBook 15u G5 Mobile6
7Microsoft Windows 10 IoT Enterprise LTSC 2019 64bitHP ZBook 15u G6 Mobile7
8Microsoft Windows 10 IoT Enterprise LTSC 2019 64bitHP ZBook Fury 15 G7 Mobile8
9Microsoft Windows 10 IoT Enterprise LTSB 2016 64bitHP Z440 Workstation, Intel9HP Z440 Workstation, Intel Xeon E5-1603v3 CPU with AES- NI
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1Windows 10 EnterpriseMotorola Command Central HUBIntel Core i7- 8700 (6 core)Yes1
2Windows 10 EnterpriseHP Z2 Mini G9 WorkstationIntel i5-12600Yes2
1Microsoft Windows 7 and 10 Professional1HP ZBook 15 G3 Mobile Workstation, Intel Core i7 with AES-NI
2Red Hat OpenShift 3 on Red Hat UBI 72HP DL20 Gen10 server, Intel(R) Xeon(R) E-2236 CPU with AES-NI
3Red Hat OpenShift 4 on Red Hat UBI 83HP DL160 Gen 10 Server, Intel(R) Xeon(R)-S 4215R CPU with AES-NI
4Red Hat OpenShift 4 on Red Hat UBI 84HPE ProLiant DL20 Gen10 server, Intel(R) Xeon(R) E-2236 CPU with AES-NI
5Microsoft Windows 10 IoT Enterprise LTSB 2016 64bit5HP ZBook 15u G4 Mobile Workstation, Intel® Core i7 CPU with AES-NI
6Microsoft Windows 10 IoT Enterprise LTSC 2019 64bitHP ZBook 15u G5 Mobile6
7Microsoft Windows 10 IoT Enterprise LTSC 2019 64bitHP ZBook 15u G6 Mobile7
8Microsoft Windows 10 IoT Enterprise LTSC 2019 64bitHP ZBook Fury 15 G7 Mobile8
9Microsoft Windows 10 IoT Enterprise LTSB 2016 64bitHP Z440 Workstation, Intel9HP Z440 Workstation, Intel Xeon E5-1603v3 CPU with AES- NI
10 IoT Enterprise LTSC
2019 64bit
Windows
  1. Cryptographic Module Specification The module is intended for use by the markets that require FIPS 140-3 validated overall Security Level 1. # Table 2 – Tested Operational Environments The module has also been confirmed by Motorola Solutions to be operational on the following OEs shown in Table
  2. However, no target testing was performed on this platform for FIPS 140-3 validation with the specific software versions listed in this document. Note: The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys on the operational environments for which operational testing was not performed. # Motorola Solutions, Inc. © 2024 Version 1.0 Public Material – May be reproduced only in its original entirety (without revision).
Page 6
Module configuration
NameOperating SystemHardware Platform
10Microsoft Windows 10 IoT Enterprise LTSC 2019 64bitHP Z440 Workstation, Intel10HP Z440 Workstation, Intel Xeon E5-1603v3 CPU with AES- NI
11Microsoft Windows 10 IoT Enterprise LTSB 2016 64bit11HP Z2 Mini G3 Workstation, Intel Xeon E3-1225v5 CPU with AES-NI
12Microsoft Windows 10 IoT Enterprise LTSC 2019 64bit12HP Z2 Mini G4 Workstation, Intel Xeon E-2144G CPU with AES-NI
13Microsoft Windows 10 IoT Enterprise LTSC 2019 64bit13HP Z2 Mini G5 Workstation, Intel Xeon W-1250 CPU with AES-NI
14Microsoft Windows 10 IoT Enterprise LTSC 2021HP ZBook Fury G10, Intel Core i914
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES [FIPS 197]A3497ECB [SP 800-38A]Key Size: 256Encrypt, Decrypt
CBC [SP 800-38A]CBC [SP 800-38A]Key Size: 256Encrypt, Decrypt
OFB [SP 800-38A]OFB [SP 800-38A]Key Size: 256Encrypt, Decrypt
GCM [SP 800- 38D]1GCM [SP 800- 38D]1Key Size: 256Encrypt, Decrypt
KW [SP 800-38F]KW [SP 800-38F]Key Size: 256Encrypt, Decrypt
10 IoT Enterprise LTSC
2019 64bit
Windows

