| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 9/2/2029 |
| Caveat | No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. |
| Vendor | Samsung Electronics Co., Ltd. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A4968 |
| AES-CFB128 | A4968 |
| AES-CMAC | A4968 |
| AES-CTR | A4968 |
| AES-ECB | A4968 |
| AES-OFB | A4968 |
| ECDSA KeyGen (FIPS186-4) | A4968 |
| ECDSA KeyVer (FIPS186-4) | A4968 |
| ECDSA SigGen (FIPS186-4) | A4968 |
| ECDSA SigVer (FIPS186-4) | A4968 |
| HMAC DRBG | A4968 |
| HMAC-SHA2-224 | A4968 |
| HMAC-SHA2-256 | A4968 |
| HMAC-SHA2-384 | A4968 |
| HMAC-SHA2-512 | A4968 |
| KAS-ECC CDH-Component SP800-56Ar3 (CVL) | A4968 |
| RSA SigGen (FIPS186-4) | A4968 |
| RSA SigVer (FIPS186-4) | A4968 |
| SHA2-224 | A4968 |
| SHA2-256 | A4968 |
| SHA2-384 | A4968 |
| SHA2-512 | A4968 |
| RSA KeyGen (FIPS186-4) | A4968 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
flowchart LR
%% Deterministic review-risk graph for Samsung CryptoCore Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>AES encryption<br/>AES decryption<br/>Cryptographic algorithm self- test and integrity…</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for Samsung CryptoCore Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>AES encryption<br/>AES decryption<br/>Cryptographic algorithm self- test and integrity…</i><br/>src: securityPolicy.services"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C6 clueLow;
class C3 clueHigh;Samsung Electronics Co., Ltd. Samsung CryptoCore Cryptographic Module Document Version 0.1.17 Last Update: 17-07-2024 ©2024 Samsung Electronics Co., Ltd.
| # | Section | Page |
|---|---|---|
| 1 | General | 5 |
| 1.1 | Overview | 5 |
| 1.2 | Security Levels | 5 |
| 2 | Cryptographic Module Specification | 5 |
| 2.1 | Description | 5 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 6 |
| 2.3 | Excluded Components | 7 |
| 2.4 | Modes of Operation | 7 |
| 2.5 | Algorithms | 7 |
| 2.6 | Security Function Implementations | 9 |
| 2.7 | Algorithm Specific Information | 10 |
| 2.8 | RBG and Entropy | 11 |
| 2.9 | Key Generation | 11 |
| 2.10 | Key Establishment | 11 |
| 2.11 | Industry Protocols | 11 |
| 3 | Cryptographic Module Interfaces | 12 |
| 3.1 | Ports and Interfaces | 12 |
| 4 | Roles, Services, and Authentication | 12 |
| 4.1 | Authentication Methods | 12 |
| 4.2 | Roles | 12 |
| 4.3 | Approved Services | 13 |
| 4.4 | Non-Approved Services | 19 |
| 4.5 | External Software/Firmware Loaded | 19 |
| 5 | Software/Firmware Security | 19 |
| 5.1 | Integrity Techniques | 19 |
| 5.2 | Initiate on Demand | 19 |
| 6 | Operational Environment | 19 |
| 6.1 | Operational Environment Type and Requirements | 19 |
| 7 | Physical Security | 19 |
| 8 | Non-Invasive Security | 20 |
| 9 | Sensitive Security Parameters Management | 20 |
| 9.1 | Storage Areas | 20 |
| 9.2 | SSP Input-Output Methods | 20 |
| 9.3 | SSP Zeroization Methods | 20 |
| 9.4 | SSPs | 22 |
| 9.5 | Transitions | 26 |
| 10 | Self-Tests | 26 |
| 10.1 | Pre-Operational Self-Tests | 26 |
| 10.2 | Conditional Self-Tests | 26 |
| 10.3 | Periodic Self-Test Information | 31 |
| 10.4 | Error States | 32 |
| 11 | Life-Cycle Assurance | 32 |
| 11.1 | Installation, Initialization, and Startup Procedures | 32 |
| 11.2 | Administrator Guidance | 33 |
| 11.3 | Non-Administrator Guidance | 33 |
| 11.4 | Design and Rules | 33 |
| 12 | Mitigation of Other Attacks | 33 |
©2024 Samsung Electronics Co., Ltd.
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) | 6 |
| Table 3: Tested Operational Environments - Software, Firmware, Hybrid | 7 |
| Table 4: Modes List and Description | 7 |
| Table 5: Approved Algorithms | 8 |
| Table 6: Vendor-Affirmed Algorithms | 9 |
| Table 7: Security Function Implementations | 10 |
| Table 8: Ports and Interfaces | 12 |
| Table 9: Roles | 12 |
| Table 10: Approved Services | 18 |
| Table 11: Storage Areas | 20 |
| Table 12: SSP Input-Output Methods | 20 |
| Table 13: SSP Zeroization Methods | 21 |
| Table 14: SSP Table 1 | 23 |
| Table 15: SSP Table 2 | 25 |
| Table 16: Pre-Operational Self-Tests | 26 |
| Table 17: Conditional Self-Tests | 30 |
| Table 18: Pre-Operational Periodic Information | 31 |
| Table 19: Conditional Periodic Information | 32 |
| Table 20: Error States | 32 |
| Figure 1: Block Diagram | 6 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | N/A |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 1 |
This document is the non-proprietary FIPS 140-3 Security Policy for the Samsung CryptoCore Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for a Security Level 1 module.
Purpose and Use: The module provides cryptographic services to applications through an application program interface (API). The module also interacts with the operating system via system calls. Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic boundary of the module is a single object file named cryptocore.0.2.9.FIPS.1.o, which is statically linked into the position-independent code ©2024 Samsung Electronics Co., Ltd.
| Name | Firmware Version | Package | Integrity Test |
|---|---|---|---|
| cryptocore.0.2.9.FIPS.1.o | 0.2.9.FIPS.1 | cryptocore.0.2.9.FIPS.1.o | HMAC-SHA2-256 |
libcryptocore.so.0.1.0 shared library. There are no excluded components inside the cryptographic boundary. The module is intended only for single-threaded execution per process. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is a Samsung Smart TV Q70B with Tizen 7.0. The module is located in the volatile memory controlled by OS Tizen 7.0 installed on hardware platform Samsung Smart TV Q70B. Physical Perimeter Operating System Tizen libc API invocation libcryptocore.so.0.1.0 Cryptographic boundary Cryptographic Functions API invocation Self-Test Application Figure 1: Block Diagram
Tested Module Identification
| Name | Operating System | Hardware Platform | Software Version | Processor | Paa Pai |
|---|---|---|---|---|---|
| Tizen 7.0 | Tizen 7.0 | Samsung Smart TV Q70B | 0.2.9.FIPS.1 | Pontus-M | No |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A4968 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A4968 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A4968 | Direction - Generation, Verification Key Length - 128 | SP 800-38B |
| AES-CTR | A4968 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A4968 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-OFB | A4968 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| ECDSA KeyGen (FIPS186-4) | A4968 | Curve - P-224, P-256, P-384, P- 521 | FIPS 186-4 |
| ECDSA KeyVer (FIPS186-4) | A4968 | Curve - P-192, P-224, P-256, P- 384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A4968 | Curve - P-224, P-256, P-384, P- 521 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A4968 | Curve - P-192, P-224, P-256, P- 384, P-521 | FIPS 186-4 |
| HMAC DRBG | A4968 | Prediction Resistance - No Mode - SHA2-256, SHA2-512 | SP 800-90A Rev. 1 |
| HMAC-SHA2-224 | A4968 | Key Length - Key Length: 112, 504, 512, 520, 2048 | FIPS 198-1 |
| HMAC-SHA2-256 | A4968 | Key Length - Key Length: 112, 504, 512, 520, 2048 | FIPS 198-1 |
| HMAC-SHA2-384 | A4968 | Key Length - Key Length: 112, 504, 1024, 1032, 2048 | FIPS 198-1 |
| HMAC-SHA2-512 | A4968 | Key Length - Key Length: 112, 504, 1024, 1032, 2048 | FIPS 198-1 |
| KAS-ECC CDH-Component SP800-56Ar3 (CVL) | A4968 | SP 800-56A Rev. 3 | |
| RSA SigGen (FIPS186-4) | A4968 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A4968 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 |
| SHA2-224 | A4968 | FIPS 180-4 | |
| SHA2-256 | A4968 | FIPS 180-4 | |
| SHA2-384 | A4968 | FIPS 180-4 | |
| SHA2-512 | A4968 | FIPS 180-4 | |
| RSA KeyGen (FIPS186-4) | A4968 | Key Generation Mode - B.3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard | FIPS 186-4 |
Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: N/A for this module. CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.
There are no components excluded from the security requirements. Modes List and Description: Table 4: Modes List and Description
Approved Algorithms: ©2024 Samsung Electronics Co., Ltd.
| Name | Properties | ||
|---|---|---|---|
| CKG: RSA | Type:Asymmetric RSA Modulo:2048, 3072, 4096 | Samsung CryptoCore Cryptographic Module | Section B.3.3 of FIPS 186-4 and Sections 4 / 5.1 of SP 800-133r2 (V is all zeroes) |
| CKG: ECC | Type:Asymmetric ECC / ECDSA | Samsung CryptoCore Cryptographic Module | Section B.4.2 of FIPS 186-4 respectively Section 5.6.1.2.2 of SP |
Table 5: Approved Algorithms Vendor-Affirmed Algorithms: ©2024 Samsung Electronics Co., Ltd.
| Name | Description | Approved Functions | Type | ||
|---|---|---|---|---|---|
| Curve:P-224, P-256, P-384, P-521 | 800-56Ar3 and Sections 4, 5.1, and 5.2 of SP 800-133r2 (V is all zeroes) | ||||
| AES encryption | AES encryption | AES-CBC AES-CFB128 AES-CTR AES-ECB AES-OFB | BC-UnAuth | ||
| AES decryption | AES decryption | AES-CBC AES-CFB128 AES-CTR AES-ECB AES-OFB | BC-UnAuth | ||
| HMAC generation | HMAC generation | HMAC-SHA2- 224 SHA2-224 HMAC-SHA2- 256 SHA2-256 HMAC-SHA2- 384 SHA2-384 HMAC-SHA2- 512 SHA2-512 | MAC | Truncation:Not supported | |
| CMAC generation | CMAC generation | AES-CMAC AES-ECB | MAC | Truncation:Not supported | |
| Hash generation | Hash generation | SHA2-224 SHA2-256 SHA2-384 SHA2-512 | SHA |
| Name | Description | Approved Functions | Type | ||
|---|---|---|---|---|---|
| Curve:P-224, P-256, P-384, P-521 | 800-56Ar3 and Sections 4, 5.1, and 5.2 of SP 800-133r2 (V is all zeroes) | ||||
| AES encryption | AES encryption | AES-CBC AES-CFB128 AES-CTR AES-ECB AES-OFB | BC-UnAuth | ||
| AES decryption | AES decryption | AES-CBC AES-CFB128 AES-CTR AES-ECB AES-OFB | BC-UnAuth | ||
| HMAC generation | HMAC generation | HMAC-SHA2- 224 SHA2-224 HMAC-SHA2- 256 SHA2-256 HMAC-SHA2- 384 SHA2-384 HMAC-SHA2- 512 SHA2-512 | MAC | Truncation:Not supported | |
| CMAC generation | CMAC generation | AES-CMAC AES-ECB | MAC | Truncation:Not supported | |
| Hash generation | Hash generation | SHA2-224 SHA2-256 SHA2-384 SHA2-512 | SHA | ||
| RSA key pair generation | RSA key pair generation | RSA KeyGen (FIPS186-4) CKG: RSA | AsymKeyPair- KeyGen | ||
| RSA signature generation | RSA signature generation | RSA SigGen (FIPS186-4) SHA2-224 SHA2-256 SHA2-384 SHA2-512 | DigSig-SigGen | ||
| RSA signature verification | RSA signature verification | RSA SigVer (FIPS186-4) SHA2-224 SHA2-256 SHA2-384 SHA2-512 | DigSig-SigVer | ||
| ECC key generation | ECDSA and ECC key generation | ECDSA KeyGen (FIPS186-4) CKG: RSA | AsymKeyPair- KeyGen | ||
| ECDSA signature generation | ECDSA signature generation | ECDSA SigGen (FIPS186-4) SHA2-224 SHA2-256 SHA2-384 SHA2-512 | DigSig-SigGen | ||
| ECDSA signature verification | ECDSA signature verification | ECDSA SigVer (FIPS186-4) SHA2-224 SHA2-256 SHA2-384 SHA2-512 | DigSig-SigVer | ||
| ECDSA public key validation | ECDSA public key validation | ECDSA KeyVer (FIPS186-4) | AsymKeyPair- PubKeyVal | ||
| DRBG | Random number generation | HMAC DRBG HMAC-SHA2- 256 SHA2-256 HMAC-SHA2- 512 SHA2-512 | DRBG | ||
| Shared secret computation | ECC CDH primitive | KAS-ECC CDH- Component SP800-56Ar3 | KAS-SSC | Encryption strength:Between 112 and 256 bits |
Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.
HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 ©2024 Samsung Electronics Co., Ltd.
AsymKeyPairKeyGen AsymKeyPairKeyGen AsymKeyPairPubKeyVal HMAC-SHA2256 HMAC-SHA2512 Table 7: Security Function Implementations
©2024 Samsung Electronics Co., Ltd.
AES CTR: the externally loaded counters of AES CTR shall have the property defined in [SP800-38A], 6.5 The Counter Mode.
N/A for this module. N/A for this module. The module passively receives the entropy for seeding/reseeding DRBG while exercising no control over the amount or the quality of the obtained entropy. The random string for seeding/reseeding must supply at least 112 bits of entropy to provide the minimum acceptable security strength that is 112 bits according to [SP800-57pt1r5]. The module employs a SP800-90Ar1 HMAC_DRBG as Random Number Generation service. For DRBG Instantiation to create a seed the module requires a random string of 48 bytes (384 bits) size: 32 bytes (256 bits) for "entropy input" and 16 bytes (128 bits) for "nonce". For periodic DRBG Reseeding to create a reseed the module requires a random string of 64 bytes (512 bits) size: 32 bytes (256 bits) for "entropy input" and 32 bytes (256 bits) for "additional input". For explicit DRBG Reseeding to create a reseed the module requires a random string of 32 bytes (256 bits) size: 32 bytes (256 bits) for "entropy input". The output of the module implemented DRBG is used to generate random bits for
For generating RSA, ECC key pairs, the module implements Asymmetric Key Generation services compliant with FIPS 186-4. The random value used in asymmetric key generation is obtained using Random Number Generation service of the module. In accordance with FIPS 140-3 IG D.H, the module performs Cryptographic Key Generation (CKG) for asymmetric keys as per sections 5.1, 5.2 SP800-133r2 (vendor affirmed) by obtaining a random bit string as per section 4 SP800-133r2 directly from a DRBG without any V, as described in Additional Comments 2 in FIPS 140-3 IG D.H.
N/A ©2024 Samsung Electronics Co., Ltd.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API input parameters |
| N/A | N/A | Data Output | API output parameters |
| N/A | N/A | Control Input | API function calls |
| N/A | N/A | Status Output | API return codes, log messages |
| Name | Role Access | Type | |
|---|---|---|---|
| Crypto Officer | CO | Role | None |
N/A N/A N/A N/A Table 8: Ports and Interfaces As a software-only module, the module does not have physical ports. For the purpose of the FIPS 140-3 validation, the physical ports are interpreted to be the physical ports of the hardware platform on which it runs. The logical interfaces are the application program interface (API) through which applications request services. The control output interface is omitted on purpose because the module does not implement it.
N/A for this module. The module does not support user authentication.
Table 9: Roles The Crypto Officer role is implicitly assumed by the entity accessing the module services. ©2024 Samsung Electronics Co., Ltd.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Symmetric encryption | Encrypt a plaintext | Crypto Officer - AES keys: R,E | AES encryption | The successful completion of a service is an implicit indicator for the use of an approved service | Key, plain text, mode, padding method, initialization vector | Cipher text |
| Symmetric decryption | Decrypt a cipher text | Crypto Officer - AES keys: R,E | AES decryption | The successful completion of a service is an implicit indicator for the use of an approved service | Key, cipher text, mode, padding, initialization vector | Plain text |
| Asymmetric key generation | Generate asymmetric RSA and ECC key pair | Crypto Officer - RSA private key: G,R,W - RSA public key: G,W - ECDSA private key: G,W - ECDSA public key: G,W - ECC CDH private key: G,W - ECC CDH public key: G,W - Intermediate key generation | RSA key pair generation ECC key generation | The successful completion of a service is an implicit indicator for the use of an approved service | RSA: padding method, modulus length, optionally fixed private key, entropy input string; ECDSA: curve, entropy input string | Key pair |
| Digital signature generation | Generate digital signature | Crypto Officer - RSA private key: R,E - ECDSA private key: R,E | RSA signature generation ECDSA signature generation | The successful completion of a service is an implicit indicator for the use of an approved service | RSA: private key, message, modulus, padding method; ECDSA: public key, message, curve | Signature |
| Digital signature verification | Verify digital signature | Crypto Officer - RSA public key: R,E - ECDSA public key: R,E | RSA signature generation ECDSA signature verification ECDSA public key validation | The successful completion of a service is an implicit indicator for the use of an approved service | RSA: public key, message, signature, modulus, padding method; ECDSA: public key, message, signature, curve | Verification result |
| Message digest generation | Generate message digest | Crypto Officer | Hash generation | The successful completion of a service is an implicit indicator for the use of an approved service | Message, algorithm | Message digest |
| MAC generation | Generate message | Crypto Officer - CMAC keys: R,E | HMAC generation | The successful completion of a service is an | Message, algorithm, key | MAC |
R,E G,W G,W G,W G,W ©2024 Samsung Electronics Co., Ltd. R,E
©2024 Samsung Electronics Co., Ltd. G,E G,E R,E R,E R,E
| Name | Description | Generation | Use | Input | Output | Access |
|---|---|---|---|---|---|---|
| Random number generation | Generate random number | DRBG | The successful completion of a service is an implicit indicator for the use of an approved service | Entropy input string, Personalization string, additional input | Random bits | Crypto Officer - Entropy input string: R - DRBG V: G,E - DRBG Key: G,E - Entropy buffer: E |
| Shared secret computation | Compute shared secret | Shared secret computation | The successful completion of a service is an implicit indicator for the use of an approved service | Received public key, private key | Shared secret | Crypto Officer - ECC CDH received public key: R,E - ECC CDH private key: R,E - Shared secret: G,W |
| Show status | Show status of the module | None | N/A | None | Status information | Crypto Officer |
| Show module's versioning information | Show the versioning information of the module | None | N/A | None | Module name and version | Crypto Officer |
R,E N/A N/A G,E G,E R,E R,E N/A Z ©2024 Samsung Electronics Co., Ltd.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Cryptographic algorithm self- test and integrity test | Initiate cryptographic algorithm self-test and integrity test | Crypto Officer - Entropy input string: R - DRBG V: G,E - DRBG Key: G,E - Entropy buffer: E | AES decryption HMAC generation CMAC generation Hash generation RSA signature generation RSA signature verification ECDSA | The successful completion of a service is an implicit indicator for the use of an approved service | Entropy input string | Status information |
©2024 Samsung Electronics Co., Ltd. Z Z G,E G,E
| Name | Description | Role Access | Csps Accessed | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Module start-up | Run cryptographic algorithm self-test and integrity test at the module start-up | AES decryption HMAC generation CMAC generation Hash generation RSA signature generation RSA signature verification ECDSA signature generation ECDSA signature verification ECDSA | Crypto Officer - Entropy input string: R - DRBG V: G,E - DRBG Key: G,E - Entropy buffer: E | The successful completion of a service is an implicit indicator for the use of an approved service | Entropy input string | Status information |
©2024 Samsung Electronics Co., Ltd. G,E G,E
Table 10: Approved Services The approved security service indicator of the module is compliant to the example scenario 2) of [IG] 2.4.C. ©2024 Samsung Electronics Co., Ltd.
The module does not support Software/Firmware loading.
The integrity of the module is verified by comparing MAC calculated on the module at runtime and the value stored in the module, which was calculated at build-time. An approved integrity technique used in the integrity test is HMAC-SHA256 algorithm implemented in the module itself. The integrity test uses a 256-bit key, which resides within the module code and is not considered a SSP. Before executing the integrity test, the module performs CAST of SHA-256 and HMAC-SHA512 algorithms.
The integrity test can be initiated on demand by the operator by calling fips_post() API.
Type of Operational Environment: Modifiable How Requirements are Satisfied: The module runs on a commercially available general-purpose operating system. The operating system is restricted to a single operator (concurrent operators are explicitly excluded). The operational environment is non-configurable for operator, thus the module operates securely by default. The application that requests cryptographic services is the single user of the module, even when the application is serving multiple clients. The operating system provides the capability to separate the module during operation from other functions in the operational environment. Those functions do not obtain information from the module related to the CSPs and do not modify CSPs, PSPs, or the execution flow of the module other than via the interfaces provided by the module itself. The module does not spawn any processes.
The module is comprised of software only and thus does not claim any physical security. ©2024 Samsung Electronics Co., Ltd.
| Name | Type | Description |
|---|---|---|
| Volatile memory | Dynamic | The OE's volatile memory (RAM) shared with the linked application, but under the module's control |
| Name | Type | From | To | ||
|---|---|---|---|---|---|
| API input | Plaintext | Linked application in the TOEPP | Volatile memory | Manual | Electronic |
| API output | Plaintext | Volatile memory | Linked application in the TOEPP | Manual | Electronic |
The module does not implement non-invasive attack mitigation techniques to protect the module’s unprotected SSPs from non-invasive attacks referenced in Annex F of FIPS 140-3.
Table 11: Storage Areas The module does not provide persistent storage for keys or SSPs. The module stores SP80090Ar1 DRBG state values and the Entropy buffer for at most the runtime of the module. The module uses pointers to plaintext keys/SSPs that are passed in by the calling application. The module does not store SSP beyond the lifetime of an API call or beyond the runtime of the module. Allocated memory in RAM for SSP is managed by the module.
Table 12: SSP Input-Output Methods SSPs enter the module's cryptographic boundary as cryptographic algorithm API parameters in plaintext. They are associated with memory locations and do not persist across power cycles. The module does not output intermediate key generation values. The module provides the resulting keys as output parameters of key generation service API to the calling application, but they do not cross the physical perimeter. Import and export operations of SSP are plaintext manual electronic entry for the module and user application inside OE physical perimeter (TOEPP) in terms of IG 140-3 9.5.A.
©2024 Samsung Electronics Co., Ltd.
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Destructor | CryptoCoreContainer destructor zeroises all SSPs stored in its context struct | SSPs are actively overwritten with zeroes and thus not recoverable | Using destroy_CryptoCoreContainer() | |
| Intermediate | Intermediate and temporary SSPs are automatically zeroized by the module before a function returns | SSPs are actively overwritten with zeroes and thus not recoverable | No, done automatically by the module | |
| Entropy buffer zeroization | The module's entropy buffer SSP storing the user-provided entropy is zeroized | SSPs are actively overwritten with zeroes and thus not recoverable | Using fips_cleanup_entropy_buffer() or by unloading the module |
Table 13: SSP Zeroization Methods Zeroisation of sensitive data is performed by calling destruction API function destroy_CryptoCoreContainer() by the operator. This functions overwrites the memory occupied by SSPs with “zeros” and deallocates the memory. The application that uses the module is responsible for calling the destruction function destroy_CryptoCoreContainer(). The calling application is responsible for parameters passed in and out of the module. The return of the destroy_CryptoCoreContainer() function indicates the successful completion of the zeroisation procedure. Zeroisation of entropy buffer is performed by calling the fips_cleanup_entropy_buffer() API or successful completion of the module indicates the successful completion of the zeroisation procedure, accordingly. ©2024 Samsung Electronics Co., Ltd.
| Name | Type | Description | Strength | Generation | Use |
|---|---|---|---|---|---|
| AES keys | Symmetric AES key - CSP | Keys used for AES encryption / decryption | 128, 192, 256 bits - 128 to 256 bits | AES encryption AES decryption | |
| CMAC keys | Symmetric AES key - CSP | Keys used for CMAC generation | 128 bits - 128 bits | CMAC generation | |
| HMAC keys | Symmetric HMAC key - CSP | Keys used for HMAC computation | 112 bits or longer - 112 bits or greater | HMAC generation | |
| RSA private key | Asymmetric RSA private key - CSP | RSA private key for digital signature computations | Up to 4096 bits - 112 bits or greater | RSA key pair generation | RSA signature generation RSA signature verification |
| RSA public key | Asymmetric RSA public key - PSP | RSA public key for digital signature computations | Up to 4096 bits - Less than 112 bits for module size 1024 bits, greater than 112 bits for modulus sizes of 2048 bits or longer | RSA key pair generation | RSA signature generation RSA signature verification |
| ECDSA private key | Asymmetric ECDSA private key - CSP | ECDSA private key for digital signature computations | Up to 521 bits - 112 bits or greater | ECC key generation | ECDSA signature generation ECDSA signature verification |
| ECDSA public key | Asymmetric ECDSA public key - PSP | ECDSA public key for digital signature computations | Up to 521 bits - 112 bits or greater | ECC key generation | ECDSA signature generation ECDSA |
©2024 Samsung Electronics Co., Ltd.
| Name | Type | Description | Strength | Generation | Use | |
|---|---|---|---|---|---|---|
| ECC CDH received public key | Asymmetric ECC public key - PSP | ECC public key from other party for shared secret computation | Up to 521 bits - 112 to 256 bits | Shared secret computation | ||
| ECC CDH private key | Asymmetric ECC private key - CSP | Own ECC private key for shared secret computation | Up to 521 bits - 112 bits or greater | ECC key generation | Shared secret computation | |
| ECC CDH public key | Asymmetric ECC public key - PSP | Own ECC public key for shared secret computation | Up to 521 bits - 112 bits or greater | ECC key generation | Shared secret computation | |
| Shared secret | Shared secret - CSP | Result of the shared secret computation | Up to 521 bits - 112 bits or greater | Shared secret computation | ||
| Entropy input string | Entropy input - CSP | User-provided entropy input | Up to 2048 bits - 112 bits or greater | |||
| Entropy buffer | Entropy buffer - CSP | Module-internal entropy buffer and its inputs | Up to 2048 bits - 112 bits or greater | DRBG | ||
| DRBG V | Value V of HMAC DRBG - CSP | Value V of the HMAC DRBG's state | 256 or 512 bits - 112 bits or greater | DRBG | DRBG | |
| DRBG Key | Key of HMAC DRBG - CSP | Key of the HMAC DRBG | 256 or 512 bits - 112 bits or greater | DRBG | DRBG | |
| Intermediate key generation values | Intermediate key generation values - CSP | Intermediate RSA and ECC key generation values | Up to 4096 bits - 112 bits or greater | RSA key pair generation ECC key generation |
Table 14: SSP Table 1 ©2024 Samsung Electronics Co., Ltd.
| Name | Storage | Zeroization | Input | Storage Duration | Related SSPs |
|---|---|---|---|---|---|
| AES keys | Volatile memory:Plaintext | Destructor | API input | For the lifetime of the API call | |
| CMAC keys | Volatile memory:Plaintext | Destructor | API input | For the lifetime of the API call | |
| HMAC keys | Volatile memory:Plaintext | Destructor | API input | For the lifetime of the API call | |
| RSA private key | Volatile memory:Plaintext | Destructor | API input API output | For the lifetime of the API call | RSA public key:Paired With |
| RSA public key | Volatile memory:Plaintext | Destructor | API input API output | For the lifetime of the API call | RSA private key:Paired With |
| ECDSA private key | Volatile memory:Plaintext | Destructor | API input API output | For the lifetime of the API call | ECDSA public key:Paired With |
| ECDSA public key | Volatile memory:Plaintext | Destructor | API input API output | For the lifetime of the API call | ECDSA private key:Paired With |
| ECC CDH received public key | Volatile memory:Plaintext | Intermediate | API input | For the lifetime of the API call | ECC CDH private key:Used With Shared secret:Used To Derive |
| ECC CDH private key | Volatile memory:Plaintext | Destructor | API input API output | For the lifetime of the API call | ECC CDH received public key:Used With ECC CDH public key:Paired With Shared secret:Used To Derive |
| ECC CDH public key | Volatile memory:Plaintext | Destructor | API input API output | For the lifetime of the API call | ECC CDH private key:Paired With |
| Shared secret | Volatile memory:Plaintext | Intermediate | API output | For the lifetime of the API call | ECC CDH received public key:Derived From ECC CDH private key:Derived From |
| Entropy input string | Volatile memory:Plaintext | Intermediate | API input | For the lifetime of the API call | Entropy buffer:Stored In |
| Entropy buffer | Volatile memory:Plaintext | Entropy buffer zeroization | For the runtime of the module or until zeroization | Entropy input string:Used To Store | |
| DRBG V | Volatile memory:Plaintext | Destructor Intermediate | For the runtime of the module or until zeroization | Entropy buffer:Seeded From DRBG Key:Paired With | |
| DRBG Key | Volatile memory:Plaintext | Destructor Intermediate | For the runtime of the module or until zeroization | Entropy buffer:Seeded From DRBG V:Paired With | |
| Intermediate key generation values | Volatile memory:Plaintext | Intermediate | For the lifetime of the API call | RSA private key:Used to Generate RSA public key:Used to Generate ECDSA private key:Used to Generate ECDSA public key:Used to Generate ECC CDH private key:Used to Generate ECC CDH public key:Used to Generate |
©2024 Samsung Electronics Co., Ltd.
Table 15: SSP Table 2 ©2024 Samsung Electronics Co., Ltd.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Test Properties | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A4968) | HMAC- SHA2-256 (A4968) | See (*) below the table. | SW/FW Integrity | This test is performed after the CASTs for SHA2- 256 and HMAC- SHA2-512 | Key length: 256 bits | When the test passes, get_fips_status() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_FAIL and get_fips_status_reason() returns FIPS_STATUS_INTEGRITY_FAIL | ||
| AES-ECB (A4968) | AES-ECB (A4968) | KAT | CAST | AES decryption | When the test passes, get_fips_status_reason() returns | Key length: 256 bits | During module start- up or on- |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Test Properties | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A4968) | HMAC- SHA2-256 (A4968) | See (*) below the table. | SW/FW Integrity | This test is performed after the CASTs for SHA2- 256 and HMAC- SHA2-512 | Key length: 256 bits | When the test passes, get_fips_status() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_FAIL and get_fips_status_reason() returns FIPS_STATUS_INTEGRITY_FAIL | ||
| AES-ECB (A4968) | AES-ECB (A4968) | KAT | CAST | AES decryption | When the test passes, get_fips_status_reason() returns | Key length: 256 bits | During module start- up or on- | |
| FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | demand using fips_post() | ||||||
| AES-CMAC (A4968) | AES-CMAC (A4968) | KAT | CAST | CMAC generation | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | Key length: 128 bits | During module start- up or on- demand using fips_post() | |
| SHA2-224 (A4968) | SHA2-224 (A4968) | KAT | CAST | Hash generation | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | N/A | During module start- up or on- demand using fips_post() | |
| SHA2-256 (A4968) | SHA2-256 (A4968) | KAT | CAST | Hash generation | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | N/A | During module start- up or on- demand using fips_post() | |
| SHA2-384 (A4968) | SHA2-384 (A4968) | KAT | CAST | Hash generation | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | N/A | During module start- up or on- demand using fips_post() | |
| SHA2-512 (A4968) | SHA2-512 (A4968) | KAT | CAST | Hash generation | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | N/A | During module start- up or on- demand using fips_post() | |
| HMAC- SHA2-512 (A4968) | HMAC- SHA2-512 (A4968) | KAT | CAST | HMAC generation | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | Key length: 1024 bits | During module start- up or on- demand using fips_post() | |
| RSA SigGen (FIPS186-4) (A4968) | RSA SigGen (FIPS186-4) (A4968) | KAT | CAST | RSA digital signature generation | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | Key length: 2048 bits, Padding: PKCS-v1.5 | During module start- up or on- demand using fips_post() | |
| RSA SigVer (FIPS186-4) (A4968) | RSA SigVer (FIPS186-4) (A4968) | KAT | CAST | RSA digital signature verification | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | Key length: 2048 bits, Padding: PKCS-v1.5 | During module start- up or on- demand using fips_post() | |
| ECDSA SigGen (FIPS186-4) (A4968) | ECDSA SigGen (FIPS186-4) (A4968) | KAT | CAST | ECDSA digital signature generation | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | Curve: P- 224, Hash function: SHA2-512 | During module start- up or on- demand using fips_post() | |
| ECDSA SigVer (FIPS186-4) (A4968) | ECDSA SigVer (FIPS186-4) (A4968) | KAT | CAST | ECDSA digital signature verification | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | Curve: P- 224, Hash function: SHA2-512 | During module start- up or on- demand using fips_post() | |
| KAS-ECC CDH- Component | KAS-ECC CDH- Component | KAT | CAST | Shared secret computation | When the test passes, get_fips_status_reason() returns | Curve: P- 224 | During module start- up or on- | |
| SP800- 56Ar3 (A4968) | SP800- 56Ar3 (A4968) | FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | demand using fips_post() | |||||
| HMAC DRBG (A4968) | HMAC DRBG (A4968) | KAT | CAST | KAT of instantiation, reseeding, generate, and generate calls in one sweep according to SP 800-90Ar1, Sec. 11.3 and 7. of IG 10.3.A | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_SELFTEST_FAIL | MAC: HMAC- SHA2-256 | During module start- up or on- demand using fips_post() | |
| HMAC DRBG (A4968) | HMAC DRBG (A4968) | KAT | CAST | Same as test above, but the tested MAC variant is chosen based on the one used by the current HMAC instance. The instance state is untouched | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_DRBG_HEALTH_FAIL | MAC: HMAC- SHA2-256 or HMAC- SHA2-512 | Every 400 generate calls of an DRBG instance | |
| RSA (FIPS186-4) (A4968) | RSA (FIPS186-4) (A4968) | PCT | PCT | RSA signature generation and verification of a fixed 32-byte message | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_RSA_PCT_FAIL | Padding: none | After each RSA key pair generation and key pair import | |
| ECDSA (FIPS186-4) (A4968) | ECDSA (FIPS186-4) (A4968) | PCT | PCT | ECDSA signature generation and verification of a fixed 32-byte message | When the test passes, get_fips_status_reason() returns FIPS_STATUS_SUCCESS, otherwise it returns FIPS_STATUS_ECDSA_PCT_FAIL | N/A | After each ECDSA key pair generation |
Transition from FIPS 186-4 to FIPS 186-5 and SP 800-186 as specified in FIPS 140-3 IG C.K.
