Samsung OpenSSL Cryptographic Module
FIPS 140-2 Security Policy
© 2013 Samsung/atsec information security. This document can be reproduced and distributed only whole and intact,
including this copyright notice.
2 of 24
1. Introduction ..................................................................................................................................... 4
1.1. Purpose of the Security Policy .......................................................................................... 4
1.2. Target Audience ..................................................................................................................... 4
2. Cryptographic Module Specification ...................................................................................... 5
2.1. Description of Module .......................................................................................................... 5
2.2. Description of FIPS Approved and Non-FIPS Approved Mode ............................... 5
2.3. Cryptographic Module Boundary ..................................................................................... 7
2.3.1.
Software Block Diagram........................................................................................... 7
2.3.2.
Hardware Block Diagram ......................................................................................... 7
3. Cryptographic Module Ports and Interfaces ........................................................................ 9
4. Roles, Services and Authentication ...................................................................................... 10
4.1. Roles ......................................................................................................................................... 10
4.2. Services................................................................................................................................... 10
4.3. Operator Authentication ....................................................................................................11
4.4. Mechanism and Strength of Authentication...............................................................11
5. Finite State Machine................................................................................................................... 12
6. Physical Security.......................................................................................................................... 13
7. Operational Environment ......................................................................................................... 14
7.1. Policy ........................................................................................................................................ 14
8. Cryptographic Key Management ........................................................................................... 15
8.1. Random Number Generation .......................................................................................... 15
8.2. Key Entry and Output......................................................................................................... 15
8.3. Key Storage............................................................................................................................ 15
8.4. Zeroization Procedure........................................................................................................ 15
9. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC).............. 16
10. Self Tests ...................................................................................................................................... 17
10.1. Power-Up Tests ................................................................................................................... 17
10.1.1.
Cryptographic algorithm tests (Known Answer Tests) ................................ 17
10.1.2.
Integrity test ............................................................................................................... 18
10.2. Conditional Tests ............................................................................................................... 18
10.2.1.
Pair-wise consistency test...................................................................................... 18
10.2.2.
Continuous random number generator (CRNG) test................................... 18
11. Design Assurance ..................................................................................................................... 20