# Table 3

Page 7
Approved algorithm
NameCAVP CertMode MethodUse FunctionDescription
DRBG [SP800- 90Ar1]CTRDeterministic Random Bit GenerationAES-256
ECDSA [FIPS 186- 4]Key Generation/Signature Generation/Signature VerificationP-384
HMAC [FIPS 198- 1]HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512Message authentication, Code Integrity tests128-1024 bits 192-1024 bits 256-1024 bits
KAS-ECC [SP 800- 56Ar3]Key Establishment provides 192 bits of encryption strength per IG D.F Scenario 2 path (2)P-384 with SHA2- 256ECC (Initiator,
KTS [IG D.G]AES-KWKey Wrap provides 256 bits of encryption strengthKey Sizes: 256
KTS [IG D.G]GCMKey Wrap provides 256 bits of encryption strengthKey Sizes: 256
PBKDF [SP 800- 132]Option 1a Option 2a (using HMAC)Password-Based Key DerivationsLen = 16 – 512 bytes C = 1 – 50000 SHA2-256 SHA2-384 SHA2-512
SHS [FIPS 180-4]SHA2-256 SHA2-384 SHA2-512Message Digest GenerationN/A
CKGVendor AffirmedCTR_DRBGAsymmetric key seed and symmetric key generation in accordance with SP 800-133rev2 sectionsN/A

DRBG [SP80090Ar1] N/A N/A Motorola Solutions, Inc. © 2024 Version 1.0 Public Material

Page 8
Approved algorithm
NameCAVP CertUse FunctionDescription
AES MAC3AES MAC3[IG D.C] AES MAC for Project 25 APCO OTAR (Cert. #A3497)
ADPADP Encryption/Decryption – Motorola Solutions proprietary algorithm
DESDES Encryption/Decryption – ECB, OFB and CBC Mode
Approved algorithm
NameCAVP CertUse FunctionDescription
AES MAC3AES MAC3[IG D.C] AES MAC for Project 25 APCO OTAR (Cert. #A3497)
ADPADP Encryption/Decryption – Motorola Solutions proprietary algorithm
DESDES Encryption/Decryption – ECB, OFB and CBC Mode

Table 4

Page 9

Logical Perimeter PAA Figure 1 – Logical cryptographic boundary and physical boundary 2.4 Security Rules and Guidance The module enforces the following security rules:

  1. The module does not support any operator authentication.
  2. The module is available to perform services only after successfully completing the pre-operational self-tests.
  3. Data output is inhibited during pre-operational self-tests, zeroization, and while in an error state.
  4. The module shall not support concurrent operators.
  5. The module enters the uninitialized state if any pre-operational self-test fail. The Uninitialized state can be exited by restarting the module allowing the module to attempt to re-initialize itself.
  6. The module can perform periodic self-tests. An operator can perform periodic self-tests on demand by using the Operator Initiated Self-Test API to run conditional self-tests or module restart to run pre-operational tests.
  7. The module does not perform any cryptographic functions while in the uninitialized state.
  8. The module returns the results of the pre-operational and integrity self-tests to the operator.
  9. The module may be power cycled to zeroize all CSPs.
  10. The operator may choose whether the module will run in the Approved mode or non-approved mode using the “Configure Approved Mode” Service.
  11. The only operating environment restrictions is that processor algorithm acceleration must be enabled.
  12. Cryptographic Module Interfaces The Module’s logical interfaces are described in Table 7; the Module’s physical ports are outside the module boundary. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material – May be reproduced only in its original entirety (without revision).
Page 10
Ports and interfaces
NamePhysical PortLogical Interface
N/A: Internal (call stack)Control inputAPI entry point and corresponding stack parametersN/A: Internal (call stack)
Data inputData inputAPI entry point data input stack parameters
Status outputStatus outputAPI entry point return values and status stack parameters
Data outputData outputAPI entry point data output stack parameters
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutput
Self-TestCOPower-up/Run Self-Test commandStatus: Success/Error
Load EntropyCOEntropy Input StringN/A
Get Module StatusCOGet module status commandModule initialization status, Approved mode status, AES acceleration status
Get Module VersionCOGet module version command“libALG Library R01.15.00 – Copyright 2022 Motorola Solutions, Inc.”
Configure Approved ModeCOApproved mode enabled/Approved mode disabledEnable/Disable
UtilityCOModule query for algorithm/key statusAlgorithm/key status information
EncryptCOEncryption key, plaintextCiphertext or error status
DecryptCODecryption key, ciphertextPlaintext of error status
AES Key WrappingCOEncryption key, input dataWrapped key
AES Key UnwrappingCODecryption key, input dataUnwrapped data
Generate OTAR MACCOInput dataMAC Key
DRBGCOEntropy input dataPseudo-random number
HashingCOHash algorithm, input dataHashed output
HMAC-SHACOHash Key, input datadigest
ZeroizeCON/AN/A
PBKDFCOPassword, iteration count, salt, hash algorithmDerived key
ECDSA Key GenerationCOPrivate key or SP 800-90Ar1 SeedPrivate key/Public key
ECDSA Sig GenerationCOPrivate key, digestsignature
ECDSA Sig VerificationCOSignature, digest, Public KeyStatus: Success/Error
KAS-ECCCOPrivate key, Public Key of Remote Party (Host B)ECDH Shared Secret/KDF Derived Key
Self-TestPerform all pre- operational CASTs prior to module initialization via module restart/Perform all the conditional CASTs prior to first use of that service operation or on demand via Self- test API callCON/AN/AN/A”fips_mode = 1”
Load EntropyLoad external entropy to seed the DRBGCOEntropy Input stringN/AW,E,Z”fips_mode = 1”
Get Module StatusShow the module statusCON/AN/AN/A”fips_mode = 1”
Get Module VersionGet module version numberCON/AN/AN/A”fips_mode = 1”

