Module Name
Apple macOS CoreCrypto Kernel Module, v7.0
Validation Dates
02/01/2017;03/11/2021
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
The Apple macOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest.
Tested Configuration(s)
- macOS Sierra 10.12.2 running on Mac mini with i5 CPU with PAA
- macOS Sierra 10.12.2 running on Mac mini with i5 CPU without PAA
- macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU with PAA
- macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU without PAA
- macOS Sierra 10.12.2 running on MacBook with Core M CPU with PAA
- macOS Sierra 10.12.2 running on MacBook with Core M CPU without PAA (single-user mode)
- macOS Sierra 10.12.2 running on MacPro with Xeon CPU with PAA
- macOS Sierra 10.12.2 running on MacPro with Xeon CPU without PAA
FIPS Algorithms
AES |
Certs. #4199, #4200, #4201, #4202, #4203, #4204, #4205, #4206, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292 |
DRBG |
Certs. #1287, #1288, #1289, #1290, #1332, #1333, #1334, #1335, #1349, #1350, #1351 and #1352 |
ECDSA |
Certs. #999, #1000, #1001 and #1002 |
HMAC |
Certs. #2792, #2793, #2794, #2795, #2802, #2803, #2804, #2805, #2806, #2807, #2808, #2825, #2826, #2827 and #2828 |
KTS |
AES Certs. #4199, #4200, #4201, #4203, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292; key establishment methodology provides between 128 and 160 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Certs. #2310, #2311, #2312 and #2313 |
SHS |
Certs. #3493, #3494, #3495, #3496, #3503, #3504, #3505, #3506, #3507, #3508, #3509, #3527, #3528, #3529 and #3530 |
Triple-DES |
Certs. #2310, #2311, #2312 and #2313 |
Other Algorithms
NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant)