Module Name
Apple macOS CoreCrypto Kernel Module, v7.0
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
The Apple macOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest.
Tested Configuration(s)
- macOS Sierra 10.12.2 running on Mac mini with i5 CPU with PAA
- macOS Sierra 10.12.2 running on Mac mini with i5 CPU without PAA
- macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU with PAA
- macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU without PAA
- macOS Sierra 10.12.2 running on MacBook with Core M CPU with PAA
- macOS Sierra 10.12.2 running on MacBook with Core M CPU without PAA (single-user mode)
- macOS Sierra 10.12.2 running on MacPro with Xeon CPU with PAA
- macOS Sierra 10.12.2 running on MacPro with Xeon CPU without PAA
Approved Algorithms
AES |
Certs. #4199, #4200, #4201, #4202, #4203, #4204, #4205, #4206, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292 |
DRBG |
Certs. #1287, #1288, #1289, #1290, #1332, #1333, #1334, #1335, #1349, #1350, #1351 and #1352 |
ECDSA |
Certs. #999, #1000, #1001 and #1002 |
HMAC |
Certs. #2792, #2793, #2794, #2795, #2802, #2803, #2804, #2805, #2806, #2807, #2808, #2825, #2826, #2827 and #2828 |
KTS |
AES Certs. #4199, #4200, #4201, #4203, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292; key establishment methodology provides between 128 and 160 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Certs. #2310, #2311, #2312 and #2313 |
SHS |
Certs. #3493, #3494, #3495, #3496, #3503, #3504, #3505, #3506, #3507, #3508, #3509, #3527, #3528, #3529 and #3530 |
Triple-DES |
Certs. #2310, #2311, #2312 and #2313 |
Other Algorithms
NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant)