All modules
CMVP Validated Module · FIPS 140-3 Security Policy

FCAT Wallet Vault Cryptographic Module

Certificate#5153StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorFidelity Center for Applied Technology, LLC
Medium review priority  ·  no TCB surface named  ·  last validated 5 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date1/29/2029
CaveatWhen operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
VendorFidelity Center for Applied Technology, LLC

Approved Algorithms (62)

AlgorithmACVP Cert
AES-CBCA4978
AES-CCMA4978
AES-CFB1A4978
AES-CFB128A4978
AES-CFB8A4978
AES-CMACA4978
AES-CTRA4978
AES-ECBA4978
AES-GCMA4978
AES-GMACA4978
AES-KWA4978
AES-KWPA4978
AES-OFBA4978
AES-XTSA4978
Counter DRBGA4978
DSA KeyGen (FIPS186-4)A4978
DSA PQGGen (FIPS186-4)A4978
DSA PQGVer (FIPS186-4)A4978
DSA SigGen (FIPS186-4)A4978
DSA SigVer (FIPS186-4)A4978
ECDSA KeyGen (FIPS186-4)A4978
ECDSA KeyVer (FIPS186-4)A4978
ECDSA SigGen (FIPS186-4)A4978
ECDSA SigVer (FIPS186-4)A4978
HMAC-SHA-1A4978
HMAC-SHA2-224A4978
HMAC-SHA2-256A4978
HMAC-SHA2-384A4978
HMAC-SHA2-512A4978
HMAC-SHA3-224A4978
HMAC-SHA3-256A4978
HMAC-SHA3-384A4978
HMAC-SHA3-512A4978
KAS-ECC-SSC Sp800-56Ar3A4978
KAS-FFC-SSC Sp800-56Ar3A4978
KDA HKDF SP800-56Cr2A4978
KDF SSHA4978
KDF TLSA4978
PBKDFA4978
RSA KeyGen (FIPS186-4)A4978
RSA SigGen (FIPS186-4)A4978
RSA SigVer (FIPS186-4)A4978
SHA-1A4978
SHA2-224A4978
SHA2-256A4978
SHA2-384A4978
SHA2-512A4978
SHA3-224A4978
SHA3-256A4978
SHA3-384A4978
SHA3-512A4978
SHAKE-128A4978
SHAKE-256A4978
TDES-CBCA4978
TDES-CFB1A4978
TDES-CFB64A4978
TDES-CFB8A4978
TDES-CMACA4978
TDES-ECBA4978
TDES-OFBA4978
TLS v1.2 KDF RFC7627A4978
TLS v1.3 KDFA4979

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication1
Software/Firmware Security1
Operational Environment1
Physical SecurityN/A
Non-Invasive SecurityN/A
Sensitive Security Parameter Management1
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for FCAT Wallet Vault Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Show Status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C3,C5,C6 clue;
  class I3,I5,I6 infer;
  class R3,R5,R6 risk;
  class E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for FCAT Wallet Vault Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Show Status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Fidelity Center for Applied Technology LLC FCAT Wallet Vault Cryptographic Module Software Version: 1.0 FIPS Security Level: 1 Document Version: 0.2 Prepared for: Prepared by: Fidelity Center for Applied Technology LLC

245 Summer Street

Boston, MA 02210 United States of America Corsec Security, Inc. Phone: +1 800 343 3548 www.fcatwallet.com Phone: +1 703 267 6050 www.corsec.com

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America

Page 2

July 7, 2025 Abstract This is a non-proprietary Cryptographic Module Security Policy for FCAT Wallet Vault Cryptographic Module (software version: 1.0) from Fidelity Center for Applied Technology LLC (Fidelity). This Security Policy describes how FCAT Wallet Vault Cryptographic Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). This document also describes how to run the module in a secure Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. FCAT Wallet Vault Cryptographic Module is referred to in this document as “FCAT Wallet Vault Cryptographic Module” or “module”. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:

Page 3

July 7, 2025 Table of Contents 1. 2. 2.1 2.2 2.3 2.4 3. 4. 4.1 4.2 4.3 5. 6. 7. 8. 9. 9.1 9.2 9.3 9.4 9.5 Appendix A. Appendix B. FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 4

July 7, 2025 List of Tables List of Figures FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 5
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication1
55Software/Firmware Security1
66Operational Environment1
77Physical SecurityN/A
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management1
1010Self-Tests1
1111Life-Cycle Assurance1
1212Mitigation of Other AttacksN/A
is a catalyst for breakthrough achievements in research and tech. They
assess, test and scale concepts and ideas that advance Fidelity’s markets leadership and enhance every customer’s
experience.
  1. July 7, 2025 FCAT Wallet Vault Cryptographic Module version 1.0 is a software library providing a C language API 1 for use by other applications requiring cryptographic functionality. FCAT Wallet Vault Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure dataat-rest/data-in-flight and to support industry-standard secure communications protocols (including TLS 2 1.2/1.3). Fidelity’s FCAT Wallet Vault Cryptographic Module is implemented within the secure context of the FCAT hardware wallet platform. It is built atop the ProvenCore EAL7-certified secure OS developed by ProvenRun and operates in conjunction with a hardened version of the OpenSSL FIPS-compliant cryptographic library. The platform enforces strict separation between secure and non-secure contexts via ARM TrustZone architecture, with well-defined boundaries. The FCAT Wallet Vault encompasses: • The wallet-sec application, responsible for secure transaction signing, seed/key management, and authentication workflow. • Supporting libraries within secure context including: o authentication_ui lib (TrustedUI-API) o crypto_safe lib (FIPS OpenSSL implementation) o trusted ui lib for isolated user input/output • The ProvenCore Trusted Execution Environment (TEE), including its SMCCC implementation, which handles secure calls and mediates access between trusted applications and hardware-level drivers (I2C, DSI, GPIO). • Secure interactions with physical components, such as the fingerprint sensor, touchscreen, and secure storage via STSAVE and TAMP drivers. All cryptographic operations — including key generation, signing, encryption/decryption, and secure storage are confined within this boundary and isolated from the non-secure Linux environment, which includes the user-facing wallet-GUI application. FCAT Wallet Vault Cryptographic Module is validated at the FIPS 140-3 section levels shown in Table
  2. Table 1 – Security Levels [Number Below] API – Application Programming Interface
2 TLS – Transport Layer Security

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 6

July 7, 2025 [Number Below] N/A N/A N/A The module has an overall security level of 1. FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 7
Module configuration
NameOperating SystemHardware PlatformProcessorPaa Pai#
1Debian 9Dell PowerEdge R440Intel® Xeon Silver 4214RWith (AES-NI)1
2Debian 9Dell PowerEdge R440Intel® Xeon Silver 4214RWithout2
  1. July 7, 2025 Cryptographic Module Specification FCAT Wallet Vault Cryptographic Module is a software module with a multi-chip standalone embodiment. The module is designed to operate within a modifiable operational environment. Additionally, the module is designed to utilize the AES-NI 3 extended instruction set when available by the host platform’s CPU for processor algorithm acceleration (PAA) of its AES implementation. 2.1 Operational Environments The module was tested and found to be compliant with FIPS 140-3 requirements on the operational environments (OE) listed in Table
  2. Table 2 – Tested Operational Environments # There are no vendor-affirmed operational environments claimed. Module operators may perform post-validation porting of the module and affirm the module’s continued validation compliance. The cryptographic module will remain compliant with the FIPS 140-3 validation on any general-purpose platform/processor that supports the specified operating system listed on the validation entry, or another compatible operating system. The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when ported to an operational environment not listed on the validation certificate. 2.2 Algorithm Implementations Validation certificates for each Approved security function are listed in Table
  3. Note that there are algorithms, modes, and key/moduli sizes that have been CAVP-tested but are not used by any Approved service of the module. Only the algorithms, modes/methods, and key lengths/curves/moduli shown in Table 3 are used by an Approved service of the module.
3 AES-NI – Advanced Encryption Algorithm New Instructions

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 8
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES FIPS PUB5 197 NIST SP 800-38AA4978CBC6, CFB17, CFB8, CFB128, CTR8, ECB9, OFB10128, 192, 256Encryption/decryption
AES NIST SP 800-38BA4978CMAC11128, 192, 256MAC generation/verification
AES NIST SP 800-38CA4978CCM12128, 192, 256Encryption/decryption
AES NIST SP 800-38DA4978GCM13 (internal IV)128, 192, 256Encryption/decryption
AES NIST SP 800-38DA4978GMAC14128, 192, 256MAC eneration/verification
AES NIST SP 800-38EA4978XTS15,16,17128, 256Encryption/decryption
AES NIST SP 800-38FA4978KW18, KWP19128, 192, 256Encryption/decryption
CKG20 NIST SP 800-133rev2Vendor AffirmedCryptographic key generation
CVL21 NIST SP 800-135rev1A4978KDF (SSH, TLS22 v1.0/1.1, v1.2)Key derivation No parts of the SSH or TLS protocols, other than the KDFs, have been tested by the CAVP and CMVP.
CVL RFC23 7627A4978KDF (TLS v1.2)Key derivation No part of the TLS v1.2 protocol, other than the KDF, has been tested by the CAVP and CMVP.
CVL RFC 8446A4979KDF (TLS v1.3)Key derivation No part of the TLS v1.3 protocol, other than the KDF, has been tested by the CAVP and CMVP.
DRBG24 NIST SP 800-90Arev1A4978Counter-based128, 192, 256-bit AES-CTRDeterministic random bit generation
DSA25 FIPS PUB 186-4A4978KeyGen2048/224, 2048/256, 3072/256Key pair generation
PQGGenPQGGen2048/224, 2048/256, 3072/256 (SHA2-224, SHA2- 256, SHA2-384, SHA2-512)Domain parameter generation
PQGVerPQGVer2048/224, 2048/256, 3072/256 (SHA2-224, SHA2- 256, SHA2-384, SHA2-512)Domain parameter verification
SigGenSigGen2048/224, 2048/256, 3072/256 (SHA2-224, SHA2- 256, SHA2-384, SHA2-512)Digital signature generation
SigVerSigVer2048/224, 2048/256, 3072/256 (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- 512)Digital signature verification
ECDSA26 FIPS PUB 186-4A4978KeyGen Secret generation mode: Testing candidatesB-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Key pair generation
KeyVerKeyVerB-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521Public key validation
SigGenSigGenB-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 (SHA2-224, SHA2-256, SHA2- 384, SHA2-512)Digital signature generation
SigVerSigVerB-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 (SHA-1, SHA2-224, SHA2-256, SHA2- 384, SHA2-512)Digital signature verification
HMAC FIPS PUB 198-1A4978SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2- 512, SHA3-224, SHA3- 256, SHA3-384, SHA3- 512112 (minimum)Message authentication
KAS-ECC-SSC27 NIST SP 800-56Arev3A4978ephemeralUnifiedB-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Shared secret computation
KAS-FFC-SSC28 NIST SP 800-56Arev3A4978dhEphem2048/224 (FB), 2048/256 (FC)
KDA29 NIST SP 800-56Crev2A4978HKDFSHA2-224, SHA2-256, SHA2-Key derivation
KTS30 NIST SP 800-38CA4978AES-CCM128, 192, 256Key wrap/unwrap (authenticated encryption)31 Key establishment methodology provides between 128 and 256 bits of encryption strength
KTS NIST SP 800-38DA4978AES-GCM128, 192, 256Key wrap/unwrap (authenticated encryption)32 Key establishment methodology provides between 128 and 256 bits of encryption strength
KTS NIST SP 800-38FA4978AES-KW, AES-KWP128, 192, 256Key wrap/unwrap Key establishment methodology provides between 128 and 256 bits of encryption strength
KTS FIPS PUB 197 NIST SP 800-38BA4978AES-CMAC128, 192, 256Key wrap/unwrap (encryption with message authentication)33 Key establishment methodology provides between 128 and 256 bits of encryption strength
KTS FIPS PUB 197 FIPS PUB 198-1A4978AES-ECB with HMAC128, 192, 256Key wrap/unwrap (encryption with message authentication)34 Key establishment methodology provides between 128 and 256 bits of encryption strength
PBKDF235 NIST SP 800-132A4978Section 5.4, option 1aSHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3- 224, SHA3-256, SHA3-384, SHA3-512Password-based key derivation
RSA36 FIPS PUB 186-4, Appendix B.3.3A4978Key generation mode: B.3.32048, 3072, 4096Key pair generation
RSA FIPS PUB 186-4A4978X9.312048, 3072, 4096 (SHA2-256, SHA2-384, SHA2-512)Digital signature generation
1024, 2048, 3072, 4096 (SHA-1, SHA2-256, SHA2- 384, SHA2-512)1024, 2048, 3072, 4096 (SHA-1, SHA2-256, SHA2- 384, SHA2-512)Digital signature verification
PKCS#1 v1.5PKCS#1 v1.52048, 3072, 4096 (SHA2-224, SHA2-256, SHA2-384, SHA2- 512)Digital signature generation
1024, 2048, 3072, 4096 (SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512)1024, 2048, 3072, 4096 (SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512)Digital signature verification
PSS37PSS372048, 3072, 4096 (SHA2-224, SHA2-256, SHA2-384, SHA2- 512)Digital signature generation
1024, 2048, 3072, 4096 (SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512)1024, 2048, 3072, 4096 (SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512)Digital signature verification
SHA-3 FIPS PUB 202A4978SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE38-128, SHAKE-256Message digest
SHS39 FIPS PUB 180-4A4978SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2- 512Message digest
Triple-DES NIST SP 800-67 NIST SP 800-38AA4978CBC, CFB1, CFB8, CFB64, ECB, OFB168Decryption
Triple-DES NIST SP 800-67 NIST SP 800-38BA4978CMAC112, 168MAC verification

July 7, 2025 Table 3

4 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.