Table 7

Page 11
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutput
PBKDFCOPassword, iteration count, salt, hash algorithmDerived key
ECDSA Key GenerationCOPrivate key or SP 800-90Ar1 SeedPrivate key/Public key
ECDSA Sig GenerationCOPrivate key, digestsignature
ECDSA Sig VerificationCOSignature, digest, Public KeyStatus: Success/Error
KAS-ECCCOPrivate key, Public Key of Remote Party (Host B)ECDH Shared Secret/KDF Derived Key
Self-TestPerform all pre- operational CASTs prior to module initialization via module restart/Perform all the conditional CASTs prior to first use of that service operation or on demand via Self- test API callCON/AN/AN/A”fips_mode = 1”
Load EntropyLoad external entropy to seed the DRBGCOEntropy Input stringN/AW,E,Z”fips_mode = 1”
Get Module StatusShow the module statusCON/AN/AN/A”fips_mode = 1”
Get Module VersionGet module version numberCON/AN/AN/A”fips_mode = 1”
Configure Approved ModeSet/Unset module to Approved modeCON/AN/AN/A”fips_mode = 1”
UtilityKey check and other servicesCON/AN/AN/A”fips_mode = 1”
EncryptEncryption of voice and dataCOAES-256 KeyAES (OFB, CBC, ECB, GCM) Cert #A3497W,E,Z”fips_mode = 1”
DecryptDecryption of voice and dataCOAES-256 KeyAES (OFB, CBC, ECB, GCM) Cert #A3497W,E,Z”fips_mode = 1”
AES Key WrappingUsed for the encryption of keysCOAES-256 Key Wrap KeyKTS (AES- KW or AES-GCM) Cert #A3497W,E,Z”fips_mode = 1”
AES Key UnwrappingUsed for the decryption of keysCOAES-256 Key Wrap KeyKTS (AES- KW or AES-GCM) Cert #A3497W,E,Z”fips_mode = 1”
Generate OTAR MACUsed to generate MAC (Message Authentication Code) as defined in [OTAR]COOTAR MAC KeyAES MAC (CBC) Cert #A3497W,E,Z”fips_mode = 1”
DRBGUsed for random number, IV and key generation using DRBG [SP 800-90Ar1]COEntropy Input string, SP 800-90Ar1 Seed, SP 800-90Ar1 Internal State (“V” and “Key”)DRBG (output directly used for CKG) CKG Cert #A3497G,W,R”fips_mode = 1”
HashingUsed to generate SHA2-CON/ASHSN/A”fips_mode = 1”
256/384/512 message digest256/384/512 message digestCert #A3497
HMAC-SHAUsed to calculate data integrity codes with HMACCOKeyed Hash KeyHMAC Cert #A3497W,E”fips_mode = 1”
Zeroize4Zeroize all SSPsCOAllN/AZ”fips_mode = 1”
PBKDF5Used to generate keys using PBKDF [SP 800-132]COPBKDF Secret Value DPKPBKDF Cert #A3497W,E”fips_mode = 1”
ECDSA Key GenerationUsed for generating asymmetric key pairCOECDSA Private Key, ECDSA Public KeyECDSA, CKG Cert #A3497R,G”fips_mode = 1”
ECDSA Signature GenerationUsed to generate a digital signatureCOECDSA Private KeyECDSA Cert #A3497R,E”fips_mode = 1”
ECDSA Signature VerificationUsed to verify a digital signatureCOECDSA Public KeyECDSA Cert #A3497R,E”fips_mode = 1”
KAS-ECCUsed for key agreement process using ECDHCOECDH Shared Secret, KDF Derived Key, ECDH Private Key, ECDH Public Key, ECDH Remote Party Public KeyKAS-ECC, CKG Cert #A3497W,G,E,R”fips_mode = 1”

The SSPs modes of access shown in Table 9, are defined as:

Page 12

N/A N/A N/A N/A N/A N/A W,E,Z W,E,Z W,E,Z W,E,Z W,E,Z N/A G,W,R N/A Motorola Solutions, Inc. © 2024 Version 1.0 Public Material

Page 13

W,E N/A Z W,E R,G R,E R,E W,G,E,R Table 9

Page 14
Service
NameDescriptionRolesApproved FunctionsIndicator
EncryptEncryption of voice and dataCOADP”fips_mode = 0”
DecryptDecryption of voice and dataCOADP”fips_mode = 0”
EncryptEncryption of voice and dataCODES”fips_mode = 0”
DecryptDecryption of voice and dataCODES”fips_mode = 0”

Table 10 – Non-Approved Services

  1. Software/Firmware Security The module is software-hybrid and operates on a general-purpose computing platform that is built with production grade materials. The software components are protected and authenticated using an HMAC hash function using the keyed hash key referenced in Table
  2. The operator can initiate the software integrity test on demand by restarting the module. If integrity test fails, the module will not initialize and no security functions will be provided by the module.
  3. Operational Environment The module operates and was tested on the following modifiable operational environment: • General purpose computing platform as specified in Table
  4. As per ISO/IEC 19790:2012 7.6.3: • The cryptographic module has control over its own SSPs. • The operational environment provides the capability to separate individual application processes from each other to prevent uncontrolled access to CSPs and uncontrolled modifications of SSPs, regardless if this data is in the process memory or stored on persistent storage within the operational environment. This ensures that direct access to CSPs and SSPs is restricted to the cryptographic module and the trusted parts of the operational environment.
  5. Physical Security The module is a multi-chip standalone, software hybrid embodiment module with an Intel CPU that supports Processor Algorithm Acceleration installed within a GPC. The module utilizes a production grade hardware component with standard passivation applied to it.
  6. Non-invasive Security Not Applicable. The module does not implement non-invasive security measures. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material – May be reproduced only in its original entirety (without revision).
Page 15
Approved algorithm
NameKey SizeUse Function
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
N/AVariable (384-bit minimu m)Used to derived SP 800-90Ar1 seedEntropy Input stringExternalImport (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power cycle/Reset
DRBG (#A3497)384-bitDerived from the Entropy Input string. Used in AES IV, ECDSA Private Key, ECDSA Public Key, ECDH Private Key generation, ECDH Public Key generationSP 800- 90Ar1 SeedInternalN/AN/AVolatile memory (plainte xt)Power Cycle/Reset
DRBG (#A3497)N/ACTR_DRBG stateSP 800- 90Ar1 Internal State (“V” and “Key”)InternalN/AN/AVolatile memory (plainte xt)Power Cycle/Reset
HMAC, SHS(#A3 497)Variable (192-bit minimu m)Used in HMAC functionKeyed Hash KeyExternalImport (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power Cycle/Reset
AES ECB, CBC, OFB, GCM (#A3497)256-bitUsed in data encryption / decryptionAES-256 KeyExternalImport (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power Cycle/Reset /End of data processing
AES KW, AES GCM (#A3497)256-bitUsed in key encryption /AES-256 KeyExternalImport (electr onic)Input via API in plaintextVolatile memoryPower Cycle/Reset
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
Wrap KeydecryptionWrap Key(plainte xt)/End of data processing
PBKDF (#A3497) CKGVariable (64-bit minimu m)Used in Key DerivationPBKDF Secret ValueExternal 6Import (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power Cycle/Reset
PBKDF (#A3497)128-bit minimu mDerived by the PBKDF using the PBKDF Secret ValueDPKInternalExport (electr onic)Internally computedVolatile memory (plainte xt)Power Cycle/Reset
AES MAC256-bitUsed for AES MACOTAR MAC KeyExternalImport (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power Cycle/Reset
KAS-ECC (#A3497) CKG192-bitUsed to generate ECDH Public KeyECDH Private KeyExternal or InternalImport (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power Cycle/Reset
KAS-ECC (#A3497) CKG192-bitUsed to generate KDF derived keyECDH Shared SecretInternalExport (electr onic)Internally computedVolatile memory (plainte xt)Power Cycle/Reset
ECDSA (#A3497) CKG192-bitUsed to create digital signatureECDSA Private KeyExternal or InternalImport or Export (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power Cycle/Reset
KAS-ECC (#A3497) CKGVariable (128-bit minimu m)Used in KAS-ECCKDF Derived KeyInternalExport (electr onic)Internally computedVolatile memory (plainte xt)Power Cycle/Reset
KAS-ECC (#A3497) CKG192-bitUsed in key exchangeECDH Public KeyInternalExport (electr onic)Internally computedVolatile memory (plainte xt)Power Cycle/Reset
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
KAS-ECC (#A3497)192-bitUsed in key exchangeECDH Remote Party Public KeyExternalImport (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power Cycle/Reset
ECDSA (#A3497) CKG192-bitUsed for ECDSAECDSA Public KeyInternalExport( electro nic)Internally computedVolatile memory (plainte xt)Power Cycle/Reset
Entropy sourcesMinimum number of bits ofEntropy sourcesDetails
384 (minimum seed length for AES-256 CTR_DRBG)Entropy Input StringThe entropy for seeding the SP 800-90Ar1 DRBG is determined by the user operator of the module which is outside of the module’s cryptographic boundary. To be compliant, the target application shall supply at least 384 bits of entropy in order to meet the security strength required for the random number generation mechanism as shown in [SP 800-90Ar1] Table 3 (CTR_DRBG) and set required bits into the module by calling module defined API function. Since entropy is loaded passively into the module, there is no assurance of the minimum strength of generated SSPs (e.g. keys).

m) N/A N/A N/A Use & related keys Zeroisation N/A Storage Establishment Import/Export SP 80090Ar1 m) Security Cert. Number Strength Sensitive Security Parameter Management Key/SSP Name/Type 9. N/A / / Motorola Solutions, Inc. © 2024 Version 1.0 Public Material

Page 16

m) Use & related keys Zeroisation m) m Storage Establishment Generation Security Function and Cert. Number Strength Key/SSP Name/Type Password generated externally. Salt may be generated externally or internally according to SP 800-133. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material

Page 17
Approved algorithm
NameKey SizeUse Function
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u Fr e b m u N .t r e Cn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a s io r e Zd e t a le r & e s Us y e k
KAS-ECC (#A3497)192-bitUsed in key exchangeECDH Remote Party Public KeyExternalImport (electr onic)Input via API in plaintextVolatile memory (plainte xt)Power Cycle/Reset
ECDSA (#A3497) CKG192-bitUsed for ECDSAECDSA Public KeyInternalExport( electro nic)Internally computedVolatile memory (plainte xt)Power Cycle/Reset
Entropy sourcesMinimum number of bits ofEntropy sourcesDetails
384 (minimum seed length for AES-256 CTR_DRBG)Entropy Input StringThe entropy for seeding the SP 800-90Ar1 DRBG is determined by the user operator of the module which is outside of the module’s cryptographic boundary. To be compliant, the target application shall supply at least 384 bits of entropy in order to meet the security strength required for the random number generation mechanism as shown in [SP 800-90Ar1] Table 3 (CTR_DRBG) and set required bits into the module by calling module defined API function. Since entropy is loaded passively into the module, there is no assurance of the minimum strength of generated SSPs (e.g. keys).

Establishment Zeroisation Use & related Storage Cert. Number Key/SSP Name/Type Table 12

Page 18
10.1 Automatic Self-Test

The module automatically performs pre-operational self-tests and conditional cryptographic algorithm self-tests. Automatic pre-operational self-tests are initiated upon module power-up and must pass in order for the module to initialize and render any security services. A failure of any pre-operational selftest will prevent the module from initializing. Automatic conditional cryptographic algorithm self-tests (CAST) will run prior to the first use of a security service using an approved cryptographic algorithm after module initialization. Failure of a conditional CAST will cause the module to enter a critical error state whereby no cryptographic services will be rendered by the module. A) Pre-Operational Self-Tests o Software integrity test: HMAC-SHA2-384 (HMAC-SHA2-384 CAST done prior to integrity test) B) Conditional Self-Tests

  1. Conditional cryptographic algorithm test o SHA2-256 CAST (run before Software Integrity test) o SHA2-512 CAST (run before Software Integrity test) o HMAC-SHA2-384 CAST (run before Software Integrity test) o AES ECB Encrypt CAST (256-bit key) o AES ECB Decrypt CAST (256-bit key) o AES CBC Encrypt CAST (256-bit key) o AES CBC Decrypt CAST (256-bit key) o AES OFB Encrypt CAST (256-bit key) o AES OFB Decrypt CAST (256-bit key) o AES GCM Encrypt CAST (256-bit key) o AES GCM Decrypt CAST (256-bit key) o CTR_DRBG [SP 800-90Ar1] CAST (Instantiate, Generate, and Reseed) o AES-KW [SP 800-38F] Wrap CAST o AES-KW [SP 800-38F] Unwrap CAST o KAS ECC [SP 800-56ar3] CAST o KDF [SP 800-56Arev3] CAST (SHA2-256, SHA2-384, SHA2-512) o PBKDF [SP 800-132] CAST (128-bit key, 128-bit salt, 2 iterations) o ECDSA Signature Generation CAST o ECDSA Signature Validation CAST
  2. Conditional pair-wise consistency test o ECDSA Key Gen PCT (384-bit private key, 384-bit public key)
10.2 User Initiated Self-test

Conditional self-tests can be user initiated by calling the “Self-Test” service via the LIBALG_API_Run_Self_Tests() API. User initiated self-tests via the API can only be invoked after the module has initialized. When initiating self-test via API call, the following tests are performed:

