NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
mNo edit summary
m (GPHemsley moved page Section 9: Self Tests to NSSCryptoModuleSpec/Section 9: Self Tests without leaving a redirect: NSSCryptoModuleSpec page)
 
(43 intermediate revisions by 4 users not shown)
Line 22: Line 22:
|| [http://wiki.mozilla.org/VE_09#VE.09.04.01 VE.09.04.01 ]     
|| [http://wiki.mozilla.org/VE_09#VE.09.04.01 VE.09.04.01 ]     
||  
||  
Failure of any of the power-up, conditional or operator-initiated self tests cause the cryptographic module to enter the error state ([http://wiki.mozilla.org/FIPSFSM#States State 3 ]).
Failure of any of the power-up, conditional, or operator-initiated self-tests causes the cryptographic module to enter the Error state ([http://wiki.mozilla.org/FIPSFSM#States State 3 ]). If the pairwise consistency test fails, the <code>FC_GenerateKeyPair</code> function returns the error code <code>CKR_GENERAL_ERROR</code>. If any other self-test fails, the PKCS #11 function returns the error code <code>CKR_DEVICE_ERROR</code>. When the cryptographic module is in the Error state, most PKCS #11 functions (including all the functions that perform cryptographic operations) do nothing and return the error code <code>CKR_DEVICE_ERROR</code>. See also the [http://wiki.mozilla.org/Rolesandservices#Show_Status Show Status] service of the cryptographic module.
{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
|+
|+
|-
|'''CKR_USER_NOT_LOGGED_IN''' || User has not logged in by supplying their password to the FIPS-140-2 PKCS#11 module.
|-  
|-  
|'''CKR_DEVICE_ERROR''' ||  Crypographic module is in or has entered the error state.
|'''CKR_DEVICE_ERROR''' ||  Cryptographic module is in the Error state, or has entered the Error state because a self-test (other than the pairwise consistency test) fails.
|-
|-  
| '''CKR_HOST_MEMORY''' || Memory allocation failure
|'''CKR_GENERAL_ERROR''' || Cryptographic module has entered the Error state because the pairwise consistency test fails.
|-
|'''CKR_OK''' || Success, no error
|}
|}
|| Draft
|| Draft
Line 39: Line 35:
'''Module in Error State''':
'''Module in Error State''':
Ensure that cryptographic operations cannot
Ensure that cryptographic operations cannot
be performed while the module is in the  
be performed and all data output via the data output interface is inhibited while the module is in the  
error state. See VE02.06.01 for the vendor  
error state. See VE02.06.01 for the vendor  
design requirement.
design requirement.
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.05.01 VE.09.05.01 ]     [http://wiki.mozilla.org/VE_09#VE.09.06.01 VE.09.06.01 ]     
[http://wiki.mozilla.org/VE_09#VE.09.05.01 VE.09.05.01 ]         [http://wiki.mozilla.org/VE_09#VE.09.06.01 VE.09.06.01 ]     
||  
||
'''Power-up Self Test''':
All the PKCS #11 functions that perform cryptographic operations or output data check the Boolean state variable <code>sftk_fatalError</code> on entry. In the Error state (<code>sftk_fatalError</code> is true), no action besides returning the error code <code>CKR_DEVICE_ERROR</code> is taken by those functions, which prevents cryptograhic operations and data output. (See also [http://wiki.mozilla.org/ModuleInterfaces#In_Error_State In Error State].)
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html#FC_Initialize PKCS#11 Initialization]:
As part of the PKCS#11 initialization of the
FIPS-140-2 module, any error return
from the battery of self tests will put the
PKCS#11 module in the fatalError state.
The fatalError state will inhibit further
cryptographic operations.
|| Draft
|| Draft
|-
|-
|
|
'''List of mandatory & optional self-tests  
'''List and describe the power-up & conditional self-tests  
performed by the module'''  
performed by the module'''  
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ]     
[http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ] [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] [http://wiki.mozilla.org/VE_09#VE.09.18.01 VE.09.18.01 ]     
[http://wiki.mozilla.org/VE_09#VE.09.18.02 VE.09.18.02 ]   
[http://wiki.mozilla.org/VE_09#VE.09.19.01 VE.09.19.01 ]   
[http://wiki.mozilla.org/VE_09#VE.09.19.02 VE.09.19.02 ]   
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ]
||  
||  
* [http://wiki.mozilla.org/Power_Up_Selftests Power-up tests ]


[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html Power up Self Test Code]
* Conditional tests
 
** Pair-wise consistency test (for public and private keys): the module performs the pair-wise consistency test specified in FIPS 140-2 Section 4.9.2 when it generates RSA, DSA, and ECDSA key pairs.
[[Power up SelfTest Design]]
** Continuous random number generator test: the module performs the continuous random number generator test specified in FIPS 140-2 Section 4.9.2 that tests for failure to a constant value.
** In addtion to power up, NSS also performs health checks on the random number generate at instantiate and reseed time.
** No other conditional tests are performed.


No operator call backs have been implemented
These tests are mandatory for the FIPS 140-2 mode of
at any point within the power-up self tests. These
tests are mandatory for the FIPS-140-2 mode of
operation.
operation.
|| Draft
|| Draft
Line 78: Line 72:
|| [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ]     
|| [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ]     
||  
||  
For fatal error conditions CKR_DEVICE_ERROR  
The cryptographic module has only one Error state, which is entered when any self-test fails. The error code <code>CKR_DEVICE_ERROR</code> returned by cryptographic functions indicates that the module is in the Error state. For the fatal error condition <code>CKR_DEVICE_ERROR</code>,
and CKR_HOST_MEMORY the only way to clear  
the only way to clear  
the condition is to reboot the module. Upon
the condition is to shut down and restart the module. Upon
restart the power-up tests shall be  
restart the power-up tests will be  
initiated automatically and does not require
initiated automatically and do not require
operator intervention.   
operator intervention.   
|| Draft
|| Draft
|-
|-
|  
|  
'''Describe self-test initiation on demand'''
'''Describe automatic initiation of power-up self-tests'''
requires that the running of power-up  
requires that the running of power-up  
self-tests not involve any inputs from  
self-tests not involve any inputs from  
actions by the operator.
or actions by the operator.
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ]     
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ]     
||
||
The products will not have a user
When the <code>FC_Initialize</code> function is called, which initializes the PKCS #11 library of the NSS cryptographic module for the FIPS Approved mode of operation, the power-up self-tests are initiated automatically and don't require operator intervention.
visible way to initiate these tests  
other than restarting the program.
|| Draft
|| Draft
|-
|-
|  
|  
'''Cryptographic algorithm's known
'''Results of power-up self-tests''' successful completion indicator for the power-up self-tests.
answer test'''
successful completion indicator for the power-up self-tests.
|| [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ]     
|| [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ]     
||
||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.html Power Up Self Test Code] This is
The <code>FC_Initialize</code> function returns the code <code>CKR_OK</code> upon successful completion of the power-up self-tests.
demonstrated throughout the self test
module. Each of the following functions
declares static key material at the
beginning of each test and upon  
successful completion returns CKR_OK:
 
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_RC2_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_RC4_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_DES_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_DES3_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_MD2_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_MD5_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_SHA1_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_RSA_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_DSA_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_AES_PowerUpSelfTest]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      stk_fipsPowerUpSelfTest]
 
|| Draft
|| Draft
|-
|-
|  
|  
'''Procedure by which an operator can
'''Procedure by which an operator can
initiate the power-up self-tests'''
initiate the power-up self-tests on demand'''
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ]     
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ]     
||
||
The products will not have a user visible way to initiate
The operator can initiate the power-up self-tests on demand by calling the <code>FC_Finalize</code> and <code>FC_Initialize</code> functions to shut down and restart the module.
these tests other than restarting the program.
|| Draft
|-
|
'''All self tests shall use a known answer'''.
|| [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ]   
||
A known answer shall be conducted for all cryptographic
functions (e.g., encryption,
decryption, authentication and random
number generation) of each Approved
cryptographic algorithm self test.
|| Draft
|-
|
'''If the calculated output does not
equal the known answer, the
known-answer test shall fail.'''
|| [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ]   
||
CKR_DEVICE_ERROR is returned when
ever the calculated output does not
equal the known answer.  
|| Draft
|| Draft
|-
|-
Line 174: Line 112:
||  
||  


PORT_Memcmp is used to compare the computed
<code>PORT_Memcmp</code>, a synonym for <code>memcmp</code>, is used to compare the calculated output with the known answer byte by byte.  
cipher text with the known ciphertext.  
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fipsPowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fipsPowerUpSelfTest]
When keys are used for encryption/decryption
the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck  'Pairwise Consistency Check Self Tests']
are used.
|| Draft
|| Draft
|-
|-
Line 188: Line 122:
[http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ]     
[http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ]     
||  
||  
'''CKR_DEVICE_ERROR''' is returned when the two outputs
When the two outputs are not equal, the module enters the Error state (by setting the Boolean state variable <code>sftk_fatalError</code> to true) and returns the error code <code>CKR_DEVICE_ERROR</code>.  
are not equal.
|| Draft
|-
|
'''Self-Test discription''' for
all tests implemented.
||
[http://wiki.mozilla.org/VE_09#VE.09.18.01 VE.09.18.01 ]   
[http://wiki.mozilla.org/VE_09#VE.09.18.02 VE.09.18.02 ]   
[http://wiki.mozilla.org/VE_09#VE.09.19.01 VE.09.19.01 ]   
[http://wiki.mozilla.org/VE_09#VE.09.19.02 VE.09.19.02 ]   
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ] 
||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html Power up Self Test Code]
 
[[Power up SelfTest Design]]
 
No operator call backs have been implemented
at any point within the power-up self tests. These
tests are mandatory for the FIPS-140-2 mode of
operation.
|| Draft
|| Draft
|-
|-
Line 215: Line 128:
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ]   
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ]   
||
||
(N/A)  
(N/A) The NSS cryptographic module doesn't include two independent implementations of the same cryptographic algorithm.
|| Draft
|| Draft
|-
|-
Line 225: Line 138:
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ]     
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ]     
||  
||  
 
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ] is used as the approved authentication
[http://wiki.mozilla.org/FIPS_Operational_Environment#Software_Integrity_Test Software Integrity Test]
technique for the integrity test of the software component. When the softokn library (libsoftokn3/softokn3) is built a DSA signature checksum is
generated and stored in a file libsoftokn3.chk/softokn3.chk. When the module is in FIPS mode, at initialization the softoken computes its checksum and compares it with the value in libsoftokn3.chk/softokn3.chk.
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html#FC_Initialize    FC_Initialize ] calls [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11.c.dep.html#nsc_CommonInitialize nsc_CommonInitialize ] and then the DSS signature is checked before the module
is allowed to load.
 


|| Draft
|| Draft
Line 240: Line 147:
|| (N/A) ||
|| (N/A) ||
|-
|-
| '''Critical Functions'''  
| '''Critical functions test'''  
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ] 
[http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.28.01 VE.09.28.01 ]  
||
||
Random Number Generator Self tests are the  
The critical security functions of the cryptographic module are:
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_1_x3_1 Continuous Pseudo-Random Number Self-Tests ]
* Random number generation. Used for the generation of cryptographic keys used by Approved cryptographic algorithms. Tested by the random number generator health tests on power up, instantiate and reseed time and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 continuous random number generator test].
* Operation of the cryptographic algorithms. Used for encryption, decryption, and authentication. Tested by the power-up [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html cryptographic algorithm tests] and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck pairwise consistency test] (when the module generates public and private keys).
|| Draft
|| Draft
|-
|-
Line 252: Line 159:
'''Key transport method'''
'''Key transport method'''
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.31.01 VE.09.31.01 ]
[http://wiki.mozilla.org/VE_09#VE.09.31.01 VE.09.31.01]  
[http://wiki.mozilla.org/VE_09#VE.09.32.01 VE.09.32.01 ]  
||  
||  
RSA encryption is the only FIPS approved key transport
RSA encryption (Key Wrapping using RSA keys) is the only key transport
method that VE.09.31.01 applies to. See [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]
method that VE.09.31.01 applies to. The pairwise consistency check, as defined in AS09.31, is implemented in the <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function. (See the source code under the comment "Pairwise Consistency Check of Encrypt/Decrypt.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>.
 
The other key transport/establishment methods either
use a symmetric wrapping key
(encrypting/wrapping with TDES or AES) or require
two public/private key pairs (Diffie-Hellman or
its elliptic curve variants).  
|| Draft
|| Draft
|-
|-
|
|
'''Approved authentication technique'''
'''Digital signatures'''
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ]  
||
The <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function of the module tests the pairwise consistency of the public and private keys used for digital signatures by the calculation and verification of a signature. If the signature cannot be verified, the test fails. (See the source code under the comment "Pairwise Consistency Check of Sign/Verify.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>.
|| Draft
|-
|
'''Approved authentication technique used for the software/firmware load test'''
||
[http://wiki.mozilla.org/VE_09#VE.09.35.01 VE.09.35.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.35.01 VE.09.35.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.35.02 VE.09.35.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.35.02 VE.09.35.02 ]  
||
||
When components are externally loaded in the cryptographic
N/A. No software or firmware components can be externally loaded into the cryptographic
module,
module.
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ]
is used.
|| Draft
|| Draft
|-
|-
|  
|  
'''Manual Key Entry'''
'''Manual Key Entry Test'''
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.40.01 VE.09.40.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.40.01 VE.09.40.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.40.02 VE.09.40.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.40.02 VE.09.40.02 ]  
|| (N/A) NSS does not implement manual Key entry ||
|| (N/A) The cryptographic module does not support manual key entry. ||
|-
|-
|  
|  
Line 292: Line 197:
[http://wiki.mozilla.org/VE_09#VE.09.43.01 VE.09.43.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.43.01 VE.09.43.01 ]  
||  
||  
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_1_x3_1 Continuous Pseudo-Random Number Self-Tests ]
There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90].
In this code reference, if the SHA-1 hash matches
the previous SHA-1 hash (the odds are 2^160), then
the error code SECFailure is returned. This will
propogate up to calling functions to put the cryptographic
module in critical error state.
|| Draft
|| Draft
|-
|-
| '''ByPass Service'''  ||  
| '''Bypass Test'''  ||  
[http://wiki.mozilla.org/VE_09#VE.09.45.01 VE.09.45.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.45.01 VE.09.45.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.45.02 VE.09.45.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.45.02 VE.09.45.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.46.01 VE.09.46.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.46.01 VE.09.46.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ]  
|| (N/A) NSS does not implement a ByPass service.  
|| (N/A) NSS does not implement a bypass service.  
|| Draft
|| Draft
|}
|}


Return to: [[NSSCryptoModuleSpec]]
Return to: [[NSSCryptoModuleSpec]]

Latest revision as of 12:03, 11 May 2015

Note: This is a draft - A work in progress! - Not official.


Document Description

DTR Section

Assessment

Status

List every error state & error indicator - Document all error states associated with each self-test, and indicate for each error state the expected error indicator.