5 PUB – Publication

CBC

7 CFB – Cipher Feedback
8 CTR – Counter
9 ECB – Electronic Code Book
11 CMAC – Cipher-Based Message Authentication Code
12 CCM – Counter with Cipher Block Chaining - Message Authentication Code
13 GCM – Galois Counter Mode
14 GMAC – Galois Message Authentication Code
15 XOR – Exclusive OR
16 XEX – XOR Encrypt XOR
17 XTS – XEX-Based Tweaked-Codebook Mode with Ciphertext Stealing
18 KW – Key Wrap
19 KWP – Key Wrap with Padding
21 CVL – Component Validation List

TLS

23 RFC – Request for Comments

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 9

Certificate 4 July 7, 2025 DRBG 24 DSA 25 ECDSA 26

24 DRBG – Deterministic Random Bit Generator
26 ECDSA – Elliptic Curve Digital Signature Algorithm

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 10

Certificate 4 July 7, 2025 SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2512, SHA3-224, SHA3256, SHA3-384, SHA3512 KAS-ECC-SSC 27 KAS-FFC-SSC 28 KDA 29 KTS 30

27 KAS-ECC-SSC

28 KAS-SSC

30 KTS – Key Transport Scheme

31 Per FIPS 140-3 Implementation Guidance D.G, AES-CCM is an Approved key transport technique.

32 Per FIPS 140-3 Implementation Guidance D.G, AES-GCM is an Approved key transport technique.

Per FIPS 140-3 Implementation Guidance D.G, AES with CMAC is an Approved key transport technique.

34 Per FIPS 140-3 Implementation Guidance D.G, AES (in any Approved mode) with HMAC is an Approved key transport technique.

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 11

Certificate 4 July 7, 2025 PBKDF2 35 RSA 36 B.3.3 PSS 37 SHS 39 The vendor affirms the following cryptographic security methods:

36 RSA – Rivest Shamir Adleman
37 PSS – Probabilistic Signature Scheme

SHAKE

39 SHS – Secure Hash Standard

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 12
Approved algorithm
NameUse FunctionUse / Function
AESCert. A4978; key unwrapping; Per IG D.G.Symmetric key unwrapping
RSACert. A4978; key unencapsulation: Per IG D.G.Asymmetric key unencapsulation
SHA-1Cert. A4978; secure hashingDigital signature generation in TLS v1.0/1.140
Triple-DESCert. A4978; key unwrapping; Per IG D.G.Symmetric key unwrapping
AES-GCM (non-compliant when used with external IV)Authenticated encryption/decryption
AES-OCB41Authenticated encryption/decryption
ANSI X9.31 RNG (with 128-bit AES core)Random number generation
ARIAEncryption/decryption
Blake2Encryption/decryption
BlowfishEncryption/decryption
CamelliaEncryption/decryption
CAST, CAST5Encryption/decryption
ChaCha20Encryption/decryption
DESEncryption/decryption
DH (non-compliant with key sizes below 2048 bits)Key agreement
Approved algorithm
NameUse FunctionUse / Function
AESCert. A4978; key unwrapping; Per IG D.G.Symmetric key unwrapping
RSACert. A4978; key unencapsulation: Per IG D.G.Asymmetric key unencapsulation
SHA-1Cert. A4978; secure hashingDigital signature generation in TLS v1.0/1.140
Triple-DESCert. A4978; key unwrapping; Per IG D.G.Symmetric key unwrapping
AES-GCM (non-compliant when used with external IV)Authenticated encryption/decryption
AES-OCB41Authenticated encryption/decryption
ANSI X9.31 RNG (with 128-bit AES core)Random number generation
ARIAEncryption/decryption
Blake2Encryption/decryption
BlowfishEncryption/decryption
CamelliaEncryption/decryption
CAST, CAST5Encryption/decryption
ChaCha20Encryption/decryption
DESEncryption/decryption
DH (non-compliant with key sizes below 2048 bits)Key agreement
DSA (non-compliant)Digital signature generation
ECDSA (non-compliant)Digital signature generation
RSA (non-compliant when used with SHA-1 outside the TLS protocol)Digital signature generation
DSA (non-compliant with key sizes below the minimums Approved for Approved mode)Key pair generation, digital signature verification
ECDH (non-compliant with curves P-192, K-163, B- 163, and non-NIST curves)Key agreement
ECDSA (non-compliant with curves P-192, K-163, B- 163, and non-NIST curves)Key pair generation, digital signature verification
EdDSA42Key pair generation, digital signature generation, digital signature verification
IDEAEncryption/decryption
MD2, MD4, MD5Message digest
Poly1305Message authentication code
RC243, RC4, RC5Encryption/decryption
RIPEMDMessage digest
RMD160Message digest
RSA (non-compliant with non-approved/untested key sizes, and functions)Key pair generation; digital signature generation; digital signature verification; key transport
SEEDEncryption/decryption
SM2, SM3Message digest
SM4Encryption/decryption
Triple-DES (non-compliant)Encryption; MAC generation; key wrap
WhirlpoolMessage digest

July 7, 2025 seed is an unmodified output from the DRBG. The cryptographic module invokes a GET command to obtain entropy for random number generation (the module requests 256 bits of entropy from the calling application per request), and then passively receives entropy from the calling application while having no knowledge of the entropy source and exercising no control over the amount or the quality of the obtained entropy. The calling application and its entropy sources are located within the operational environment inside the module’s physical perimeter but outside the cryptographic boundary. Thus, there is no assurance of the minimum strength of the generated keys. The module implements the non-Approved but allowed algorithms shown in Table 4 below. Table 4

