Qualcomm® Pseudo Random Number Generator
Version 2.3.1
FIPS 140-2 Non-Proprietary Security Policy
Version 1.1
Last Update: 2021-12-06
Prepared for:
Spectralink Corporation
2560 55th St.
Boulder, CO 80301
Prepared by:
atsec information security corporation
9130 Jollyville Road, Suite 260
Austin, TX 78759
www.atsec.com
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
2 of 19
TABLE OF CONTENTS
1. INTRODUCTION................................................................................................................................3
1.1 PURPOSE OF THE SECURITY POLICY........................................................................................................3
1.2 TARGET AUDIENCE ............................................................................................................................3
2. CRYPTOGRAPHIC MODULE SPECIFICATION......................................................................................4
2.1. DESCRIPTION OF MODULE..................................................................................................................4
2.2. DESCRIPTION OF APPROVED MODE ......................................................................................................5
2.3. CRYPTOGRAPHIC MODULE BOUNDARY..................................................................................................5
3. CRYPTOGRAPHIC MODULE PORTS AND INTERFACES.......................................................................7
4. ROLES, SERVICES AND AUTHENTICATION.........................................................................................8
4.1. ROLES ...........................................................................................................................................8
4.2. SERVICES........................................................................................................................................8
4.3. OPERATOR AUTHENTICATION..............................................................................................................9
4.4. MECHANISM AND STRENGTH OF AUTHENTICATION ..................................................................................9
5. PHYSICAL SECURITY........................................................................................................................10
6. OPERATIONAL ENVIRONMENT.......................................................................................................11
6.1. APPLICABILITY .........................................................................................................................11
7. CRYPTOGRAPHIC KEY MANAGEMENT............................................................................................12
7.1. RANDOM NUMBER GENERATION.......................................................................................................12
7.2. KEY AND CSP LIST..........................................................................................................................12
7.3. KEY/CSP GENERATION, ENTRY AND OUTPUT .......................................................................................12
7.4. KEY/CSP STORAGE AND ZEROIZATION ................................................................................................13
8. ELECTROMAGNETIC INTERFERENCE/ELECTROMAGNETIC COMPATIBILITY (EMI/EMC)..................14
9. POWER-UP TESTS ...........................................................................................................................15
9.1. CRYPTOGRAPHIC ALGORITHM TESTS ...................................................................................................15
9.2. CONDITIONAL TESTS .......................................................................................................................15
10. DESIGN ASSURANCE.....................................................................................................................16
10.1. CONFIGURATION MANAGEMENT .....................................................................................................16
11. MITIGATION OF OTHER ATTACKS.................................................................................................17
12. GLOSSARY AND ABBREVIATIONS .................................................................................................18
13. REFERENCES .................................................................................................................................19
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
3 of 19
1.Introduction
This document is the non-proprietary FIPS 140-2 Security Policy for the Qualcomm® Pseudo
Random Number Generator cryptographic module, a product of Qualcomm Technologies, Inc.,
used by Spectralink. The version number of this cryptographic module is 2.3.1. This document
contains a specification of the rules under which the module must operate and describes how this
module meets the requirements as specified in FIPS PUB 140-2 (Federal Information Processing
Standards Publication 140-2) for a Security Level 1 hardware cryptographic module.
This module validation is a re-branding of a sub-chip cryptographic subsystem that was previously
validated under NIST’s Cryptographic Module Validation Program (CMVP) Certificate #3114 in a
single-chip and is ported to another single-chip construct.
In this document, the terms “Qualcomm Pseudo Random Number Generator”, “cryptographic
module” or “module” are used interchangeably to refer to the pseudo random number generator
cryptographic module.
1.1 Purpose of the Security Policy
There are three major reasons that a security policy is needed:
⚫ it is required for FIPS 140-2 validation,
⚫ it allows individuals and organizations to determine whether the cryptographic module, as
implemented, satisfies the stated security policy, and
⚫ it describes the capabilities, protection, and access rights provided by the cryptographic
module, allowing individuals and organizations to determine whether it will meet their security
requirements.
1.2 Target Audience
This document is part of the package of documents that are submitted for FIPS 140-2 conformance
validation of the module. It is intended for the following people:
⚫ Developers working on the release
⚫ FIPS 140-2 testing lab
⚫ Cryptographic Module Validation Program (CMVP)
⚫ Consumers
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
4 of 19
2.Cryptographic Module Specification
2.1.Description of Module
The Qualcomm Pseudo Random Number Generator is classified as a single chip hardware module
for the purpose of FIPS 140-2 validation. It is designed to provide random numbers. The logical
cryptographic boundary of the module is the Qualcomm Pseudo Random Number Generator 2.3.1
which is a sub-chip hardware component contained within the Qualcomm® Snapdragon™ 660 SoC,
a product of Qualcomm Technologies, Inc., used by Spectralink in its devices. The sub-chip
cryptographic module implements a SHA-256 Hash DRBG as defined in SP 800-90A.
The hardware sub-chip cryptographic module is specified in Table 1:
Component Type Version Number
Qualcomm Pseudo Random
Number Generator
hardware 2.3.1
Table 1: Components of the Hardware Cryptographic Module
The Qualcomm Pseudo Random Number Generator has been tested on the following platform:
Snapdragon 660.
The Qualcomm Pseudo Random Number Generator is intended to meet the requirements of FIPS
140-2 at an overall Security Level 1. Table 2 shows the security level claimed for each of the
eleven sections that comprise the validation:
FIPS 140-2 Sections Security Level
N/A 1 2 3 4
Cryptographic Module Specification X
Cryptographic Module Ports and Interfaces X
Roles, Services and Authentication X
Finite State Model X
Physical Security X
Operational Environment X
Cryptographic Key Management X
EMI/EMC X
Self Tests X
Design Assurance X
Mitigation of Other Attacks X
Table 2: Security Levels
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
5 of 19
2.2.Description of Approved Mode
The Qualcomm Pseudo Random Number Generator supports only FIPS mode which is entered
without any special configurations. All configurations possible via the registers are supported and
do not violate the constraints of the FIPS mode.
When the Qualcomm Pseudo Random Number Generator is powered on, the power-up self-test is
executed automatically without any operator intervention. The Qualcomm Pseudo Random
Number Generator enters FIPS mode automatically if the power-up self-test completes
successfully.
If any of self-tests fail during power-up, the Qualcomm Pseudo Random Number Generator goes
into Error state. All cryptographic services are prohibited while in error state. When an error state
is entered, the Qualcomm Pseudo Random Number Generator can be reset to reinitialize itself.
The status of the Qualcomm Pseudo Random Number Generator can be determined by its
availability. If the Qualcomm Pseudo Random Number Generator is available, it has passed all self-
tests. If it is unavailable, it is in the error state.
The Qualcomm Pseudo Random Number Generator provides the following CAVP validated
algorithms (Note that the Qualcomm Pseudo Random Number Generator has two cores each
implementing SHA-256) and the allowed algorithm:
Approved Algorithms Standards CAVS Certs #
SHA-256 Hash DRBG SP-800-90A Cert.#: 2095
SHA-256 (core 1) FIPS 198-1 Cert.#: 4333
SHA-256 (core 2) FIPS 198-1 Cert.#: 4316
Non-FIPS Approved but Allowed Algorithms Standards CAVS Certs #
NDRNG used to seed DRBG N/A N/A (allowed)
Table 3: Approved and non-FIPS Approved but Allowed Algorithms
2.3.Cryptographic Module Boundary
The physical boundary of the Qualcomm Pseudo Random Number Generator is the physical
boundary of the Snapdragon 660 SoC (Figure 1) that contains the sub-chip which implements the
module. Consequently, the embodiment of the Qualcomm Pseudo Random Number Generator is a
single-chip standalone cryptographic module. The logical boundary is the Qualcomm Pseudo
Random Number Generator version 2.3.1.
Figure 2 illustrates the various data, status, and control paths through the physical and logical
boundaries of the cryptographic module.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
6 of 19
Figure 2: Cryptographic Boundaries
Figure 1: Snapdragon 660 top view (Left) and bottom view with
solder balls (Right)
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
7 of 19
3.Cryptographic Module Ports and Interfaces
FIPS Interface Ports
Data Input Registers
Data Output Data Out Registers
Control Input Registers
Status Output Registers
Power Input Physical power connector
Table 4: Ports and Interfaces
As indicated in Table 4, all status output and control input are directed through the interface of the
Qualcomm Pseudo Random Number Generator’s logical boundary, which is the registers of the
Qualcomm Pseudo Random Number Generator. For data input, the registers provide the interface.
For data output, the data output is provided via data out registers.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
8 of 19
4.Roles, Services and Authentication
4.1.Roles
Role Description
User
Perform general security services, including cryptographic operations
and other Approved security functions.
Crypto Officer (CO) Configuration of the Qualcomm Pseudo Random Number Generator.
Table 5: Roles
The Qualcomm Pseudo Random Number Generator meets all FIPS 140-2 level 1 requirements for
Roles and Services, implementing both User and Crypto Officer roles. The Qualcomm Pseudo
Random Number Generator does not allow concurrent operators.
The User and Crypto Officer roles are implicitly assumed by the entity accessing services
implemented by the Qualcomm Pseudo Random Number Generator. No further authentication is
required. The Crypto Officer can initialize the Qualcomm Pseudo Random Number Generator.
4.2. Services
The Qualcomm Pseudo Random Number Generator does not support bypass capability. It provides
random data from the SHA-256 Hash DRBG. The following table describes the services available in
FIPS-mode:
Service Roles CSP Access
(Read-R,
Write-W)
User
CO
Approved
SHA-256-Hash-DRBG ü Seed, entropy input string, nonce,
Internal state values C and V
R, W
Self-Test
(Self-test is executed automatically
when device is booted or restarted)
ü N/A N/A
Check Status/Get State ü N/A N/A
Module Configuration ü N/A N/A
Zeroization ü Seed, entropy input string, nonce,
internal state values C and V
R,W
Non-approved but Allowed
NDRNG ü Entropy input string, nonce R
Table 6: Services
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
9 of 19
4.3.Operator Authentication
There is no operator authentication; assumption of role is implicit by action.
4.4.Mechanism and Strength of Authentication
No authentication is required at security level 1; authentication is implicit by assumption of the
role.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
10 of 19
5.Physical Security
The Qualcomm Pseudo Random Number Generator 2.3.1 is a sub-chip module implemented as
part of the Snapdragon 660 SoC, which is the physical boundary of the sub-chip module. The
Snapdragon 660 SoC is a single chip with a production grade enclosure and hence conforms to the
Level 1 requirements for physical security.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
11 of 19
6.Operational Environment
6.1.Applicability
The module is a single chip hardware module. The procurement, build and configuring procedure
are controlled. Therefore, the operational environment is considered non-modifiable.
Minimum, nominal, and maximum voltages and temperatures are 0.815v,0.90v, and 1.05v and -
30C, 25C, and 85C respectively. However, each target varies slightly in voltage and temperature
spec.This is a digital oscillator and will work for the voltage and temperature conditions above. The
dynamic check is done by health monitor as per FIPS140-2 requirements.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
12 of 19
7.Cryptographic Key Management
7.1.Random Number Generation
Hardware is used to collect random bits as the entropy seed (i.e., the entropy input string and the
nonce) for the Qualcomm Pseudo Random Number Generator to generate FIPS 140-2 compliant
random numbers.
The DRBG used to generate pseudo random numbers is a SP 800-90A compliant SHA-256 Hash
DRBG using a derivation function without prediction resistance. It processes a personalization
string that is written by the calling application into a hardware register for use by the Qualcomm
Pseudo Random Number Generator. The calling application has read/write access to the hardware
register that holds the personalization string.
The implementation performs a continuous self-test, a health check, and a power-on self-test. A
re-seed process is applied to the DRBG. The re-seed frequency is programmable, up to 2^32
blocks of data.
When the DRBG is instantiated, it runs a self-test with a set of test vectors. It also runs a health
check test to verify that the instantiation function and generation function are able to handle any
incorrect parameter inputs, such as, a negative number for the input data length, etc. The DRBG
implements a continuous self-test that verifies the random number generation. The self-test
compares the output bits with the generated bits from the previous round and ensures that they
do not match.
The entropy source for the DRBG originates from a series of ring oscillators. The NDRNG consists
of the combined data streams of the oscillators which is fed into the DRBG. The DRBG also
implements a derivation function to counter any slight imperfections in the entropy stream. Based
on an analysis of the entropy output and the use of a 256-bit entropy value along with a 128-bit
nonce, it has been determined that the input random data into the approved HASH DRBG contains
at least 256 bits of security strength.
The output of the noise source is processed by a continuous self-test which compares the output
bits with the generated bits from the previous round and ensures that they do not match.
7.2.Key and CSP List
The entropy input string and the nonce inputs to the DRBG are generated internal to the hardware
module and do not have an external interface. .
Table 7 lists the CSP in the Qualcomm Pseudo Random Number Generator:
CSP Generation Storage Zeroization
DRBG Seed, entropy input
string and nonce
Hardware NDRNG Internal registers Reset event
DRBG (internal state values
C and V)
Hardware NDRNG Internal registers Reset event
Table 7: Keys and CSPs
7.3.Key/CSP Generation, Entry and Output
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
13 of 19
The module does not provide any key generation service or perform key generation for any of its
Approved algorithms. The caller of the DRBG can use the output for key generation.
The cryptographic module does not provide any asymmetrical algorithms or key establishment
methods.
7.4.Key/CSP Storage and Zeroization
The entropy input string and nonce used by the DRBG are generated internally by the hardware
and are not accessible external to the module. The personalization string is input by the caller of
the DRBG into a register that is able to be read and written by the caller.
Zeroization of the DRBG CSPs is accomplished by either a reset event or a power-off/power-on
cycle of the DRBG.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
14 of 19
8.Electromagnetic Interference/Electromagnetic Compatibility
(EMI/EMC)
The CM hardware component cannot be certified by the FCC as it is not a standalone device. It is
a sub-chip embedded in the Snapdragon 660 SoC which is also not a standalone device, but rather
intended to be used within a COTS device which would undergo standard FCC certification for
EMI/EMC.
According to 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, the CM is
not subject to EMI/EMC regulations because it is a subassembly that is sold to an equipment
manufacturer for further fabrication. That manufacturer is responsible for obtaining the necessary
authorization for the equipment with the CM embedded prior to further marketing to a vendor or to
a user.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
15 of 19
9.Power-Up Tests
Power-Up tests consist of known-answer tests (KAT) of algorithm implementations. The power-up
self-tests are automatically performed without any operator intervention during power-up of the
module. If any of the power-up self-tests fail, the module will enter the error state. Data output is
prohibited and no further cryptographic operation is allowed in the error state. The module can be
reset to recover from the error state. Re-initialization is also possible by doing a power-cycle to set
the module to the power-on state.
FIPS 140-2 explicitly allows that the on-demand test can be fulfilled with a power cycle of the
module. Hence, a power cycle and its associated power-on self-test is the methodology used to
perform the "on-demand" tests.
9.1.Cryptographic Algorithm Tests
Algorithm Test
SP 800-90A DRBG
KAT for DRBG only
SHA-256 KAT performed for both SHA-256 cores independently
Table 8: Power-Up Cryptographic Algorithm Tests
9.2.Conditional Tests
The following table provides the lists of the conditional self- tests. If any of the conditional test
fails, the Qualcomm Pseudo Random Number Generator will enter the error state. The Qualcomm
Pseudo Random Number Generator needs to be reset in order to recover from the error state.
Algorithm Test
SP 800-90A DRBG Continuous Random Number Generator Test
Hardware NDRNG Continuous Random Number Generator Test
Table 9: Conditional Tests
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
16 of 19
10.Design Assurance
The Qualcomm Pseudo Random Number Generator is implemented in hardware and is not
modifiable; therefore, no integrity test is required.
10.1.Configuration Management
ClearCase, a version control system from IBM/Rational, is used to manage the revision control of
the hardware code (Verilog code) and hardware documentation. The ClearCase version control
system provides version control, workspace management, parallel development support, and build
auditing. The Verilog code is maintained within the ClearCase database.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
17 of 19
11.Mitigation of Other Attacks
No other attacks are mitigated.
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
18 of 19
12.Glossary and Abbreviations
CAVP Cryptographic Algorithm Validation Program
CMVP Cryptographic Module Validation Program
COTS Commercial Off The Shelf
CSP Critical Security Parameter
DRBG Deterministic Random Bit Generator
FIPS Federal Information Processing Standards Publication
KAT Known Answer Test
NIST National Institute of Science and Technology
SHA Secure Hash Algorithm
SoC System on Chip
Qualcomm Pseudo Random Number Generator FIPS 140-2 Non-Proprietary Security Policy
19 of 19
13.References
[1] FIPS 140-2 Standard,
http://csrc.nist.gov/groups/STM/cmvp/standards.html
[2] FIPS 140-2 Implementation Guidance,
http://csrc.nist.gov/groups/STM/cmvp/standards.html
[3] FIPS 180-4 Secure Hash Standard,
http://csrc.nist.gov/publications/PubsFIPS.html
[4] NIST Special Publication 800-90A, Recommendation for Random Number Generation Using
Deterministic Random Bit Generators
http://csrc.nist.gov/publications/nistpubs/800-90A/SP900-90A.pdf