| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 6/24/2030 |
| Caveat | When operated in approved mode |
| Vendor | Apple Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A1469 |
| AES-ECB | A1362 |
| AES-KW | A2843 |
| Counter DRBG | A1362 |
| HMAC-SHA-1 | A2845 |
| HMAC-SHA2-224 | A2845 |
| HMAC-SHA2-256 | A2845 |
| HMAC-SHA2-384 | A2845 |
| HMAC-SHA2-512 | A2845 |
| HMAC-SHA2- 512/256 | A2848 |
| SHA-1 | A2845 |
| SHA2-224 | A2845 |
| SHA2-256 | A2845 |
| SHA2-384 | A2845 |
| SHA2-512 | A2845 |
| SHA2- 512/256 | A2848 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Non-Invasive Security | 8 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Unauthenticated Symmetric Encryption and Decryption<br/>Perform self test<br/>Show Status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Unauthenticated Symmetric Encryption and Decryption<br/>Perform self test<br/>Show Status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Apple Inc. Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Prepared for: Apple Inc. One Apple Park Way Cupertino, CA 95014 Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Table of Contents This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Appendix A. Appendix B. This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] List of Tables This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] List of Figures This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Trademarks Apple’s trademarks applicable to this document are listed in https://www.apple.com/legal/intellectual-property/trademark/appletmlist.html. Other company, product, and service names may be trademarks or service marks of others. This document may be reproduced and distributed only in its original entirely without revision.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 2 |
| 2 | 2 | Cryptographic module specification | 2 |
| 3 | 3 | Cryptographic module interfaces | 2 |
| 4 | 4 | Roles, services, and authentication | 2 |
| 5 | 5 | Software/Firmware security | 2 |
| 6 | 6 | Operational environment | N/A |
| 7 | 7 | Physical security | 3 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 2 |
| 10 | 10 | Self-tests | 2 |
| 11 | 11 | Life-cycle assurance | 2 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 2 |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
This document is the non-proprietary FIPS 140-3 Security Policy for Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] cryptographic module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 2 module. This document provides all tables and diagrams (when applicable) required by NIST SP 800140Br1.
N/A N/A N/A Table 1: Security Levels This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
Purpose and Use: The Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] cryptographic module (hereafter referred to as “the module”) consists of both firmware and hardware components. The Secure Key Store (SKS) application is the module’s firmware which operates within the sepOS execution environment which is separate from the Device OS’ (iPadOS 15) execution environment. The firmware interface is defined as the API offered by the module's mailbox interface to callers from the Device OS execution environment. SKS has an API layer that provides consistent interfaces to the supported services and therefore the supported cryptographic algorithms. In addition, the module provides InterProcess Communication (IPC) interfaces to other applications executing within the sepOS execution environment. The sepOS execution environment is driven by its own CPU and operates from a dedicated region of the device’s memory. Both the Device’s and sepOS’ execution environments are physically separated on the SoC and thus execute independently of each other. Module Type: Hardware Module Embodiment: SingleChip Module Characteristics: SubChip Cryptographic Boundary: The module cryptographic boundary is delineated by the dotted blue rectangle in the Figure 1. The cryptographic module boundary includes the following hardware components:
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Figure 1: Block Diagram Tested Operational Environment’s Physical Perimeter (TOEPP): The physical perimeter is represented by the most exterior black line in the block diagram Figure 1. A photograph of each hardware module is shown below Figure 2: Apple A Series A13 Bionic Figure 3: Apple A Series A14 Bionic Figure 4: Apple A Series A15 Bionic
Tested Module Identification
| Name | Model | Hardware Version | Firmware Version | Processor | Features |
|---|---|---|---|---|---|
| SKS on A13 Bionic embedded in iPad (9th generation) running sepOS distributed with iPadOS 15 | SKS on A13 Bionic embedded in iPad (9th generation) running sepOS distributed with iPadOS 15 | 2.0 | 12.0 | Apple A Series A13 Bionic | N/A |
| SKS on A14 Bionic embedded in iPad (4th generation) running sepOS distributed with iPadOS 15 | SKS on A14 Bionic embedded in iPad (4th generation) running sepOS distributed with iPadOS 15 | 2.0 | 12.0 | Apple A Series A14 Bionic | N/A |
| SKS on A15 Bionic embedded in iPad (6th generation) running sepOS distributed with iPadOS 15 | SKS on A15 Bionic embedded in iPad (6th generation) running sepOS distributed with iPadOS 15 | 2.0 | 12.0 | Apple A Series A15 Bionic | N/A |
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- Approved mode | Non-Approved mode of operation is entered when the module utilizes non-approved security functions in the Table Non-Approved Algorithms Not Allowed in the Approved Mode of Operation. | return a '0' from fips_allowed_mode() for block cipher functions and fips_allowed() for all other services to indicate the executed cryptographic algorithm was non- approved | Non- Approved |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] 2.0 N/A 2.0 N/A 2.0 N/A
None for this module Modes List and Description: NonApproved This document may be reproduced and distributed only in its original entirely without revision.
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A1469 | Direction - Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A2842 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A2843 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A2844 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A2845 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A2863 | Direction - Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A510 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A1362 | Direction - Encrypt Key Length - 256 | SP 800-38A |
| AES-ECB | A1469 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A2842 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A2843 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A2845 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A2847 | SP 800-38A | |
| AES-ECB | A2863 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A2864 | Direction - Encrypt Key Length - 256 | SP 800-38A |
| AES-ECB | A501 | Direction - Encrypt Key Length - 256 | SP 800-38A |
| AES-ECB | A510 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-KW | A2843 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KW | A2845 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KW | A2846 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| Counter DRBG | A1362 | Prediction Resistance - Yes Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev. 1 |
| Counter DRBG | A2864 | Prediction Resistance - Yes Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev. 1 |
| Counter DRBG | A501 | Prediction Resistance - Yes Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A2845 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A2848 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A2845 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A2848 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A2845 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A2848 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A2849 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A2845 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A2848 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A2845 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A2848 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A2848 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 |
| SHA-1 | A2845 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA-1 | A2848 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-224 | A2845 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-224 | A2848 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-256 | A2845 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-256 | A2848 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-256 | A2849 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-384 | A2845 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-384 | A2848 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-512 | A2845 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2-512 | A2848 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
| SHA2- 512/256 | A2848 | Message Length - Message Length: 0-32768 Increment 8 | FIPS 180-4 |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
Approved Algorithms: Table 4: Approved Algorithms - AES-CBC This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Table 5: Approved Algorithms - AES-ECB Table 6: Approved Algorithms - AES-KW CTR_DRBG Table 7: Approved Algorithms - CTR_DRBG This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Table 8: Approved Algorithms - HMAC Message Digest This document may be reproduced and distributed only in its original entirely without revision.
