| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 7/22/2029 |
| Caveat | No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode. |
| Vendor | Honeywell International Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A6503 |
| AES-CCM | A6503 |
| AES-CTR | A6503 |
| AES-ECB | A6503 |
| AES-GCM | A6503 |
| AES-KW | A6503 |
| AES-KWP | A6503 |
| Counter DRBG | A6503 |
| ECDSA KeyGen (FIPS186-4) | A6503 |
| ECDSA KeyVer (FIPS186-4) | A6503 |
| ECDSA SigGen (FIPS186-4) | A6503 |
| ECDSA SigVer (FIPS186-4) | A6503 |
| HMAC-SHA-1 | A6503 |
| HMAC-SHA2-224 | A6503 |
| HMAC-SHA2-256 | A6503 |
| HMAC-SHA2-384 | A6503 |
| HMAC-SHA2-512 | A6503 |
| KAS-ECC-SSC Sp800-56Ar3 | A6503 |
| KDF TLS | A6503 |
| RSA KeyGen (FIPS186-4) | A6503 |
| RSA SigGen (FIPS186-4) | A6503 |
| RSA SigVer (FIPS186-4) | A6503 |
| SHA-1 | A6503 |
| SHA2-224 | A6503 |
| SHA2-256 | A6503 |
| SHA2-384 | A6503 |
| SHA2-512 | A6503 |
| SHA2-512/256 | A6503 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 1 |
| Cryptographic Module Interfaces | 1 |
| Roles, Services, and Authentication | 1 |
| Software/Firmware Security | 1 |
| Operational Environment | 1 |
| Physical Security | N/A |
| Non-Invasive Security | N/A |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Honeywell Mobility Edge™ Boring Crypto
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>On-Demand Self-Test<br/>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: boringssl</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C3,C5,C6 clue;
class I3,I5,I6 infer;
class R3,R5,R6 risk;
class E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Honeywell Mobility Edge™ Boring Crypto
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>On-Demand Self-Test<br/>Show Status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: boringssl</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C3 clueHigh;
class C5,C6 clueLow;Honeywell International Inc. Honeywell Mobility Edge™ Boring Crypto FIPS 140-3 Security Policy Software Version: 2022061300 Date: June 02, 2025 Prepared by: www.acumensecurity.net Honeywell International Inc. Version 1.3 Public Material
| Version | Description | Release Date |
|---|---|---|
| 1.0 | Initial Draft | October 25, 2024 |
| 1.1 | Updated as per CMVP comments | February 25, 2025 |
| 1.2 | Updated the list of Operational Environments and added a new CAVP certificate. | February 26, 2025 |
| 1.3 | Updated the list of Vendor Affirmed Operational Environments | June 02, 2025 |
Modification History 1.0 1.1 1.2 1.3 Honeywell International Inc. Public Material
Introduction Federal Information Processing Standards Publication 140-3
| # | Section | Page |
|---|---|---|
| Introduction | 3 | |
| About this Document | 3 | |
| Disclaimer | 3 | |
| Notices | 3 | |
| 1 | General | 6 |
| 2 | Cryptographic Module Specification | 7 |
| 2.1 | Overall Security Design and Rules of Operation | 11 |
| 2.1.1 | Usage of AES-GCM | 11 |
| 2.1.2 | RSA and ECDSA Keys | 12 |
| 2.1.3 | CSP Sharing | 12 |
| 2.1.4 | Modes of Operation | 12 |
| 3 | Cryptographic Module Interfaces | 13 |
| 4 | Roles, Services, and Authentication | 14 |
| 4.1 | Roles | 14 |
| 4.2 | Authentication | 14 |
| 4.3 | Services | 14 |
| 5 | Software/Firmware Security | 18 |
| 5.1 | Module Format | 18 |
| 6 | Operational Environment | 18 |
| 7 | Physical Security | 18 |
| 8 | Non-invasive Security | 18 |
| 9 | Sensitive Security Parameter Management | 19 |
| 10 | Self-Tests | 23 |
| 10.1 | Pre-Operational Self-Tests | 23 |
| 10.2 | Conditional Self-Tests | 23 |
| 11 | Life-Cycle Assurance | 25 |
| 11.1 | Installation Instructions | 25 |
| 11.1.1 | Building for Android | 25 |
| 11.1.2 | Building for Linux | 26 |
| 11.1.3 | Retrieving Module Name and Version | 27 |
| 12 | Mitigation of Other Attacks | 27 |
| References and Standards | 28 | |
| Acronyms | 29 |
| Item | Page |
|---|---|
| Table 1 - Security Levels | 6 |
| Table 2 - Tested Operational Environments | 7 |
| Table 3 - Vendor Affirmed Operational Environments | 8 |
| Table 4 - Approved Algorithms | 10 |
| . | 10 |
| Table 6 - Non-Approved Algorithms Not Allowed in the Approved Mode of Operation | 10 |
| Table 7 - Ports and Interfaces | 13 |
| Table 8 - Roles, Service Commands, Input and Output | 14 |
| Table 9 - Approved Services | 16 |
| Table 10 - Non-Approved Services | 17 |
| Table 11 – SSP | 22 |
| Table 12 - Non-Deterministic Random Number Generation Specification | 23 |
| Figure 1 - Honeywell Mobility Edge™ Boring Crypto boundary | 11 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| Section 6. | Section 6. | ||
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic Module Specification | 1 |
| 3 | 3 | Cryptographic Module Interfaces | 1 |
| 4 | 4 | Roles, Services, and Authentication | 1 |
| 5 | 5 | Software/Firmware Security | 1 |
| 6 | 6 | Operational Environment | 1 |
| 7 | 7 | Physical Security | N/A |
| 8 | 8 | Non-Invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 1 |
| 10 | 10 | Self-Tests | 1 |
| 11 | 11 | Life-Cycle Assurance | 1 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
1. This document describes Honeywell International Inc.’s cryptographic module Security Policy (SP) for the Honeywell Mobility Edge™ Boring Crypto (Software version: 2022061300) cryptographic module (also referred to as the “module” hereafter). It contains specification of the security rules under which the cryptographic module operates, including the security rules derived from the requirements of the FIPS 140-3 standard. The module is a software module and has a Multi-Chip Stand Alone embodiment. The module meets the overall Level 1 security requirements of FIPS 140-3. The following table lists the level of validation for each area in FIPS 140-3: N/A N/A N/A Table 1 - Security Levels Honeywell International Inc. Version 1.3 Public Material
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # |
|---|---|---|---|---|---|
| 1 | Android 13 | Honeywell Mobility Edge CN80G | Qualcomm® Snapdragon 660 (SDM660) 32-bit | With PAA | 1 |
| 2 | Android 13 | Honeywell Mobility Edge CN80G | Qualcomm® Snapdragon 660 (SDM660) 32-bit | Without PAA | 2 |
| 3 | Android 13 | Honeywell Mobility Edge CN80G | Qualcomm® Snapdragon 660 (SDM660) 64-bit | With PAA | 3 |
| 4 | Android 13 | Honeywell Mobility Edge CN80G | Qualcomm® Snapdragon 660 (SDM660) 64-bit | Without PAA | 4 |
| 5 | Android 13 | Honeywell Mobility Edge CT47 | Qualcomm® Snapdragon 6490 (QCM6490) 32-bit | With PAA | 5 |
| 6 | Android 13 | Honeywell Mobility Edge CT47 | Qualcomm® Snapdragon 6490 (QCM6490) 32-bit | Without PAA | 6 |
| 7 | Android 13 | Honeywell Mobility Edge CT47 | Qualcomm® Snapdragon 6490 (QCM6490) 64-bit | With PAA | 7 |
| 8 | Android 13 | Honeywell Mobility Edge CT47 | Qualcomm® Snapdragon 6490 (QCM6490) 64-bit | Without PAA | 8 |
| 1 | Linux 4.X | x86_64 architecture ARMv7 architecture ARMv8 architecture | 1 | ||
| 2 | Linux 5.X | X86_64 architecture ARMv7 architecture ARMv8 architecture | 2 | ||
| 3 | Linux 6.X | x86_64 architecture ARMv7 architecture | 3 |
| Name | Operating System | Hardware Platform | Processor | Paa Pai | # |
|---|---|---|---|---|---|
| 1 | Android 13 | Honeywell Mobility Edge CN80G | Qualcomm® Snapdragon 660 (SDM660) 32-bit | With PAA | 1 |
| 2 | Android 13 | Honeywell Mobility Edge CN80G | Qualcomm® Snapdragon 660 (SDM660) 32-bit | Without PAA | 2 |
| 3 | Android 13 | Honeywell Mobility Edge CN80G | Qualcomm® Snapdragon 660 (SDM660) 64-bit | With PAA | 3 |
| 4 | Android 13 | Honeywell Mobility Edge CN80G | Qualcomm® Snapdragon 660 (SDM660) 64-bit | Without PAA | 4 |
| 5 | Android 13 | Honeywell Mobility Edge CT47 | Qualcomm® Snapdragon 6490 (QCM6490) 32-bit | With PAA | 5 |
| 6 | Android 13 | Honeywell Mobility Edge CT47 | Qualcomm® Snapdragon 6490 (QCM6490) 32-bit | Without PAA | 6 |
| 7 | Android 13 | Honeywell Mobility Edge CT47 | Qualcomm® Snapdragon 6490 (QCM6490) 64-bit | With PAA | 7 |
| 8 | Android 13 | Honeywell Mobility Edge CT47 | Qualcomm® Snapdragon 6490 (QCM6490) 64-bit | Without PAA | 8 |
| 1 | Linux 4.X | x86_64 architecture ARMv7 architecture ARMv8 architecture | 1 | ||
| 2 | Linux 5.X | X86_64 architecture ARMv7 architecture ARMv8 architecture | 2 | ||
| 3 | Linux 6.X | x86_64 architecture ARMv7 architecture | 3 | ||
| ARMv8 architecture | ARMv8 architecture | ||||
| 4 | Android 13 | Honeywell CK65 with Qualcomm Snapdragon 660 (SDM660) 32-bit | 4 | ||
| 5 | Android 13 | Honeywell CK65 with Qualcomm Snapdragon 660 (SDM660) 64-bit | 5 | ||
| 6 | Android 13 | Honeywell CT60XP with Qualcomm Snapdragon 660 (SDM660) 32-bit | 6 | ||
| 7 | Android 13 | Honeywell CT60XP with Qualcomm Snapdragon 660 (SDM660) 64-bit | 7 | ||
| 8 | Android 13 | Honeywell CT40XP with Qualcomm Snapdragon 660 (SDM660) 32-bit | 8 | ||
| 9 | Android 13 | Honeywell CT40XP with Qualcomm Snapdragon 660 (SDM660) 64-bit | 9 |
2. Cryptographic Module Specification Honeywell Mobility Edge™ Boring Crypto module by Honeywell International Inc. is an general-purpose cryptographic library which provides approved cryptographic algorithms to serve BoringSSL and other user-space applications. The module is intended for use in environments specified in Table 2 below and any general-purpose environment that requires cryptographic primitives. The Tested Operational Environment’s Physical Perimeter (TOEPP) of the module is the physical perimeter of the tested environment, which is listed in Table 2 below. The module is a software module and has a Multi-Chip Stand Alone embodiment. The installation instructions are provided in Section 11 of this document. The boundary of the module is defined as a single object file, bcm.o. The module version is: 2022061300. The module was tested on the following operational environments: # Table 2 - Tested Operational Environments The cryptographic module is also supported on the following operational environments for which operational testing and algorithm testing were not performed. The CMVP makes no statement as to the correct operation of the module on the operational environments for which operational testing was not performed. # Honeywell International Inc. Version 1.3 Public Material
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Use / Function |
|---|---|---|---|---|---|
| AES FIPS 197 SP800-38A | A6503 | CBC, ECB, CTR | Key sizes: 128, 192, 256 bits; Strength: 128, 192, 256 bits | Encryption, Decryption | |
| AES FIPS 197 SP800-38D | A6503 | GCM | Key sizes: 128, 192, 256 bits; Strength: 128, 192, 256 bits | Authenticated Encryption, Authenticated Decryption | |
| AES FIPS 197 SP800-38C | A6503 | CCM | Key size: 128 bits; Strength: 128 bits | Authenticated Encryption, Authenticated Decryption | |
| AES, KTS FIPS 197 SP800-38F | A6503 | KW, KWP | Key sizes: 128, 192, 256 bits; Strength: 128, 192, 256 bits | Key Transport per IG D.G Key establishment methodology provides between 128 and 256 bits of encryption strength | |
| TLS v1.0/1.1 and v1.2 KDF2 SP800-135rev1 | CVL A6503 | N/A | SHA2-256, SHA2- 384, SHA2-512; Strength: 256, 384, 512 bits | Key Derivation | |
| CKG | Vendor Affirmed | SP800-133rev2 | Cryptographic Key Generation: Section 5: Generation of Key Pairs for Asymmetric-Key Algorithms, Section 6.1: The “Direct Generation” of Symmetric Keys | Key Generation Symmetric keys and seeds are generated as the direct output of the DRBG | |
| DRBG SP800-90Arev1 | A6503 | CTR_DRBG | AES-256; Key size: 256 bits; Strength: 256 bits | Random Bit Generation | |
| ECDSA FIPS 186-4 | A6503 | Key Pair Generation, Signature Generation, Signature Verification, Public Key Validation | P-224, P-256, P-384, P-521; Strength: 112, 128, 192, 256 bits | Digital Signature Services | |
| HMAC FIPS 198-1 | A6503 | Generate, Verify | HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512; Strength: 128, 192, 256, 384, 512 bits | Generation, Authentication | |
| RSA FIPS 186-4 | A6503 | Key Generation, Signature Generation, Signature Verification PKCS 1.5 and PSS | 1024, 2048, 3072, 4096; Strength: 80, 112, 128, 152 bits; Note: Key size 1024 should be only used for Signature Verification | Digital Signature Services | |
| SHA FIPS 180-4 | A6503 | Hashing | SHA-13, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2- 512/256; Strength: 80, 112, 128, 192, 256, 128 bits | Digital Signature Generation, Digital Signature Verification, Non-Digital Signature Applications | |
| KAS-SSC SP800-56Arev3 | A6503 | KAS-ECC-SSC ephemeralUnified | ECC: P-224, P-256, P- 384 and P-521; Strength: 112, 128, 192, 256 bits | Key Agreement Scheme Shared Secret Computation per SP800-56Arev3; Key establishment methodology provides between 112 and 256 bits of security strength | |
| MD5 | As allowed per SP800-135rev1 (No security claimed) | When used with the TLS protocol version 1.0 and 1.1 | |||
| MD5, MD4 | Non-Approved hashing | ||||
| POLYVAL | Non-Approved authenticated encryption | ||||
| DES, Triple-DES (non-compliant) | Non-Approved encryption/decryption | ||||
| AES-GCM-SIV (non-compliant) | Non-Approved encryption/decryption | ||||
| DH (non-compliant) | Non-Approved key agreement |
Table 3 - Vendor Affirmed Operational Environments Table 4 below lists all the approved algorithms implemented in the module: There are algorithms that have been CAVP-tested on the same certificate but are not used by any approved service of the module Only the algorithms, modes/methods, and key lengths/curves/moduli shown in this table are used by an approved service of the module. Honeywell International Inc. Version 1.3 Public Material
N/A No parts of this protocol, other than the approved cryptographic algorithms and the KDFs, have been tested by the Honeywell International Inc. Version 1.3 Public Material
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Use / Function |
|---|---|---|---|---|---|
| SHA FIPS 180-4 | A6503 | Hashing | SHA-13, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2- 512/256; Strength: 80, 112, 128, 192, 256, 128 bits | Digital Signature Generation, Digital Signature Verification, Non-Digital Signature Applications | |
| KAS-SSC SP800-56Arev3 | A6503 | KAS-ECC-SSC ephemeralUnified | ECC: P-224, P-256, P- 384 and P-521; Strength: 112, 128, 192, 256 bits | Key Agreement Scheme Shared Secret Computation per SP800-56Arev3; Key establishment methodology provides between 112 and 256 bits of security strength | |
| MD5 | As allowed per SP800-135rev1 (No security claimed) | When used with the TLS protocol version 1.0 and 1.1 | |||
| MD5, MD4 | Non-Approved hashing | ||||
| POLYVAL | Non-Approved authenticated encryption | ||||
| DES, Triple-DES (non-compliant) | Non-Approved encryption/decryption | ||||
| AES-GCM-SIV (non-compliant) | Non-Approved encryption/decryption | ||||
| DH (non-compliant) | Non-Approved key agreement |
| Name | CAVP Cert | Mode Method | Key Size | Use Function | Use / Function |
|---|---|---|---|---|---|
| SHA FIPS 180-4 | A6503 | Hashing | SHA-13, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2- 512/256; Strength: 80, 112, 128, 192, 256, 128 bits | Digital Signature Generation, Digital Signature Verification, Non-Digital Signature Applications | |
| KAS-SSC SP800-56Arev3 | A6503 | KAS-ECC-SSC ephemeralUnified | ECC: P-224, P-256, P- 384 and P-521; Strength: 112, 128, 192, 256 bits | Key Agreement Scheme Shared Secret Computation per SP800-56Arev3; Key establishment methodology provides between 112 and 256 bits of security strength | |
| MD5 | As allowed per SP800-135rev1 (No security claimed) | When used with the TLS protocol version 1.0 and 1.1 | |||
| MD5, MD4 | Non-Approved hashing | ||||
| POLYVAL | Non-Approved authenticated encryption | ||||
| DES, Triple-DES (non-compliant) | Non-Approved encryption/decryption | ||||
| AES-GCM-SIV (non-compliant) | Non-Approved encryption/decryption | ||||
| DH (non-compliant) | Non-Approved key agreement |
Table 4 - Approved Algorithms Table 6 - Non-Approved Algorithms Not Allowed in the Approved Mode of Operation Used for non-digital signature applications or to verify existing digital signatures only Honeywell International Inc. Public Material
Figure 1 - Honeywell Mobility Edge™ Boring Crypto boundary 2.1 Overall Security Design and Rules of Operation
AES GCM encryption and decryption are used in the context of the TLS protocol version 1.2 (compliant to Scenario 1a in FIPS 140-3 IG C.H). The module is compliant with NIST SP 800-52 and the mechanism for IV generation is compliant with RFC 5288. The module ensures that it is strictly increasing and thus cannot repeat. When the IV exhausts the maximum number of possible values for a given session key, the first party (client or server) to encounter this condition may either trigger a handshake to establish Honeywell International Inc. Version 1.3 Public Material
a new encryption key in accordance with RFC 5246 or fail. In either case, the module prevents any IV duplication and thus enforces the security property. The module’s IV is generated internally by the module’s Approved DRBG, which is internal to the module’s boundary. The IV is 96 bits in length per NIST SP 800-38D, Section 8.2.2 and FIPS 140-3 IG C.H scenario 2. The selection of the IV construction method is the responsibility of the user of this cryptographic module. In approved mode, users of the module must not utilize GCM with an externally generated IV. Per IG C.H, in the event module power is lost and restored, the consuming application must ensure that any of its AES-GCM keys used for encryption or decryption are re-distributed. The module implements the KDF TLS 1.2, and other cryptographic primitives used in TLS 1.2, but does not implement the TLS 1.2 protocol itself.
The module allows the use of 1024-bit RSA keys for legacy purposes including signature generation, which is disallowed in Approved mode as per NIST SP800-131Arev2. Therefore, cryptographic operations with the Non-Approved key sizes will result in the module operating in Non-Approved mode. The elliptic curves utilized shall be the validated NIST-recommended curves and shall provide a minimum of 112 bits of encryption strength.
Non-Approved cryptographic algorithms shall not share the same key or CSP as an approved algorithm. As such, Approved algorithms shall not use the keys generated by the module’s Non-Approved key generation methods or the converse.
The module supports two modes of operation: Approved and Non-approved. The module will be in approved mode when all self-tests have completed successfully, and only Approved algorithms are invoked. See Table 4 above for a list of the supported Approved algorithms. The non-Approved mode is entered when a non-Approved algorithm is invoked. See Table 6 for a list of non-Approved algorithms. Honeywell International Inc. Version 1.3 Public Material
| Name | Physical Port | Logical Interface |
|---|---|---|
| Data Input | API input parameters | Data Input |
| Data Output | API output parameters and return values | Data Output |
| Control Input | API input parameters | Control Input |
| Status Output | API return values | Status Output |
3. Cryptographic Module Interfaces functions. Table 7 - Ports and Interfaces The module does not implement a power input interface or a control output interface. As a software module, control of the physical ports is outside the module scope. However, when the module is performing self-tests, or is in an error state, all output on the module’s logical data output interfaces is inhibited. Honeywell International Inc. Version 1.3 Public Material
| Name | Roles | Input | Output |
|---|---|---|---|
| Symmetric Encryption | CO | Plaintext, encryption key | Return code, ciphertext |
| Symmetric Decryption | CO | Ciphertext, decryption key | Return code, plaintext |
| Keyed Hashing | CO | Message, key | Return code, Message Authentication Code |
| Hashing | CO | Message | Return code, hash |
| Random Bit Generation | CO | API call parameters | Return code, random bits |
| Signature Generation | CO | Message, signing key | Return code, signature |
| Signature Verification | CO | Signature, verification key | Return code |
| Key Transport | CO | API call parameters, wrapping key | Return code, wrapped key |
| Key Agreement | CO | API call parameters | Return code, shared secret |
| TLS Key Derivation | CO | API call parameters, TLS pre- master secret | Return code, TLS Key |
| Key Verification | CO | API call parameters, key pair | Return code |
| On-Demand Self-Test | CO | N/A | Return code |
| Show Status | CO | API call parameters | Return code, status |
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| Symmetric Encryption | Perform symmetric encryption operations | CO | AES Key, AES-GCM Key | AES CBC, ECB, CTR, CCM (Cert. #A6503) CKG | W, E | 1 |
| Symmetric Decryption | Perform symmetric decryption operations | CO | AES Key, AES-GCM Key, AES-GCM IV | AES CBC, ECB, CTR, GCM, CCM (Cert. #A6503) CKG | W, E | 1 |
| Keyed Hashing | Perform keyed hashing operations | CO | HMAC Key | HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512 (Cert. #A6503) | W, E | 1 |
| Hashing | Perform hashing operations | CO | N/A | SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/256 (Cert. #A6503) | N/A | 1 |
| Random Bit Generation | Generate random numbers | CO | DRBG Seed, CTR_DRBG V, CTR_DRBG Key | CTR_DRBG (Cert. #A6503) CKG | G, E | 1 |
| DRBG output | CO | DRBG output | G, R | |||
| CTR_DRBG Entropy Input | CO | CTR_DRBG Entropy Input | W, E | |||
| Signature Generation | Perform signing operations | CO | RSA Signature Generation Key, ECDSA Signing Key | CTR_DRBG, RSA SigGen, ECDSA SigGen (Cert. #A6503) | G, W, E | 1 |
| Signature Verification | Perform verification operations | CO | RSA Signature Verification Key, ECDSA Verification Key | RSA SigVer, ECDSA SigVer (Cert. #A6503) | G, W, E | 1 |
| Key Transport | Perform key encryption operations; KTS using AES-KW, AES-KWP per IG D.G | CO | AES Wrapping Key | AES KW, KWP (Cert. #A6503) CKG | W, E | 1 |
| Key Agreement | Perform key agreement operations | CO | EC DH Private Key, EC DH Public Key | KAS-ECC-SSC (Cert. #A6503) | G, W, E | 1 |
| Shared Secret | Shared Secret | G | ||||
| TLS Key Derivation | Perform key derivation operations | CO | TLS Pre-Master Secret | TLS KDF (Cert. #A6503) | W, E | 1 |
| TLS Master Secret | TLS Master Secret | G, E | ||||
| Key Verification | Perform key pair verification operations | CO | ECDSA Signing Key, ECDSA Verification Key | ECDSA KeyVer (Cert. #A6503) | G, W, E | 1 |
| On-Demand Self-Test | Execute self-tests on demand | CO | N/A | N/A | N/A | 1 |
| Show Status | Obtain the module status and versioning information | CO | N/A | N/A | N/A | N/A |
Honeywell International Inc. W, E W, E W, E N/A N/A G, E G, R W, E G, W, E G, W, E Version 1.3 Public Material
D.G W, E G, W, E G W, E G, E G, W, E G, W, E N/A N/A N/A N/A N/A N/A Z N/A N/A N/A Table 9 - Approved Services Honeywell International Inc. Version 1.3 Public Material
| Name | Description | Roles | Approved Functions | Indicator |
|---|---|---|---|---|
| Hashing (as allowed per SP800-135rev1) | Perform hashing operations when used with the TLS protocol version 1.0 and 1.1 | CO | MD5 | 0 |
| Hashing | Perform hashing operations | CO | MD4 | 0 |
| Hashing | Used as part of AES-GCM-SIV | CO | POLYVAL | 0 |
| Symmetric encryption/decryption | Perform symmetric encryption and/or decryption operations | CO | DES Triple-DES AES | 0 |
| RSA Primitives (RSADP, RSAEP, RSASP, RSAVP) | Perform RSA related primitive operations (decrypt, encrypt, sign, verify) | CO | RSA | 0 |
Non-Approved Services are listed in the Table 10 below: Table 10 - Non-Approved Services Honeywell International Inc. Public Material
| Name | Strength | Security Function | Generation | Establishment | Storage | Import Export | Key/SSP Name/Type | Zeroisation |
|---|---|---|---|---|---|---|---|---|
| AES encrypt / decrypt | 128/192/256 bits | AES-CBC, ECB, CTR, CCM A6503 | External | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry) | AES Key (CSP) | Power-cycle host |
| AES decrypt / verify | 128/192/256 bits | AES-GCM A6503 | External | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry) | AES-GCM Key (CSP) | Power-cycle host |
| AES decrypt / verify | 96 bits | AES-GCM A6503 | External | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry) | AES-GCM IV4 (CSP) | Power-cycle host |
| AES key wrapping | 128/192/256 bits | AES-KW, AES-KWP A6503 | External | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry) | AES Wrapping Key (CSP) | Power-cycle Host |
| ECDSA signature generation | 112/128/192/256 bits | ECDSA SigGen A6503 | Internally Generated | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry); Output via API in plaintext (Electronic Entry) | ECDSA Signing Key (CSP) | Power-cycle host |
| ECDSA signature verification | 112/128/192/256 bits | ECDSA SigVer A6503 | Internally Generated | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry); Output via API in plaintext (Electronic Entry) | ECDSA Verification Key (PSP) | Power-cycle Host |
| Key Agreement | 112/128/192/256 bits | ECDSA KeyGen A6503 | Internally Generated | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry); Output via API in plaintext (Electronic Entry) | EC DH Private Key (CSP) | Power-cycle host |
| Key Agreement | 112/128/192/256 bits | ECDSA KeyGen A6503 | Internally Generated | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry); Output via API in plaintext (Electronic Entry) | EC DH Public Key (PSP) | Power-cycle host |
| Keyed hashing | 128/192/256/384 /512 bits | HMAC-SHA-1, HMAC-SHA2- 224, HMAC- SHA2-256, HMAC-SHA2- 384, HMAC- | External | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry) | HMAC Key (CSP) | Power-cycle host |
| Key Agreement | 112/128/192/256 bits | KAS-ECC-SSC A6503 | Internally Generated | SP800-56Arev3 | Plaintext in RAM | N/A | Shared Secret (CSP) | Power-cycle host |
| RSA signature generation | 112, 128, 152 bits | RSA SigGen A6503 | Internally Generated | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry); Output via API in plaintext (Electronic Entry) | RSA Signature Generation Key (CSP) | Power-cycle host |
| RSA signature verification | 80, 112, 128, 152 bits | RSA SigVer A6503 | Internally Generated | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry); Output via API in plaintext (Electronic Entry) | RSA Signature Verification Key (PSP) | Power-cycle host |
| TLS key derivation | 384 bits | TLS KDF A6503 | Internally Derived via key derivation function defined in SP800-135rev1 KDF (TLS) | N/A | Plaintext in RAM | N/A | TLS Master Secret (CSP) | Power-cycle host |
| TLS key derivation | 112-256 bits | TLS KDF A6503 | External | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry) | TLS Pre-Master Secret (CSP) | Power-cycle host |
| DRBG Seeding material | 384 bits | CTR_DRBG A6503 | Internally Generated | N/A | Plaintext in RAM | N/A | DRBG Seed (CSP) | Power-cycle host |
| DRBG internal state | 128 bits | CTR_DRBG A6503 | Internally Generated | N/A | Plaintext in RAM | N/A | CTR_DRBG V (CSP) | Power-cycle host |
| DRBG internal state | 256 bits | CTR_DRBG A6503 | Internally Generated | N/A | Plaintext in RAM | N/A | CTR_DRBG Key (CSP) | Power-cycle host |
| DRBG entropy | 384 bits used as seed, quality of entropy at least 112 bits | CTR_DRBG A6503 | External | N/A | Plaintext in RAM | Input via API in plaintext (Electronic Entry) | CTR_DRBG Entropy Input (CSP) | Power- cycle host |
| Random bits provided for the calling application | 2048 bits | CTR_DRBG A6503 | Internally Generated | N/A | Plaintext in RAM | N/A | DRBG output | Power- cycle host |
9. Sensitive Security Parameter Management All the SSPs are zeroized implicitly when a host platform is restarted. The various SSPs used by the module are listed in Table 11 below: As specified in Section 2.1.1, usage of externally generated IV is only allowed for AES-GCM decryption in the approved mode of operation. Honeywell International Inc. Version 1.3 Public Material
HMAC-SHA2224, HMACSHA2-256, HMAC-SHA2384, HMACHoneywell International Inc. Version 1.3 Public Material
N/A N/A N/A Honeywell International Inc. Version 1.3 Public Material
N/A N/A N/A N/A N/A N/A N/A N/A Powercycle N/A N/A Powercycle Table 11
| Name | Key Size | ||
|---|---|---|---|
| Details | Entropy sources | Minimum number of bits of | |
| Use of a [SP800-90B] compliant entropy source with at least 256 bits of security strength. Entropy is supplied to the Module via callback functions. The callback functions shall return an error if the minimum entropy strength cannot be met. The caveat “No assurance of the minimum strength of generated SSPs (e.g., keys)” is applicable | 112 bits and above | Passive Entropy |
Table 12 - Non-Deterministic Random Number Generation Specification 10. Self-Tests ISO/IEC 19790 requires the module to perform self-tests to ensure the integrity of the module and the correctness of the cryptographic functionality. Some functions also require conditional tests during normal operation of the module. The self-tests can be requested on demand by power cycling the host platform. The module has a single error state, which is called the error state. This state is entered upon failure of a self-test. The module indicates this error state by providing the output status “*** KAT failed” where *** is the algorithm name (example: ECDSA-sign KAT failed). The module can be recovered by terminating execution of the host program and reclamation by the host operating system. The supported tests are listed and described in this section.
Pre-operational self-tests are run upon the initialization of the module and further reboots of the host platform. The CAST (Cryptographic Algorithm Self-Test) for HMAC-SHA2-256 is performed before the integrity test. Self-tests do not require operator intervention to run. If any of the tests fail, the module will not initialize and enter an error state where no services can be accessed. The module implements the following pre-operational self-tests:
Conditional Cryptographic Algorithm Self-Tests (CAST) are run prior to the first use of the cryptographic algorithm. CASTs do not require operator intervention to run. If any of the tests fail, the module will enter an error state, and no services can be accessed. Honeywell International Inc. Version 1.3 Public Material
The module implements the following CASTs:
11. Life-Cycle Assurance The cryptographic module is initialized by loading the module before any cryptographic functionality is available. In User Space, the operating system is responsible for the initialization process and loading of the library. There are no maintenance requirements applicable. General guidance about the module can be found at https://boringssl.googlesource.com/boringssl. This includes information about the APIs, building and specific information related to FIPS can be found at https://boringssl.googlesource.com/boringssl.git/+/refs/heads/fips20220613/crypto/fipsmodule/FIPS.md (note this still mentions 140-2, but the information there is the same).
The module is open source. A Linux workstation with the following tools is required to build and compile the module: Android 13 git 2.23 or later (https://git-scm.com/download/linux) base64, curl, sha256sum (these should come with the Linux installation) Linux Clang compiler version 14.0.0 (http://releases.llvm.org/download.html) Go programming language version 1.18.1 (https://golang.org/dl/) Ninja build system version 1.10.2 (https://github.com/ninjabuild/ninja/releases) Cmake version 3.22.1 (https://cmake.org/download/)
Once a Linux workstation with the above tools has been obtained, issue the following commands to download and verify repo: curl 'https://gerrit.googlesource.com/git-repo/+/e778e57f11/repo?format=TEXT' | base64 -d > ~/repo chmod u+x ~/repo gpg --recv-key 8BB9AD793E8E6153AF0F9A4416530D5E920F5C65 curl https://storage.googleapis.com/git-repo-downloads/repo.asc | gpg --verify - ~/repo Download the manifest from https://ci.android.com/builds/submitted/8918218/aosp_arm64userdebug/latest/manifest_8918218.xml by clicking the Download button. Verify the manifest using the following command: Sha256sum ~/manifest_8918218.xml Manually validate that the output from the final command indicates the following expected hash values for this file: fae7a587167b3b3ebdf5b2c53335a1d1827beddcf23d2788d07f3bbbe9ff7182 manifest_8918218.xml Honeywell International Inc. Version 1.3 Public Material
The module can be obtained by issuing the following commands: mkdir aosp cd aosp ~/repo init -u https://android.googlesource.com/platform/manifest --depth 1 ~/repo init -m ~/manifest_8918218.xml ~/repo sync -q -c -j 20 Once downloaded, the module can be built using the following command: . build/envsetup.sh lunch aosp_arm64-eng m clean m test_fips
Once the above tools have been obtained, issue the following command to create a Cmake toolchain file to specify the use of Clang: printf "set(CMAKE_C_COMPILER \"clang\")\nset(CMAKE_CXX_COMPILER \"clang++\")\n" > ${HOME}/toolchain The FIPS 140-3 validated release of the module can be obtained by downloading the tarball containing the source code at the following location: https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl0c6f40132b828e92ba365c6b7680e32820c63fa7.tar.xz or by issuing the following command: wget https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl0c6f40132b828e92ba365c6b7680e32820c63fa7.tar.xz The set of files specified in the archive constitutes the complete set of source files of the validated module. There shall be no additions, deletions, or alterations of this set as used during module build. The downloaded tarball file can be verified using the below SHA2-256 digest value: 62f733289f2d677c2723f556aa58034c438f3a7bbca6c12b156538a88e38da8a By issuing the following command: sha256sum boringssl-0c6f40132b828e92ba365c6b7680e32820c63fa7.tar.xz The tarball can be extracted using the following command: tar xJ < boringssl-0c6f40132b828e92ba365c6b7680e32820c63fa7.tar.xz After the tarball has been extracted, the following commands will compile the module: cd boringssl mkdir build && cd build && cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=${HOME}/toolchain -DFIPS=1 DCMAKE_BUILD_TYPE=Release .. ninja && ninja run_tests Honeywell International Inc. Version 1.3 Public Material
The following methods will provide the module name and versions:
References and Standards The following Standards are referenced in this Security Policy: Abbreviation FIPS 140-3 FIPS 180-4 FIPS 186-4 FIPS 197 FIPS 198-1 IG SP 800-38A SP 800-38C SP 800-38D SP 800-38F SP 800-52 SP 800-56A SP 800-90A SP 800-131A SP 800-133 SP 800-135 Full Specification Name Security Requirements for Cryptographic modules Secure Hash Standard (SHS) Digital Signature Standard (DSS) Advanced Encryption Standard The Keyed-Hash Message Authentication Code (HMAC) Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography Recommendation for Random Number Generation Using Deterministic Random Bit Generators Transitioning the Use of Cryptographic Algorithms and Key Lengths Recommendation for Cryptographic Key Generation Recommendation for Existing Application-Specific Key Derivation Functions Honeywell International Inc. Version 1.3 Public Material
Acronyms Acronym AES API CAVP CBC CCCS CFB CKG CMVP CO CRNGT CSP CTR DES DH DRBG DSS EC ECB ECC EC DH ECDSA FIPS GCM GMAC GPC HMAC IG IV KAS KAT KDF KW KWP LLC MAC MD4 MD5 N/A NIST NVLAP Definition Advanced Encryption Standard Application Programming Interface Cryptographic Algorithm Validation Program Cipher-Block Chaining Canadian Centre for Cyber Security Cipher Feedback Cooperative Key Generation Crypto Module Validation Program Cryptographic Officer Continuous Random Number Generator Test Critical Security Parameter Counter-mode Data Encryption Standard Diffie-Hellman Deterministic Random Bit Generator Digital Signature Standard Elliptic Curve Electronic Code Book Elliptic Curve Cryptography Elliptic Curve Diffie-Hellman Elliptic Curve Digital Signature Authority Federal Information Processing Standards Galois/Counter Mode Galois Message Authentication Code General Purpose Computer Key-Hashed Message Authentication Code Implementation Guidance Initialization Vector Key Agreement Scheme Known Answer Test Key Derivation Function Key Wrap Key Wrap with Padding Limited Liability Company Message Authentication Code Message Digest algorithm MD4 Message Digest algorithm MD5 Not Applicable National Institute of Standards and Technology National Voluntary Lab Accreditation Program Honeywell International Inc. Version 1.3 Public Material
OFB PAA RAM RFC RSA SHA SHS SP SSL TLS Triple-DES Output Feedback Processor Algorithm Accelerator Random Access Memory Request For Comment Rivest Shamir Adleman Secure Hash Algorithm Secure Hash Standard Special Publication Secure Socket Layer Transport Layer Security Triple Data Encryption Standard Honeywell International Inc. Version 1.3 Public Material