Module Name
Apple OS X CoreCrypto Kernel Module v6.0
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
The Apple OS X CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest.
Tested Configuration(s)
- OS X El Capitan v10.11 running on iMac with i7 CPU with PAA
- OS X El Capitan v10.11 running on iMac with i7 CPU without PAA
- OS X El Capitan v10.11 running on Mac mini with i5 CPU with PAA
- OS X El Capitan v10.11 running on Mac mini with i5 CPU without PAA
- OS X El Capitan v10.11 running on MacBook with Core M CPU with PAA
- OS X El Capitan v10.11 running on MacBook with Core M CPU without PAA (single-user mode)
- OS X El Capitan v10.11 running on MacPro with Xeon CPU with PAA
- OS X El Capitan v10.11 running on MacPro with Xeon CPU without PAA
Approved Algorithms
AES |
Certs. #3781, #3782, #3783, #3784, #3785, #3786, #3787, #3788, #3789, #3790, #3791, #3792, #3793, #3794, #3795 and #3796 |
DRBG |
Certs. #1047, #1048, #1049, #1050, #1051, #1052, #1053, #1054, #1055, #1056, #1057 and #1058 |
ECDSA |
Certs. #816, #817, #818 and #819 |
HMAC |
Certs. #2358, #2359, #2360, #2361, #2362, #2363, #2364, #2365, #2366, #2367, #2368, #2369, #2370, #2371, #2372, #2373, #2475, #2476, #2477 and #2478 |
KTS |
AES Certs. #3781, #3782, #3783, #3784, #3785, #3786, #3787, #3788, #3789, #3790, #3791, #3792, #3793, #3794, #3795 and #3796; key establishment methodology provides between 128 and 160 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Certs. #1949, #1950, #1951 and #1952 |
SHS |
Certs. #3024, #3025, #3026, #3027, #3028, #3029, #3030, #3031, #3032, #3033, #3034, #3035, #3036, #3037, #3038, #3039, #3148, #3149, #3150 and #3151 |
Triple-DES |
Certs. #2102, #2103, #2104 and #2105 |
Other Algorithms
AES (non-compliant); AES-CMAC (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC; RC2; RC4; RFC6637 KDF; RIPEMD; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SP800-56C KDF; Triple-DES (non-compliant)