DOCSLIB.ORG

FIPS 140-2 Non-Proprietary Security Policy

FIPS 140-2 Non-Proprietary Security Policy

Apple Inc. Apple iOS CoreCrypto Module, v5.0 FIPS 140-2 Non-Proprietary Security Policy Document Control Number FIPS_CORECRYPTO_IOS_US_SECPOL_1.3 Version 1.3 June, 2015 Prepared for: Apple Inc. 1 Infinite Loop Cupertino, CA 95014 www.apple.com Prepared by: atsec information security Corp. 9130 Jollyville Road, Suite 260 Austin, TX 78759 www.atsec.com ©2015 Apple Inc. This document may be reproduced and distributed only in its original entirety without revision Table of Contents 1 INTRODUCTION ............................................................................................................................................... 5 1.1 PURPOSE ............................................................................................................................................................ 5 1.2 DOCUMENT ORGANIZATION / COPYRIGHT ................................................................................................................. 5 1.3 EXTERNAL RESOURCES / REFERENCES ....................................................................................................................... 5 1.3.1 Additional References.............................................................................................................................. 5 1.4 ACRONYMS ......................................................................................................................................................... 6 2 CRYPTOGRAPHIC MODULE SPECIFICATION ...................................................................................................... 8 2.1 MODULE DESCRIPTION .......................................................................................................................................... 8 2.1.1 Module Validation Level .......................................................................................................................... 8 2.1.2 Module Components ............................................................................................................................... 8 2.1.3 Tested Platforms ...................................................................................................................................... 9 2.2 MODES OF OPERATION.......................................................................................................................................... 9 2.3 CRYPTOGRAPHIC MODULE BOUNDARY ................................................................................................................... 15 2.4 MODULE USAGE CONSIDERATIONS ........................................................................................................................ 16 3 CRYPTOGRAPHIC MODULE PORTS AND INTERFACES ....................................................................................... 17 4 ROLES, SERVICES AND AUTHENTICATION ........................................................................................................ 18 4.1 ROLES .............................................................................................................................................................. 18 4.2 SERVICES .......................................................................................................................................................... 18 4.3 OPERATOR AUTHENTICATION ................................................................................................................................ 23 5 PHYSICAL SECURITY ........................................................................................................................................ 24 6 OPERATIONAL ENVIRONMENT ........................................................................................................................ 24 6.1 APPLICABILITY.................................................................................................................................................... 24 6.2 POLICY ............................................................................................................................................................. 24 7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................. 25 7.1 RANDOM NUMBER GENERATION........................................................................................................................... 25 7.2 KEY / CSP GENERATION ...................................................................................................................................... 25 7.3 KEY / CSP ESTABLISHMENT .................................................................................................................................. 25 7.4 KEY / CSP ENTRY AND OUTPUT ............................................................................................................................ 25 7.5 KEY / CSP STORAGE ........................................................................................................................................... 25 7.6 KEY / CSP ZEROIZATION ...................................................................................................................................... 26 8 ELECTROMAGNETIC INTERFERENCE/ELECTROMAGNETIC COMPATIBILITY (EMI/EMC) .................................... 26 9 SELF-TESTS ...................................................................................................................................................... 27 9.1 POWER-UP TESTS .............................................................................................................................................. 27 9.1.1 Cryptographic Algorithm Tests .............................................................................................................. 27 9.1.2 Software / Firmware Integrity Tests ...................................................................................................... 28 9.1.3 Critical Function Tests ............................................................................................................................ 28 9.2 CONDITIONAL TESTS ........................................................................................................................................... 28 9.2.1 Continuous Random Number Generator Test ....................................................................................... 28 9.2.2 Pair-wise Consistency Test ..................................................................................................................... 28 9.2.3 SP 800-90A Assurance Tests .................................................................................................................. 28 9.2.4 Critical Function Test ............................................................................................................................. 28 10 DESIGN ASSURANCE ................................................................................................................................... 29 Last update: 2015-06-18 ©2015 Apple Inc. Version: 1.3 Document Id: FIPS_CORECRYPTO_IOS_US_SECPOL_1.3 Page 2 of 30 10.1 CONFIGURATION MANAGEMENT ........................................................................................................................... 29 10.2 DELIVERY AND OPERATION ................................................................................................................................... 29 10.3 DEVELOPMENT .................................................................................................................................................. 29 10.4 GUIDANCE ........................................................................................................................................................ 29 10.4.1 Cryptographic Officer Guidance ............................................................................................................ 29 10.4.2 User Guidance ....................................................................................................................................... 29 11 MITIGATION OF OTHER ATTACKS ................................................................................................................. 30 Last update: 2015-06-18 ©2015 Apple Inc. Version: 1.3 Document Id: FIPS_CORECRYPTO_IOS_US_SECPOL_1.3 Page 3 of 30 List of Tables Table 1: Module Validation Level .................................................................................................................... 8 Table 2: Tested Platforms ............................................................................................................................... 9 Table 3: Approved Security Functions .......................................................................................................... 10 Table 4: Non-Approved Functions…………………………………... .............................................................. 13 Table 5: Roles ............................................................................................................................................... 18 Table 6: Approved and Allowed Services in Approved Mode ....................................................................... 18 Table 6b: Non-Approved Services in Non-Approved Mode…………………………………………………….22 Table 7: Cryptographic Algorithm Tests ........................................................................................................ 27 List of Figures Figure 1: Logical Block Diagram..................................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    30 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us