| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Firmware-hybrid |
| Embodiment | Single Chip |
| Status | Active |
| Sunset date | 8/11/2030 |
| Caveat | No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. |
| Vendor | Privoro LLC |
| Algorithm | ACVP Cert |
|---|---|
| AES-CCM | A2494 |
| AES-ECB | A2494 |
| ECDSA KeyGen (FIPS186-4) | A2494 |
| ECDSA SigGen (FIPS186-4) | A2494 |
| ECDSA SigVer (FIPS186-4) | A2494 |
| Hash DRBG | A2494 |
| HMAC-SHA2-384 | A2494 |
| KAS-ECC-SSC Sp800-56Ar3 | A2494 |
| KDA OneStep Sp800-56Cr1 | A2494 |
| RSA KeyGen (FIPS186-4) | A2494 |
| RSA SigGen (FIPS186-4) | A2494 |
| RSA Signature Primitive | A2494 |
| RSA SigVer (FIPS186-4) | A2494 |
| SHA2-256 | A2494 |
| SHA2-384 | A2494 |
flowchart LR
%% Deterministic review-risk graph for SafeCase Security Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Show status<br/>self-test</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for SafeCase Security Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Show status<br/>self-test</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;SafeCase Security Module Document Version D18 July 01, 2025 Prepared for: Prepared by: Privoro LLC KeyPair Consulting Inc.
Chandler, AZ 85226 San Luis Obispo, CA 93401 privoro.com keypair.us +1 844.774.8676 +1 805.316.5024 Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy Table of Contents List of Tables List of Figures Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy
the Module. The Module:
The Module is a firmware-hybrid Module as defined by [I19790], operated on a single-chip. The Module provides cryptographic services for use in SafeCase mobile device management systems. The tested Operational Environments are specified in Table 2 below. Table 2: Tested Operational Environments # Operating System Hardware Platform Processor PAA/Acceleration
1 Free-RTOS NXP MK81FN256VDC15 NXP Kinetis K81FN256xxx15 PAA is enabled for the K811
The module comprises of the disjoint firmware component libpcrypt.a and the disjoint hardware component, the Memory-Mapped Cryptographic Acceleration Unit (MMCAU) within the NXP MK81FN256VDC15 single-chip which is the physical perimeter (TOEPP) of the module. The UID information returned by pcrypt_status contains name (“SCSM”), hardware version (0x81001BD9) for the MMCAU disjoint hardware component and firmware version (“1.0.1”), consistent with the Module’s CMVP listing information and tabularized below: K81= NXP MK81FN256VDC15 Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy Table 3: Tested Module Versioning Information/Identification # Firmware Firmware Version Hardware Hardware Version Module Identifier Component Component
1 libpcrypt.a 1.0.1 Hardware accelerator 0x81001BD9 SCSM
(MMCAU) within the NXP MK81FN256VDC15 i.e. K81 chip Please Note: The disjoint firmware component of the module is the libpcrypt.a statically linked library (version 1.0.1) and the disjoint hardware component of the module is the hardware accelerator (MMCAU) version 0x81001BD9. The module is identified by the identifier returned by the module, i.e. the ‘SCSM’ string as detailed in the table above.
The physical form of the Module is depicted below. The physical perimeter (i.e. the Tested Operational Environment’s Physical Perimeter (TOEPP)) consists of the surfaces, edges and solder connections of the NXP MK81FN256VDC15 integrated circuit shown in Figure 1. Top Bottom Figure 1: Module Physical Perimeter The module is a hybrid module with the disjoint firmware component, libpcrypt.a (executing on the ARM CPU core) and the disjoint hardware component (MMCAU) forming the cryptographic boundary as depicted in the Figure 2 (outlined in red). The libpcrypt.a uses AES hardware cryptographic accleration from the MMCAU. Both the disjoint components reside within the NXP K81 SoC i.e. single chip. Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy Figure 2: Module Block Diagram
The Module supports only an Approved mode of operation by default, and enforces the following security rules:
The Module does not support a degraded mode of operation.
The Module implements the Approved cryptographic functions listed in Table 4. Equivalent strength in bits is given for each key or algorithm type (as some algorithms do not use or produce keys). The term s is used throughout to indicate security strength, following the notation used in the majority of the sources (refer to the notes below Table 4). This table is referenced by Table 13 (SSPs). All references to the algorithm standards cited throughout this document can be found in the References section. Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy Table 4: Approved Algorithms CAVP Algorithm Mode / Description / Key Size(s) / Use / Function Cert and Standard Method Key Strength(s) A2494 AES-ECB AES-ECB AES-256 (s = 256) Encryption (used only as a pre[FIPS197], requisite for AES-CCM) [SP800-38A] A2494 AES-CCM AES-CCM AES-256 (s = 256) Authenticated encryption [SP800-38C] Vendor CKG Direct 256-bit Citation of [SP800-133r2] Affirmed [SP800-133r2] The module supports the following compliance required per [FIPS140sections per NIST [SP800-133r2]: 4, 3_IG] D.H Scenario 2 5.1, 5.2, 5.3, 5.4, 6.1, 6.2.1, 6.4 and 6.5. A2494 ECDSA KeyGen Secret Generation Mode: Extra Bits P-384 (s ~= 192) Key generation [FIPS186-4] See Note 2 A2494 ECDSA SigGen SigGen (tested with SHA2-384) P-384 (s ~= 192) Signature generation [FIPS186-4] See Note 2 A2494 ECDSA SigVer SigVer (tested with SHA2-384) P-384 (s ~= 192) Signature verification [FIPS186-4] See Note 2 A2494 ENT ENT (P) 1024-bit seed; DRBG seeding [SP800-90B] 1024-bit nonce A2494 Hash DRBG No prediction resistance SHA2-256 (s = 256) Random bit generation [SP800-90Ar1] A2494 HMAC-SHA2-384 Generate HMAC-SHA2-384 MAC SHA2-384 (s = 384) HMAC generation and verification [FIPS198-1] A2494 KAS Schemes: Ephemeral Unified KAS-ECC per IG D.F Key agreement with key derivation [SP800-56Ar3] Roles: Initiator, Responder Scenario 2 path (2) option using [SP800-56Cr1] KDA KAS-ECC-SSC curves: P-384 2 KDA One-Step KDF P-384 curve providing
strength A2494 KAS-ECC-SSC Scheme: ephemeralUnified P-384 (s ~= 192) Shared secret generation [SP800-56Ar3] KAS Role: initiator, responder See Note 2 and Note 3 IG D.F Scenario 2 path 2 with an approved KDF per [SP800-56Ar3] A2494 KDA OneStep One-Step KDF SHA2-384 (112 ≤ s ≤ 384) Derivation of keying material from a [SP800-56Cr1] Auxiliary function method: SHA2-384 See Note 6 KAS shared secret A2494 RSA KeyGen Key generation mode: B.3.3 k=2048 (s ~= 112) Key generation [FIPS186-4] Primality tests per Table C.3 See Note 5 A2494 RSA SigGen Signature type: PKCS 1.5 tested with k=2048 (s ~= 112) Signature generation [FIPS186-4] k=2048 and SHA2-256 See Note 4 and Note 5 A2494 RSA Signature Private Key format: standard k=2048 (s ~= 112) Signature primitive operation Primitive Public Exponent Mode: fixed See Note 4 and Note 5 [FIPS186-4] A2494 RSA SigVer Signature type: PKCS 1.5 tested with k=2048 (s ~= 112) Signature verification [FIPS186-4] k=2048 and SHA2-256 See Note 4 and Note 5 A2494 SHA2-256 SHA2-256 SHA2-256 (s = 256) Secure hash generation [FIPS180-4] See Note 1 Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy CAVP Algorithm Mode / Description / Key Size(s) / Use / Function Cert and Standard Method Key Strength(s) A2494 SHA2-384 SHA2-384 SHA2-384 (s = 384) Secure hash generation [FIPS180-4] See Note 1 Note 1: Preimage resistance strength applies to hash algorithms used in DRBG, KDFs. Described also in [SP800-57P1r5] Table
The Module’s logical interfaces are described in Table 6; the Module’s physical ports are outside the cryptographic boundary. Table 6: Ports and Interfaces Physical port Logical Interface Data that passes over port/interface Control Input API entry point: stack frame including non-sensitive parameters N/A: Internal Data Input API call parameters passed by reference or value for cryptographic service input (call stack) Status Output API return value: enumerated status resulting from call execution Data Output API call parameters passed by reference for cryptographic service output The Control Output interface is not applicable, as the module does not control other components. Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy
The Module supports only the Cryptographic Officer (CO) role. It does not support multiple concurrent operators, a maintenance role or bypass capability. Operator authentication is described in Table 8. Table 7: Roles, Service Commands, Input and Output Role Service Input Output CO pcrypt_aesccm_decrypt SC_EDK; ciphertext message Plaintext message; status CO pcrypt_aesccm_encrypt SC_EDK; plaintext message Ciphertext message; status N/A pcrypt_aes_free (Perform AES struct (includes SC_EDK) Status (AES struct zeroised, freed) zeroisation) CO pcrypt_aesccm_init SC_EDK Initialized AES struct; status CO pcrypt_ecc_export_private ECC struct inclusive of ECC_Private ECC_Private; status CO pcrypt_ecc_export_public ECC struct inclusive of ECC_Public ECC_Public; status CO pcrypt_ecc_import_private ECC_Private Initialized ECC struct; status CO pcrypt_ecc_import_public ECC_Public Initialized ECC struct; status CO pcrypt_ecc_init_key ECC_Private; ECC_Public Initialized ECC struct; status N/A pcrypt_ecc_free (Perform ECC struct (includes ECC_Private, ECC Public, ECC_SGK, Status zeroisation) ECC SVK) CO pcrypt_ecc_gen_key ECC key parameters Initialized ECC struct; status CO pcrypt_ecc_sign ECC_SGK; plaintext message Signature; status CO pcrypt_ecc_verify_hash ECC_SVK; plaintext message; signature Status CO pcrypt_hmac_init HMAC_MHK, uninitialized HMAC struct Initialized HMAC struct, status CO pcrypt_hmac_update HMAC struct, message Status CO pcrypt_hmac_finalize HMAC struct, output buffer pointer Output buffer containing HMAC tag N/A pcrypt_hmac_free HMAC struct (includes HMAC_HMK) Status (Perform zeroisation) CO pcrypt_init Password; memory management parameters Status CO pcrypt_key_exchange KAS_U_Private; KAS_V_Public; KAS_SS KAS_DKM; status CO pcrypt_rng_generate_block RBG_State Random bit string; RBG_State; status CO pcrypt_rng_init RBG_EI; RBG_State; parameters; flags DRBG struct; status CO pcrypt_rsa_export_private RSA struct inclusive of RSA_Private RSA_Private; status CO pcrypt_rsa_export_public RSA struct inclusive RSA_Public RSA_Public; status CO pcrypt_rsa_import_private RSA_Private Initialized RSA struct; status N/A pcrypt_rsa_free (Perform RSA struct (includes RSA_Private, RSA Public, RSA_SGK, Status zeroisation) RSA_SVK) CO pcrypt_rsa_gen_key RSA parameters Initialized RSA struct; status CO pcrypt_rsa_init RSA_Private; RSA_Public Initialized RSA struct; status CO pcrypt_rsa_sign RSA_SGK; plaintext message Signature; status CO pcrypt_rsa_verify RSA_SVK; plaintext message; signature Status CO pcrypt_sha256_hash Plaintext message Message digest; status CO pcrypt_sha384_hash Plaintext message Message digest; status CO pcrypt_selftest (Perform None Status self-tests) N/A pcrypt_status (Show status Valid pointer to UID structure (optional) Status: READY or ERROR and Show module’s UID: name, version; hardware versioning information) version CO pcrypt_tamper_detected None Status Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy Role Service Input Output CO pcrypt_uninit (Perform None Status zeroisation) N/A pcrypt_update_time Time value None The pcrypt_status service does not require authentication and provides information to address both AS04.13 (Show module’s versioning information) and AS04.14 (output current status). The Module is similar to [FIPS140-3_IG] 2.4.C Scenario 2, where pcrypt_status provides a global dynamic indication of Module status and operation in the approved mode, augmented by a status value returned on each API call. The module supports role-based authentication. Table 8: Roles and Authentication Role Authentication Method Authentication Strength CO Authentication of a 256-bit memorized secret, in accordance with [SP800-140E] and [SP800-63B]; 2256 = 1.16E+77 authentication attempts require at least 50 µs 9.65E+71 in 1 minute Table 9 describes all Approved services and service access to SSPs. The following annotations indicate the type of access by the Module service: G = Generate: The Module generates or derives the SSP. E = Execute: The Module uses the SSP in performing a R = Read: The SSP is read from the Module (e.g., the SSP is output). cryptographic operation. W = Write: The SSP is updated, imported, or written to the Module. Z = Zeroise: The Module zeroises the SSP. Table 9: Approved Services Access Approved Security Keys and/or rights to Service Description Roles Indicator Functions SSPs Keys and/or SSPs pcrypt_aesccm_decrypt Authenticated decrypt AES-CCM #A2494 SC_EDK CO WEZ SW AES-ECB #A2494 pcrypt_aesccm_encrypt Authenticated encrypt AES-CCM #A2494 SC_EDK CO WEZ SW AES-ECB #A2494 pcrypt_aesccm_init Initialize AES CCM struct N/A SC_EDK CO WRZ SW pcrypt_ecc_export_private, Extract ECC key (from struct) N/A ECC_Private CO WRZ SW pcrypt_ecc_export_public, Initialize ECC struct ECC_Public WRZ pcrypt_ecc_import_private, pcrypt_ecc_import_public pcrypt_ecc_init_key Initialize an ECC key struct N/A ECC_Private CO WRZ SW ECC_Public WRZ pcrypt_ecc_gen_key Generate ECC key pair ECDSA KeyGen #A2494 ECC_Private CO GRZ SW CKG ECC_Public GRZ pcrypt_ecc_sign Generate ECDSA signature ECDSA SigGen #A2494 ECC_SGK CO EWZ SW pcrypt_ecc_verify_hash Verify ECDSA signature ECDSA SigVer #A2494 ECC_SVK CO EWZ SW pcrypt_hmac_init Initialize HMAC HMAC-SHA2-384 #A2494 HMAC_HMK CO WE SW pcrypt_hmac_update Update HMAC HMAC-SHA2-384 #A2494 HMAC_HMK CO E SW pcrypt_hmac_finalize Generate HMAC tag HMAC-SHA2-384 #A2494 HMAC_HMK CO EZ SW pcrypt_init Initialize the Module; SHA2-256 #A2494, PW_Entry CO E SW executes FW integrity test SHA2-384 #A2494 PW_Ref and all CASTs pcrypt_key_exchange Key agreement and KAS-ECC-SSC #A2494, KAS_U_Private CO EWZ SW subsequent derivation of KDA OneStep #A2494 KAS_V_Public EWZ keying material from a KAS_SS GEZ shared secret KAS_DKM GRZ pcrypt_rng_generate_block Generate random bits Hash DRBG #A2494 RBG_State CO WER SW Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy Access Approved Security Keys and/or rights to Service Description Roles Indicator Functions SSPs Keys and/or SSPs RBG_Seed pcrypt_rng_init Instantiate DRBG Hash DRBG #A2494 RBG_EI CO EZ SW RBG_State EG pcrypt_rsa_export_private, Extract RSA key (from struct) N/A RSA_Private CO WRZ SW pcrypt_rsa_export_public, Initialize RSA struct RSA_Public pcrypt_rsa_import_private pcrypt_rsa_gen_key Generate RSA key pair RSA KeyGen #A2494 RSA_Private CO GRZ SW CKG RSA_Public pcrypt_rsa_init Initialize RSA struct N/A RSA_Private CO WRZ SW RSA_Public pcrypt_rsa_sign RSA sign a hashed message RSA SigGen #A2494 RSA_SGK CO WEZ SW RSA Signature Primitive #A2494 pcrypt_rsa_verify Verify RSA signature RSA SigVer #A2494 RSA_SVK CO WEZ SW pcrypt_sha256_hash Generate a message digest SHA2-256 #A2494 N/A CO N/A SW pcrypt_sha384_hash Generate a message digest SHA2-384 #A2494 N/A CO N/A SW pcrypt_selftest (Perform On-demand invocation of N/A N/A CO N/A SW self-tests) self-tests pcrypt_status (Show status Provide Module status N/A N/A N/A N/A SW and Show module’s versioning information) pcrypt_tamper_detected Tamper detection N/A N/A CO N/A SW pcrypt_uninit Zeroise the DRBG and N/A RBG_EI N/A Z SW pcrypt_aes_free release struct memory, RBG_State pcrypt_ecc_free zeroising SSPs RBG_Seed pcrypt_hmac_free SC_EDK pcrypt_rsa_free ECC_Private (Perform zeroisation) ECC_Public ECC_SGK ECC_SVK HMAC_HMK RSA_Private RSA_Public RSA_SGK RSA_SVK KAS_DKM KAS_U_ Private KAS_V_Public KAS_SS pcrypt_update_time Update module time N/A N/A N/A N/A SW SW refers to the enumerated status return value, encoded in two bytes. The least significant byte gives status as one of the following: PCRYPT_STATUS_READY: Module operation successful/normal PCRYPT_STATUS_NOINIT: Module not initialized (Default startup state) PCRYPT_STATUS_STFAIL: Module self-test failure PCRYPT_STATUS_BADARG: Module passed invalid argument Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy PCRYPT_STATUS_DISABLED: Module is disabled (tamper detected) PCRYPT_STATUS_ERROR: Module internal error The most significant byte indicates the use of a non-Approved algorithm; at the time of validation, this only applies to RSA Decrypt (RSADP). PCRYPT_STATUS_FIPS_NOALLOW: set to 1 if the service does not use an approved algorithm. Usage of RSADP is deemed non-Approved but allowed and conforms to [FIPS 140_3_IG] 2.4.A example scenario 1. All functions zeroise SSPs within the function scope after use. Call stack cleanup is the responsibility of the application. The Module-provided methods to deallocate memory perform active zeroisation (overwriting with zeros) prior to deallocation. Zeroisation of PW_Ref requires destruction of the firmware image via the SafeCase product Crypto Reset function (Table 13 “Z2”). As allowed by [SP800-140DTR] VE09.38.03, this mechanism is provided as a service of the SafeCase product. The indicator of zeroisation is a status word (SW) returned by the module as specified above.
The executable form of the disjoint firmware component of the Module is a firmware library statically linked in the SafeCase firmware. During initialization (without operator intervention and prior to operation), it performs an ECDSA P-
384 with SHA2-384 signature verification over all files in the Module boundary. The operator can initiate the integrity test
on demand by either power cycling the Module or by invoking the pcrypt_init service. The module does not support loading of firmware from an external source.
The Module executes in a limited operational environment as defined by [I19790]. The module does not support loading firmware from an external source.
The Module is a single-chip embodiment as shown in Figure 1 with a tamper evident hard coating applied to it. The singlechip packaging is opaque in the visible spectrum. No actions are required by the operator(s) to ensure that the physical security is maintained. Table 10: Physical Security Inspection Guidelines Physical Security Mechanism Recommended Frequency of Inspection/Test Inspection/Test Guidance Details Single-chip packaging The Module is intended to be mounted in additional packaging; N/A physical inspection of the chip is not practical after packaging Table 11: EFP/EFT Temperature or voltage measurement Specify EFP or EFT Specify if this condition results in a shutdown or zeroisation Low Temperature -40 C EFP Shutdown (inoperable state) High Temperature +105 C EFP Shutdown (inoperable state) Low Voltage 1.54 V EFP Shutdown (inoperable state) High Voltage 3.72 V EFP Shutdown (inoperable state) Table 12: Hardness testing temperature ranges Hardness tested temperature measurement Low Temperature -40 C Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy High Temperature +105 C
[SP800-140F] currently does not define applicable metrics. The Module does not implement non-invasive security measures. Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy
Table 13 summarizes the SSPs implemented by the Module. Table 13: SSPs Generation Import/Export Establishment Zeroisation Key/SSP Security Function Strength2 Use & related keys Name/Type and Cert. Number Storage ECC_Private 192 ECDSA KeyGen G2 IE1 -- S1 Z1 Private component of ECC key pair generated on CSP #A2494 MD caller request (key pair purpose is unspecified); CKG /EE related to ECC_Public ECC_Public 192 ECDSA KeyGen G2 IE1 -- S1 Z1 Public component of ECC key pair generated on PSP #A2494 MD caller request (key pair purpose is unspecified); CKG /EE related to ECC_Private ECC_SGK 192 ECDSA SigGen -- IE1 -- S1 Z1 Private key for ECC signature generation; related to CSP #A2494 MD ECC_SVK /EE ECC_SVK 192 ECDSA SigVer -- IE1 -- S1 Z1 Public key for ECC signature verification; related to PSP #A2494 MD ECC_SGK /EE HMAC_HMK 384 HMAC-SHA2-384 -- IE1 -- S1 Z1 Key to generate and verify and HMAC CSP #A2494 MD /EE KAS_DKM 112 ≤ s ≤ 384 KDA OneStep -- IE1 E2 S1 Z1 Key Derivation derived keying material3 CSP #A2494 MD /EE KAS_U_Private 192 KAS-ECC-SSC -- IE1 -- S1 Z1 Private key pair component provided by the local CSP #A2494 MD participant, used for Diffie-Hellman shared secret /EE generation; related to KAS_V_Public KAS_V_Public 192 KAS-ECC-SSC -- IE1 -- S1 Z1 Public key pair component provided by the local PSP #A2494 MD participant, used for Diffie-Hellman shared secret /EE generation; related to KAS_U_Private KAS_SS 192 KAS-ECC-SSC -- -- E1 S1 Z1 Shared secret calculation; z output value is CSP #A2494 E2 expected to be used by a KDF PW_Entry 256 N/A -- IE1 -- S1 Z1 Authentication input CSP MD /EE PW_Ref 256 SHA2-256, -- IE2 -- S2 Z2 Authentication reference (hashed) CSP SHA2-384 RBG_EI See ENT (P) G3 -- -- S1 Z1 Entropy input and nonce CSP Table 14 Strength is provided in bits. Please refer to Table 4 and the notes below it for the strength provenance (traceability to applicable standards and special publications). The separation into specific keys is done outside the scope of the module but must be conformant to [SP800-56Cr1]. Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy Generation Import/Export Establishment Zeroisation Key/SSP Security Function Strength2 Use & related keys Name/Type and Cert. Number Storage RBG_Seed 440 bits ENT (P), Counter G3 -- -- S1 Z1 DRBG seed derived from the entropy input CSP DRBG RBG_State 256 Hash DRBG -- -- E3 S1 Z1 Hash DRBG (SHA2-256) state: V (440 bits) and C CSP #A2494 (440 bits) RSA_Private 112 RSA KeyGen G1 IE1 -- S1 Z1 Private component of RSA key pair generated on CSP #A2494 MD caller request (key pair purpose is unspecified); CKG /EE related to RSA_Public RSA_Public 112 RSA KeyGen G1 IE1 -- S1 Z1 Public component of RSA key pair generated on PSP #A2494 MD caller request (key pair purpose is unspecified); CKG /EE related