41 OCB – Offset Codebook

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 13

July 7, 2025 EdDSA 42 RC2 43, RC4, RC5 2.3 Cryptographic Boundary As a software cryptographic module, the module has no physical components. The physical perimeter of the cryptographic module is defined by each host platform on which the module is installed. Figure 1 below illustrates a block diagram of a typical GPC and the module’s physical perimeter. EdDSA

43 RC – Rivest Cipher

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 14

Hardware Management July 7, 2025 DVD Network Interface RAM HDD Clock Generator SCSI/SATA Controller LEDs/LCD Serial CPU I/O Hub Audio Cache Power Interface PCI/PCIe Slots USB BIOS Graphics Controller PCI/PCIe Slots External Power Supply KEY: Plaintext Data Encrypted Data Control Input Status Output Physical Perimeter BIOS

Page 15

July 7, 2025 libssl libssl.hmac libcrypto libcrypto.hmac Calling Application KEY: Cryptographic Boundary Physical Perimeter Data Input Data Output Control Input Control Output Status Output System Calls Operating System CPU Memory Storage Ports Host Device Figure 2

Page 16
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Physical data input port(s) of the tested platformsPhysical data input port(s) of the tested platformsData Input • API input arguments that provide input data for processing• Data to be encrypted, decrypted, signed, verified, or hashed • Keys to be used in cryptographic services • Random seed material for the module’s DRBG • Keying material to be used as input to key establishment services
Physical data output port(s) of the tested platformsPhysical data output port(s) of the tested platformsData Output • API output arguments that return generated or processed data back to the caller• Data that has been encrypted, decrypted, or verified • Digital signatures • Hashes • Random values generated by the module’s DRBG • Keys established using module’s key establishment methods
Physical control input port(s) of the tested platformsPhysical control input port(s) of the tested platformsControl Input • API input arguments that are used to initialize and control the operation of the module• API commands invoking cryptographic services • Modes, key sizes, etc. used with cryptographic services
Physical status output port(s) of the tested platformsPhysical status output port(s) of the tested platformsStatus Output • API call return values• Status information regarding the module • Status information regarding the invoked service/operation
  1. July 7, 2025 FIPS 140-3 defines the following logical interfaces for cryptographic modules: • • • • • As a software library, the cryptographic module has no direct access to any of the host platform’s physical ports, as it communicates only to the calling application via its well-defined API. A mapping of the FIPS-defined interfaces and the module’s ports and interfaces at the physical and logical boundaries can be found in Table
  2. Note that Table 6 – Ports and Interfaces FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC
Page 17
Service
NameRolesInputOutput
Show StatusCOAPI call parametersCurrent operational status
Perform self-tests on-demandCORe-instantiate module; API call parametersStatus
ZeroizeCORestart calling application; reboot or power-cycle host platformNone
Show versioning informationCOAPI call parametersModule name, version
Perform symmetric encryptionUserAPI call parameters, key, plaintextStatus, ciphertext
Perform symmetric decryptionUserAPI call parameters, key, ciphertextStatus, plaintext
Generate symmetric digestUserAPI call parameters, key, plaintextStatus, digest
Verify symmetric digestUserAPI call parameters, digestStatus
Perform authenticated symmetric encryptionUserAPI call parameters, key, plaintextStatus, ciphertext
Perform authenticated symmetric decryptionUserAPI call parameters, key, ciphertextStatus, plaintext
Generate random numberUserAPI call parametersStatus, random bits
Perform keyed hash operationsUserAPI call parameters, key, messageStatus, MAC44
Perform hash operationUserAPI call parameters, messageStatus, hash
Generate DSA domain parametersUserAPI call parametersStatus, domain parameters
Verify DSA domain parametersUserAPI call parametersStatus, domain parameters
Generate asymmetric key pairUserAPI call parametersStatus, key pair
Verify ECDSA public keyUserAPI call parameters, keyStatus
Generate digital signatureUserAPI call parameters, key, messageStatus, signature
Verify digital signatureUserAPI call parameters, key, signature, messageStatus
Perform key wrapUserAPI call parameters, encryption key, keyStatus, encrypted key
Perform key unwrapUserAPI call parameters, decryption key, encrypted keyStatus, decrypted key
Compute shared secretUserAPI call parametersStatus, shared secret
Derive SSH keysUserAPI call parameters, SSH master secretStatus, SSH keys
Derive TLS keysUserAPI call parameters, TLS pre- master secretStatus, TLS keys
Derive key via HKDFUserAPI call parametersStatus, key
Derive key via PBKDF2UserAPI call parameters, passphraseStatus, key
Generate symmetric digest (CMAC)UserAPI call parameters, key, messageStatus, MAC

4. July 7, 2025 Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods. 4.1 Authorized Roles The module supports a Crypto Officer (CO) that authorized operators can assume. The CO role performs cryptographic initialization or management functions and general security services. The module also supports the following role(s):

44 MAC – Message Authentication Code

Status, MAC 44 FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 18

4.2 July 7, 2025 Authentication Methods The module does not support authentication mechanisms; roles are implicitly selected based on the service invoked. Refer to Table 7 above for a listing of the services associated with each authorized role. 4.3 Services Descriptions of the services available to the authorized roles are provided in Table 8 below. This module is a software library that provides cryptographic functionality to calling applications. As such, the security functions provided via the module’s APIs are considered security services, and the module provides indicators for Approved security services as required by FIPS 140-3 IG 2.4.C. When invoking an API for an offered security service, the calling application provides inputs (keys, key sizes, modes, etc.) that the module combines into a single, internal structure, or “context”, that drives the execution of the cryptographic service. Each security service invocation will determine if the invoked service is an Approved security service. Upon completion of the service, that context is first updated with the results of the service as well as the Approved security service indicator, and then returned to the calling application. To access the indicator value from the context, the calling application must pass the resultant context to the indicator API associated with that security function (note the indicator check must be performed before any context cleanup is performed). The indicator API will return “1” to indicate the usage of an Approved service. Indicators for services providing non-Approved security functions (as well as for services not requiring an indicator) will have a value other than “1”, ensuring that the indicators for Approved services are unambiguous. Additional details on the APIs used for the Approved service indicators are provided in Appendix B below. Please note that the keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:

