Apple CoreCrypto Kernel Module v8.0 for ARM

Certificate #3147

Webpage information

Status historical
Historical reason Moved to historical list due to sunsetting
Validation dates 09.03.2018 , 17.05.2018 , 03.07.2018 , 11.03.2021
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy
Exceptions
  • Physical Security: N/A
Description The Apple CoreCrypto Kernel Module v8.0 for ARM is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.
Tested configurations
  • iBridgeOS (15P2064) running on Apple iMac Pro with Apple T2 (iBridge 2,1) with PAA
  • iBridgeOS (15P2064) running on Apple iMac Pro with Apple T2 (iBridge 2,1) without PAA (single-user mode)
  • iOS 11 running on iPad Air 2 with Apple A8X CPU with PAA
  • iOS 11 running on iPad Air 2 with Apple A8X CPU without PAA
  • iOS 11 running on iPad Pro with Apple A10X Fusion CPU with PAA
  • iOS 11 running on iPad Pro with Apple A10X Fusion CPU without PAA
  • iOS 11 running on iPad Pro with Apple A9X CPU with PAA
  • iOS 11 running on iPad Pro with Apple A9X CPU without PAA
  • iOS 11 running on iPhone 5S with Apple A7 CPU with PAA
  • iOS 11 running on iPhone 5S with Apple A7 CPU without PAA
  • iOS 11 running on iPhone 6 (iPhone 6 and iPhone 6 Plus) with Apple A8 CPU with PAA
  • iOS 11 running on iPhone 6 (iPhone 6 and iPhone 6 Plus) with Apple A8 CPU without PAA
  • iOS 11 running on iPhone 6S (iPhone 6S and iPhone 6S Plus) with Apple A9 CPU with PAA
  • iOS 11 running on iPhone 6S (iPhone 6S and iPhone 6S Plus) with Apple A9 CPU without PAA
  • iOS 11 running on iPhone 7 (iPhone 7 and iPhone 7 Plus) with Apple A10 Fusion CPU with PAA
  • iOS 11 running on iPhone 7 (iPhone 7 and iPhone 7 Plus) with Apple A10 Fusion CPU without PAA
  • iOS 11 running on iPhone 8 with Apple A11 Bionic CPU with PAA
  • iOS 11 running on iPhone 8 with Apple A11 Bionic CPU without PAA
  • tvOS 11 running on Apple TV 4K with Apple A10X Fusion CPU with PAA
  • tvOS 11 running on Apple TV 4K with Apple A10X Fusion CPU without PAA
  • watchOS 4 running on Apple Watch Series 1 with Apple S1P CPU with PAA
  • watchOS 4 running on Apple Watch Series 1 with Apple S1P CPU without PAA
  • watchOS 4 running on Apple Watch Series 3 with Apple S3 CPU with PAA
  • watchOS 4 running on Apple Watch Series 3 with Apple S3 CPU without PAA
Vendor Apple Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-128, CAST5, RC2, RC4, DES, TDEA, Triple-DES, Blowfish, HMAC, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-256
Asymmetric Algorithms
ECDSA, ECC, DSA
Hash functions
SHA-1, SHA-224, SHA-256, SHA384, SHA512, SHA-384, SHA-512, SHA-2, MD4, MD5, RIPEMD, PBKDF
Schemes
MAC, Key Agreement, Key agreement
Protocols
TLS
Randomness
TRNG, DRBG, RNG
Elliptic Curves
P-224, P-256, P-384, P-521, Curve P-192, P-192, curve P-384, Ed25519
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS

Security level
level 1, Level 2

Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 180-4, FIPS 186-4, FIPS 197, FIPS 198, FIPS186-4, NIST SP 800-90A, PKCS #1, PKCS#1, RFC6637

File metadata

Title TID-11-1572-Apple-Inc--140sp_CC8_4.4
Author Andreas Fabis
Creation date D:20180621174406Z00'00'
Modification date D:20180621174406Z00'00'
Pages 28
Creator Word
Producer Mac OS X 10.12.6 Quartz PDFContext

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 3147,
  "dgst": "c21af72451d75650",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KTS#4922",
        "AES#5129",
        "AES#5040",
        "AES#5127",
        "HMAC#3276",
        "Triple-DES#2600",
        "KTS#5039",
        "DRBG#1738",
        "KTS#4935",
        "AES#4917",
        "DRBG#1962",
        "DRBG#1862",
        "SHS#4016",
        "Triple-DES#2599",
        "AES#4921",
        "AES#4906",
        "DRBG#1921",
        "DRBG#1754",
        "ECDSA#1326",
        "HMAC#3353",
        "HMAC#3407",
        "HMAC#3351",
        "ECDSA#1325",
        "DRBG#1850",
        "AES#4916",
        "KTS#5041",
        "DRBG#1918",
        "DRBG#1742",
        "HMAC#3442",
        "AES#4924",
        "SHS#4099",
        "AES#4929",
        "KTS#4912",
        "AES#4911",
        "RSA#2720",
        "HMAC#3278",
        "SHS#4106",
        "SHS#4017",
        "DRBG#1756",
        "DRBG#1749",
        "DRBG#1741",
        "RSA#2718",
        "ECDSA#1294",
        "DRBG#1922",
        "KTS#4928",
        "KTS#5127",
        "SHS#4100",
        "HMAC#3354",
        "SHS#4154",
        "DRBG#1852",
        "Triple-DES#2602",
        "AES#4927",
        "DRBG#1856",
        "KTS#5185",
        "AES#5187",
        "HMAC#3273",
        "Triple-DES#2596",
        "SHS#4019",
        "KTS#4926",
        "KTS#5125",
        "AES#4932",
        "DRBG#1960",
        "HMAC#3275",
        "KTS#5130",
        "Triple-DES#2598",
        "AES#4922",
        "KTS#4929",
        "Triple-DES#2637",
        "DRBG#1743",
        "AES#4920",
        "RSA#2719",
        "HMAC#3405",
        "DRBG#1737",
        "DRBG#1959",
        "DRBG#1915",
        "ECDSA#1289",
        "HMAC#3274",
        "DRBG#1745",
        "AES#5185",
        "HMAC#3277",
        "Triple-DES#2628",
        "HMAC#3406",
        "HMAC#3361",
        "RSA#2763",
        "KTS#4916",
        "SHS#4098",
        "RSA#2724",
        "AES#5126",
        "KTS#4924",
        "HMAC#3362",
        "AES#4909",
        "KTS#5128",
        "RSA#2717",
        "ECDSA#1291",
        "AES#4935",
        "ECDSA#1293",
        "SHS#4153",
        "DRBG#1851",
        "DRBG#1753",
        "KTS#4906",
        "KTS#5126",
        "HMAC#3356",
        "RSA#2721",
        "AES#5128",
        "DRBG#1863",
        "SHS#4189",
        "HMAC#3279",
        "DRBG#1849",
        "ECDSA#1298",
        "SHS#4151",
        "SHS#4152",
        "AES#5041",
        "SHS#4095",
        "HMAC#3355",
        "AES#4907",
        "DRBG#1854",
        "SHS#4097",
        "AES#5130",
        "SHS#4096",
        "AES#4923",
        "DRBG#1917",
        "KTS#4920",
        "SHS#4102",
        "DRBG#1739",
        "SHS#4014",
        "KTS#4909",
        "ECDSA#1290",
        "DRBG#1736",
        "DRBG#1751",
        "DRBG#1763",
        "KTS#4911",
        "AES#5039",
        "KTS#4910",
        "SHS#4015",
        "HMAC#3441",
        "DRBG#1855",
        "SHS#4101",
        "ECDSA#1296",
        "DRBG#1755",
        "AES#4913",
        "AES#4918",
        "AES#4912",
        "ECDSA#1292",
        "KTS#4921",
        "DRBG#1853",
        "DRBG#1747",
        "Triple-DES#2590",
        "DRBG#1740",
        "KTS#4925",
        "KTS#5040",
        "HMAC#3280",
        "RSA#2783",
        "DRBG#1961",
        "DRBG#1861",
        "DRBG#1860",
        "ECDSA#1295",
        "AES#4928",
        "AES#4925",
        "AES#4919",
        "SHS#4020",
        "KTS#5187",
        "AES#4910",
        "SHS#4018",
        "DRBG#1744",
        "ECDSA#1345",
        "DRBG#1757",
        "KTS#5186",
        "AES#5186",
        "AES#5125",
        "KTS#4923",
        "Triple-DES#2595",
        "Triple-DES#2629",
        "KTS#4913",
        "SHS#4190",
        "HMAC#3350",
        "RSA#2764",
        "SHS#4107",
        "DRBG#1760",
        "SHS#4013",
        "HMAC#3357",
        "KTS#4918",
        "KTS#4908",
        "KTS#4907",
        "DRBG#1916",
        "DRBG#1746",
        "HMAC#3352",
        "DRBG#1748",
        "DRBG#1920",
        "RSA#2722",
        "DRBG#1750",
        "Triple-DES#2589",
        "KTS#5129",
        "DRBG#1752",
        "HMAC#3408",
        "DRBG#1919",
        "KTS#4919",
        "RSA#2723",
        "Triple-DES#2597",
        "KTS#4932",
        "KTS#4927",
        "KTS#4917",
        "AES#4908",
        "RSA#2728",
        "AES#4926"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "8.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDSA": {
            "ECDSA": 15
          }
        },
        "FF": {
          "DSA": {
            "DSA": 1
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 7
        },
        "CCM": {
          "CCM": 1
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 6
        },
        "ECB": {
          "ECB": 6
        },
        "GCM": {
          "GCM": 2
        },
        "OFB": {
          "OFB": 3
        },
        "XTS": {
          "XTS": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "TLS": {
          "TLS": {
            "TLS": 1
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1,
          "Key agreement": 1
        },
        "MAC": {
          "MAC": 6
        }
      },
      "device_model": {},
      "ecc_curve": {
        "Edwards": {
          "Ed25519": 1
        },
        "NIST": {
          "Curve P-192": 3,
          "P-192": 11,
          "P-224": 8,
          "P-256": 8,
          "P-384": 9,
          "P-521": 8,
          "curve P-384": 1
        }
      },
      "eval_facility": {
        "atsec": {
          "atsec": 2
        }
      },
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES-128": 3,
          "HMAC- SHA-512": 1,
          "HMAC-SHA-1": 4,
          "HMAC-SHA-224": 2,
          "HMAC-SHA-256": 2,
          "HMAC-SHA-256 1736": 2,
          "HMAC-SHA-384": 2,
          "HMAC-SHA256": 2,
          "PAA1": 1,
          "PKCS #1": 1,
          "PKCS#1": 7,
          "PKCS1-v1_5": 1,
          "RSA PKCS #1": 1,
          "RSA PKCS#1": 2,
          "SHA-1": 6,
          "SHA-2": 1,
          "SHA-224": 6,
          "SHA-256": 6,
          "SHA-512": 1,
          "SHA384": 2,
          "SHA512": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 2": 1,
          "level 1": 3
        }
      },
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 1
          }
        },
        "PBKDF": {
          "PBKDF": 3
        },
        "RIPEMD": {
          "RIPEMD": 2
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 6
          },
          "SHA2": {
            "SHA-2": 1,
            "SHA-224": 2,
            "SHA-256": 2,
            "SHA-384": 4,
            "SHA-512": 5,
            "SHA384": 2,
            "SHA512": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 11
        },
        "RNG": {
          "RNG": 1
        },
        "TRNG": {
          "TRNG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 21,
          "FIPS 180-4": 2,
          "FIPS 186-4": 2,
          "FIPS 197": 2,
          "FIPS 198": 2,
          "FIPS PUB 140-2": 1,
          "FIPS186-4": 1
        },
        "NIST": {
          "NIST SP 800-90A": 1
        },
        "PKCS": {
          "PKCS #1": 1,
          "PKCS#1": 5
        },
        "RFC": {
          "RFC6637": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 13,
            "AES-128": 3
          },
          "CAST": {
            "CAST5": 2
          },
          "RC": {
            "RC2": 2,
            "RC4": 2
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "Triple-DES": 10
          },
          "DES": {
            "DES": 4
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 9,
            "HMAC-SHA-256": 1,
            "HMAC-SHA-384": 2,
            "HMAC-SHA-512": 1
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 2
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/AAPL:Keywords": "[]",
      "/Author": "Andreas Fabis",
      "/CreationDate": "D:20180621174406Z00\u002700\u0027",
      "/Creator": "Word",
      "/Keywords": "",
      "/ModDate": "D:20180621174406Z00\u002700\u0027",
      "/Producer": "Mac OS X 10.12.6 Quartz PDFContext",
      "/Subject": "",
      "/Title": "TID-11-1572-Apple-Inc--140sp_CC8_4.4",
      "pdf_file_size_bytes": 311521,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 28
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "970c52e246090d1fbebf791ec7911f0290a6c00f86dc350596618a6e7e08a1cb",
    "policy_txt_hash": "ed250fdeb8a0958f73f52a4df7a2621fbeaac0ad8622b8f3dbc7cdb815925d99"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPS140-2-ConsolidatedMarch2018.pdf",
    "date_sunset": null,
    "description": "The Apple CoreCrypto Kernel Module v8.0 for ARM is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A"
    ],
    "fw_versions": null,
    "historical_reason": "Moved to historical list due to sunsetting",
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Apple CoreCrypto Kernel Module v8.0 for ARM",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "historical",
    "sw_versions": "8.0",
    "tested_conf": [
      "iBridgeOS (15P2064) running on Apple iMac Pro with Apple T2 (iBridge 2,1) with PAA",
      "iBridgeOS (15P2064) running on Apple iMac Pro with Apple T2 (iBridge 2,1) without PAA (single-user mode)",
      "iOS 11 running on iPad Air 2 with Apple A8X CPU with PAA",
      "iOS 11 running on iPad Air 2 with Apple A8X CPU without PAA",
      "iOS 11 running on iPad Pro with Apple A10X Fusion CPU with PAA",
      "iOS 11 running on iPad Pro with Apple A10X Fusion CPU without PAA",
      "iOS 11 running on iPad Pro with Apple A9X CPU with PAA",
      "iOS 11 running on iPad Pro with Apple A9X CPU without PAA",
      "iOS 11 running on iPhone 5S with Apple A7 CPU with PAA",
      "iOS 11 running on iPhone 5S with Apple A7 CPU without PAA",
      "iOS 11 running on iPhone 6 (iPhone 6 and iPhone 6 Plus) with Apple A8 CPU with PAA",
      "iOS 11 running on iPhone 6 (iPhone 6 and iPhone 6 Plus) with Apple A8 CPU without PAA",
      "iOS 11 running on iPhone 6S (iPhone 6S and iPhone 6S Plus) with Apple A9 CPU with PAA",
      "iOS 11 running on iPhone 6S (iPhone 6S and iPhone 6S Plus) with Apple A9 CPU without PAA",
      "iOS 11 running on iPhone 7 (iPhone 7 and iPhone 7 Plus) with Apple A10 Fusion CPU with PAA",
      "iOS 11 running on iPhone 7 (iPhone 7 and iPhone 7 Plus) with Apple A10 Fusion CPU without PAA",
      "iOS 11 running on iPhone 8 with Apple A11 Bionic CPU with PAA",
      "iOS 11 running on iPhone 8 with Apple A11 Bionic CPU without PAA",
      "tvOS 11 running on Apple TV 4K with Apple A10X Fusion CPU with PAA",
      "tvOS 11 running on Apple TV 4K with Apple A10X Fusion CPU without PAA",
      "watchOS 4 running on Apple Watch Series 1 with Apple S1P CPU with PAA",
      "watchOS 4 running on Apple Watch Series 1 with Apple S1P CPU without PAA",
      "watchOS 4 running on Apple Watch Series 3 with Apple S3 CPU with PAA",
      "watchOS 4 running on Apple Watch Series 3 with Apple S3 CPU without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2018-03-09",
        "lab": "atsec information security corporation",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2018-05-17",
        "lab": "atsec information security corporation",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2018-07-03",
        "lab": "atsec information security corporation",
        "validation_type": "Update"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2021-03-11",
        "lab": "atsec information security corporation",
        "validation_type": "Update"
      }
    ],
    "vendor": "Apple Inc.",
    "vendor_url": "http://www.apple.com"
  }
}