to RSA_Private RSA_SGK 112 RSA SigGen -- IE1 -- S1 Z1 Private key for RSA signature generation; related CSP #A2494 MD to RSA_SVK RSA Signature /EE Primitive #A2494 RSA_SVK 112 RSA SigVer -- IE1 -- S1 Z1 Public key for RSA signature verification; related to PSP #A2494 MD RSA_SGK /EE SC_EDK 256 AES-CCM #A2494 -- IE1 -- S1 Z1 AES key used for symmetric encryption (including CSP AES-ECB #A2494 MD AES authenticated encryption) /EE Legend Generation Establishment Storage G1: [FIPS186-4] RSA keypair generation E1: [SP800-56Ar3] §5.7.1.2 ECC CDH S1: RAM G2: [FIPS186-4] ECDSA keypair generation E2: [SP800-56Cr1] KDA OneStep G3: [SP800-90B] DRBG seed material E3: [SP800-90Ar1] Hash_df; Instantiate; Zeroisation Generate; Reseed Z1: Cleared after use, module initiated Import/Export Z2: Cleared by Crypto Reset, operator IE1: Call stack (API) parameters initiated IE2: Entered in manufacturing Table 14: Non-Deterministic Random Number Generation Specification Entropy Minimum number of bits Details sources of entropy K814 [SP800-90Ar1] min_length: [FIPS140-3_IG] 9.3.A: The Module generates entropy within the Module’s physical ENT (P) 256 bits perimeter: option 1(b) using a [SP800-90B] compliant ENT present on the SoC component [SP800-90Ar1] seedlen: Per [SP800-90Ar1] Table 2, the SHA2-256 Hash DRBG requires 256 bits of entropy
440 bits (equivalent to security strength) within the 440-bit DRBG_Seed value
As input to the [SP800-90Ar1] Hash_df, the Module collects 1024 bits of data from the ENT to use as entropy and nonce input. The [SP800-90B] compliant assessment supports at least K81= NXP MK81FN256VDC15 Privoro Public Material
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy Entropy Minimum number of bits Details sources of entropy
0.99 bits of entropy per bit of ENT output; as such the DRBG seeding material contains at
least 1013 bits of entropy, well in excess of the requirement
Each time the Module is powered on, it tests that the cryptographic algorithms still operate correctly, and that sensitive data has not been damaged. CASTs are available on demand and can be tested periodically using the pcrypt_selftest command. The integrity test can be run on demand by either power cycling the Module or by invoking the pcrypt_init service. The disjoint firmware component of the module, i.e., the libpcrypt.a, performs an ECDSA P-384 with SHA2-384 signature verification over all files in the Module boundary during module initialization i.e. on every boot. On power-on or reset, the Module performs the self-tests described below. All cryptographic algorithm self-tests (CASTs) must complete successfully prior to any other use of cryptography by the Module. The ECDSA CASTs are performed prior to the firmware integrity test. All CASTs are implemented as known answer tests. If one of the CASTs or the firmware integrity test fails, the Module enters the STFAIL error state. The error state is persistent, and no services are available. All attempts to use the Module’s services result in the return of a non-zero error code, PCRYPT_STATUS_STFAIL. A power-cycle or reset of the Module is required to recover from an error state, causing it to retry all self-tests. Pre-Operational Self-Tests
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy
The Privoro SafeCase Security Module FIPS 140-3 Guidance [GD] describes all procedures for secure installation, initialization, configuration, provisioning, decommissioning and sanitization of the Module. The Module is a component of the SafeCase product, integrated in the Privoro manufacturing setting and thus no further installation procedures are required of the Crypto Officer. The initialization process for the module involves loading the module and successfully authenticating to it as the Crypto Officer using the pcrypt_init service. There are no maintenance requirements for the Module.
The Module does not implement mitigations of other attacks outside the scope of [FIPS140-3]. References
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy
Privoro LLC SafeCase Security Module FIPS 140-3 Security Policy