© 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Apple Inc. Apple corecrypto Module v12 [Intel, Kernel, Software] FIPS 140-3 Non-Proprietary Security Policy Document Version: 1.0 January 15, 2025 Prepared by: www.acumensecurity.net © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Table of Contents 1. General................................................................................................................................................3 2. Cryptographic Module Specification............................................................................................4 3. Cryptographic Module Interfaces ..............................................................................................12 4. Roles, Services, and Authentication..........................................................................................14 5. Software/Firmware Security.......................................................................................................25 6. Operational Environment.............................................................................................................26 7. Physical Security.............................................................................................................................27 8. Non-invasive Security ...................................................................................................................28 9. Sensitive Security Parameter Management............................................................................29 10. Self-tests...........................................................................................................................................36 11. Life-cycle Assurance ......................................................................................................................39 12. Mitigation of Other Attacks..........................................................................................................40 List of Tables Table 1 – Security Levels............................................................................................................................................. 3 Table 2 – Tested Operational Environments............................................................................................................. 4 Table 3 – Vendor Affirmed Operational Environments............................................................................................ 5 Table 4 – Approved Algorithms................................................................................................................................... 9 Table 5 – Non-Approved Algorithms Not Allowed in the Approved Mode of Operation with No Security Claimed......................................................................................................................................................................... 10 Table 6 – Non-Approved Algorithms Not Allowed in the Approved Mode of Operation................................... 11 Table 7 – Ports and Interfaces.................................................................................................................................. 12 Table 8 – Roles, Service Commands, Input and Output....................................................................................... 15 Table 9 – Approved Services..................................................................................................................................... 22 Table 10 – Non-Approved Services .......................................................................................................................... 24 Table 11 – SSPs........................................................................................................................................................... 33 Table 12 – Non-Deterministic Random Number Generation Specification......................................................... 33 List of Figures Figure 1 – Cryptographic boundary and physical perimeter ........................................................................................... 6 © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 1. General Trademarks Apple’s trademarks applicable to this document are listed in https://www.apple.com/legal/intellectual- property/trademark/appletmlist.html. Other company, product, and service names may be trademarks or service marks of others. This document is the non-proprietary FIPS 140-3 Security Policy for the Apple Inc. Apple corecrypto Module v12 [Intel, Kernel, Software] cryptographic module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an Overall Security Level 1 module. This document provides all tables and diagrams (when applicable) required by NIST SP 800-140B. The column names of the tables follow the template tables provided in NIST SP 800-140B. Table 1 describes the individual security areas of FIPS 140-3, as well as the Security Levels of those individual areas. ISO/IEC 24759 Section 6. [Number Below] FIPS 140-3 Section Title Security Level 1 General 1 2 Cryptographic Module Specification 1 3 Cryptographic Module Interfaces 1 4 Roles, Services, and Authentication 1 5 Software/Firmware Security 1 6 Operational Environment 1 7 Physical Security Not Applicable 8 Non-invasive Security Not Applicable 9 Sensitive Security Parameter Management 1 10 Self-tests 1 11 Life-cycle Assurance 1 12 Mitigation of Other Attacks Not Applicable Table 1 – Security Levels The module claims an overall Security Level 1. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 2. Cryptographic Module Specification The Apple corecrypto Module v12 [Intel, Kernel, Software] cryptographic module (hereafter referred to as “the module”) is a software module running on a multi-chip standalone general-purpose computing platform. The version of module is 12, written as v12. The module provides implementations of low-level cryptographic primitives to the Host OS’s (macOS Monterey 12) Security Framework and Common Crypto. The module has been tested by Acumen Security, LLC. CST lab on the following platforms with and withoutAES-NI: # Operating System Hardware Platform Processor PAA/Acceleration 1 macOS Monterey 12 MacBook Air Intel i5 (Amber Lake) AES-NI 2 macOS Monterey 12 MacBook Air Intel i5 (Amber Lake) N/A 3 macOS Monterey 12 iMac Intel i5 (Comet Lake) AES-NI 4 macOS Monterey 12 iMac Intel i5 (Comet Lake) N/A 5 macOS Monterey 12 MacBook Air Intel i7 (Ice Lake) AES-NI 6 macOS Monterey 12 MacBook Air Intel i7 (Ice Lake) N/A 7 macOS Monterey 12 MacBook Pro Intel i7 (Coffee Lake) AES-NI 8 macOS Monterey 12 MacBook Pro Intel i7 (Coffee Lake) N/A 9 macOS Monterey 12 iMac Intel i7 (Comet Lake) AES-NI 10 macOS Monterey 12 iMac Intel i7 (Comet Lake) N/A 11 macOS Monterey 12 MacBook Pro Intel i9 (Coffee Lake) AES-NI 12 macOS Monterey 12 MacBook Pro Intel i9 (Coffee Lake) N/A 13 macOS Monterey 12 iMac Pro Xeon W Sky Lake AES-NI 14 macOS Monterey 12 iMac Pro Xeon W Sky Lake N/A 15 macOS Monterey 12 Mac Pro Xeon W Cascade Lake AES-NI 16 macOS Monterey 12 Mac Pro Xeon W Cascade Lake N/A Table 2 – Tested Operational Environments © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. In addition to the platforms listed in Table 2, Apple Inc. has also tested the module on the following platforms and claims vendor affirmation on them (the processor and year per platform have also been specified): # Operating System Hardware Platform 1 macOS Monterey 12 MacBook Pro i5 (Ice Lake) 2020 2 macOS Monterey 12 MacBook Pro i5 (Coffee Lake) 2020, 2019, 2018 3 macOS Monterey 12 MacBook Pro i7 (Amber Lake) 2019, 2018 4 macOS Monterey 12 MacBook Pro i7 (Coffee Lake) 2020, 2019, 2018 5 macOS Monterey 12 MacBook Pro i7 (Ice Lake) 2020 6 macOS Monterey 12 MacBook Pro i9 (Coffee Lake) 2019, 2018 7 macOS Monterey 12 MacBook Air i5 (Ice Lake) 2020 8 macOS Monterey 12 MacBook Air i7 (Ice Lake) 2020 9 macOS Monterey 12 MacBook Air i5 (Amber Lake) 2019, 2018 10 macOS Monterey 12 MacBook Air i7 (Amber Lake) 2018 11 macOS Monterey 12 Mac mini i5 (Coffee Lake) 2018 12 macOS Monterey 12 Mac mini i7 (Coffee Lake) 2018 13 macOS Monterey 12 iMac i5 (Comet Lake) 2020 14 macOS Monterey 12 iMac i7 (Comet Lake) 2020 15 macOS Monterey 12 iMac i9 (Comet Lake) 2020 16 macOS Monterey 12 iMac i5 (Coffee Lake) 2019 17 macOS Monterey 12 iMac i7 (Coffee Lake) 2019 18 macOS Monterey 12 iMac i9 (Coffee Lake) 2019 Table 3 – Vendor Affirmed Operational Environments The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. The physical perimeter of the module which is also the Tested Operational Environment’s Physical Perimeter (TOEPP) is the physical perimeter of the macOS device that contains the module. Consequently, the embodiment of the module is a multi-chip standalone cryptographic module. (Figure 1) below depicts the following information: o The location of the module with respect to the operating system (green dotted outline), other supporting applications so that all the logical and physical layers between the cryptographic boundary and the physical perimeter are clearly defined; and o The interactions of the logical object of the module with the operating system and other supporting applications resident within the physical perimeter. Figure 1 – Cryptographic boundary and physical perimeter The table below lists all Approved or Vendor-affirmed security functions of the module, including specific key size(s) employed for approved services, and implemented modes of operation. The module © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. is in the Approved mode of operation when the module utilizes the services that use the security functions listed in the table below. The module supports an Approved mode and a non-Approved mode of operation. The module does not support a degraded operation. The Approved mode of operation is configured in the system by default and can only be transitioned into the non-Approved mode by calling one of the non-Approved services listed in Table 10 - Non-Approved Services. If the device starts up successfully, then the module has passed all self-tests and is operating in the Approved mode. CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function A2858 (vng_asm) A2853 (c_asm) A2852 (c-aesni) A2859 (vng_aesni) CTR_DRBG [SP800- 90Ar1] AES-128, AES-256 Derivation Function Enabled Key Length: 128, 256 Random Number Generation A2855 (c_avx2) A2854 (c_avx) A2856 (c_ssse3) HMAC_DRBG [SP800- 90Ar1] SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 No Prediction Resistance Key Length: 112 bits or greater Random Number Generation A2852 (c-aesni) A2853 (c_asm) AES CBC CFB128 CFB8 CTR ECB KW OFB Key Length: 128, 192, 256 Symmetric Encryption and Decryption A2850 (asm_aesni) A2851 (asm_x86) AES CBC, ECB, XTS Key Length: 128, 192, 256 XTS (128 and 256- bits key size only) Symmetric Encryption and Decryption A2858 (vng_asm) A2859 (vng_aesni) AES ECB, CCM, CTR, GCM Key Length: 128, 192, 256 Symmetric Encryption and Decryption A2855 (c_avx2) A2854 (c_avx) A2856 (c_ssse3) RSA [FIPS 186-4] Key Generation (ANSI X9.31) Modulus: 2048, 3072, 4096 Digital Signature © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function Signature Generation (PKCS#1 v1.5) and (PKCS PSS) 2048 (SHA2-224, SHA2-256, SHA2- 284, SHA2-512), 3072 (SHA2-224, SHA2-256, SHA2- 284, SHA2-512), 4096 (SHA2-224, SHA2-256, SHA2- 284, SHA2-512) and Asymmetric Key Generation Signature Verification (PKCS#1 v1.5) and (PKCS PSS) Modulus: 1024 (SHA-1 (legacy), SHA2-224, SHA2- 256, SHA2-284), 2048 (SHA-1 (legacy), SHA2-224, SHA2-256, SHA2- 284, SHA2-512), 3072 (SHA-1 (legacy), SHA2-224, SHA2-256, SHA2- 284, SHA2-512), 4096 (SHA-1 (legacy), SHA2-224, SHA2-256, SHA2- 284, SHA2-512) A2855 (c_avx2) A2854 (c_avx) A2856 (c_ssse3) ECDSA ANSI X9.62 [FIPS 186-4] Key Pair Generation (PKG): Public Key Validation (PKV): Signature Generation Signature Verification P-224, P-256, P- 384, P-512 SHA-1 (verification only, legacy), SHA2- 224, SHA2-256, SHA2-384, SHA2- 512 Digital Signature and Asymmetric Key Generation A2856 (c_ssse3) A2860(vng_Intel) A2855 (c_avx2) A2854 (c_avx) SHS [FIPS 180-4] SHA-1, SHA2-224, SHA2-256, SHA2-384, N/A Message Digest © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function SHA2-512, SHA2-512/256 (except for A2860) A2860 (vng_Intel) A2855 (c_avx2) A2854 (c_avx) A2856 (c_ssse3) HMAC [FIPS 198] SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 SHA2-512/256 (except for A2860) 112 bits or greater Keyed Hash A2856 (c_ssse3) KBKDF [SP800- 108] KDF Mode: Counter and Feedback MAC Mode: HMAC-SHA-1, HMAC-SHA2- 224, HMAC- SHA2- 256, HMAC- SHA2-384, HMAC-SHA2-512 Supported Lengths: 8-4096 Increment 8 Fixed Data Order: Before Fixed Data Counter Length: 32 Key Derivation Vendor Affirmed Cryptographic KeyGeneration (CKG) [SP800-133r2] Sections 4, 5.1, 6.2.2 and 6.2.3 per SP800-132r2 RSA Key Generation (ANSI X9.31), Modulus: 2048, 3072, 4096 ECDSA Key Pair Generation (PKG): P-224, P-256, P- 384, P-521 Key Generation KTS AES-KW/A2852 AES-KW/A2853 SP 800-38D and SP 800- 38F; key wrapping per IG D.G AES KW 128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength Key Wrapping Table 4 – Approved Algorithms This module does not have non-Approved algorithms but Allowed Algorithms used in the Approved mode of operation. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. The table below list non-Approved but Allowed security functions with no security claimed: Algorithm Caveat Use / Function MD5 no security claimed Message Digest (used as part of the TLS key establishment scheme only), Digest Size: 128-bit Table 5 – Non-Approved Algorithms Not Allowed in the Approved Mode of Operation with No Security Claimed The table below lists Non-Approved security functions that are not Allowed in the Approved Mode of Operation: Algorithm/Function Use/Function RSA Signature Generation / Signature Verification / Asymmetric Key Generation ANSI X9.31 Key Pair Generation Key Size < 2048 PKCS#1 v1.5 and PSS Signature Generation Key Size < 2048 PKCS#1 v1.5 and PSS Signature Verification Key Size< 1024 RSA Key Wrapping OAEP, PKCS#1 v1.5 and -PSS schemes Ed25519 Key Agreement Sig(gen) Sig(ver) ANSI X9.63 KDF Hash based Key Derivation Function RFC6637 Key Derivation Function HKDF [SP800-56Cr1] Key Derivation Function DES Encryption / Decryption Key Size 56-bits CAST5 Encryption / Decryption Key Sizes 40 to 128-bits in 8-bit increments RC4 Encryption / Decryption Key Sizes 8 to 4096-bits RC2 Encryption / Decryption Key Sizes 8 to 1024- bits MD2 Message Digest Digest size 128-bit MD4 Message Digest Digest size 128-bit RIPEMD Message Digest Digest size 160-bits ECDSA PKG: Curve P-192 PKV: Curve P-192 Signature Generation: Curve P-192 Signature Verification: Curve P-192 Non-Approved due to the small curve size © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. ECDSA Key Pair Generation for compact point representation of points Integrated Encryption Scheme on elliptic curves (ECIES) Encryption / Decryption Blowfish Encryption / Decryption OMAC (One-Key CBC MAC) MAC generation Triple-DES (ECB, CBC) Encryption / Decryption Note The module itself does not enforce the limit of 216 encryptions with the same Triple- DES key, as required by FIPS 140-3 IG C.G. Table 6 – Non-Approved Algorithms Not Allowed in the Approved Mode of Operation Overall Security Rules of Operation • AES-GCM IV is constructed in compliance with IG C.H scenario 1b (IPsec-v3). The GCM IV generation follows RFC 4106 and shall only be used for the IPsec-v3 protocol version 3. The counter portion of the IV is set by the module within its cryptographic boundary. The module does not implement the IPsec protocol. The module’s implementation of AES-GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the IPsec protocol implicitly ensures that the nonce_explicit, or counter portion of the IV will not exhaust all of its possible values. In case the module’s power is lost and then restored, the key used for the AES GCM encryption/decryption shall be re-distributed. This condition is not enforced by the module; however, it is met implicitly. The module does not retain any state when power is lost. As indicated in Table 11, column Storage, the module exclusively uses volatile storage. This means that AES-GCM key/IVs are not persistently stored during power off: therefore, there is no re- connection possible when the power is back on with regeneration of the key used for GCM. After restoration of the power, the user of the module (e.g., IKE) along with User application that implements the protocol, must perform a complete new key establishment operation using new random numbers (Entropy input string, DRBG seed, DRBG internal state V and Key, shared secret values that are not retained during power cycle, see table 11) with subsequent KDF operations to establish a new GCM key/IV pair on either side of the network communication channel. • AES-XTS mode is only approved for hardware storage applications. The length of the AES-XTS data unit does not exceed 220 blocks. The module checks explicitly that Key_1 ≠ Key_2 before using the keys in the XTS-Algorithm to process data with them compliant with IG C.I. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 3. Cryptographic Module Interfaces • As a software module, the module does not have physical ports. For the purpose of the FIPS 140-3 validation, the physical ports are interpreted to be the physical ports of the hardware platform on which it runs. • The logical interfaces are the application program interface (API) through which applications request services and the Operating System calls that the module invokes. • The underlying logical interfaces of the module are the C language Kernel Interfaces (KPIs). In detail these interfaces are described in (Table 7): Logical interface Data that passes over port/interface Data input interface Data inputs are provided in the variables passed in the KPI and callable service invocations, generally through caller-supplied buffers Data output interface Data outputs are provided in the variables passed in the KPI and callable service invocations, generally through caller-supplied buffers Control input interface Control inputs which control the mode of the module are provided through dedicated parameters, namely the kernel module plist whose information