Page 5

Samsung OpenSSL Cryptographic Module

FIPS 140-2 Security Policy

including this copyright notice.

5 of 24

2. Cryptographic Module Specification

This document is the non-proprietary security policy for the Samsung OpenSSL Cryptographic

Module, and was prepared as part of the requirements for conformance to Federal Information

Processing Standard (FIPS) 140-2, Level 1.

The following section describes the module and how it complies with the FIPS 140-2 standard in

each of the required areas.

2.1. Description of Module

The Samsung OpenSSL Cryptographic Module is a software only security level 1 cryptographic

module that provides general-purpose cryptographic services to the applications. The crypto

module runs on an ARM processor.

The following table shows the overview of the security level for each of the eleven sections of the

validation.

Security Component

Security Level

Cryptographic Module Specification

Cryptographic Module Ports and Interfaces

Roles, Services and Authentication

Finite State Model

Physical Security

N/A

Operational Environment

Cryptographic Key Management

EMI/EMC

Self Tests

Design Assurance

Mitigation of Other Attacks

N/A

Table 1: Security Levels

The module has been tested on the following platform:

Module/Implementation

Device

O/S & Ver.

Samsung OpenSSL Cryptographic

Module

(SFOpenSSL1.0.0e-1.1)

Galaxy S3

Android Ice-cream Sandwich 4.0

Table 2: Tested Platform

2.2. Description of FIPS Approved and Non-FIPS Approved Mode

By default, upon initialization, the module performs self-tests and enters the "Non-FIPS" mode.

Whenever the external application requires "FIPS-Approved" mode, it needs to invoke all the self-

tests by calling FIPS_mode_set(FIPS_Mode). Please note that the self tests invoked before entering

FIPS or Non-FIPS mode are described in Section 10.1.

The module can be switched between FIPS-Approved and Non-FIPS mode by invoking the API

FIPS_mode_set() using the following parameters:

FIPS_MODE = 1