Module Name
Apple OS X CoreCrypto Kernel Module v5.0
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
Embodiment
Multi-chip standalone
Description
The Apple OS X CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest.
Tested Configuration(s)
- OS X 10.10 running on iMac with i7 CPU with PAA
- OS X 10.10 running on iMac with i7 CPU without PAA
- OS X 10.10 running on Mac mini with i5 CPU with PAA
- OS X 10.10 running on Mac mini with i5 CPU without PAA
- OS X 10.10 running on MacBook with Core M CPU with PAA
- OS X 10.10 running on MacBook with Core M CPU without PAA (single-user mode)
- OS X 10.10 running on MacPro with Xeon CPU with PAA
- OS X 10.10 running on MacPro with Xeon CPU without PAA
Approved Algorithms
AES |
Certs. #3066, #3067, #3068, #3069, #3070, #3071, #3072, #3073, #3102, #3323, #3324, #3325, #3382, #3383, #3384 and #3385 |
DRBG |
Certs. #598, #599, #600, #601, #602, #609, #769, #770, #771, #805, #806 and #816 |
ECDSA |
Certs. #652, #653, #654 and #673 |
HMAC |
Certs. #1927, #1928, #1929, #1930, #1960, #1961, #1962, #1963, #1964, #1965, #1966, #1967, #2114, #2115, #2116, #2155, #2156, #2157, #2158 and #2159 |
PBKDF |
vendor affirmed |
RSA |
Certs. #1704, #1705, #1706 and #1737 |
SHS |
Certs. #2543, #2544, #2545, #2546, #2579, #2580, #2581, #2582, #2583, #2584, #2585, #2586, #2755, #2756, #2757, #2800, #2801, #2802, #2803 and #2804 |
Triple-DES |
Certs. #1895, #1896, #1897 and #1921 |
Other Algorithms
AES (non-compliant); AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); DES; Triple-DES (non-compliant); ANSI X9.63 KDF; RFC6637 KDF; KBKDF (non-Compliant); SP800-56C KDF; MD2; MD4; MD5; RIPEMD; ed25519; CAST5; Blowfish; RC2; RC4; OMAC; HMAC-DRBG (non-compliant); Hash-DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves