All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Qualcomm® Crypto Engine Core

Certificate#5077StandardFIPS 140-3Level1TypeHardwareEmbodimentSingle ChipStatusActiveVendorQualcomm Technologies, Inc.
Medium review priority  ·  no TCB surface named  ·  last validated 9 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date10/2/2030
CaveatWhen operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs
VendorQualcomm Technologies, Inc.

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Qualcomm® Crypto Engine Core
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>Recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5 clue;
  class I2,I3,I5 infer;
  class R2,R3,R5 risk;
  class E2,E3,E5 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Qualcomm® Crypto Engine Core
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>Recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5 clueLow;

Security Policy, page by page

Page 1

Qualcomm Technologies, Inc. Qualcomm(R) Crypto Engine Core Document Version: 1.1 Last Update: 09-04-2025 Prepared by: atsec information security corporation

4516 Seton Center Pkwy, Suite 250

Austin, TX 78759 https://www.atsec.com

Page 2
Table of Contents
#SectionPage
Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware7
Table 3: Modes List and Description7
Table 4: Approved Algorithms8
Table 5: Non-Approved, Not Allowed Algorithms9
Table 6: Security Function Implementations10
Table 7: Ports and Interfaces12
Table 8: Roles13
Table 9: Approved Services16
Table 10: Non-Approved Services17
Table 11: Mechanisms and Actions Required20
Table 12: Storage Areas22
Table 13: SSP Input-Output Methods22
Table 14: SSP Zeroization Methods22
Table 15: SSP Table 123
Table 16: SSP Table 224
Table 17: Conditional Self-Tests25
Table 18: Conditional Periodic Information26
Table 19: Error States26
Figure 1: Cryptographic boundary and physical perimeter6
Figure 2: Snapdragon 8 Gen 3 Mobile Platform7
Page 5
1 General
1.1 Overview

This Security Policy describes the features and design of the module named Qualcomm® Crypto Engine Core1 using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Modules specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic modules to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information.

1.2 Security Levels

Section Title Security Level

1 General 1

2 Cryptographic module specification 1

3 Cryptographic module interfaces 1

4 Roles, services, and authentication 1

5 Software/Firmware security N/A

6 Operational environment N/A

7 Physical security 2

8 Non-invasive security N/A

9 Sensitive security parameter management 1

10 Self-tests 1

11 Life-cycle assurance 2

12 Mitigation of other attacks N/A

Overall Level 1 Table 1: Security Levels

1.3 Additional Information

In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. Qualcomm branded products are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Page 6
2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Qualcomm® Crypto Engine Core cryptographic module is a sub-chip hardware module in a single chip embodiment for the purpose of FIPS 140-3 validation. The module is a general-purpose engine that provides cryptographic services (as listed in Section 4.3) to the components residing within the same operational environment which act as operators. These operators can request module services using FIFOs and registers. Module Type: Hardware Module Embodiment: SingleChip Module Characteristics: SubChip Cryptographic Boundary: Figure 1: Cryptographic boundary and physical perimeter Tested Operational Environment’s Physical Perimeter (TOEPP): The tested operational environment’s physical perimeter is the single chip.

Page 7

Figure 2: Snapdragon 8 Gen 3 Mobile Platform

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

2.3 Excluded Components

There are no excluded components.

2.4 Modes of Operation

Modes List and Description: Mode Name Description Type Status Indicator Approved mode Automatically entered Approved Equivalent to the indicator of the requested of operation whenever an approved service service is requested Non-approved Automatically entered Non- Non-approved services are not explicitly mode of whenever a non-approved Approved indicated. The absence of an explicit operation service is requested indicator is an implicit indicator of nonapproved services. Table 3: Modes List and Description The Qualcomm® Crypto Engine Core supports two modes of operation: approved mode and a non-approved mode. All CSPs are kept separate between the two modes through the use of a key policy management system.

Page 8

Mode Change Instructions and Status: The switching of modes of operation is implicit depending on the service invoked, but the approved services are explicitly identified by an indicator. The Qualcomm® Crypto Engine Core enters the approved mode after successful completion of the conditional algorithm self-tests. When the operator invokes a non-approved service, the Qualcomm® Crypto Engine Core implicitly switches to its non-approved mode.

2.5 Algorithms

Approved Algorithms: Algorithm CAVP Cert Properties Reference AES-CBC A4289 - SP 800-38A AES-CCM A4289 - SP 800-38C AES-CMAC A4289 - SP 800-38B AES-CTR A4289 - SP 800-38A AES-ECB A4289 - SP 800-38A AES-XTS Testing Revision 2.0 A4289 - SP 800-38E HMAC-SHA-1 A4289 - FIPS 198-1 HMAC-SHA2-256 A4289 - FIPS 198-1 HMAC-SHA2-384 A4289 - FIPS 198-1 HMAC-SHA2-512 A4289 - FIPS 198-1 HMAC-SHA3-224 A4289 - FIPS 198-1 HMAC-SHA3-256 A4289 - FIPS 198-1 HMAC-SHA3-384 A4289 - FIPS 198-1 HMAC-SHA3-512 A4289 - FIPS 198-1 SHA-1 A4289 - FIPS 180-4 SHA2-256 A4289 - FIPS 180-4 SHA2-384 A4289 - FIPS 180-4 SHA2-512 A4289 - FIPS 180-4 SHA3-224 A4289 - FIPS 202 SHA3-256 A4289 - FIPS 202 SHA3-384 A4289 - FIPS 202 SHA3-512 A4289 - FIPS 202 Table 4: Approved Algorithms Vendor-Affirmed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms:

Page 9

N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: Name Use and Function AES-GCM encryption, decryption DES-CBC encryption, decryption DES-ECB encryption, decryption TDES (two independent keys) encryption, decryption TDES (three independent keys) encryption, decryption HMAC SHA-1 with key size other than 512 bits message authentication code HMAC SHA2-256 with key sizes other than 512 message authentication code bits HMAC SHA2-384 with key sizes other than 512 message authentication code bits HMAC SHA2-512 with key sizes other than 512 message authentication code bits HMAC SHA3-224 with key sizes other than 512 message authentication code bits HMAC SHA3-256 with key sizes other than 512 message authentication code bits HMAC SHA3-384 with key sizes other than 512 message authentication code bits HMAC SHA3-512 with key sizes other than 512 message authentication code bits AEAD-SHA-1 AES-CBC encryption, decryption (with message authentication code) AEAD-SHA-1 AES-CTR encryption, decryption (with message authentication code) AEAD-SHA-1 DES-CBC encryption, decryption (with message authentication code) AEAD-SHA-1 TDES-CBC encryption, decryption (with message authentication code) SM3 hashing SM4 encryption, decryption Table 5: Non-Approved, Not Allowed Algorithms

2.6 Security Function Implementations
Page 10

Name Type Description Properties Algorithms AES-CBC BC-UnAuth AES in CBC mode Reference:FIPS AES-CBC: (A4289) 197, SP800-38A AES-CCM BC-Auth AES in CCM mode Reference:FIPS AES-CCM: (A4289) 197, SP800-38C AES-CMAC MAC AES in CMAC Reference:FIPS AES-CMAC: mode 197, SP800-38B (A4289) AES-CTR BC-UnAuth AES in CTR mode Reference:FIPS AES-CTR: (A4289) 197, SP800-38A AES-ECB BC-UnAuth AES in ECB mode Reference:FIPS AES-ECB: (A4289) 197, SP800-38A AES-XTS BC-UnAuth AES in XTS mode Reference:FIPS AES-XTS Testing 197, SP800-38E Revision 2.0: (A4289) HMAC-SHA-1 MAC HMAC with SHA- Reference:FIPS HMAC-SHA-1:

1 198-1, FIPS 180-4 (A4289)

HMAC-SHA2-256 MAC HMAC with Reference:FIPS HMAC-SHA2-256: SHA2-256 198-1, FIPS 180-4 (A4289) HMAC-SHA2-384 MAC HMAC with Reference:FIPS HMAC-SHA2-384: SHA2-384 198-1, FIPS 180-4 (A4289) HMAC-SHA2-512 MAC HMAC with Reference:FIPS HMAC-SHA2-512: SHA2-512 198-1, FIPS 180-4 (A4289) HMAC-SHA3-224 MAC HMAC with Reference:FIPS HMAC-SHA3-224: SHA3-224 198-1, FIPS 202 (A4289) HMAC-SHA3-256 MAC HMAC with Reference:FIPS HMAC-SHA3-256: SHA3-256 198-1, FIPS 202 (A4289) HMAC-SHA3-384 MAC HMAC with Reference:FIPS HMAC-SHA3-384: SHA3-384 198-1, FIPS 202 (A4289) HMAC-SHA3-512 MAC HMAC with Reference:FIPS HMAC-SHA3-512: SHA3-512 198-1, FIPS 202 (A4289) SHA-1 SHA SHA-1 Reference:FIPS SHA-1: (A4289) 180-4 SHA2-256 SHA SHA2-256 Reference:FIPS SHA2-256: (A4289) 180-4 SHA2-384 SHA SHA2-384 Reference:FIPS SHA2-384: (A4289) 180-4 SHA2-512 SHA SHA2-512 Reference:FIPS SHA2-512: (A4289) 180-4 SHA3-224 SHA SHA3-224 Reference:FIPS 202 SHA3-224: (A4289) SHA3-256 SHA SHA3-256 Reference:FIPS 202 SHA3-256: (A4289) SHA3-384 SHA SHA3-384 Reference:FIPS 202 SHA3-384: (A4289) SHA3-512 SHA SHA3-512 Reference:FIPS 202 SHA3-512: (A4289) Table 6: Security Function Implementations

Page 11
2.7 Algorithm Specific Information
2.7.1 AES XTS

The AES algorithm in XTS mode is only used for the cryptographic protection of data on storage devices, in compliance with [SP800-38E]. The module ensures that the length of a single data unit encrypted with the XTS-AES does not exceed 2²⁰ AES blocks, that is 16MB of data. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical.

2.8 RBG and Entropy

N/A for this module. N/A for this module.

2.9 Key Generation

Not Applicable. The key generation is not implemented.

2.10 Key Establishment

Not Applicable. The key establishment is not implemented.

2.11 Industry Protocols

Not Applicable. There are no industry protocols implemented.

Page 12
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Physical Port Logical Data That Passes Interface(s) Data In FIFO Data Input Input data Data Out FIFO Data Output All data output except Status information Registers Data Input Cryptographic keys; command input Control Input Registers Status Output Status information Physical power connector Power Power from SoC power port Table 7: Ports and Interfaces The Qualcomm® Crypto Engine Core does not implement a Control Output interface.

Page 13
4 Roles, Services, and Authentication
4.1 Authentication Methods
4.2 Roles

Name Type Operator Type Authentication Methods Crypto Officer Role CO None Table 8: Roles The module only supports the Crypto Officer (CO) role that is assumed implicitly when a service is requested from the module.

4.3 Approved Services

The convention below applies when specifying the access permissions that the service has for each SSP: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroize: The module zeroizes the SSP. Name Descriptio Indicator Inputs Outputs Securit SSP n y Acce Functi ss ons AES Perform CRYPTO0_CRYPTO_S AES Ciphertext, Success/Fail AES- Cryp Encryption data TATUS4 bits 16-18 set Key, CBC to encryption to 0 Plainte AES- Offic xt CCM er AES- CTR AES AES- key: ECB W,E AESXTS AES Perform CRYPTO0_CRYPTO_S AES Plaintext, Success/Fail AES- Cryp Decryption data TATUS4 bit 29 set to 0 Key, CBC to decryption Ciphert AES- Offic ext CCM er

Page 14

Name Descriptio Indicator Inputs Outputs Securit SSP n y Acce Functi ss ons AES- CTR AES AES- key: ECB W,E AESXTS CMAC Message CRYPTO0_CRYPTO_S AES CMAC value AES- Cryp Message Authentica TATUS4 bit 29 set to 0 Key, CMAC to Authentica tion Input Offic tion data er AES key: W,E HMAC Message CRYPTO0_CRYPTO_S HMAC HMAC value HMAC Cryp Message Authentica TATUS4 bits 25-28 set Key, -SHA- to Authentica tion to 0 input 1 Offic tion data HMAC er - SHA2- HM

256 AC

HMAC key: - W,E SHA2HMAC SHA2HMAC SHA3HMAC SHA3HMAC SHA3HMAC -

Page 15

Name Descriptio Indicator Inputs Outputs Securit SSP n y Acce Functi ss ons SHA3Hash Hashing CRYPTO0_CRYPTO_S Input Hash output SHA-1 Cryp TATUS4 bits 21-24 set data SHA2- to to 0 256 Offic SHA2- er SHA2SHA3SHA3SHA3SHA3Self-Test Self-Tests None None Self-test Success/Fail None Cryp are to executed Offic automatica er lly when device is AES booted or key: restarted E HM AC key: E Zeroization Zeroizes all None None None None Cryp SSPs to Offic er AES key: Z HM AC key: Z

Page 16

Name Descriptio Indicator Inputs Outputs Securit SSP n y Acce Functi ss ons Configure Configures None AES Success/Fail None Cryp keys for the keys Key, to use by for Crypto HMAC Offic Crypto Officer role Key, er Officer Triple- DES AES Key key: W HM AC key: W Show Show None None Current status (as return None Cryp Status status of codes and/or log to the module messages) Offic state er Show Show the None None Name and version None Cryp version version and information read from to name of register Offic the module CRYPTO0_CRYPTO_V er ERSION Table 9: Approved Services

4.4 Non-Approved Services

Name Description Algorithms Role Encryption Encrypts data using symmetric AES-GCM CO cryptography DES-CBC DES-ECB TDES (two independent keys) TDES (three independent keys) SM4 Decryption Decrypts data using symmetric AES-GCM CO cryptography DES-CBC DES-ECB TDES (two independent keys) TDES (three independent keys) SM4 Hash Hashing algorithm SM3 CO

Page 17

Name Description Algorithms Role Message Authentication Computes the MAC value of HMAC SHA-1 with key size CO data other than 512 bits HMAC SHA2-256 with key sizes other than 512 bits HMAC SHA2-384 with key sizes other than 512 bits HMAC SHA2-512 with key sizes other than 512 bits HMAC SHA3-224 with key sizes other than 512 bits HMAC SHA3-256 with key sizes other than 512 bits HMAC SHA3-384 with key sizes other than 512 bits HMAC SHA3-512 with key sizes other than 512 bits Authenticated Encrypts or decrypts data using AEAD-SHA-1 AES-CBC CO Encryption/Decryption [AEAD] symmetric cryptography AEAD-SHA-1 AES-CTR AEAD-SHA-1 DES-CBC AEAD-SHA-1 TDES-CBC Table 10: Non-Approved Services

4.5 External Software/Firmware Loaded

Not Applicable. No external software or firmware is loaded.

Page 18
5 Software/Firmware Security
5.1 Integrity Techniques

The Qualcomm Crypto Engine Core does not have any software or firmware components. Therefore, this section is not applicable.

Page 19
6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Non-Modifiable

Page 20
7 Physical Security
7.1 Mechanisms and Actions Required

Mechanism Inspection Inspection Frequency Guidance Tamper evident coating N/A N/A Table 11: Mechanisms and Actions Required The Qualcomm® Crypto Engine Core cryptographic module is a single-chip hardware module which conforms to the Level 2 requirements for physical security. The Qualcomm® Crypto Engine Core is a sub-chip that is enclosed within production grade components. At the time of manufacturing, the die containing the Qualcomm® Crypto Engine Core is embedded within a printed circuit board (PCB), which prevents visibility into the internal circuity of the Qualcomm® Crypto Engine Core. The layering process which embeds the die into the PCB prevents tampering of the physical components without leaving tamper evidence. The Qualcomm® Crypto Engine Core is further protected by being enclosed in a commercial off-the-shelf mobile device which is itself made with production grade commercially available components. This mobile device enclosure completely surrounds the Qualcomm® Crypto Engine Core. There are no steps required to ensure that physical security is maintained.

Page 21
8 Non-Invasive Security
8.1 Mitigation Techniques

The Qualcomm Crypto Engine Core does not support any non-invasive security techniques. Therefore, this section is not applicable.

Page 22
9 Sensitive Security Parameters Management
9.1 Storage Areas

Storage Area Description Persistence Name Type Hardware Temporary storage for SSPs used by the module as part of service Dynamic register execution Hardware FIFO Temporary storage for SSPs used by the module as part of service Dynamic execution Table 12: Storage Areas The Qualcomm® Crypto Engine Core stores all SSPs internally (the storage is non-persistent). In addition, all SSPs are stored write-only and are not readable outside of the Qualcomm® Crypto Engine Core. Therefore, any attempt to read SSPs are blocked by the Qualcomm® Crypto Engine Core control logic, which will return zeros instead of an SSP.

9.2 SSP Input-Output Methods

Name From To Format Distribution Entry SFI or Type Type Type Algorithm Input Caller within the Hardware registers, Plaintext N/A N/A parameter physical perimeter hardware FIFOs Table 13: SSP Input-Output Methods The module does not provide SSP entry or output services. Instead, SSPs are provided from the caller within the tested operation environment’s physical perimeter (TOEPP) hardware via a single-chip TOEPP path, which is not considered SSP establishment by Table 1 of FIPS 140-3 IG 9.5.A. SSPs can only be written to the Qualcomm® Crypto Engine Core by the boot loader by writing to the key registers or into the FIFOs assigned to the particular use case. Any attempt to write to a non-assigned FIFO is blocked. The Qualcomm® Crypto Engine Core ensures that there is no means to obtain CSP or key data from the Qualcomm® Crypto Engine Core by placing the CSPs into writeonly registers. This action prevents an entity interacting with the Qualcomm® Crypto Engine Core from being able to read the CSPs.

9.3 SSP Zeroization Methods

Zeroization Description Rationale Operator Initiation Method Power-off All SSPs will be The registers holding the Operator can initiate this zeroization zeroized SSPs are set to all zeroes method by powering off the module Table 14: SSP Zeroization Methods

Page 23

The successful power-off of the module is an implicit indicator that zeroization has completed.

9.4 SSPs

Name Description Size - Type - Generated Established Used By Strength Category By By AES Symmetric key used for 128 or 256 Symmetric AES-CBC key encryption, decryption, bits - 128 or key - CSP AESand message 256 bits CCM authentication AESCMAC AES-CTR AES-ECB AES-XTS HMAC Symmetric key used for 512 bits - Symmetric HMACkey message authentication 256 bits key - CSP SHA-1 HMACSHA2HMACSHA2HMACSHA2HMACSHA3HMACSHA3HMACSHA3HMACSHA3Table 15: SSP Table 1 Name Input - Output Storage Storage Duration Zeroization Related SSPs AES key Input Hardware Until module is powered Power-off parameter register:Plaintext off Hardware FIFO:Plaintext

Page 24

Name Input - Output Storage Storage Duration Zeroization Related SSPs HMAC Input Hardware Until module is powered Power-off key parameter register:Plaintext off Hardware FIFO:Plaintext Table 16: SSP Table 2

Page 25
10 Self-Tests
10.1 Pre-Operational Self-Tests

N/A for this module. The Qualcomm® Crypto Engine Core is solely implemented in hardware and does not have any software or firmware components. As such, the module does not perform any pre-operational software/firmware integrity test. Instead, the module performs the CASTs listed in Conditional Self-tests section.

10.2 Conditional Self-Tests

Algorithm or Test Test Test Indicator Details Conditions Test Properties Method Type AES-CCM 256 bit KAT CAST Module becomes Encryption, Performed (A4289) key operational and decryption during module services are available power-up for use AES-ECB 256 bit KAT CAST Module becomes Encryption, Performed (A4289) key operational and decryption during module services are available power-up for use AES-CMAC 256 bit KAT CAST Module becomes MAC tag Performed (A4289) key operational and computation and during module services are available verification power-up for use HMAC-SHA- 512 bit KAT CAST Module becomes MAC tag Performed

1 (A4289) key operational and computation and during module

services are available verification power-up for use HMAC- 512 bit KAT CAST Module becomes MAC tag Performed SHA2-256 key operational and computation and during module (A4289) services are available verification power-up for use HMAC- 512 bit KAT CAST Module becomes MAC tag Performed SHA2-512 key operational and computation and during module (A4289) services are available verification power-up for use HMAC- 512 bit KAT CAST Module becomes MAC tag Performed SHA3-512 key operational and computation and during module (A4289) services are available verification power-up for use Table 17: Conditional Self-Tests

Page 26

Cryptographic algorithm self-tests (CASTs) are automatically performed during power-up of the Qualcomm® Crypto Engine Core without any operator intervention. During CAST execution, no services are available, and input and output are inhibited by the Qualcomm® Crypto Engine Core control logic.

