Module Name
DHSSL Cryptographic Module
Historical Reason
SP 800-56Arev3 transition
Caveat
When Operated in FIPS Mode.
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The module is a set of software libraries, whose purpose is to provide cryptographic algorithm services (such as encryption and decryption services), as well as Transport Layer Security protocol (TLS) v1.0, v1.1, v1.2, certificate management, asymmetric key generation, random number generation and so on. The module provides API interface for application calling.
The module can act as a TLS server or TLS client, and interacts with other peers via the TLS protocol.
Tested Configuration(s)
- Linux-3.10.0 32 bit running on DHI-NVR5416-16P-4KS2E with ARMv7 CPU
- Linux-3.10.0 32bit running on DHI-NVR5432-16P-4KS2E with ARMv7 CPU
- Linux-3.10.0 32bit running on DHI-NVR5832-4KS2 with ARMv7 CPU
- Linux-4.9.37 32bit running on DH-IPC-HFW5442EP-ZE with ARMv7 CPU
- Linux-4.9.37 32bit running on DH-IPC-HFW7442HP-Z with ARMv8 CPU (Single-user mode)
- Linux-4.9.37 32bit running on DH-SD49225XA-HNR with ARMv7 CPU
- Linux-4.9.37 32bit running on DH-SD5A445XA-HNR with ARMv7 CPU
- Linux-4.9.37 64bit running on DHI-NVR5832-I with ARMv8 CPU
Approved Algorithms
AES |
Certs. #C1636, #C1639, #C1640 and #C1641 |
CVL |
Certs. #C1636, #C1639, #C1640 and #C1641 |
DRBG |
Certs. #C1636, #C1639, #C1640 and #C1641 |
DSA |
Certs. #C1636, #C1639, #C1640 and #C1641 |
ECDSA |
Certs. #C1636, #C1639, #C1640 and #C1641 |
HMAC |
Certs. #C1636, #C1639, #C1640 and #C1641 |
RSA |
Certs. #C1636, #C1639, #C1640 and #C1641 |
SHS |
Certs. #C1636, #C1639, #C1640 and #C1641 |
Triple-DES |
Certs. #C1636, #C1639, #C1640 and #C1641 |
Allowed Algorithms
Diffie-Hellman (CVL Certs #1636, #1639, #1640 & #1641, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie Hellman (CVL Certs #1636, #1639, #1640 & #1641, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)