Page 19
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Show StatusReturn mode statusCONoneNoneN/AN/A
Perform self- tests on- demandPerform pre- operational self- testsCONoneNoneN/AAPI return value
ZeroizeZeroize and de- allocate memory containing sensitive dataCOAll SSPsNoneAll SSPs – ZN/A
Show versioning informationReturn module versioning informationCONoneNoneN/AN/A
Perform symmetric encryptionEncrypt plaintext dataUserAES key XTS-AES keyAES (CBC, CFB1, CFB8, CFB128, CTR, ECB, OFB, KW, KWP) (Cert. A4978) XTS-AES (Cert. A4978)AES key – WE XTS-AES key – WEAPI return value
Perform symmetric decryptionDecrypt ciphertext dataUserAES key XTS-AES key Triple-DES keyAES (CBC, CFB1, CFB8, CFB128, CTR, ECB, OFB, KW, KWP) (Cert. A4978) XTS-AES (Cert. A4978) Triple-DES (CBC, CFB1, CFB8, CFB64, ECB, OFB) (Cert. A4978)AES key – WE XTS-AES key – WE Triple-DES key – WEAPI return value
Generate symmetric digestGenerate symmetric digestUserAES CMAC key AES GMAC keyAES (CMAC )(Cert. A4978) AES (GMAC) (Cert. A4978)AES CMAC key – WE AES GMAC key – WEAPI return value
Verify symmetric digestVerify symmetric digestUserAES CMAC key AES GMAC key Triple-DES CMAC keyAES (CMAC) (Cert. A4978) AES (GMAC) (Cert. A4978) Triple-DES CMAC (Cert. A4978)AES CMAC key – WE AES GMAC key – WE Triple-DES CMAC key – WEAPI return value
Perform authenticated symmetric encryptionEncrypt plaintext using supplied AES GCM key and IVUserAES GCM key AES GCM IVAES (GCM) (Cert. A4978)AES GCM key – WE AES GCM IV – WEAPI return value
Perform authenticated symmetric decryptionDecrypt ciphertext using supplied AES GCM key and IVUserAES GCM key AES GCM IVAES (GCM) (Cert. A4978)AES GCM key – WE AES GCM IV – WEAPI return value
Generate random numberReturn random bits to the calling applicationUserDRBG entropy input DRBG seed DRBG ‘V’ value DRBG ‘Key’ valueDRBG (Cert. A4978)DRBG entropy input – WE DRBG seed – GE DRBG ‘V’ value – GE DRBG ‘Key’ value – GEAPI return value
Perform keyed hash operationsCompute a message authentication codeUserHMAC keyHMAC (Cert. A4978) SHA (Cert. A4978)HMAC key – WEAPI return value
Perform hash operationCompute a message digestUserNoneSHA (Cert. A4978)N/AAPI return value
Generate DSA domain parametersGenerate DSA domain parametersUserNoneDSA (Cert. A4978)N/AAPI return value
Verify DSA domain parametersVerify DSA domain parametersUserNoneDSA (Cert. A4978)N/AAPI return value
Generate asymmetric key pairGenerate a public/private key pairUserDSA public key DSA private key ECDSA public key ECDSA private key RSA public key RSA private keyDSA (Cert. A4978) ECDSA (Cert. A4978) RSA (Cert. A4978)DSA public key – GR DSA private key – GR ECDSA public key – GR ECDSA private key – GR RSA public key – GR RSA private key – GRAPI return value
Verify ECDSA public keyVerify an ECDSA public keyUserECDSA public keyECDSA (Cert. A4978)ECDSA public key – WAPI return value
Generate digital signatureGenerate a digital signatureUserRSA private keyRSA (Cert. A4978)RSA private key – WEAPI return value
Verify digital signatureVerify a digital signatureUserECDSA public key RSA public keyECDSA (Cert. A4978) RSA (Cert. A4978)ECDSA public key – WE RSA public key – WEAPI return value
Perform key wrapPerform key wrapUserAES key AES CMAC key AES GMAC key AES GCM key AES GCM IV HMAC keyKTS (Cert. A4978)AES key – WE AES CMAC key – WE AES GMAC key – WE AES GCM key – WE AES GCM IV – WE HMAC key – WEAPI return value
Perform key unwrapPerform key unwrapUserAES key AES CMAC key AES GMAC key AES GCM key AES GCM IV HMAC key Triple-DES keyKTS (Cert. A4978)AES key – WE AES CMAC key – WE AES GMAC key – WE AES GCM key – WE AES GCM IV – WE HMAC key – WE Triple-DES key – WEAPI return value
Compute shared secretCompute DH/ECDH shared secret suitable for use as input to an internal TLS KDFUserDH public component DH private component ECDH public component ECDH private component TLS pre-master secretKAS-ECC-SSC (Cert. A4978) KAS-FFC-SSC (Cert. A4978)DH public component – WE DH private component – WE ECDH public component – WE ECDH private component – WE TLS pre-master secret – GEAPI return value
Derive SSH keysDerive SSH session and integrity keysUserSSH master secret AES key HMAC keyKDF (SSH) (Cert. A4978)SSH master secret – WE AES key – GR HMAC key – GRAPI return value
Derive TLS keysDerive TLS session and integrity keysUserTLS pre-master secret TLS master secret AES key AES GCM key AES GCM IV HMAC keyKDF (TLS 1.0/1.1) (Cert. A4978) KDF (TLS 1.2) (Cert. A4978) KDF (TLS 1.3) (Cert. A4979)TLS pre-master secret – WE TLS master secret – GE AES key – GR AES GCM key – GR AES GCM IV – GR HMAC key – GRAPI return value
Derive key via HKDFDerive key from HKDFUserAES keyHKDF (Cert. A4978)AES key – GRAPI return value
Derive key via PBKDF2Derive key from PBKDF2UserPassphrase AES key Triple-DES keyPBKDF (Cert. A4978)Passphrase – WE AES key – GR Triple-DES key – GRAPI return value
Perform data encryption (non-compliant)Perform symmetric data encryptionUserARIA, Blake2, Blowfish, Camellia, CAST, CAST5, ChaCha20, DES, IDEA, RC2, RC4, RC5, SEED, SM4, Triple- DES (non-compliant)API return value
Perform data decryption (non-compliant)Perform symmetric data decryptionUserARIA, Blake2, Blowfish, Camellia, CAST, CAST5, ChaCha20, DES, IDEA, RC2, RC4, RC5, SEED, SM4API return value
Page 20
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Verify ECDSA public keyVerify an ECDSA public keyUserECDSA public keyECDSA (Cert. A4978)ECDSA public key – WAPI return value
Generate digital signatureGenerate a digital signatureUserRSA private keyRSA (Cert. A4978)RSA private key – WEAPI return value
Verify digital signatureVerify a digital signatureUserECDSA public key RSA public keyECDSA (Cert. A4978) RSA (Cert. A4978)ECDSA public key – WE RSA public key – WEAPI return value
Perform key wrapPerform key wrapUserAES key AES CMAC key AES GMAC key AES GCM key AES GCM IV HMAC keyKTS (Cert. A4978)AES key – WE AES CMAC key – WE AES GMAC key – WE AES GCM key – WE AES GCM IV – WE HMAC key – WEAPI return value
Perform key unwrapPerform key unwrapUserAES key AES CMAC key AES GMAC key AES GCM key AES GCM IV HMAC key Triple-DES keyKTS (Cert. A4978)AES key – WE AES CMAC key – WE AES GMAC key – WE AES GCM key – WE AES GCM IV – WE HMAC key – WE Triple-DES key – WEAPI return value
Compute shared secretCompute DH/ECDH shared secret suitable for use as input to an internal TLS KDFUserDH public component DH private component ECDH public component ECDH private component TLS pre-master secretKAS-ECC-SSC (Cert. A4978) KAS-FFC-SSC (Cert. A4978)DH public component – WE DH private component – WE ECDH public component – WE ECDH private component – WE TLS pre-master secret – GEAPI return value
Derive SSH keysDerive SSH session and integrity keysUserSSH master secret AES key HMAC keyKDF (SSH) (Cert. A4978)SSH master secret – WE AES key – GR HMAC key – GRAPI return value
Derive TLS keysDerive TLS session and integrity keysUserTLS pre-master secret TLS master secret AES key AES GCM key AES GCM IV HMAC keyKDF (TLS 1.0/1.1) (Cert. A4978) KDF (TLS 1.2) (Cert. A4978) KDF (TLS 1.3) (Cert. A4979)TLS pre-master secret – WE TLS master secret – GE AES key – GR AES GCM key – GR AES GCM IV – GR HMAC key – GRAPI return value
Derive key via HKDFDerive key from HKDFUserAES keyHKDF (Cert. A4978)AES key – GRAPI return value
Derive key via PBKDF2Derive key from PBKDF2UserPassphrase AES key Triple-DES keyPBKDF (Cert. A4978)Passphrase – WE AES key – GR Triple-DES key – GRAPI return value
Perform data encryption (non-compliant)Perform symmetric data encryptionUserARIA, Blake2, Blowfish, Camellia, CAST, CAST5, ChaCha20, DES, IDEA, RC2, RC4, RC5, SEED, SM4, Triple- DES (non-compliant)API return value
Perform data decryption (non-compliant)Perform symmetric data decryptionUserARIA, Blake2, Blowfish, Camellia, CAST, CAST5, ChaCha20, DES, IDEA, RC2, RC4, RC5, SEED, SM4API return value
Perform MAC operations (non-compliant)Perform message authentication operationsUserPoly1305, Triple-DES/CMAC (non-compliant for MAC generation)API return value
Perform hash operation (non- compliant)Perform hash operationUserMD2, MD4, MD5, RIPEMD, RMD160, SM2, SM3, WhirlpoolAPI return value
Perform digital signature functions (non-compliant)Perform digital signature functionsUserDSA (non-compliant), ECDSA (non-compliant), EdDSA, RSA (non-compliant)API return value
Perform key encapsulation (non-compliant)Perform key encapsulation functionsUserRSA (non-compliant)API return value
Perform key un-encapsulation (non-compliant)Perform key un-encapsulation functionsUserRSA (non-compliant)API return value
Perform key wrap (non- compliant)Perform key wrap functionsUserTriple-DES/CMAC (non- compliant)API return value
Perform authenticated encryption/decryption (non- compliant)Perform authenticated encryption/decryptionUserAES-OCBAPI return value
Perform random number generation (non-compliant)Perform random number generationUserANSI X9.31 RNG (with 128-bit AES core)API return value
Perform key pair generation (non-compliant)Perform key pair generationUserDSA (non-compliant), ECDSA (non-compliant), EdDSA, RSA (non-compliant)API return value

July 7, 2025 *Per FIPS 140-3 Implementation Guidance 2.4.C, the Show Status, Zeroize, and Show Versioning Information services do not require an Approved security Table 9 below lists the non-approved services available to module operators. Table 9

Page 21

July 7, 2025 FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 22

5. July 7, 2025 Software/Firmware Security All software components within the cryptographic boundary are verified using an Approved integrity technique implemented within the cryptographic module itself. The module implements independent HMAC SHA2-256 digest checks to test the integrity of each library file ; failure of the integrity check on either library file will cause the module to enter a critical error state. The module’s integrity check is performed automatically at module instantiation (i.e., when the module is loaded into memory for execution) without action from the module operator. The CO can initiate the pre-operational tests on demand by re-instantiating the module or issuing the FIPS_selftest() API command. FCAT Wallet Vault Cryptographic Module is not a standalone application; it is a cryptographic toolkit intended for use in a with a vendor’s solution. The module will be linked to a host application, and the host application will be pre-installed onto a target platform by the vendor or installed onto target platforms by the end-user. The module requires no configuration steps to be performed by application developers or end-users, and no action is required from developers or end-users to initialize the module for operation. The module is designed with a default entry point (DEP) that ensures that the pre-operational tests and conditional CASTs are initiated automatically when the module is loaded. FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 23

6. July 7, 2025 Operational Environment FCAT Wallet Vault Cryptographic Module comprises a software cryptographic library that executes in a modifiable operational environment. The cryptographic module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environments provide the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators. Please refer to section 2.1 of this document for a list/description of the applicable operational environments. FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 24

7. July 7, 2025 Physical Security The cryptographic module is a software module and does not include physical security mechanisms. Therefore, per ISO/IEC 19790:2012(E) section 7.7.1, requirements for physical security are not applicable. FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 25