HMACSHA2-256 Table 16: Pre-Operational Self-Tests (*) A MAC is calculated over the module FIPS-relevant APIs at runtime and compared to the value stored in the module, which was calculated at build-time. This MAC is calculated between designated memory addresses of the .text and .rodata sections of the object file, excluding relocatable address parts. These sections have read-only and executable attributes in terms of the ELF file. The content of these sections is formed at the module build stage. While the module is performing the Pre-Operational Self-Test, no other functions are available and all output is inhibited. Once PreOperational Self-Test is completed successfully, the module enters the Approved Mode of Operation and cryptographic services are available.
©2024 Samsung Electronics Co., Ltd.
N/A N/A N/A N/A ©2024 Samsung Electronics Co., Ltd. module startup or ondemand module startup or ondemand module startup or ondemand module startup or ondemand module startup or ondemand
HMACSHA2-512 CDHComponent Curve: P224 module startup or ondemand module startup or ondemand module startup or ondemand module startup or ondemand module startup or ondemand ©2024 Samsung Electronics Co., Ltd.
SP80056Ar3 HMACSHA2-256 HMACSHA2-256 N/A ©2024 Samsung Electronics Co., Ltd. module startup or ondemand
| Algorithm | Test | Test | Test | Indicator | Details | Conditions |
|---|---|---|---|---|---|---|
| or Test | Properties | Method | Type | |||
| and key pair import |
Table 17: Conditional Self-Tests None of the keys used for the KAT are considered as SSP. ©2024 Samsung Electronics Co., Ltd.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method |
|---|---|---|---|---|---|
| HMAC-SHA2- 256 (A4968) | HMAC-SHA2- 256 (A4968) | See (*) below the table. | SW/FW Integrity | On Demand | Reloading the module or using fips_post() |
| AES-ECB (A4968) | AES-ECB (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| AES-CMAC (A4968) | AES-CMAC (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| SHA2-224 (A4968) | SHA2-224 (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| SHA2-256 (A4968) | SHA2-256 (A4968) | KAT | CAST | On demand | Reloading the module or using the fips_post() API |
| SHA2-384 (A4968) | SHA2-384 (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| SHA2-512 (A4968) | SHA2-512 (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| HMAC-SHA2- 512 (A4968) | HMAC-SHA2- 512 (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| RSA SigGen (FIPS186-4) (A4968) | RSA SigGen (FIPS186-4) (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| RSA SigVer (FIPS186-4) (A4968) | RSA SigVer (FIPS186-4) (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| ECDSA SigGen (FIPS186-4) (A4968) | ECDSA SigGen (FIPS186-4) (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| ECDSA SigVer (FIPS186-4) (A4968) | ECDSA SigVer (FIPS186-4) (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| KAS-ECC CDH- Component SP800-56Ar3 (A4968) | KAS-ECC CDH- Component SP800-56Ar3 (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| HMAC DRBG (A4968) | HMAC DRBG (A4968) | KAT | CAST | On demand | Reloading the module or using fips_post() |
| HMAC DRBG (A4968) | HMAC DRBG (A4968) | KAT | CAST | On demand | Repeated calls of the DRBG generate function |
| RSA (FIPS186- 4) (A4968) | RSA (FIPS186- 4) (A4968) | PCT | PCT | On demand | After RSA key pair generation and key pair import |
| ECDSA (FIPS186-4) (A4968) | ECDSA (FIPS186-4) (A4968) | PCT | PCT | On demand | After ECDSA key pair generation and key pair import |
Table 18: Pre-Operational Periodic Information (*) A MAC is calculated over the module FIPS-relevant APIs at runtime and compared to the value stored in the module, which was calculated at build-time. This MAC is calculated between designated memory addresses of the .text and .rodata sections of the object file, excluding relocatable address parts. These sections have read-only and executable attributes in terms of the ELF file. The content of these sections is formed at the module build stage. ©2024 Samsung Electronics Co., Ltd.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error | The module's only error state | Any failure in context of the execution of the implemented self-tests during module start-up or the self-test service | get_fips_status() returns FIPS_STATUS_FAIL | Reloading the module or using fips_post() |
Table 19: Conditional Periodic Information
The module is built into the operational environment and delivered with a device. There is no standalone delivery of the module as a software library. The module is initialized during the loading of the module before any cryptographic functionality is available. The Tizen operating system is responsible for the initialization and loading processes of the module. The module is designed with constructor (default entry point of the ©2024 Samsung Electronics Co., Ltd.
module) which ensures that CAST and POST are initiated automatically when the module is loaded.
The guidance is provided in the document “Samsung CryptoCore Cryptographic Module, Software Version: 0.2.9.FIPS.1, Functional Design, Document Version 0.1.23, Last Update: 1207-2024”.
The guidance is provided in the document “Samsung CryptoCore Cryptographic Module, Software Version: 0.2.9.FIPS.1, Functional Design, Document Version 0.1.23, Last Update: 1207-2024”.
The usual sequence of secure operations:
The module does not implement security mechanisms to mitigate other attacks. ©2024 Samsung Electronics Co., Ltd.