| Name | Approved Functions | Properties | ||
|---|---|---|---|---|
| CKG | Key Type:Symmetric | N/A | SP800-133 Rev2 Section 4, example 1 | |
| Ed25519 Key generation | EdDSA signature scheme | |||
| Ed25519 shared secret generation | EdDSA shared secret generation | |||
| Curve 25519 key generation | key generation | |||
| Curve 25519 shared secret generation | shared secret generation | |||
| ECDH Key Pair Generation | Elliptic Curve Integrated Encryption Scheme (ECIES) Key Generation | |||
| ECDH Shared Secret Computation | Elliptic Curve Integrated Encryption Scheme (ECIES) Encryption/Decryption | |||
| ANSI X9.63 KDF | Elliptic Curve Integrated Encryption Scheme (ECIES) Encryption/Decryption | |||
| AES-GCM | Elliptic Curve Integrated Encryption Scheme (ECIES) Encryption/Decryption | |||
| HKDF RFC5869 | HMAC based Key Derivation Function | |||
| PBKDF | Key Derivation |
| Name | Description | Approved Functions | Type | Properties | ||
|---|---|---|---|---|---|---|
| CKG | Key Type:Symmetric | N/A | SP800-133 Rev2 Section 4, example 1 | |||
| Ed25519 Key generation | EdDSA signature scheme | |||||
| Ed25519 shared secret generation | EdDSA shared secret generation | |||||
| Curve 25519 key generation | key generation | |||||
| Curve 25519 shared secret generation | shared secret generation | |||||
| ECDH Key Pair Generation | Elliptic Curve Integrated Encryption Scheme (ECIES) Key Generation | |||||
| ECDH Shared Secret Computation | Elliptic Curve Integrated Encryption Scheme (ECIES) Encryption/Decryption | |||||
| ANSI X9.63 KDF | Elliptic Curve Integrated Encryption Scheme (ECIES) Encryption/Decryption | |||||
| AES-GCM | Elliptic Curve Integrated Encryption Scheme (ECIES) Encryption/Decryption | |||||
| HKDF RFC5869 | HMAC based Key Derivation Function | |||||
| PBKDF | Key Derivation | |||||
| ECDSA implemented in FW | Key generation as part of Ref key generation service and validation, Signature generation and verification as part of Device keybag service | |||||
| ECDSA implemented in HW PKA | Key generation as part of Ref key generation service Signature generation primitive | |||||
| ECDH implemented in FW | Shared secret computation | |||||
| ECDH implemented in HW PKA | Shared secret computation | |||||
| AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key | Key wrapping and unwrapping | |||||
| Unauthenticated Symmetric Encryption and Decryption | AES Encrypt/Decrypt | AES-CBC: (A2842, A2843, A2844, A2845, A510, A1469, A2863) Key Size/Strength: 128, 192, 256 AES-ECB: (A2842, A2843, A2845, A510, A2847, A1469, A2863, A2864, A1362) Key Size/Strength: 128, 192, 256 AES-ECB: (A501) Key Size/Strength: 256 | BC-UnAuth | AES [FIPS 197; SP 800- 38A]:CBC, ECB | ||
| key wrapping / key unwrapping | AES Key Wrapping | AES-KW: (A2843, A2845, A2846) Key | KTS-Wrap | KTS (AES) [SP 800-38F]:AES- KW |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] SHA2512/256 Table 9: Approved Algorithms - Message Digest Vendor-Affirmed Algorithms: Table 10: Vendor-Affirmed Algorithms Non-Approved, Not Allowed Algorithms: This document may be reproduced and distributed only in its original entirely without revision.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| ECDSA implemented in FW | Key generation as part of Ref key generation service and validation, Signature generation and verification as part of Device keybag service | |||
| ECDSA implemented in HW PKA | Key generation as part of Ref key generation service Signature generation primitive | |||
| ECDH implemented in FW | Shared secret computation | |||
| ECDH implemented in HW PKA | Shared secret computation | |||
| AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key | Key wrapping and unwrapping | |||
| Unauthenticated Symmetric Encryption and Decryption | AES Encrypt/Decrypt | AES-CBC: (A2842, A2843, A2844, A2845, A510, A1469, A2863) Key Size/Strength: 128, 192, 256 AES-ECB: (A2842, A2843, A2845, A510, A2847, A1469, A2863, A2864, A1362) Key Size/Strength: 128, 192, 256 AES-ECB: (A501) Key Size/Strength: 256 | BC-UnAuth | AES [FIPS 197; SP 800- 38A]:CBC, ECB |
| key wrapping / key unwrapping | AES Key Wrapping | AES-KW: (A2843, A2845, A2846) Key | KTS-Wrap | KTS (AES) [SP 800-38F]:AES- KW |
| Random Number Generation | Random number generator using AES-256 | Counter DRBG: (A501, A2864, A1362) Key Size/Strength: 256 | DRBG | CTR_DRBG [SP800- 90ARev1]:AES- 256; No Derivation Function; Prediction Resistance Enabled |
| HMAC Message Authentication | Key Length 8 - 262144 bits/ Key Strength: 112 to 256 bits | HMAC-SHA-1: (A2845, A2848) HMAC-SHA2- 224: (A2845, A2848) HMAC-SHA2- 256: (A2845, A2848, A2849) HMAC-SHA2- 384: (A2845, A2848) HMAC-SHA2- 512: (A2845, A2848) HMAC-SHA2- 512/256: (A2848) | MAC | HMAC [FIPS 198]:SHA-1, SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/256 |
| Message Digest | Hash function | SHA-1: (A2845, A2848) SHA2-224: (A2845, A2848) SHA2-256: (A2845, A2848, A2849) SHA2-384: (A2845, A2848) SHA2-512: (A2845, A2848) | SHA | SHS [FIPS 180- 4]:SHA-1, SHA- 224, SHA-256, SHA-384, SHA- 512, SHA- 512/256 |
| Symmetric Key Generation | AES Key Generation | CKG: () AES key: Key Length/ Key Strength: 256 Counter DRBG: (A1362, A2864, A501) | CKG | CKG [SP800- 133Rev2]:Key Length/Key Strength: 256- bits |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Table 11: Non-Approved, Not Allowed Algorithms
This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] [SP80090ARev1]:AES256; No This document may be reproduced and distributed only in its original entirely without revision.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Apple corecrypto physical entropy source | Physical | 256 bit | See Tested Operational Environment Table | 256 bit | SHA-256 [ACVP cert. # C1223] |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Strength: 256bits Table 12: Security Function Implementations
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes except signature verification, starting January 1, 2030.
Table 13: Entropy Certificates Table 14: Entropy Sources Entropy sources : The internal physical noise source consisting of ring oscillators. RBGs: The NIST [SP 800-90ARev1] approved deterministic random bit generators (DRBG) used for random number generation is a CTR_DRBG using AES-256 without derivation function and with prediction resistance. The module performs DRBG health tests according to [SP800-90ARev1 section 11.3]. This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] The deterministic random bit generators are seeded by the physical noise source. RBG Output: The output of hardware entropy source provides 256-bits of security strength in instantiating and reseeding the module approved DRBGs.
See vendor affirmed algorithms (CKG) in section 2.5.
The Module implements AES key wrapping and unwrapping as part of KTS in accordance with IG D.G method 2 and SP800-38F.
None for this module This document may be reproduced and distributed only in its original entirely without revision.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| Mailbox Memory, IPC channel | Mailbox Memory, IPC channel | Data Input Data Output | Data inputs/outputs are provided through the memory used for mailbox and IPC |
| Mailbox Memory, IPC channel | Mailbox Memory, IPC channel | Control Input | Control input which controls the module's operation is provided through the mailbox by the Device OS' kernel and to applications located within the sepOS execution environment through IPC. |
| Mailbox Memory, IPC channel | Mailbox Memory, IPC channel | Status Output | Status output is provided in return codes and through messages returned via the mailbox or the IPC. Documentation for each service invocation lists possible return codes. A complete list of all return codes returned by the C language APIs within the module is provided in the header files and the API documentation. Messages are also documented in the API documentation. |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
Table 15: Ports and Interfaces This document may be reproduced and distributed only in its original entirely without revision.
| Name | Description | Strength | Security Mechanism | Strength per Minute |
|---|---|---|---|---|
| AES- KW | Unwrapping function | 256-bits | key wrapping / key unwrapping | 60,000,000 * 1 / 2^256 |
| Implicit | Implicit role assumption for non-crypto services | N/A | None | N/A |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
AESKW N/A N/A Table 16: Authentication Methods Within the constraints of FIPS 140-3 overall security level 2 (with physical security at security level 3), the module implements a role-based authentication mechanism for authentication of the user role. The module implements authenticated encryption-based mechanism in the following way: to request an authenticated service from the module the user must provide the credential and a reference to the class C or A keys of the user keybag that is stored encrypted under SP800-38F AES Key Wrapping (AES-KW) within the module. The module performs obfuscation on the Operator provided credential. The resulting value -called REK (Root Encryption Key)- is used as the 256-bit AES key. Using this key, the module decrypts all the class C or A keys in the referenced user keybag with SP800-38F AES Key Unwrapping function (i.e., AES-KW-AD). As AES-KW is an authentication cipher, the decryption operation will only succeed if there is no authentication error. If the user keybag can be successfully decrypted, the user is authenticated to the module and the requested crypto service will then be proceeded with the decrypted user key. The failure of decrypting the user keybag is also a user authentication failure and the Operator will be denied access to the module. The User keybags are configured in the module during factory install. Each User keybag consists of set of class C, A and D keys. Specifically, class C keys include C key, CK key, CKU keys and the class A keys include A key, AK key, AKU key and APKU key. Only the class A or C keys are considered as approved. Any use of class D keys is considered as non-approved. The module maintains authenticated session from the time the User keybags are unwrapped until the power off. Upon power off, the unwrapped User keybags are zeroized and at the next power on the User credential needs to be provided again in order to unwrap the User keybag. All authentication data is provided electronically from the calling application/service and hence is not in visible form. The module does not support concurrent operators. This document may be reproduced and distributed only in its original entirely without revision.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| User | Authenticated | Role | AES-KW | ||||||
| Crypto Officer | Non- authenticated | Role | Implicit | ||||||
| User Keybag Services via Mailbox | Step 1: The module receives User credential and the reference to the class C or A key from the User keybag; Step 2. Obfuscation is performed on the User provided credential resulting into a value called REK.; Step 3. REK is used as a key for the AES KW operation to unwrap the referenced class A or C keys in the user keybag stored in the module; Step 4. Status of unwrapping operation of class keys is returned via | User - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys): W,E - REK: W,E - Authentic ation Credential : W,E | Unauthenti cated Symmetric Encryption and Decryption key wrapping / key unwrappin g | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | User creden tial, referen ce to class C/A key from the user keybag | status (success/e rror) |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| User | Authenticated | Role | AES-KW | ||||||
| Crypto Officer | Non- authenticated | Role | Implicit | ||||||
| User Keybag Services via Mailbox | Step 1: The module receives User credential and the reference to the class C or A key from the User keybag; Step 2. Obfuscation is performed on the User provided credential resulting into a value called REK.; Step 3. REK is used as a key for the AES KW operation to unwrap the referenced class A or C keys in the user keybag stored in the module; Step 4. Status of unwrapping operation of class keys is returned via | User - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys): W,E - REK: W,E - Authentic ation Credential : W,E | Unauthenti cated Symmetric Encryption and Decryption key wrapping / key unwrappin g | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | User creden tial, referen ce to class C/A key from the user keybag | status (success/e rror) | |||
| General Authentication service | The module invokes the User Keybag Services via Mailbox (i.e. #1 above) | User - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys): W,E - REK: W,E - Authentic ation Credential : W,E | key wrapping / key unwrappin g | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | User creden tial, referen ce to class C/A key from the user keybag | status (success/e rror) | |||
| Generation of Data Encryption Key (DEK) | Step 1: The module receives the reference to the class C or A key from the user keybag; Step 2: The module generates a new DEK using the DRBG; Step 3: Referenced class C or A key is used to wrap the DEK using AES-KW; Step 4: Wrapped DEK is | User - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys): W,E - Entropy input string: W,E - DRBG | Symmetric Key Generation | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | referen ce to class C/A key from the User keybag | wrapped DEK | |||
| sent out of the module | sent out of the module | seed: W,E - DRBG internal state (V value, Key): W,E - Data Encryptio n Key (DEK) (AES key): G,W,E | |||||||
| Keychain DEK service using AK/AKU/AKPU/ CK/CKU class key | Step 1. The module receives wrapped DEK (that was sent as part of service 3 above) and the pointer to class key AK/AKU/AKPU/ CK/CKU from the user keybag; Step 2. Using the referenced class key, the module unwraps the DEK using AES- KW. If the class key is not available, an error is returned; Step 3. plaintext DEK is sent out to the User. (AS09.16) | User - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys): W,E - Data Encryptio n Key (DEK) (AES key): W,E | key wrapping / key unwrappin g | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | pointer to AK/AK U/ AKPU/ CK/ CKU class key, wrapp ed DEK | unwrappe d DEK | |||
| Backup keybag generation | The module generates new set of back up keybags using the DRBG | User - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Backup Keybag (AES keys): G,E - Entropy input string: W,E - DRBG seed: W,E - DRBG internal state (V value, Key): W,E | Random Number Generation | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | N/A | status (success/e rror) | |||
| Backup keybag service | Step 1. The module receives wrapped DEK and the class key reference for C and A from the user keybag; 2. Using the referenced class key, the module unwraps the DEK using AES- KW. If the class key is not available, an | User - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys): W,E - Data Encryptio n Key (DEK) | key wrapping / key unwrappin g | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | wrapp ed DEK, referen ce to class C or A key from the user keybag | wrapped DEK |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
C/A g : W,E This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] C/A g : W,E C/A W,E This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] G,W,E U/ g W,E This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] N/A W,E g This document may be reproduced and distributed only in its original entirely without revision.
