Page 17

Samsung OpenSSL Cryptographic Module

FIPS 140-2 Security Policy

including this copyright notice.

17 of 24

10. Self Tests

The module performs an integrity test, as well as known answer tests upon initialization of the

module and before the module becomes usable. If self tests fail, the module is in error state. In

error state, no cryptographic operation is allowed, except the invocation of on demand self test.

Self test consists of the following tests:

10.1. Power-Up Tests

The module performs all power-up self tests when entering Non-FIPS mode. Upon initialization and

successful completion of power on self tests, the module then enters Non-FIPS mode. In order to

switch to FIPS-Approved mode, the module performs the integrity test and all known answer tests

(KATs) by invoking the API, FIPS_mode_set(FIPS_MODE). Upon successful execution of KATs of SHA-

1, HMAC, PRNG, AES, TDES, RSA, and DSA, the module will be in FIPS-Approved mode. Please note

that a DSA pair-wise consistency test is implemented instead of a KAT as a part of the power on

self tests.

The module performs the integrity test, as well as all the KATs in both FIPS-Approved and Non-FIPS

mode. The module enters error state if the conditional tests fail in either mode.

10.1.1.

Cryptographic algorithm tests (Known Answer Tests)

Cryptographic algorithm test using a known answer will be conducted for all cryptographic

functions (e.g., encryption, decryption, and random number generation) of each Approved

cryptographic algorithm implemented by the module in FIPS-Approved mode.

Algorithm

Test

AES (encryption/decryption)

KAT

Triple-DES (encryption/decryption)

KAT

RSA (signature generation/verification)

KAT

DSA (signature generation/verification)

Pair-wise consistency test

PRNG

KAT

HMAC-SHA-1

KAT

HMAC-SHA-224

KAT

HMAC-SHA-256

KAT

HMAC-SHA-384

KAT

HMAC-SHA-512

KAT

SHA-1

KAT

SHA-224

Tested as part of HMAC-SHA-224

SHA-256

KAT

SHA-384

Tested as part of HMAC-SHA-384

SHA-512

KAT