Page 19

• • • • • • • • • • • • • • • • • • HMAC-SHA2-384 CAST AES ECB Encrypt CAST (256-bit key) AES ECB Decrypt CAST (256-bit key) AES CBC Encrypt CAST (256-bit key) AES CBC Decrypt CAST (256-bit key) AES OFB Encrypt CAST (256-bit key) AES OFB Decrypt CAST (256-bit key) AES GCM Encrypt CAST (256-bit key) AES GCM Decrypt CAST (256-bit key) CTR_DRBG [SP 800-90Ar1] CAST (Instantiate, Generate, and Reseed) AES-KW [SP 800-38F] Wrap CAST AES-KW [SP 800-38F] Unwrap CAST KAS ECC [SP 800-56ar3] CAST KDF [SP 800-56Arev3] CAST (SHA2-256, SHA2-384, SHA2-512) PBKDF [SP 800-132] CAST (128-bit key, 128-bit salt, 2 iterations) ECDSA Key Gen PCT (384-bit private key, 384-bit public key) ECDSA Signature Generation CAST ECDSA Signature Validation CAST Failure of any of the self-test initiated by calling the “Self-Test” service via the API will render the module inoperable.

  1. Life-cycle Assurance The cryptographic module is not installed, but it is dynamically linked to the application at run time. The operator shall configure the module to operate in Approved mode as specified in Section 2.1. After endof-life for the module, the operator shall zeroize all SSPs used by the module by removing power to the device using the module.
  2. Mitigation of Other Attacks Not Applicable. The Module does not implement mitigations of other attacks outside the scope of FIPS 140-3. Motorola Solutions, Inc. © 2024 Version 1.0 Public Material – May be reproduced only in its original entirety (without revision).
Page 20
Acronyms
NameTermDefinitionAbbreviationFull Specification Name
[FIPS 140-3][FIPS 140-3]Security Requirements for Cryptographic Modules, March 2019
[IG][IG]Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program, November 2021.
[SP 800-132][SP 800-132]NIST Special Publication 800-132, Recommendation for Password-Based Key Derivation, Part 1: Storage Applications, December 2010
[FIPS 186-4][FIPS 186-4]National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4, July 2013.
[FIPS 197][FIPS 197]National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, November 2001
[FIPS 198-1][FIPS 198-1]National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, July 2008
[FIPS 180-4][FIPS 180-4]National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August 2015
[SP 800-38A][SP 800-38A]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation, Methods and Techniques, Special Publication 800-38A, December 2001
[SP 800-38D][SP 800-38D]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Special Publication 800- 38D, November 2007
[SP 800-38F][SP 800-38F]National Institute of Standards and Technology, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, Special Publication 800-38F, December 2012
[SP 800-56Ar3][SP 800-56Ar3]NIST Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, April 2018
[SP 800-56Cr2][SP 800-56Cr2]NIST Special Publication 800-56C Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, August 2020
[SP 800-90Ar1][SP 800-90Ar1]National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015.
[OTAR][OTAR]Project 25 – Digital Radio Over-The-Air-Rekeying (OTAR) Messages and Procedures [TIA-102.AACA-A], September 2014
AcronymAcronymDefinition
ADPADPAdvanced Digital Privacy
AESAESAdvanced Encryption Standard
APCOAPCOAssociation of Public-Safety Communications Officials
CBCCBCCipher Block Chaining
CKGCKGCryptographic Key Generation
DRBGDRBGDeterministic Random Bit Generator
AcronymAcronymDefinition
ECBECBElectronic Code Book
ECDHECDHElliptic Curve Diffie-Hellman
ECDSAECDSAElliptic Curve Diffie-Hellman
FIPSFIPSFederal Information Processing Standards
GCMGCMGalois/Counter Mode
HMACHMACHash-based Message Authentication Code
IVIVInitialization Vector
KATKATKnown Answer Test
KDAKDAKey Derivation Algorithm
MACMACMessage Authentication Code
OFBOFBOutput Feedback
OTAROTAROver The Air Rekeying
PBKDFPBKDFPassword-Based Key Derivation Function
PCTPCTPairwise Consistency Test

References and Definitions Table 13

Page 21

Table 14 -Definitions Motorola Solutions, Inc. © 2024 Version 1.0 Public Material

Referenced URLs