Status of FIPS 140-2 ValidationWith the up coming release of iOS 6, the new CoreCrypto Modules have been submitted for FIPS 140-2 Level 1 Conformance Validation. A followup announcement will be posted when the validations are complete and Apple has received the corresponding certificates from CMVP.
Validation of the Cryptographic Algorithms under the CAVP is a prerequisite for CMVP module validation which was achieved by Apple on June 26, 2012 and June 29, 2012. All validated algorithms receiving certificates under the CAVP can be found at the links provided below. Multiple entries for each algorithm are listed and correspond to multiple platforms undergoing FIPS 140-2 validation. There are also variations on Software Non-Optimized, Software Optimized and Hardware Accelerated. Please see the Description/Notes section for each certificate for clarification of platform specific information.
Operational Testing Environments
Apple iOS CoreCrypto Module v3.0
(platform: A4 w/ iOS 6 - User Space)
Apple iOS CoreCrypto Module v3.0
(platform: A5 w/ iOS 6 - User Space)
Apple iOS CoreCrypto Kernel Module v3.0
(platform: A4 w/ iOS 6 - Kernel Space)
Apple iOS CoreCrypto Kernel Module v3.0
(platform: A5 w/ iOS 6 - Kernel Space)
CAVP Validated Algorithms:
______________________________________________________________________
AES
http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2102http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2101http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2100http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2099http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2077http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2076http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2075http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2074http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2073http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2072http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2071http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#2070______________________________________________________________________
DRBG
http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#225http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#224http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#223http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#222http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#210http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#209______________________________________________________________________
ECDSA
http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#311http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#310http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#309http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#308______________________________________________________________________
HMAC
http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#1277http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#1276http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#1275http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#1274http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#1258http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#1257http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#1256http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#1255______________________________________________________________________
RSA
http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html#1077http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html#1076______________________________________________________________________
SHS
http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1826http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1825http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1824http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1823http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1806http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1805http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1804http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1803______________________________________________________________________
TripleDES
http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#1338http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#1337http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#1336http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#1335FIPS 140-2 certification in progress
http://csrc.nist.gov/groups/STM/cmvp/inprocess.htmlhttp://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdfThe following phases describe the FIPS 140-1 and FIPS 140-2 modules in process. The status of each cryptographic module in the process is identified in the list.
• Implementation Under Test (IUT)
• There exists a viable contract between the vendor and CST laboratory for the testing of the
cryptographic module.
• The cryptographic module is resident at the CST laboratory.
• All of the required documentation is resident at the CST laboratory.
(Note: if the vendor requires the CST lab personnel to test the cryptographic module onsite,
all documents must be onsite with the module.)
If the module report was submitted to the CMVP but placed on HOLD by request from the CST Laboratory,
the status is reflected as IUT.
• Review Pending
• Complete set of testing documents submitted to NIST and CSEC for review.
The set includes: draft certificate, summary module description, detailed test report, nonproprietary
security policy, web-site information. In addition, some CST labs include a separate physical testing report.
• Signed letter from laboratory stating recommendation for validation received by NIST and CSEC.
• In Review
• NIST and CSEC reviewers assigned.
• NIST and CSEC perform a preliminary review of the test documents (if required). NIST and CSEC
perform a review of the test documents.
• Comments coordinated by NIST and CSEC reviewers and combined set of comments sent to the CST laboratory.
• Coordination (this process may be iterative)
• Comments received by the CST laboratory from NIST and CSEC for resolution.
• Additional testing (if required).
• Additional documentation (if required).
• Comments resolution developed for resubmission to NIST and CSEC.
• Testing documents updated for resubmission to NIST and CSEC.
• Responses to comments and revised test documents submitted to NIST and CSEC.
• Finalization
• Final resolution of validation review comments submitted to NIST and CSEC.
• Testing documents updated based on resolutions and submitted to NIST and CSEC.
• Certificate number assigned.
• Certificate printing and signature process initiated.