Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #2830

Details

Module Name
Apple macOS CoreCrypto Kernel Module, v7.0
Standard
FIPS 140-2
Status
Active
Sunset Date
1/31/2022
Validation Dates
2/1/2017
Overall Level
1
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Physical Security: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Apple macOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest.
Tested Configuration(s)
  • macOS Sierra 10.12.2 running on Mac mini with i5 CPU with PAA
  • macOS Sierra 10.12.2 running on Mac mini with i5 CPU without PAA
  • macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU with PAA
  • macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU without PAA
  • macOS Sierra 10.12.2 running on MacBook with Core M CPU with PAA
  • macOS Sierra 10.12.2 running on MacBook with Core M CPU without PAA (single-user mode)
  • macOS Sierra 10.12.2 running on MacPro with Xeon CPU with PAA
  • macOS Sierra 10.12.2 running on MacPro with Xeon CPU without PAA
FIPS Algorithms
AES Certs. #4199, #4200, #4201, #4202, #4203, #4204, #4205, #4206, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292
DRBG Certs. #1287, #1288, #1289, #1290, #1332, #1333, #1334, #1335, #1349, #1350, #1351 and #1352
ECDSA Certs. #999, #1000, #1001 and #1002
HMAC Certs. #2792, #2793, #2794, #2795, #2802, #2803, #2804, #2805, #2806, #2807, #2808, #2825, #2826, #2827 and #2828
KTS AES Certs. #4199, #4200, #4201, #4203, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292; key establishment methodology provides between 128 and 160 bits of encryption strength
PBKDF vendor affirmed
RSA Certs. #2310, #2311, #2312 and #2313
SHS Certs. #3493, #3494, #3495, #3496, #3503, #3504, #3505, #3506, #3507, #3508, #3509, #3527, #3528, #3529 and #3530
Triple-DES Certs. #2310, #2311, #2312 and #2313
Other Algorithms
NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant)
Software Versions
7.0

Vendor

Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
geddis@apple.com
Phone: 669-227-3579
Fax: 866-315-1954

Lab

ATSEC INFORMATION SECURITY CORPORATION
NVLAP Code: 200658-0