is supplied to the module by the kernel module loader. Status output interface Status output is provided in return codes and through messages. Documentation for each KPI lists possible return codes; A complete list of all return codes returned by the C language KPIs within the module is provided in the header files and the KPI documentation; Messages are also documented in the KPI documentation Table 7 – Ports and Interfaces © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. The module does not support a control output interface. The module is optimized for library use within the macOS kernel space and does not contain any terminating assertions or exceptions. It is implemented as a macOS dynamically loadable library. The dynamically loadable library is loaded into the macOS kernel and its cryptographic functions are made available to macOS kernel services only. Any internal error detected by the module is reflected back to the caller with an appropriate return code. The calling macOS kernel service must examine the return code and act accordingly. The module communicates any error status synchronously through the use of its documented return codes, thus indicating the module’s status. It is the responsibility of the caller to handle exceptional conditions in a FIPS 140-3 appropriate manner. Caller-induced or internal errors do not reveal any sensitive material to callers. Cryptographic bypass capability is not supported by the module. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 4. Roles, Services, and Authentication The module supports a single instance of one authorized role: The Crypto Officer. No support is provided for multiple concurrent operators or a Maintenance Operator. Role Service Input Output Crypto Officer (CO) AES Encryption / Decryption (Perform approved security functions) Input for Encryption: key and plain text Input for Decryption: key and cipher text Output for Encryption: cipher text Output for Decryption: plain tex AES Key Wrapping (Perform approved security functions) key encryption key and key to be wrapped wrapped key Secure Hash Generation (Perform approved security functions) Message Hash value HMAC generation (Perform approved security functions) HMAC key and message keyed Hash value RSA signature generation and verification (Perform approved security functions) Input for SigGen: RSA private key and message Input for SigVer: RSA public key and signature Output SigGen: signature Output for Sigver: True or False ECDSA signature generation and verification (Perform approved security functions) Input for SigGen: ECDSA private key and message Input for SigVer: ECDSA public key and signature Output for SigGen: signature Output for SigVer: True or False Random number generation (Perform approved security functions) Entropy input string, nonce Random numbers KBKDF (Perform approved security functions) key derivation key Derived key ECDSA (key pair generation) random numbers generated private and public key pair © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Role Service Input Output (Perform approved security functions) RSA (key pair generation) (Perform approved security functions) random prime numbers generated private and public key pair Release all resources of symmetric crypto function context (Perform zeroisation) handler of symmetric crypto function context zeroised and released memory space Release all resources of hash context (Perform zeroisation) handler of hash context zeroised and released memory space Release of all resources of key derivation function context (Perform zeroisation) handler of key derivation zeroised and released memory space Release of all resources of asymmetric crypto function context (Perform zeroisation) handler of asymmetric crypto function context zeroised and released memory space Self-test (Perform self-tests) power Pass/Fail status Show Status KPI invocation Operational/Error status Show Module Info (Show module’s versioning information) KPI invocation Module Base Name + Module Version Number Table 8 – Roles, Service Commands, Input and Output FIPS 140-3 does not require an authentication mechanism for level 1 modules. Therefore, the module does not implement an authentication mechanism for Crypto Officer. The Crypto Officer role is authorized to access all services provided by the module (see Table 9 - Approved Services and Table 10 - Non-Approved Services below). The module implements a dedicated KPI function to indicate if a requested service utilizes an approved security function. For services listed in Table 9 - Approved Services, the indicator function returns 1. For services listed in Table 10 - Non-Approved Services, the indicator function returns 0. The table below lists all approved services that can be used in the approved mode of operation. The abbreviations of the access rights to keys and SSPs have the following interpretation: © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Service Description Approved Security Functions and certs Keys and/or SSP’s Roles Access rights to Keys and/or SSP’s Indicator AES Encryption / Decryption (Perform approved security functions) Input for Encryption: key and plain text Output for Encryption: cipher text Input for Decryption: key and cipher text Output for Decryption: plain text Symmetric Encryption and Decryption AES-CBC (#A2852, #A2853, #A2850, #A2851) AES-ECB (#A2852, #A2853, #A2850, #A2851, #A2858, #A2859) AES-CFB128 (#A2852, #A2853) AES-CFB8 (#A2852, #A2853) AES-OFB (#A2852, #A2853) AES-CTR (#A2852, #A2853, #A2858, #A2859) AES-XTS (#A2850, #A2851) AES-GCM (#A2858, #A2859) AES key Crypto Officer (CO) W, E 1 © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. AES-CCM (#A2858, #A2859) AES Key Wrapping (Perform approved security functions) Input: key encryption key and key to be wrapped Output: wrapped key Key Wrapping KW (#A2852, #A2853) AES key, key to be wrapped, wrapped key Crypto Officer (CO) W, E, R 1 Secure Hash Generation (Perform approved security functions) Input: message Output: Hash value Message Digest SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/256 (except for A2860) (#A2856, #A2860, #A2855, #A2854) none Crypto Officer (CO) N/A 1 HMAC generation (Perform approved security functions) Input: HMAC key and message Output: keyed Hash value Keyed Hash SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 SHA2-512/256 (except for A2860) (#A2855, #A2856, #A2854, #A2860) HMAC key Crypto Officer (CO) W, E 1 RSA signature generation and verification Input for SigGen: RSA private key and message Output: signature SigGen, SigVer Signature Generation Modulus: 2048, RSA key pair (including intermediate keygen values) Crypto Officer (CO) W, E 1 © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. (Perform approved security functions) Input for SigVer: RSA public key and signature Output: True or False 3072, 4096 Signature Verification Modulus: 1024, 2048, 3072, 4096 (#A2855, #A2856, #A2854) ECDSA signature generation and verification (Perform approved security functions) Input for SigGen: ECDSA private key and message Output: signature Input for SigVer: ECDSA public key and signature Output: True or False SigGen, SigVer P-224, P-256, P- 384, P-512 (#A2855, #A2856, #A2854) ECDSA key pair (including intermediate keygen values) Crypto Officer (CO) W,E 1 Random number generation (Perform approved security functions) Input: Entropy input string, nonce Output: Random numbers Random number generation CTR_DRBG (#A2853, #A2852, #A2858, #A2859) HMAC_DRBG (#A2855, #A2854, #A2856) CKG Entropy Input String, Seed, DRBG V and DRBG Key, random numbers (DRBG Output) Crypto Officer (CO) G, R, W, E 1 KBKDF (Perform approved security functions) Input: key derivation key Output: derived key Key Derivation KDF Mode: Counter and Feedback MAC Mode: HMAC-SHA-1, HMAC-SHA2- 224, HMAC- KBKDF key derivation key, KBKDF derived key Crypto Officer (CO) W, G, R, E 1 © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. SHA2- 256, HMAC-SHA2- 384, HMAC- SHA2-512 (#A2856) CKG ECDSA (key pair generation) (Perform approved security functions) Input: random numbers Output: generated private and public key pair KeyGen Key Generation Modulus: 2048, 3072, 4096 (#A2855, #A2856, #A2854) CKG ECDSA Key pair (including intermediate keygen values) Crypto Officer (CO) W, G, R, E 1 RSA (key pair generation) (Perform approved security functions) Input: random prime numbers Output: generated private and public key pair KeyGen Key Generation Modulus: 2048, 3072, 4096 (#A2855, #A2856, #A2854) CKG RSA Key Pair (including intermediate keygen values) Crypto Officer (CO) W, G, R, E 1 Release all resources of symmetric crypto function context (Perform zeroisation) Input: handler of symmetric crypto function context Output: zeroised and released memory space N/A AES Key Crypto Officer (CO) Z 1 Release all resources of hash context (Perform zeroisation) Input: handler of hash context Output: released memory space N/A HMAC key Crypto Officer (CO) Z 1 Release of all resources of key Input: handler of key derivation function N/A KBKDF key derivation key, KBKDF derived key Crypto Officer (CO) Z 1 © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. derivation function context (Perform zeroisation) context Output: zeroised and released memory space Release of all resources of asymmetric crypto function context (Perform zeroisation) Input: handler of asymmetric crypto function context Output: zeroised and released memory space N/A RSA/EC/DH keys Crypto Officer (CO) Z 1 Self-test (Perform self-tests) Input: power Output: Pass/Fail status AES-CBC (#A2852, #A2853, #A2850, #A2851); AES-CCM (#A2858, #A2859); AES-GCM (#A2858, #A2859); AES-XTS (#A2850, #A2851); AES-ECB (#A2852, #A2853, #A2850, #A2851, #A2858, #A2859); AES-KW (#A2852, #A2853); CTR_DRBG (#A2858, #A2853, #A2852, #A2859); All SSPs Crypto Officer (CO) E 1 © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. HMAC_DRBG (#A2855, #A2854, #A2856); HMAC (#A2860, #A2855, #A2854, #A2856); RSA Signature Generation (#A2855, # A2854, #A2856); RSA Signature Verification (#A2855, # A2854, #A2856); ECDSA Signature Generation (#A2855, # A2854, #A2856); ECDSA Signature Verification (#A2855, # A2854, #A2856); KBKDF (#A2856); SHA2-384 (#A2856 #A2860 #A2855 #A2854) Show Status Input: KPI invocation Output: N/A None Crypto Officer (CO) N/A Status returned © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Operational/Er ror status Show Module Info (Show module’s versioning information) Input: KPI invocation Output: Module Base Name + Module Version Number N/A None Crypto Officer (CO) N/A Versioning informatio n returned Table 9 – Approved Services G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. N/A= The service does not access any SSP during its operation. Service Description Algorithms Accessed Role Indicator Triple-DES encryption / decryption Module does not meet FIPS 140-3 IG C.G because it does not have a control over the number of blocks to be encrypted under the same Triple-DES key; Input for Encryption : key and plain text Output for Encryption : cipher text Input for Decryption : key and ciphertext Output for Decryption : plain text Triple-DES Crypto Officer (CO) 0 Other symmetric encryption / decryption They are non- approved encryption algorithms; Input for Encryption : key and plain text Output for Blowfish, CAST5, DES, ECIES, RC2, RC4 Crypto Officer (CO) 0 © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Service Description Algorithms Accessed Role Indicator Encryption : cipher text Input for Decryption : key an decipher text Output for Decryption : plain text RSA Key Wrapping The CAST does not perform the full KTS, only the raw RSA encrypt/decrypt. Input: RSA public key and key to be wrapped Output: wrapped key RSA encrypt/decrypt Crypto Officer (CO) 0 RSA Signature Generation/Signature Verification/Key-pair Generation ANSI X9.31 Key Pair Generation Key Size < 2048 PKCS#1 v1.5 and PSS Signature Generation Key Size < 2048 PKCS#1 v1.5 and PSS Signature Verification key size < 1024 RSA KeyGen, SigGen, SigVer Crypto Officer (CO) 0 ECDSA PKG, PKV, Signature Generation/Signature Verification ECDSA keys with curve P-192 ECDSA PKG, PKV, SigGen/SigVer Crypto Officer (CO) 0 Ed25519 Key Generation, Signature Generation/Signature Verification 256-bit key Ed25519 KeyGen Ed25519 SigGen Ed25519 SigVer Crypto Officer (CO) 0 ANSI X9.63 Key Derivation SHA-1 hash-based SHA-1 Crypto Officer (CO) 0 SP800-56Cr1 Key Derivation (HKDF) SHA2-256 hash- based SHA2-256 Crypto Officer (CO) 0 RFC6637 Key Derivation SHA hash based SHA2-256, SHA2-512, AES-128, AES-256 Crypto Officer (CO) 0 OMAC Message Authentication Code Generation and Verification One-Key CBC MAC using 128-bit key OMAC Crypto Officer (CO) 0 © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Service Description Algorithms Accessed Role Indicator Message digest generation Input: message Output: message digest MD2, MD4, RIPEMD Crypto Officer (CO) 0 Ed25519 Key Agreement Input: peer public key, own private key Output: shared secret Ed25519 Crypto Officer (CO) 0 Integrated Encryption Scheme on elliptic curves (ECIES) Encryption/Decryption Encrypt: Input: peer public key, plaintext Output: public key, ciphertext (with authentication tag) Decrypt: Input: authentication tag, ciphertext, own private key Output: plaintext message or error ECIES Crypto Officer (CO) 0 Table 10 – Non-Approved Services © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 5. Software/Firmware Security Integrity Techniques The Apple corecrypto Module v12 [Intel, Kernel, Software] is in the form of binary executable code. A software integrity test is performed on the runtime image of the module. The HMAC-SHA2-256 implemented in the module is used as an approved algorithm for the integrity test. If the test fails, the module enters an error state where no cryptographic services are provided, and data output is prohibited i.e. the module is not operational. The Software Integrity Key (HMAC-SHA2-256 with 256 bits of security strength), a non-SSP, is stored in the module binary computed during build. On-Demand Integrity Test The integrity test is also performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. It can also be invoked by powering-off and reloading the module to meet the on-demand request for integrity test. In addition, the module provides the Self-Test service to perform self-tests, including integrity test and algorithm tests, on demand. Software Loading The module does not support loading of any additional software. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 6. Operational Environment Applicability The Apple corecrypto Module v12 [Intel, Kernel, Software] operates in a modifiable operational environment per FIPS 140-3 level 1 specifications. The module is supplied as part of macOS Monterey 12, a commercially available general-purpose operating system executing on the hardware specified in section 2. Policy The operating system is restricted to a single operator (single-user mode; i.e. concurrent operators are explicitly excluded). When the operating system loads the module into memory, it invokes the Self-Test functionality, which in turn runs the mandatory self-tests. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 7. Physical Security The ISO/IEC 19790 physical security requirements do not apply to the Apple corecrypto Module v12 [Intel, Kernel, Software] since it is a software module. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 8. Non-invasive Security Currently, the non-invasive security is not required by FIPS 140-3 (see NIST SP 800-140F). The requirements of this area are not applicable to the module. © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. 9. Sensitive Security Parameter Management The following table summarizes the keys and Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module: Key/SSP Name/ Type Strengt h Security Function and Cert. Number Gener- ation Impor t /Expor t Establis h- ment Storage Zero- isation Use & related keys AES Key CSP Size: 128, 192, 256 Strength: 128, 192, 256 AES Encryption / Decryption CBC (#A2850, #A2851) ECB (#A2850, #A2851, #A2858, #A2859) XTS (#A2850, #A2851), CCM (#A2858, #A2859), CTR (#A2852, #A2853, #A2858, #A2859) KW #A2850 N/A Import from and Export to calling applicat ion N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is powered down Symmetr ic Encryptio n and Decrypti on HMAC Key CSP Min: 112 bits HMAC generation SHA-1, SHA2- 224, SHA2-256, SHA2-384, SHA2-512 SHA2- 512/256 #A2860 N/A Import from and Export to calling applicat ion N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is Keyed Hash © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Key/SSP Name/ Type Strengt h Security Function and Cert. Number Gener- ation Impor t /Expor t Establis h- ment Storage Zero- isation Use & related keys #A2855 #A2854 #A2856 powered down ECDSA Key Pair CSP Curves: P-224, P-256, P-384, P-521 Strength: 112, 128, 192, 256 ECDSA KeyGen #A2855 #A2854 #A2856 CKG The key pairs are generated conforman t to SP800- 133r2 (CKG) using FIPS186-4 Key Generatio n method, and the random value used in the key generation is generated using SP800- 90Ar1 DRBG Import from and Export to calling applicat ion Interme dia te keygen values are not output. N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is powered down Digital signature RSA Key Pair CSP Modulus: 2048, 3072, 4096 Strength: 112, 128, 152 RSA KeyGen #A2855 #A2854 #A2856 CKG Import from and Export to calling applicat ion Interme dia te keygen values are not output. N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is powered down Digital Signatur e Entropy Input String CSP 256 bits ENT (P) Obtained from the ENT Import from OS; No Export N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is Random Number Generati on © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Key/SSP Name/ Type Strengt h Security Function and Cert. Number Gener- ation Impor t /Expor t Establis h- ment Storage Zero- isation Use & related keys powered down Seed CSP 256 bits CTR_DRB G #A2853 #A2852 #A2858 #A2859 HMAC_DR BG #A2855 #A2854 #A2856 Derived from entropy input string as defined by SP800- 90Ar1 N/A N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is powered down Random Number Generati on DRBG Output CSP 256 bits CTR_DRB G #A2853 #A2852 #A2858 #A2859 HMAC_DR BG #A2855 #A2854 #A2856 CKG Generated internally using the approved DRBG N/A N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is powered down Random Number Generati on DRBG Key CSP 256 bits CTR_DRB G #A2853 #A2852 #A2858 #A2859 HMAC_DR BG #A2855 #A2854 #A2856 Generated internally using the approved DRBG N/A N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is powered down Random Number Generati on © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Key/SSP Name/ Type Strengt h Security Function and Cert. Number Gener- ation Impor t /Expor t Establis h- ment Storage Zero- isation Use & related keys DRBG V CSP 256 bits CTR_DRB G #A2853 #A2852 #A2858 #A2859 HMAC_DR BG #A2855 #A2854 #A2856 Generated internally using the approved DRBG N/A N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is powered down Random Number Generati on KBKDF Key Derivatio n Key CSP Min: 112 bits KBKDF Key Derivation KDF Mode: Counter and Feedback MAC Mode: HMAC- SHA-1, HMAC- SHA2-224, HMAC- SHA2- 256, HMAC- SHA2-384, HMAC- SHA2-512 #A2856 N/A Import ed from calling applicat ion, No Export N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or when the system is powered down Key Derivatio n KBKDF Derived Key CSP Min: 112 bits SP800-108 KDF #A2856 CKG Internally generated via SP800- 108 KBKDF key derivation algorithm No Import; Export to calling applicat ion N/A N/A: The module does not provide persisten t keys/SSP s storage Automati c zeroisati on when structure is deallocat ed or Key Derivatio n © 2024 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirely without revision. Key/SSP Name/ Type Strengt h Security Function and Cert. Number Gener- ation Impor t /Expor t Establis h- ment Storage Zero- isation Use & related keys when the system is powered down Table 11 – SSPs The Software Integrity Key (HMAC-SHA2-256 with 256 bits of security strength), a non-SSP, is stored in the module binary computed during build. Random Number Generation A NIST approved deterministic random bit generator based on a block cipher as specified in NIST [SP 800-90Ar1] is used. The default Approved DRBG used for random number generation is a CTR_DRBG using AES-256 with derivation function and without prediction resistance. The random numbers used for key generation are all generated by CTR_DRBG in this module. Per section 10.2.1.1 of [SP 800-90Ar1], the internal state of CTR_DRBG is the value V, Key and a reseed counter. The module also employs a HMAC_DRBG for random number generation. The HMAC_DRBG is only used at the early boot time of macOS kernel for memory randomization. The output of HMAC_DRBG is not used for key generation. Per section 10.1.2.1 of [SP 800-90Ar1], the internal state of HMAC_DRBG is the value V, Key and a reseed counter. The deterministic random bit generators are seeded by read_random. The read_random is the Kernel Space interface that extracts random bits from the entropy pool. The output of entropy pool provides 256-bits of entropy to seed and reseed SP800-90B DRBG during initialization (seed) and reseeding (reseed). Entropy sources Minimum number of bits of entropy Details NISP SP800-90B compliant ENT (P) ESV Cert. #E14 256-bits per 256-bit output sample The seed is provided by an SP 800-90B compliant entropy source Table 12 – Non-Deterministic Random Number Generation Specification Key / SSP Generation The module generates Keys and SSPs in accordance with FIPS 140-3 IG D.H. The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per [SP800-133r2] sections 4, 5.1, 6.2.2 and 6.2.3 (vendor affirmed), compliant with [FIPS186-4], and using DRBG compliant with [SP800-90Ar1]. A seed (i.e., the random value) used in asymmetric key generation is a direct output from [SP800-90Ar1] DRBG. The key generation service for RSA, ECDSA, as well as the [SP 800-90Ar1] DRBG have been ACVT tested with algorithm certificates found in Table 4. Version 1.0 Page 34 of 40 Public Material – May be reproduced only in its original entirety (without revision). Keys/SSPs Establishment The module provides the following key/SSP establishment services in the Approved mode: • AES-Key Wrapping The module implements a Key Transport Scheme (KTS) using AES-KW compliant to [SP800- 38F]. The SSP establishment methodology provides between 128 and 256 bits of encryption strength. • KBKDF Key Derivation The KBKDF is compliant to [SP800-108]. The module implements both Counter and Feedback modes with HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, or HMAC- SHA2-512 as the PRF. Keys/SSPs Import/Export All keys and SSPs that are entered from, or output to module, are entered from or output to the invoking application running on the same device. Keys/SSPs entered into the module are electronically entered in plain text form. Keys/SSPs are output from the module in plain text form if required by the calling application. The module allows the output of plaintext CSPs (i.e., EC/RSA Key Pairs). To prevent inadvertent output of sensitive information, the module performs the following two independent internal actions: 1. The module will internally request the random number generation service to obtain the random numbers and verify that the service completed without errors. 2. Once the keys are generated the module will perform the pairwise consistency test and verify that the test is completed without errors. Only after successful completion of both actions, are the generated CSPs output via the KPI output parameter in plaintext. Keys/SSPs Storage The Apple corecrypto Module v12 [Intel, Kernel, Software] stores ephemeral keys/SSPs in memory only. They are received for use or generated by the module only at the command of the calling application. The module does not provide persistent keys/SSPs storage. The module protects all keys/SSPs through the memory separation and protection mechanisms provided by the operating system. No process other than the module itself can access the keys/SSPs in its process’ memory. Version 1.0 Page 35 of 40 Public Material – May be reproduced only in its original entirety (without revision). Keys/SSPs Zeroization Keys and SSPs are zeroised when the appropriate context object is destroyed or when the system is powered down. Input and output interfaces are inhibited while zeroisation is performed. Version 1.0 Page 36 of 40 Public Material – May be reproduced only in its original entirety (without revision). 10. Self-tests The module performs pre-operational self-tests automatically when the module is loaded into memory; the pre- operational self-tests triggered at power-on ensure that the module is not corrupted and that the cryptographic algorithms work as expected. The ISO/IEC 19790 only requires that software/firmware integrity test(s) and the requisite cryptographic algorithm(s) be tested during power-up, but the Apple corecrypto Module v12 [Intel, Kernel, Software] runs all Cryptographic Algorithm Tests (CASTs) during power-up as well. The following tests are performed each time the Apple corecrypto Module v12 [Intel, Kernel, Software] starts. If any of the following tests fails the device (tested platform) fails to startup. To invoke the self-tests (pre-operational integrity test as well as CASTs) on demand (and periodically), the user may reboot the system. While the module is executing the self-tests, services are not available and input and output are inhibited. The self-tests are implemented for the following algorithms: • Pre-operational Self-Tests: o HMAC-SHA2-256: Used for module integrity test • Conditional Self-Tests: o Conditional Cryptographic Algorithm Self-tests (CAST):  AES CBC 128 bits Encrypt KAT  AES CCM 128 bits Encrypt KAT  AES GCM 128 bits Encrypt KAT  AES XTS 128 bits Encrypt KAT  AES ECB 128 bits Encrypt KAT  AES CBC 128 bits Decrypt KAT  AES CCM 128 bits Decrypt KAT  AES GCM 128 bits Decrypt KAT  AES XTS 128 bits Decrypt KAT  AES ECB 128 bits Decrypt KAT  CTR_DRBG KAT ▪ Generate, Instantiate and Reseed  HMAC_DRBG KAT ▪ Generate, Instantiate and Reseed  HMAC-SHA-1 KAT; covers SHA-1 KAT  HMAC-SHA2-256 KAT; covers SHA2-256 KAT  HMAC-SHA2-512 KAT; covers SHA2-512 KAT  RSA 2048 bits SHA2-256 Signature Generation KAT  RSA 2048 bits SHA2-256 Verify KAT Version 1.0 Page 37 of 40 Public Material – May be reproduced only in its original entirety (without revision).  ECDSA P-224 SHA2-224 Sig Gen KAT  ECDSA P-224 SHA2-224 Sig Ver KAT  KBKDF counter KAT  NIST SP 800-90B Repetitive Count Test (RCT)  NIST SP 800-90B Adaptive Proportion Test (APT) o Pairwise consistency test when generating ECDSA key pairs (for signature generation/verification) o Pairwise consistency test when generating RSA key pairs (for signature generation/verification) Integrity Test A software integrity test is performed on the runtime image of the Apple corecrypto Module v12 [Intel, Kernel, Software]. The module’s HMAC-SHA2-256 is used as an approved algorithm for the integrity test. If the test fails, then the device powers itself off. The HMAC value is pre-computed at build time and stored in the module. The HMAC value is recalculated during runtime and compared with the stored value. Conditional Tests The following sub-sections describe the conditional tests supported by the Apple corecrypto Module v12 [Intel, Kernel, Software]. Cryptographic algorithm tests The Apple corecrypto Module v12 [Intel, Kernel, Software] runs all Cryptographic Algorithm Tests during power-up. These tests are detailed above in this section. Pairwise Consistency Test The Apple corecrypto Module v12 [Intel, Kernel, Software] does generate asymmetric keys and performs all required pair-wise consistency tests on the newly generated key pairs. Error Handling If any of the above-mentioned self-tests fail, the module reports the cause of the error and enters an error state where no cryptographic services are provided and data output is Version 1.0 Page 38 of 40 Public Material – May be reproduced only in its original entirety (without revision). prohibited. The only method to clear the error state is to power cycle the device. The module will only enter into the operational state after successfully passing the preoperational software integrity test and the Conditional CASTs. The module returns the “FAILED: fipspost_post_integrity” error indicator in case of a software integrity test failure, “FAILED: ” in case of a CAST failure. Version 1.0 Page 39 of 40 Public Material – May be reproduced only in its original entirety (without revision). 11. Life-cycle Assurance Delivery and Operation The module is built into macOS Monterey 12 and delivered with macOS. There is no standalone delivery of the module as a software library. The vendor’s internal development process guarantees that the correct version of module goes with its intended macOS version. For additional assurance, the module is digitally signed by vendor and it is verified during the integration into macOS. This digital signature-based integrity protection during the delivery/integration process is not to be confused with the HMAC-SHA2-256 based integrity check performed by the module itself as its pre-operational self-test. No additional maintenance requirements apply. Crypto Officer Guidance The Approved mode of operation is configured in the system by default and can only be transitioned into the non-Approved mode by calling one of the non-Approved services listed in Table 10 - Non-Approved Services. If the device starts up successfully, then the module has passed all self-tests and is operating in the Approved mode. A Crypto Officer Role Guide is provided by Apple which offers IT System Administrators with the necessary technical information to ensure FIPS 140-3 Compliance of macOS Monterey 12 systems. This guide walks the reader through the system’s assertion of cryptographic module integrity and the steps necessary if module integrity requires remediation. A link to the Guide can be found on the Product security, validations, and guidance page. Version 1.0 Page 40 of 40 Public Material – May be reproduced only in its original entirety (without revision). 12. Mitigation of Other Attacks The module does not claim mitigation of other attacks.