Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #2594

Details

Module Name
Apple iOS CoreCrypto Module v6.0
Standard
FIPS 140-2
Status
Active
Sunset Date
3/28/2021
Validation Dates
3/29/2016
Overall Level
1
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Physical Security: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest.
Tested Configuration(s)
  • iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU with AES hardware acceleration
  • iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU without AES hardware acceleration
  • iOS 9.0 running on iPad (4th generation) with Apple A6X CPU with AES hardware acceleration
  • iOS 9.0 running on iPad (4th generation) with Apple A6X CPU without AES hardware acceleration
  • iOS 9.0 running on iPad Air 2 with Apple A8X CPU
  • iOS 9.0 running on iPhone4S with Apple A5 CPU with AES hardware acceleration
  • iOS 9.0 running on iPhone4S with Apple A5 CPU without AES hardware acceleration
  • iOS 9.0 running on iPhone5 with Apple A6 CPU with AES hardware acceleration
  • iOS 9.0 running on iPhone5 with Apple A6 CPU without AES hardware acceleration
  • iOS 9.0 running on iPhone5S with Apple A7 CPU
  • iOS 9.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
  • iOS 9.0 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU
  • iOS 9.1 running on iPad Pro with Apple A9X CPU (single-user mode)
FIPS Algorithms
AES Certs. #3682, #3683, #3684, #3685, #3686, #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694, #3695, #3698, #3699, #3700, #3701, #3702, #3703, #3704, #3705, #3706, #3707, #3708, #3709, #3710, #3712, #3713, #3714, #3715, #3716, #3717, #3718, #3719, #3720, #3721, #3722, #3723, #3724, #3725, #3726, #3727, #3728, #3740 and #3750
CVL Certs. #683, #684, #685, #686, #687, #688, #689, #690, #691, #692, #693, #694, #695 and #698
DRBG Certs. #989, #990, #991, #992, #993, #994, #995, #996, #997, #999, #1000, #1001, #1002, #1004, #1005, #1006, #1007, #1008, #1009, #1010, #1011, #1012, #1013, #1014, #1015 and #1016
ECDSA Certs. #777, #778, #779, #780, #781, #782, #783, #784, #785, #786, #787, #788, #789 and #793
HMAC Certs. #2302, #2304, #2306, #2307, #2309, #2310, #2311, #2312, #2313, #2314, #2315, #2316, #2317, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440 and #2444
KTS AES Certs. #3682, #3683, #3684, #3685, #3686, #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694, #3695, #3698, #3699, #3700, #3701, #3702, #3703, #3704, #3705, #3706, #3707, #3708, #3709, #3710, #3712, #3713, #3714, #3715, #3716, #3717, #3718, #3719, #3720, #3721, #3722, #3723, #3724, #3725, #3726, #3727, #3728, #3740 and #3750; key establishment methodology provides between 128 and 160 bits of encryption strength
PBKDF vendor affirmed
RSA Certs. #1904, #1905, #1906, #1907, #1908, #1909, #1910, #1911, #1912, #1914, #1915, #1916, #1919 and #1920
SHS Certs. #2968, #2970, #2972, #2973, #2974, #2975, #2976, #2977, #2978, #2979, #2980, #2981, #2982, #2983, #3096, #3097, #3098, #3099, #3100, #3101, #3102, #3103, #3104, #3105, #3106, #3107, #3108 and #3113
Triple-DES Certs. #2060, #2061, #2062, #2063, #2064, #2065, #2066, #2067, #2068, #2069, #2070, #2071, #2072 and #2078
Other Algorithms
AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RFC6637 KDF; RIPEMD; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant)
Software Versions
6.0

Vendor

Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis
geddis@apple.com
Phone: (669)227-3579
Fax: (866)315-1954

Lab

atsec information security corporation
NVLAP Code: 200658-0