| Name | Description | Roles | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|
| Escrow keybag creation | The module generates new set of escrow keybag using the DRBG | User - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Escrow Keybag (AES keys): G,E - Entropy input string: | Random Number Generation | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | N/A | status (success/e rror) | |
| Export Keybag | Step 1. The module receives reference to a keybag; Step 2: A HMAC key is taken as input based on the hardware specific data for the SKS; Step 3: HMAC value is calculated on the entire referenced keybag that includes encrypted keys; Step 4: HMAC is appended at the end of the keybag; Step 5: keybag with the appended HMAC is output to the User | User - HMAC key: W,E - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys): R,E - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Backup Keybag (AES keys): R,E - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU | HMAC Message Authenticat ion Message Digest | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | referen ce to a keybag to be export ed | keybag with HMAC tag | |
| Device Wipe | Erase all content (Factory Reset) | Crypto Officer - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys): Z - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Backup Keybag (AES keys): Z - Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Escrow Keybag (AES keys): Z - Data | None | Success returne d from API listed in the custom er proprie tary guidan ce docum ent | N/A | N/A | |
| Perform self test | Initiate pre- operational self- test and CASTs by powering off/on | Crypto Officer | Unauthenti cated Symmetric Encryption and Decryption key wrapping / key unwrappin g Random Number Generation HMAC Message Authenticat | N/A | modul e power- off/on | results of self-test | |
| Show Status | N/A | Crypto Officer | None | N/A | N/A | status | |
| Show Module Version Information | N/A | Crypto Officer | None | N/A | N/A | Module name and version | |
| Class D key File System Services to wrap or unwrap DEK | Wrapping of provided plaintext DEK or unwrapping of provided wrapped DEK using class D key from Backup keybag or Flash in SEP | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key | ||||
| Class D key service to encrypt or decrypt data | Encryption of provided plaintext or decryption of provided ciphertext using class D key from Device or iCloud Keybag | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] W,E W,E R,W,E N/A This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] W,E This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] N/A N/A This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Z :Z N/A e poweroff/on g This document may be reproduced and distributed only in its original entirely without revision.
| Name | Description | Roles | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|---|
| Show Status | N/A | Crypto Officer | None | N/A | N/A | status | |
| Show Module Version Information | N/A | Crypto Officer | None | N/A | N/A | Module name and version | |
| Class D key File System Services to wrap or unwrap DEK | Wrapping of provided plaintext DEK or unwrapping of provided wrapped DEK using class D key from Backup keybag or Flash in SEP | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key | ||||
| Class D key service to encrypt or decrypt data | Encryption of provided plaintext or decryption of provided ciphertext using class D key from Device or iCloud Keybag | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key | ||||
| Class DK/DKU File System Services to wrap or unwrap keychain | Wrapping of provided plaintext keychain or unwrapping of provided wrapped keychain using class DK/DKU key from Backup keybag or User keybag | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key | ||||
| Class DK/DKU key service for data encrypt or decrypt | Encryption of provided plaintext or decryption of provided ciphertext using DK/DKU key from Device or iCloud keybag | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key | ||||
| Generate Ref-Key | Key Generation | Crypto Officer | Ed25519 Key generation Curve 25519 key generation ECDH Key Pair Generation | ||||
| Sign and verify using Ref-key | Signature Generation and Verification | Crypto Officer | ECDSA implemented in FW ECDSA implemented in HW PKA | ||||
| Encryption and decryption using Ref- key | shared secret is generated using user provided key and existing ref key followed by HKDF is applied to derived a key which is used to encrypt the provided plaintext or decrypt the provided ciphertext | Crypto Officer | AES-GCM HKDF RFC5869 ECDSA implemented in FW ECDSA implemented in HW PKA AES KW using class D key, keys from Device keybag, keys |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] N/A N/A N/A N/A N/A N/A Table 18: Approved Services The abbreviations of the access rights to SSPs have the following interpretation: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. N/A = The service does not access any SSP during its operation
This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] This document may be reproduced and distributed only in its original entirely without revision.
| Name | Description | Roles | Role Access |
|---|---|---|---|
| Generate Shared Secret using Ref-key | Shared secret generation | Crypto Officer | Ed25519 shared secret generation Curve 25519 shared secret generation ECDH Shared Secret Computation ECDH implemented in FW ECDH implemented in HW PKA |
| Device Keybag service for data encrypt or decrypt | Encryption of provided plaintext or decryption of provided ciphertext using any key from Device Keybag | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
| iCloud Keybag service for data encrypt or decrypt | Encryption of provided plaintext or decryption of provided ciphertext using any key from iCloud Keybag | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
| Escrow keybag service for key wrapping and unwrapping | Wrapping of provided plaintext key or unwrapping of provided wrapped key using any key from Escrow Keybag | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud |
| Encrypt or Decrypt service using Class B Curve 22519 key from any keybag | shared secret is computed by generating new ephemeral keypair and existing Curve25519 key followed by HKDF is applied to derived a key which is used doe data encryption or decryption. During encryption operations, the wrapped key and the ephemeral public key is sent to the user | Crypto Officer | Curve 25519 key generation Curve 25519 shared secret generation HKDF RFC5869 AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
| Wrap or unwrap service for DEK or keychain using any Curve 22519 key from asymmetric keybag | shared secret is computed by generating new ephemeral keypair and existing Curve25519 key followed by HKDF is applied to derived a key which is used to wrap and unwrap DEK or keychain. During wrapping operation, the wrapped key and the ephemeral public key is sent to the user | Crypto Officer | Curve 25519 key generation Curve 25519 shared secret generation HKDF RFC5869 AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
| Asymmetric (Ed25519) backup keybag wrap and unwrap | Pointer to DK/DKU/CK/CKU/AK/AKU/AKPU key from asymmetric keybag, plaintext keychain during wrapping operation or wrapped keychain during unwrapping operation | Crypto Officer | Ed25519 Key generation Ed25519 shared secret generation HKDF RFC5869 AES KW using class D key, keys from Device |
| Wrap or unwrap service for keychain using DK/DKU/CK/ CKU/AK/AKU/AKPU Ed25519 key from asymmetric keybag | shared secret is computed by generating new ephemeral keypair and existing Curve25519 key followed by HKDF is applied to derived a key which is used to wrap and unwrap. The wrapped key and the ephemeral public key is sent to the user | Crypto Officer | Ed25519 Key generation Ed25519 shared secret generation HKDF RFC5869 AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
| NVM Storage Controller Key Service | wrapping DEK using NVM storage controller key | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
| Elliptic Curve Integrated Encryption Scheme (ECIES) Encryption | Encryption | Crypto Officer | ECDH Shared Secret Computation ANSI X9.63 KDF AES-GCM |
| Elliptic Curve Integrated Encryption Scheme (ECIES) Decryption | Decryption | Crypto Officer | ECDH Shared Secret Computation ANSI X9.63 KDF AES-GCM |
| PBKDF Key Derivation | Hash-based Key Derivation | Crypto Officer | PBKDF |
| File system DEK service | Unwrap the DEK using referenced class key and re-wrap using NVM storage controller key | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
| Generation of DEK via IPC using class D key | Requesting generate DEK service via IPC Channel using class D keys | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
| Requesting backup keybag service via IPC using class D key | Requesting backup keybag service via IPC Channel using class D keys | Crypto Officer | AES KW using class D key, keys from Device keybag, keys from iCloud keybag or NVM storage controller key |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Table 19: Non-Approved Services
N/A This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
The Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] is in the form of binary executable code. A firmware integrity test is performed on the runtime image of the module. The HMAC-SHA256 implemented in the module is used as the approved algorithm for the integrity test. If the test fails, the module enters an error state where no cryptographic services are provided, and data output is prohibited i.e. the module is not operational. As the module is delivered built with the Device OS, there is no standalone delivery of the module. The vendor’s internal development process guarantees that the correct version of module goes with its intended Device OS version.
The module’s integrity test can be performed on demand by powering-off and reloading the module. The integrity test on demand is performed as part of the Pre-Operational Self-Tests, automatically executed at power-on. This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
Type of Operational Environment: Non-Modifiable
The module operates within the sepOS execution environment which is separate from the Device OS execution environment. The SEP operating system provides memory isolation between all applications executing on it. The Device OS is unable to access the module's memory or observe the module's operation. This document may be reproduced and distributed only in its original entirely without revision.
| Mechanism | Inspection | Inspection | ||
|---|---|---|---|---|
| Frequency | Guidance | |||
| Production Grade Components that include standard passivation | No operator- performed testing is recommended | N/A | ||
| Tamper-Evident Coating or black hard coated material or metal coating, SoC is soldered in logic board from the Ball Grid Array (BGA) or SIP is embedded in hardened resin. The components listed above are opaque within the visible spectrum. | No operator- performed testing is recommended | N/A | ||
| Hardness of the coating | No operator- performed testing is recommended | N/A | ||
| Environmental Failure Protection (EFP) forces the module to shut down | No operator- performed testing is recommended | N/A |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
The defined physical boundary of the Apple corecrypto Module v12 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] is the entire System-on-Chip (SoC) listed in the Tested Module Identification table. Consequently, the physical embodiment of each SoC is considered to be that of a single-chip cryptographic module. The hardware module conforms to the Level 3 requirements for physical security. The physical direct observation, probing, or manipulation of the single-chip as detailed in the Physical Security Mechanisms and Actions Required table. The hardness of the coated material was tested in the module's intended temperature range of operation (Hardness Testing Temperature features as detailed in the EFP/EFT Information Table.
N/A N/A N/A N/A Table 20: Mechanisms and Actions Required
Number: Placement: Surface Preparation: Operator Responsible for Securing Unused Seals: Part Numbers: This document may be reproduced and distributed only in its original entirely without revision.
| Temp/Voltage Type | Temperature or Voltage | EFP | Result | |
|---|---|---|---|---|
| or | ||||
| EFT | ||||
| LowTemperature | Values found in Apple proprietary document | EFP | shutdown | |
| HighTemperature | Values found in Apple proprietary document | EFP | shutdown | |
| LowVoltage | Values found in Apple proprietary document | EFP | shutdown | |
| HighVoltage | Values found in Apple proprietary document | EFP | shutdown |
| Temperature | Temperature | |
|---|---|---|
| Type | ||
| LowTemperature | -25 Celcius | |
| HighTemperature | 51 Celcius |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Table 21: EFP/EFT Information N/A
Table 22: Hardness Testing Temperatures N/A This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
Per IG 12.A, until the requirements of NIST SP 800-140F are defined, non-invasive mechanisms fall under ISO/IEC 19790:2012 Section 7.12 Mitigation of other attacks. The requirements of this area are not applicable to the module. This document may be reproduced and distributed only in its original entirely without revision.
| Name | Type | Description |
|---|---|---|
| Flash | Static | Preloaded at factory |
| RAM | Dynamic | Volatile memory |
| Name | Type | From | To | |||
|---|---|---|---|---|---|---|
| User Input | Plaintext | User | RAM | Manual | Direct | |
| Export Keybag from Flash | Encrypted | Flash | Operating calling application (TOEPP) | Automated | Electronic | key wrapping / key unwrapping |
| Export Keybag from RAM | Encrypted | RAM | Operating calling application (TOEPP) | Automated | Electronic | key wrapping / key unwrapping |
| Obfuscation of User Input Authentication Credential | Plaintext | User | RAM | Manual | Direct | |
| Obtained from ENT (P) | Plaintext | ENT (P) | RAM | Automated | Electronic | Random Number Generation |
| Pre-loaded from Factory | Plaintext | Factory install | Flash | Automated | Electronic |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
Table 24: SSP Input-Output Methods
Keys and SSPs (including temporary SSPs) are zeroised when the appropriate context object is destroyed by overwriting the entire context object with all zeros. The zeroization occurs at the end of an API function that uses the CSPs or when the system is powered down or when the This document may be reproduced and distributed only in its original entirely without revision.
| Name | Type | Description | Strength | Generation | Use |
|---|---|---|---|---|---|
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys) | Symmetric - CSP | AES keys in user keybag | 256- bits - 256- bits | Unauthenticat ed Symmetric Encryption and Decryption key wrapping / key unwrapping | |
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Backup Keybag (AES keys) | Symmetric - CSP | AES keys in backup keybag | 256- bits - 256- bits | Symmetri c Key Generatio n | key wrapping / key unwrapping |
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in | Symmetric - CSP | AES keys in escrow keybag | 256- bits - 256- bits | Symmetri c Key Generatio n | key wrapping / key unwrapping |
| Zeroization | Description | Rationale | Operator | |
|---|---|---|---|---|
| Method | Initiation | |||
| Context object destruction | SSPs are zeroised when the appropriate context object is destroyed | Zeroization when structure is deallocated | N/A | |
| Power Down | SSPs are zeroised when the system is powered down | Powering down forces context object destruction | Operator can initiate a power down | |
| Device Wipe | Erase all content (factory reset) | Factory reset zeroizes all SSPs, including those stored in Flash | Operator can initiate a device wipe |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] "Device Wipe" service is invoked. Data output interfaces are inhibited while zeroisation is performed. N/A Table 25: SSP Zeroization Methods n h 256bits 256bits 256bits 256bits n 256bits 256bits n This document may be reproduced and distributed only in its original entirely without revision.
| Name | Type | Description | Strength | Generation | Storage | Zeroization | Use | Input | |
|---|---|---|---|---|---|---|---|---|---|
| Data Encryption Key (DEK) (AES key) | Symmetric - CSP | AES keys in user keybag | 256- bits - 256- bits | Symmetri c Key Generatio n | key wrapping / key unwrapping Random Number Generation | ||||
| Entropy input string | Entropy - CSP | Entropy input string | 256- bits - 256- bits | Random Number Generatio n | Random Number Generation | ||||
| DRBG seed | Seed - CSP | DRBG seed derived from entropy input (IG D.L compliant ) | 384- bits - 256- bits | Random Number Generatio n | Random Number Generation | ||||
| DRBG internal state (V value, Key) | DRBG - CSP | Internal state values associate d with CTR_DRB G | 384- bits - 256- bits | Random Number Generatio n | Random Number Generation | ||||
| HMAC key | Message Authenticatio n Key - CSP | HMAC key | 112- bits - 112- bits | Symmetri c Key Generatio n | Random Number Generation | ||||
| Authenticatio n Credential | User- generated - CSP | User- provided credential s | N/A - N/A | key wrapping / key unwrapping | |||||
| REK | Symmetric - CSP | Root Encryptio n Key | 256- bits - 256- bits | key wrapping / key unwrapping | |||||
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys) | Flash:Encrypte d | Device Wipe | Export Keybag from Flash Pre-loaded from Factory | From factory install to device- wipe | |||||
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Backup Keybag (AES keys) | RAM:Encrypte d | Context object destructio n Power Down | Export Keybag from RAM | From service invocatio n to service completio n | |||||
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Escrow Keybag (AES keys) | RAM:Encrypte d | Context object destructio n Power Down | Export Keybag from RAM | From service invocatio n to service completio n | |||||
| Data Encryption Key (DEK) (AES key) | RAM:Encrypte d | Context object destructio n Power Down | Export Keybag from RAM | From service invocatio n to service |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] n h 256bits 256bits n 256bits 256bits n D.L ) 384bits 256bits n G 384bits 256bits n 112bits 112bits n N/A N/A Usergenerated CSP s This document may be reproduced and distributed only in its original entirely without revision.
| Name | Type | Description | Strength | Storage | Zeroization | Use | Input | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|
| REK | Symmetric - CSP | Root Encryptio n Key | 256- bits - 256- bits | key wrapping / key unwrapping | |||||
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in User Keybag (AES keys) | Flash:Encrypte d | Device Wipe | Export Keybag from Flash Pre-loaded from Factory | From factory install to device- wipe | |||||
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Backup Keybag (AES keys) | RAM:Encrypte d | Context object destructio n Power Down | Export Keybag from RAM | From service invocatio n to service completio n | |||||
| Class A, Class C, Class AK, Class AKU, Class CK, Class CKU in Escrow Keybag (AES keys) | RAM:Encrypte d | Context object destructio n Power Down | Export Keybag from RAM | From service invocatio n to service completio n | |||||
| Data Encryption Key (DEK) (AES key) | RAM:Encrypte d | Context object destructio n Power Down | Export Keybag from RAM | From service invocatio n to service | |||||
| Entropy input string | RAM:Encrypte d | Context object destructio n Power Down | Obtained from ENT (P) | From service invocatio n to service completio n | DRBG seed:Derives | ||||
| DRBG seed | RAM:Encrypte d | Context object destructio n Power Down | From service invocatio n to service completio n | Entropy input string:Derived From DRBG internal state (V value, Key):Generates | |||||
| DRBG internal state (V value, Key) | RAM:Encrypte d | Context object destructio n Power Down | From service invocatio n to service completio n | DRBG seed:Generated From | |||||
| HMAC key | RAM:Encrypte d | Context object destructio n Power Down | From service invocatio n to service completio n | ||||||
| Authenticati on Credential | RAM:Obfuscat ed | Context object destructio n Power Down | User Input | From service invocatio n to service completio n | REK:Derives | ||||
| REK | RAM:Plaintext | Context object destructio n Power Down | Obfuscation of User Input Authenticati on Credential | From service invocatio n to service completio n | Authentication Credential:Obfuscati on from |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] n h 256bits 256bits Table 26: SSP Table 1 n d devicewipe d n n d n n d n This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] n n d n n d n n d n n d n n n n This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] n n n Table 27: SSP Table 2 This document may be reproduced and distributed only in its original entirely without revision.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A2845) | HMAC- SHA2-256 (A2845) | Message Authentication | SW/FW Integrity | The HMAC value is pre- computed at build time and stored in the module. The HMAC value is recalculated during runtime and compared with the stored value. | 112-bit key | If the test fails, then the module enters an Error State. | |
| HMAC- SHA2-512 (A2845) | HMAC- SHA2-512 (A2845) | KAT | CAST | Message authentication | 112-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| HMAC- SHA2-512 (A2848) | HMAC- SHA2-512 (A2848) | KAT | CAST | Message authentication | 112-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A2845) | HMAC- SHA2-256 (A2845) | Message Authentication | SW/FW Integrity | The HMAC value is pre- computed at build time and stored in the module. The HMAC value is recalculated during runtime and compared with the stored value. | 112-bit key | If the test fails, then the module enters an Error State. | |
| HMAC- SHA2-512 (A2845) | HMAC- SHA2-512 (A2845) | KAT | CAST | Message authentication | 112-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| HMAC- SHA2-512 (A2848) | HMAC- SHA2-512 (A2848) | KAT | CAST | Message authentication | 112-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| HMAC- SHA2-256 (A2849) | HMAC- SHA2-256 (A2849) | KAT | CAST | Message authentication | 112-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| SHA2-256 (A2845) | SHA2-256 (A2845) | KAT | CAST | Message authentication | N/A | Module becomes operational | Test runs at Power-on before the integrity test |
| SHA2-256 (A2848) | SHA2-256 (A2848) | KAT | CAST | Message authentication | N/A | Module becomes operational | Test runs at Power-on before the integrity test |
| SHA-1 (A2845) | SHA-1 (A2845) | KAT | CAST | Message authentication | N/A | Module becomes operational | Test runs at Power-on before the integrity test |
| SHA-1 (A2848) | SHA-1 (A2848) | KAT | CAST | Message authentication | N/A | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A2842) | AES-CBC (A2842) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A2842) | AES-CBC (A2842) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-KW (A2843) | AES-KW (A2843) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the |
| AES-KW (A2843) | AES-KW (A2843) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A2844) | AES-CBC (A2844) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A2844) | AES-CBC (A2844) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-KW (A2845) | AES-KW (A2845) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-KW (A2845) | AES-KW (A2845) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-KW (A2846) | AES-KW (A2846) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-KW (A2846) | AES-KW (A2846) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-ECB (A2847) | AES-ECB (A2847) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-ECB (A2847) | AES-ECB (A2847) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A510) | AES-CBC (A510) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A510) | AES-CBC (A510) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-ECB (A501) | AES-ECB (A501) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-ECB (A501) | AES-ECB (A501) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-ECB (A1362) | AES-ECB (A1362) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-ECB (A1362) | AES-ECB (A1362) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the |
| AES-CBC (A1469) | AES-CBC (A1469) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A1469) | AES-CBC (A1469) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A2863) | AES-CBC (A2863) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-CBC (A2863) | AES-CBC (A2863) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-ECB (A2864) | AES-ECB (A2864) | KAT | CAST | Encryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| AES-ECB (A2864) | AES-ECB (A2864) | KAT | CAST | Decryption | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| Counter DRBG (A1362) | Counter DRBG (A1362) | KAT | CAST | Health test per SP800- 90ARev1 section 11.3 | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| Counter DRBG (A2864) | Counter DRBG (A2864) | KAT | CAST | Health test per SP800- 90ARev1 section 11.3 | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| Counter DRBG (A501) | Counter DRBG (A501) | KAT | CAST | Health test per SP800- 90ARev1 section 11.3 | 128-bit key | Module becomes operational | Test runs at Power-on before the integrity test |
| ESV-RCT (Startup) | ESV-RCT (Startup) | fault- detection test | CAST | SP 800-90B 4.4.1 Repetition Count Test | Repetition Count Test performed at entropy source startup | successful seeding of SP 800-90A DRBG | upon startup of entropy source |
| ESV-RCT (Continuous) | ESV-RCT (Continuous) | fault- detection test | CAST | SP 800-90B 4.4.1 Repetition Count Test | Repetition Count Test performed every invocation of entropy source after startup | successful seeding of SP 800-90A DRBG | upon seeding or reseeding SP 800-90A DRBG |
| ESV-APT (Startup) | ESV-APT (Startup) | fault- detection test | CAST | SP 800-90B 4.4.2 Adaptive Proportion Test | Adaptive Proportion Test performed at entropy source startup | successful seeding of SP 800-90A DRBG | upon startup of entropy source |
| ESV-APT (Continuous) | ESV-APT (Continuous) | fault- detection test | CAST | SP 800-90B 4.4.2 Adaptive Proportion Test | Adaptive Proportion Test performed at every invocation of entropy source every | successful seeding of SP 800-90A DRBG | upon seeding or reseeding SP 800-90A DRBG |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
While the module is executing the self-tests, services are not available, and input and output are inhibited.
