Samsung OpenSSL Cryptographic Module
FIPS 140-2 Security Policy
© 2013 Samsung/atsec information security. This document can be reproduced and distributed only whole and intact,
including this copyright notice.
18 of 24
Table 6: Power-Up Tests
The module implements a separate Known Answer Test (KAT) for each of the following operations
separately: AES encryption, AES decryption, Triple-DES encryption, Triple-DES decryption, RSA
signature generation, and RSA signature verification.
10.1.2.
Integrity test
The module's integrity test is performed using HMAC-SHA-256.
Build Time
o
HMAC-SHA-256 calculated on libfips_crypto.so (dynamic library) file
HMAC appended to libfips_crypto.so file
Run Time
o
libfips_crypto.so is read as a file
o
When algorithm self tests are completed, integrity test routine is called
Perform HMAC-SHA-256 on the read libfips_crypto.so value in ram
Read stored HMAC located after libfips_crypto.so (last 32 bytes)
If calculated and stored values do not match, set error state,
FIPS_R_FINGERPRINT_DOES_NOT_MATCH and the system property as
"error_integrity"
10.2. Conditional Tests
Algorithm
Test
DSA
Key generation, Pair-wise consistency
test
RSA
Key generation, Pair-wise consistency
test
PRNG
Continuous test
Table 7: Conditional Tests
10.2.1.
Pair-wise consistency test
A pair-wise consistency test must be conducted for every key generation.
The module implements RSA and DSA pair-wise consistency tests during key generation. If the test
fails, it updates the FIPS status to error.
10.2.2.
Continuous random number generator (CRNG) test
The continuous random number generator test implemented in the module is as follows: the CRNG
test consists of a priming test which is implemented by using the very first RNG value to initialize
the comparing value, discarding the RNG value and obtaining the next round of the RNG for output
to the caller. The module performs the CRNG test every time the random number generation