8. July 7, 2025 Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques referenced in ISO/IEC 19790:2021 Annex F. FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 26
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationUseImport Export
AES key (CSP)Between 128 and 256 bitsAES (CBC, CCM, CFB, CTR, ECB, OFB, KW, KWP modes) (Cert. A4978) KTS (Cert. A4978)Established via TLS or SSH KDFNot persistently stored by the moduleUnload module; Remove powerSymmetric encryption, decryptionImported in plaintext via API parameter Never exported
AES GCM key (CSP)Between 128 and 256 bitsAES (GCM mode) (Cert. A4978) KTS (Cert. A4978)Established via TLS or SSH KDFNot persistently stored by the moduleUnload module; Remove powerAuthenticated symmetric encryption, decryptionImported in plaintext via API parameter Never exported
XTS-AES key (CSP)128 or 256 bitsAES (XTS mode) (Cert. A4978)Not persistently stored by the moduleUnload module; Remove powerSymmetric encryption, decryptionImported in plaintext via API parameter Never exported
AES CMAC key (CSP)Between 128 and 256 bitsAES (CMAC mode) (Cert. A4978) KTS (Cert. A4978)Not persistently stored by the moduleUnload module; Remove powerMAC generation, verificationImported in plaintext via API parameter Never exported
AES GMAC key (CSP)Between 128 and 256 bitsAES (GMAC mode) (Cert. A4978) KTS (Cert. A4978)Not persistently stored by the moduleUnload module; Remove powerMAC generation, verificationImported in plaintext via API parameter Never exported
Triple-DES key (CSP)Triple-DES (CBC, CFB1, CFB8, CFB64, ECB, OFB modes) (Cert. A4978) KTS (Cert. A4978)Not persistently stored by the moduleUnload module; Remove powerSymmetric decryption; key unwrappingImported in plaintext via API parameter Never exported
Triple-DES CMAC key (CSP)Triple-DES (CMAC mode) (Cert. A4978)Not persistently stored by the moduleUnload module; Remove powerMAC verificationImported in plaintext via API parameter Never exported
HMAC key (CSP)112 bits (minimum)HMAC (Cert. A4978) KTS (Cert. A4978)Established via TLS or SSH KDFNot persistently stored by the moduleUnload module; Remove powerKeyed hashImported in plaintext via API parameter Never exported
DSA private key (CSP)112 or 128 bitsDSA (Cert. A4978)Generated via Approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature generationImported in plaintext via API parameter Exported in plaintext via API parameter
DSA public key (PSP)112 or 128 bitsDSA (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature verificationImported in plaintext via API parameter Exported in plaintext via API parameter
ECDSA private key (CSP)Between 112 and 256 bitsECDSA (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature generationImported in plaintext via API parameter Exported in plaintext via API parameter
ECDSA public key (PSP)Between 112 and 256 bitsECDSA (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature verificationImported in plaintext via API parameter Exported in plaintext via API parameter
RSA private key (CSP)Between 112 and 150 bitsRSA (Cert. A4978) KTS (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature generationImported in plaintext via API parameter Exported in plaintext via API parameter
RSA public key (PSP)Between 80 and 150 bitsRSA (Cert. A4978) KTS (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDigital signature verificationImported in plaintext via API parameter Exported in plaintext via API parameter
DH private component (CSP)112 bitsKAS-SSC-FFC (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDH shared secret computationImported in plaintext via API parameter Exported in plaintext via API parameter
DH public component (PSP)112 bitsKAS-SSC-FFC (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerDH shared secret computationImported in plaintext via API parameter Exported in plaintext via API parameter
ECDH private component (CSP)Between 112 and 256 bitsKAS-SSC-ECC (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerECDH shared secret computationImported in plaintext via API parameter Exported in plaintext via API parameter
ECDH public component (PSP)Between 112 and 256 bitsKAS-SSC-ECC (Cert. A4978)Generated via approved DRBGNot persistently stored by the moduleUnload module; Remove powerECDH shared secret computationImported in plaintext via API parameter Exported in plaintext via API parameter
Passphrase (PSP)PBKDF (Cert. A4978)Not persistently stored by the moduleUnload module; Remove powerInput to PBKDF for key derivationImported in plaintext via API parameter Never exported
AES GCM IV (CSP)AES (GCM mode) (Cert. A4978)Generated in compliance with the provisions of a peer-to-peer industry standard protocolNot persistently stored by the moduleUnload module; Remove powerInitialization vector for AES GCM
SSH shared secret (CSP)KDF (SSH) (Cert. A4978)Established via ECC/FFC shared secret computationNot persistently stored by the moduleUnload module; Remove powerDerivation of the AES key and HMAC key used for securing SSH connectionsImported in plaintext via API parameter Exported in plaintext via API parameter
TLS pre-master secret (CSP)KDF (TLS 1.0/1.1) (Cert. A4978) KDF (TLS 1.2) (Cert. A4978) KDF (TLS 1.3) (Cert. A4979)Established via ECC/FFC shared secret computationNot persistently stored by the moduleUnload module; Remove powerDerivation of the TLS master secretImported in plaintext via API parameter Exported in plaintext via API parameter
TLS master secret (CSP)KDF (TLS 1.0/1.1) (Cert. A4978) KDF (TLS 1.2) (Cert. A4978) KDF (TLS 1.3) (Cert. A4979)Established via TLS KDF (using imported TLS pre-master secret)Not persistently stored by the moduleUnload module; Remove powerDerivation of the AES/AES- GCM key and HMAC key used for securing TLS connections
DRBG entropy input (CSP)DRBG (Cert. A4978)Not persistently stored by the moduleUnload module; Remove powerEntropy material for DRBGImported in plaintext via API parameter45; Never exported
DRBG seed (CSP)DRBG (Cert. A4978)Generated using nonce along with DRBG entropy inputNot persistently stored by the moduleUnload module; Remove powerSeeding material for DRBG
DRBG ‘V’ value (CSP)DRBG (Cert. A4978)GeneratedNot persistently stored by the moduleUnload module; Remove powerState values for DRBG
DRBG ‘Key’ value (CSP)DRBG (Cert. A4978)GeneratedNot persistently stored by the moduleUnload module; Remove powerState values for DRBG

July 7, 2025

  1. Management 9.1 Keys and Other SSPs The module supports the keys and other SSPs listed in Table
  2. Note that all SSP import and export is electronic and is performed within the Tested OE’s Physical Perimeter (TOEPP). Table 10 – SSPs FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC
Page 27

July 7, 2025 FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 28

July 7, 2025 9.2 DRBGs The module implements the following Approved DRBG:

Page 29
Approved algorithm
NameKey Size
DetailsMinimum NumberEntropy Source(s)
of Bits of Entropyof Bits of Entropy
256 bits of seed material are provided to the module’s DRBG by the calling application. The calling application and its entropy sources are outside the module’s cryptographic boundary. The calling application shall use entropy sources that meet the security strength required for the CTR_DRBG as shown in NIST SP 800-90Arev1, Table 3. This entropy shall be supplied by means of a callback function. The callback function must return an error if the minimum entropy strength cannot be met.256Calling application

9.3 July 7, 2025 SSP Storage Techniques There is no mechanism within the module’s cryptographic boundary for the persistent storage of SSPs. The module stores DRBG state values for the lifetime of the DRBG instance. The module uses SSPs passed in on the stack by the calling application and does not store these SSPs beyond the lifetime of the API call. 9.4 SSP Zeroization Methods Maintenance, including protection and zeroization, of any keys and CSPs that exist outside the module’s cryptographic boundary are the responsibility of the end-user. For the zeroization of keys in volatile memory, module operators can unload the module from memory or reboot/power-cycle the host device. 9.5 Table 11

Page 30

July 7, 2025 10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions. 10.1 Pre-Operational Self-Tests The module performs the following pre-operational self-test(s):

47 CRNGT – Continuous Random Number Generator Test

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 31

July 7, 2025 To ensure all CASTs are performed prior to the first operational use of the associated algorithm, all CASTs are performed during the module’s initial power-up sequence. The SHA and HMAC KATs are performed prior to the pre-operational software integrity test; all other CASTs are executed after the successful completion of the software integrity test.

48 PCT – Pairwise Consistency Test

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 32

July 7, 2025 11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:

Page 33

July 7, 2025

Page 34

July 7, 2025 In the event that power to the module is lost and subsequently restored, the calling application must ensure that any AES-GCM keys used for encryption or decryption are re-distributed.

Page 35

July 7, 2025 12. Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 36
Acronyms
NameTermDefinition
AESAESAdvanced Encryption Standard
ANSIANSIAmerican National Standards Institute
APIAPIApplication Programming Interface
CASTCASTCryptographic Algorithm Self-Test
CBCCBCCipher Block Chaining
CCCSCCCSCanadian Centre for Cyber Security
CCMCCMCounter withCipher Block Chaining - Message Authentication Code
CFBCFBCipher Feedback
CKGCKGCryptographic Key Generation
CMACCMACCipher-Based Message Authentication Code
CMVPCMVPCryptographic Module Validation Program
COCOCryptographic Officer
CPUCPUCentral Processing Unit
CTRCTRCounter
CVLCVLComponent Validation List
DEPDEPDefault Entry Point
DESDESData Encryption Standard
DHDHDiffie-Hellman
DRBGDRBGDeterministic Random Bit Generator
DSADSADigital Signature Algorithm
ECBECBElectronic Code Book
ECCECCElliptic Curve Cryptography
ECC CDHECC CDHElliptic Curve Cryptography Cofactor Diffie-Hellman
ECDHECDHElliptic Curve Diffie-Hellman
ECDSAECDSAElliptic Curve Digital Signature Algorithm
FFCFFCFinite Field Cryptography
FIPSFIPSFederal Information Processing Standard
GCMGCMGalois/Counter Mode
GMACGMACGalois Message Authentication Code

Appendix A. Acronyms and Abbreviations Table 12 provides definitions for the acronyms and abbreviations used in this document. Table 12

Page 37
Acronyms
NameTermDefinition
GPCGPCGeneral-Purpose Computer
HMACHMAC(keyed-) Hash Message Authentication Code
KASKASKey Agreement Scheme
KATKATKnown Answer Test
KDFKDFKey Derivation Function
KTSKTSKey Transport Scheme
KWKWKey Wrap
KWPKWPKey Wrap with Padding
MDMDMessage Digest
NISTNISTNational Institute of Standards and Technology
OCBOCBOffset Codebook
OEOEOperational Environment
OFBOFBOutput Feedback
OSOSOperating System
PBKDFPBKDFPassword-Based Key Derivation Function
PCTPCTPairwise Consistency Test
PKCSPKCSPublic Key Cryptography Standard
PSSPSSProbabilistic Signature Scheme
PUBPUBPublication
RCRCRivest Cipher
RNGRNGRandom Number Generator
RSARSARivest Shamir Adleman
SHASHASecure Hash Algorithm
SHAKESHAKESecure Hash Algorithm KECCAK
SHSSHSSecure Hash Standard
SPSPSpecial Publication
SSCSSCShared Secret Computation
TDESTDESTriple Data Encryption Standard
TLSTLSTransport Layer Security
TOEPPTOEPPTested OE’s Physical Perimeter
XEXXEXXOR Encrypt XOR
XTSXTSXEX-Based Tweaked-Codebook Mode with Ciphertext Stealing

FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC July 7, 2025

Page 38

July 7, 2025 Appendix B. Approved Service Indicators This appendix specifies the APIs that are externally accessible and return the Approved security service indicators. Synopsis #include <openssl/service_indicator.h> #include <openssl/ssl.h> int EVP_cipher_get_service_indicator(EVP_CIPHER_CTX *ctx); int DSA_get_service_indicator(DSA * ptr_dsa, DSA_MODES_t mode); int RSA_key_get_service_indicator(RSA * ptr_rsa); int PBKDF_get_service_indicator(); int EVP_Digest_get_service_indicator(EVP_MD_CTX *ctx); int EC_key_get_service_indicator(EC_KEY *ec_key); int CMAC_get_service_indicator(CMAC_CTX *cmac_ctx, CMAC_MODE_t mode); int HMAC_get_service_indicator(HMAC_CTX *ctx); int TLSKDF_get_service_indicator(EVP_PKEY_CTX *tls_ctx); int TLS1_3_kdf_get_service_indicator(EVP_MD *md); int TLS1_3_get_service_indicator(SSL *s); int DRBG_get_service_indicator(RAND_DRBG *drbg); Description These APIs are high-level interfaces that return the Approved security service indicator value based on the parameter(s) passed to them.

Page 39

July 7, 2025

Page 40

July 7, 2025 int NID = EVP_CIPHER_CTX_nid(ctx); fprintf(stdout,"EVP_des_ede3_ecb (NID %i) encrypt indicator = %i\n", NID, EVP_cipher_get_service_indicator(ctx)); EVP_CIPHER_CTX_cleanup(ctx); //Decrypt ctx = EVP_CIPHER_CTX_new(); EVP_DecryptInit_ex(ctx, cipher, NULL, key, NULL); EVP_CIPHER_CTX_set_key_length(ctx, 24); EVP_DecryptUpdate(ctx, pltmp, &outLen, citmp, 8); // Check the indicator fprintf(stdout,"EVP_des_ede3_ecb (NID %i) decrypt indicator = %i\n", NID, EVP_cipher_get_service_indicator(ctx)); EVP_CIPHER_CTX_cleanup(ctx); EVP_CIPHER_CTX_free(ctx); } FCAT Wallet Vault Cryptographic Module 1.0 ©2025 Fidelity Center for Applied Technology LLC

Page 41

Prepared by: Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com

Referenced URLs