10.3 Periodic Self-Test Information

N/A for this module. Algorithm or Test Test Method Test Type Period Periodic Method AES-CCM (A4289) KAT CAST On demand Manually by power cycling AES-ECB (A4289) KAT CAST On demand Manually by power cycling AES-CMAC KAT CAST On demand Manually by power (A4289) cycling HMAC-SHA-1 KAT CAST On demand Manually by power (A4289) cycling HMAC-SHA2-256 KAT CAST On demand Manually by power (A4289) cycling HMAC-SHA2-512 KAT CAST On demand Manually by power (A4289) cycling HMAC-SHA3-512 KAT CAST On demand Manually by power (A4289) cycling Table 18: Conditional Periodic Information

10.4 Error States

Name Description Conditions Recovery Indicator Method Error No cryptographic operation can be performed. KAT Power BIST_FAILURE No data input or output is possible. failure cycling indicator is set Table 19: Error States If any of the self-tests fail, the Qualcomm Crypto Engine Core will enter the error state. Data output is prohibited, and no further cryptographic operation is allowed in the error state. The Qualcomm® Crypto Engine Core control logic enforces this prohibition by preventing external usage while the module is in the error state. In addition, neither caller-induced nor internal errors reveal any sensitive material to callers. Once the Qualcomm® Crypto Engine Core is in the error state, it will only respond to a module reset command. A reset will cause the Qualcomm® Crypto Engine Core to re-execute its CASTs. The Qualcomm® Crypto Engine Core will remain unavailable until it passes its CASTs.

10.5 Operator Initiation of Self-Tests

The operator can initiate the cryptographic algorithm self-tests by power cycling the module.

Page 28
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The Qualcomm® Crypto Engine Core is a sub-chip module that runs on the Snapdragon 8 Gen 3 Mobile Platform SoC. The vendor uses a trusted delivery courier to transport the SoC to their customers. On the reception of the SoC, the operator shall first check all sides of the box to verify that it has not been tampered with during the shipment. Then, after opening the box the operator shall verify that the moisture barrier bag is still sealed and does not present any trace of tampering. Finally, after retrieving the SoC, the operator shall perform a visual inspection of the external package of the module; it should look like the picture in Figure 2. If one of these verifications fails, the operator shall contact their Qualcomm Technologies’ representative who released the delivery before operating the module. Once the product is received by the customer and powered up, the tests defined in the Self-Tests section will be executed automatically and without operator intervention.

11.2 Administrator Guidance

The operation of the Qualcomm® Crypto Engine Core does not need FIPS 140-3 specific guidance. The FIPS 140-

3 functional requirements are always met.

For using the cryptographic services of the Qualcomm® Crypto Engine Core, the manual for the Qualcomm® Crypto Engine Core covers the description of the register set as well as the use of the FIFOs channels should be used.

11.3 Non-Administrator Guidance

There is no specific non-Administrator guidance required for the module.

11.4 Design and Rules

N/A Therefore no specific design or rules to be followed.

11.5 Maintenance Requirements

N/A There are no maintenance requirements.

11.6 End of Life

Because the module does not have persistent storage, all SSPs are zeroized and the module is securely sanitized when powered down. Thus, the module may be distributed to other operators or disposed of after each power off.

Page 29
11.7 Additional Information

ClearCase, a version control system from IBM/Rational, is used to manage the revision control of the hardware code (Verilog code) and hardware documentation. The ClearCase version control system provides version control, workspace management, parallel development support and build auditing. The Verilog code is maintained within the ClearCase database used by Qualcomm Technologies, Inc.

Page 30
12 Mitigation of Other Attacks
12.1 Attack List

The Qualcomm Crypto Engine Core does not implement security mechanisms to mitigate other attacks.