Samsung OpenSSL Cryptographic Module
FIPS 140-2 Security Policy
© 2013 Samsung/atsec information security. This document can be reproduced and distributed only whole and intact,
including this copyright notice.
10 of 24
4. Roles, Services and Authentication
4.1. Roles
Role
Services (see list below)
User
Encryption, Decryption, Random Numbers, Digest
Creation, Key Generation, Signature Generation,
Signature Verification
Crypto Officer
Configuration, Encryption, Decryption, Random
Numbers, Initialization of Module, Digest Creation, Key
Generation, Signature Generation, Signature Verification
Table 4: Roles
The module meets all FIPS 140-2 level 1 requirements for Roles and Services, implementing both
User and Crypto Officer roles. The Module does not allow concurrent operators.
The User and Crypto Officer roles are implicitly assumed by the entity accessing services
implemented by the Module. No further authentication is required. The Crypto Officer can initialize
the Module.
4.2. Services
Role
Service
CSP
Modes
FIPS Approved
(Cert #)
Access (Read,
Write, Execute)
User,
Crypto
Officer
AES encryption
and decryption
128, 192, 256
bit keys
ECB, CBC,
OFB, CFB,
Cert #2108
R, W, EX
Crypto
Officer,
User
HMAC (with SHA-1,
SHA-224, SHA-256,
SHA-384, SHA-512)
HMAC Key
N/A
Cert #1282
R, W, EX
User,
Crypto
Officer
SHA-1
SHA-224
SHA-256
SHA-384
SHA-512
N/A
N/A
Cert #1831
R, W, EX
User,
Crypto
Officer
Triple-DES
2 Key & 3 Key CBC, ECB,
OFB, CFB
Cert #1343
R, W, EX
User,
Crypto
Officer
RSA
1024, 2048
bit keys
N/A
Cert #1082
R, W. EX
User,
Crypto
Officer
DSA
1024, 2048
bit keys
N/A
Cert #658
R, W, EX
User,
Crypto
Officer
RNG
ANSI X9.31
Seed Key
AES-128,
AES-192,
AES-256
Cert #1083
R, W, EX
Crypto
Officer
Initialization
N/A
N/A
N/A
N/A