HMAC-SHA256 is used as an approved integrity technique. Prior to using HMAC-SHA-256, a Conditional Cryptographic Algorithm Self-Tests (CAST) KAT is performed on the HMAC HMACSHA2-256 Table 28: Pre-Operational Self-Tests
HMACSHA2-512 HMACSHA2-512 This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] HMACSHA2-256 N/A N/A N/A N/A This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] SP80090ARev1 This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] SP80090ARev1 SP80090ARev1 faultdetection 4.4.1 faultdetection 4.4.1 faultdetection faultdetection This document may be reproduced and distributed only in its original entirely without revision.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method |
|---|---|---|---|---|---|
| HMAC-SHA2- 256 (A2845) | HMAC-SHA2- 256 (A2845) | Message Authentication | SW/FW Integrity | Whenever module is powered on | Upon every power-on |
| HMAC-SHA2- 512 (A2845) | HMAC-SHA2- 512 (A2845) | KAT | CAST | On Demand | Manually |
| HMAC-SHA2- 512 (A2848) | HMAC-SHA2- 512 (A2848) | KAT | CAST | On Demand | Manually |
| HMAC-SHA2- 256 (A2849) | HMAC-SHA2- 256 (A2849) | KAT | CAST | On Demand | Manually |
| SHA2-256 (A2845) | SHA2-256 (A2845) | KAT | CAST | On Demand | Manually |
| SHA2-256 (A2848) | SHA2-256 (A2848) | KAT | CAST | On Demand | Manually |
| SHA-1 (A2845) | SHA-1 (A2845) | KAT | CAST | On Demand | Manually |
| SHA-1 (A2848) | SHA-1 (A2848) | KAT | CAST | On Demand | Manually |
| AES-CBC (A2842) | AES-CBC (A2842) | KAT | CAST | On Demand | Manually |
| AES-CBC (A2842) | AES-CBC (A2842) | KAT | CAST | On Demand | Manually |
| AES-KW (A2843) | AES-KW (A2843) | KAT | CAST | On Demand | Manually |
| AES-KW (A2843) | AES-KW (A2843) | KAT | CAST | On Demand | Manually |
| AES-CBC (A2844) | AES-CBC (A2844) | KAT | CAST | On Demand | Manually |
| AES-CBC (A2844) | AES-CBC (A2844) | KAT | CAST | On Demand | Manually |
| AES-KW (A2845) | AES-KW (A2845) | KAT | CAST | On Demand | Manually |
| AES-KW (A2845) | AES-KW (A2845) | KAT | CAST | On Demand | Manually |
| AES-KW (A2846) | AES-KW (A2846) | KAT | CAST | On Demand | Manually |
| AES-KW (A2846) | AES-KW (A2846) | KAT | CAST | On Demand | Manually |
| AES-ECB (A2847) | AES-ECB (A2847) | KAT | CAST | On Demand | Manually |
| AES-ECB (A2847) | AES-ECB (A2847) | KAT | CAST | On Demand | Manually |
| AES-CBC (A510) | AES-CBC (A510) | KAT | CAST | On Demand | Manually |
| AES-CBC (A510) | AES-CBC (A510) | KAT | CAST | On Demand | Manually |
| AES-ECB (A501) | AES-ECB (A501) | KAT | CAST | On Demand | Manually |
| AES-ECB (A501) | AES-ECB (A501) | KAT | CAST | On Demand | Manually |
| AES-ECB (A1362) | AES-ECB (A1362) | KAT | CAST | On Demand | Manually |
| AES-ECB (A1362) | AES-ECB (A1362) | KAT | CAST | On Demand | Manually |
| AES-CBC (A1469) | AES-CBC (A1469) | KAT | CAST | On Demand | Manually |
| AES-CBC (A1469) | AES-CBC (A1469) | KAT | CAST | On Demand | Manually |
| AES-CBC (A2863) | AES-CBC (A2863) | KAT | CAST | On Demand | Manually |
| AES-CBC (A2863) | AES-CBC (A2863) | KAT | CAST | On Demand | Manually |
| AES-ECB (A2864) | AES-ECB (A2864) | KAT | CAST | On Demand | Manually |
| AES-ECB (A2864) | AES-ECB (A2864) | KAT | CAST | On Demand | Manually |
| Counter DRBG (A1362) | Counter DRBG (A1362) | KAT | CAST | On Demand | Manually |
| Counter DRBG (A2864) | Counter DRBG (A2864) | KAT | CAST | On Demand | Manually |
| Counter DRBG (A501) | Counter DRBG (A501) | KAT | CAST | On Demand | Manually |
| ESV-RCT (Startup) | ESV-RCT (Startup) | fault-detection test | CAST | On Demand | Manually |
| ESV-RCT (Continuous) | ESV-RCT (Continuous) | fault-detection test | CAST | On Demand | Manually |
| ESV-APT (Startup) | ESV-APT (Startup) | fault-detection test | CAST | On Demand | Manually |
| ESV-APT (Continuous) | ESV-APT (Continuous) | fault-detection test | CAST | On Demand | Manually |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Table 29: Conditional Self-Tests
Table 30: Pre-Operational Periodic Information This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] This document may be reproduced and distributed only in its original entirely without revision.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error state | The HMAC-SHA-256 value computed over the module did not match the pre- computed value, OR the computed value in the invoked Conditional CAST did not match the known value. No cryptographic services are provided, and data output is prohibited | Pre- operational Firmware Integrity Test failure OR Conditional CAST failure | for Integrity: print statement "FAILED: fipspost_post_integrity" to stdout; for CAST: sprint statement "FAILED:<event>" to stdout (<event> refers to any of the cryptographic functions listed in the Conditional Self- test Table) | Power off/on |
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
Preoperational Table 32: Error States
This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
Startup Procedures: As the module is delivered built with the Device OS, there is no standalone delivery of the module. Installation Process and Authentication Mechanisms: The vendor’s internal development process guarantees that the correct version of module goes with its intended Device OS version. For additional assurance, the module is digitally signed by vendor, and it is verified during the integration into Host Device OS. This digital signature-based integrity protection used during the delivery/integration process is not to be confused with the HMAC-256 based integrity check performed by the module itself as part of its pre-operational self- tests.
The biometric authentication option provided by the underlying test platform shall be disabled in order to run the module in the FIPS validated manner. The Approved mode of operation is configured in the system by default and can only be transitioned into the non-Approved mode by calling one of the non-Approved services listed in Table - Non-Approved Services. If the device starts up successfully, then the module has passed all self-tests and is operating in the Approved mode. The ESV Public Use Document (PUD) reference for physical entropy source is: https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropyvalidations/certificate/113 Apple Platform Certifications guide [platform certifications] and Apple Platform Security guide [SEC] are provided by Apple which offers IT System Administrators with the necessary technical information to ensure FIPS 140-3 Compliance of the deployed systems. This guide walks the reader through the system’s assertion of cryptographic module integrity and the steps necessary if module integrity requires remediation.
The User role is authenticated with the mechanism described in section 4. The User role can access the module via mailbox interface using the Device OS’s XNU kernel. The User role can perform subset of services from Table - Approved Algorithms. As stated in the Administrator Guidance section above, the Approved mode of operation is configured in the system by default and can only be transitioned into the non-Approved mode by calling one of the non-Approved services. This transition cannot be made by the User directly, as all non-approved services require an implicit transition into the Crypto-Officer role. Any calling of such services is therefore implicitly performed by the Crypto Officer. This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
The Device Wipe service erases the module content. When performing a Device Wipe service to erase all content of the module, the procedure must be performed under the control of the Operator. This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]
The module does not claim mitigation of other attacks. This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard API Application Programming Interfaces APT Adaptive Proportion Test (SP800-90B health test) BGA Ball Grid Array (Physical Security) CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CMVP Cryptographic Module Validation Program CST Cryptographic and Security Testing CTR Counter Mode DEK Data Encryption Key DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECDSA DSA (Digital Signature Algorithm) based on Elliptic Curve Cryptography (ECC) EMI Electromagnetic Interference (Physical Security) ESV NIST entropy source validation program providing SP 800-90B compliant entropy validation certificate FIPS Federal Information Processing Standards Publication GCM Galois Counter Mode HMAC Hash Message Authentication Code IPC Inter-Process Communication IHS Integrated Heat Spreader (Physical Security) KAT Known Answer Test KDF Key Derivation Function KEK Key Encryption Key KW AES Key Wrap MAC Message Authentication Code NIST National Institute of Science and Technology NVM Non-Volatile Memory OFB Output Feedback OS Operating System PBKDF Password Based Key Derivation Function RCT Repetition Count Test (SP800-90B health test) SEP Secure Enclave Processor SHA Secure Hash Algorithm This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] Appendix B. FIPS140-3 References FIPS PUB 140-3 - Security Requirements for Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 SP 800-140x CMVP FIPS 140-3 Related Reference https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-standards FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program January 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS%20140-3%20IG.pdf FIPS140-3_MM CMVP FIPS 140-3 Management Manual February 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS-140-3-CMVP%20Management%20Manual%20v2.1%5B02-292024%5D.pdf SP 800-140 FIPS 140-3 Derived Test Requirements (DTR) March 2020 https://csrc.nist.gov/publications/detail/sp/800-140/final SP 800-140A CMVP Documentation Requirements March 2020 https://csrc.nist.gov/publications/detail/sp/800-140a/final SP 800-140Br1 CMVP Security Policy Requirements November 2023 https://doi.org/10.6028/NIST.SP.800-140Br1 SP 800-140C CMVP Approved Security Functions July 2023 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Cr2.pdf SP 800-140D CMVP Approved Sensitive Security Parameter Generation and Establishment Methods July 2023 https://doi.org/10.6028/NIST.SP.800-140Dr2 SP 800-140E CMVP Approved Authentication Mechanisms March 2020 https://csrc.nist.gov/publications/detail/sp/800-140e/final SP 800-140F CMVP Approved Non-Invasive Attack Mitigation Test Metrics March 2020 https://csrc.nist.gov/publications/detail/sp/800-140f/final This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] FIPS180-4 Secure Hash Standard (SHS) March 2012 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS186-5 Digital Signature Standard (DSS) F3b 2023 https://doi.org/10.6028/NIST.FIPS.186-5 FIPS197 Advanced Encryption Standard November 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 http://www.ietf.org/rfc/rfc3447.txt RFC3394 Advanced Encryption Standard (AES) Key Wrap Algorithm September 2002 http://www.ietf.org/rfc/rfc3394.txt RFC5649 Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm September 2009 http://www.ietf.org/rfc/rfc5649.txt SP800-38A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP800-38C NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP800-38E NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf SP800-38F NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf This document may be reproduced and distributed only in its original entirely without revision.
Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] SP800-56Cr2 Recommendation for Key-Derivation Methods in Key-Establishment Schemes August 2020 https://doi.org/10.6028/NIST.SP.800-56Cr2 SP800-57 NIST Special Publication 800-57 Part 1 Revision 5 - Recommendation for Key Management Part 1: General May 2020 https://doi.org/10.6028/NIST.SP.800-57pt1r5 SP800-67r2 NIST Special Publication 800-67 Revision 1 - Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher January 2012 (withdrawn January 2014) https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf SP800-90Ar1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://dx.doi.org/10.6028/NIST.SP.800-90Ar1 SP800-90B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://doi.org/10.6028/NIST.SP.800-90B SP800-108r1 NIST Special Publication 800-108r1 - Recommendation for Key Derivation Using Pseudorandom Functions Aug 2022 https://doi.org/10.6028/NIST.SP.800-108r1 SP800-131Ar2 Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://doi.org/10.6028/NIST.SP.800-131Ar2 SP800-133r2 Recommendation for Cryptographic Key Generation June 2020 https://doi.org/10.6028/NIST.SP.800-133r2 SP800-135r1 NIST Special Publication 800-135 Revision 1 - Recommendation for Existing Application-Specific Key Derivation Functions December 2011 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf SEC Apple Platform Security https://support.apple.com/guide/security/welcome/web https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf platform certifications Apple Platform Certifications https://support.apple.com/guide/certifications/welcome/web This document may be reproduced and distributed only in its original entirely without revision.