VE.09.04.01

Failure of any of the power-up, conditional, or operator-initiated self-tests causes the cryptographic module to enter the Error state (State 3 ). If the pairwise consistency test fails, the FC_GenerateKeyPair function returns the error code CKR_GENERAL_ERROR. If any other self-test fails, the PKCS #11 function returns the error code CKR_DEVICE_ERROR. When the cryptographic module is in the Error state, most PKCS #11 functions (including all the functions that perform cryptographic operations) do nothing and return the error code CKR_DEVICE_ERROR. See also the Show Status service of the cryptographic module.

CKR_DEVICE_ERROR Cryptographic module is in the Error state, or has entered the Error state because a self-test (other than the pairwise consistency test) fails.
CKR_GENERAL_ERROR Cryptographic module has entered the Error state because the pairwise consistency test fails.
Draft

Module in Error State: Ensure that cryptographic operations cannot be performed and all data output via the data output interface is inhibited while the module is in the error state. See VE02.06.01 for the vendor design requirement.

VE.09.05.01 VE.09.06.01

All the PKCS #11 functions that perform cryptographic operations or output data check the Boolean state variable sftk_fatalError on entry. In the Error state (sftk_fatalError is true), no action besides returning the error code CKR_DEVICE_ERROR is taken by those functions, which prevents cryptograhic operations and data output. (See also In Error State.)

Draft

List and describe the power-up & conditional self-tests performed by the module

VE.09.07.01 VE.09.13.01 VE.09.16.01 VE.09.18.01 VE.09.18.02 VE.09.19.01 VE.09.19.02 VE.09.20.01

  • Conditional tests
    • Pair-wise consistency test (for public and private keys): the module performs the pair-wise consistency test specified in FIPS 140-2 Section 4.9.2 when it generates RSA, DSA, and ECDSA key pairs.
    • Continuous random number generator test: the module performs the continuous random number generator test specified in FIPS 140-2 Section 4.9.2 that tests for failure to a constant value.
    • In addtion to power up, NSS also performs health checks on the random number generate at instantiate and reseed time.
    • No other conditional tests are performed.

These tests are mandatory for the FIPS 140-2 mode of operation.

Draft

For each error condition, document the actions neccessary to clear the condition and resume normal operation.

VE.09.07.02

The cryptographic module has only one Error state, which is entered when any self-test fails. The error code CKR_DEVICE_ERROR returned by cryptographic functions indicates that the module is in the Error state. For the fatal error condition CKR_DEVICE_ERROR, the only way to clear the condition is to shut down and restart the module. Upon restart the power-up tests will be initiated automatically and do not require operator intervention.

Draft

Describe automatic initiation of power-up self-tests requires that the running of power-up self-tests not involve any inputs from or actions by the operator.

VE.09.09.01

When the FC_Initialize function is called, which initializes the PKCS #11 library of the NSS cryptographic module for the FIPS Approved mode of operation, the power-up self-tests are initiated automatically and don't require operator intervention.

Draft

Results of power-up self-tests successful completion indicator for the power-up self-tests.

VE.09.10.01

The FC_Initialize function returns the code CKR_OK upon successful completion of the power-up self-tests.

Draft

Procedure by which an operator can initiate the power-up self-tests on demand

VE.09.12.01

The operator can initiate the power-up self-tests on demand by calling the FC_Finalize and FC_Initialize functions to shut down and restart the module.

Draft

specify the method used to compare the calculated output with the known answer.

VE.09.17.01

PORT_Memcmp, a synonym for memcmp, is used to compare the calculated output with the known answer byte by byte. sftk_fipsPowerUpSelfTest

Draft

Error State when two outputs are not equal.

VE.09.17.02

When the two outputs are not equal, the module enters the Error state (by setting the Boolean state variable sftk_fatalError to true) and returns the error code CKR_DEVICE_ERROR.

Draft
Independant cryptographic algorithm implemenations VE.09.20.02

(N/A) The NSS cryptographic module doesn't include two independent implementations of the same cryptographic algorithm.

Draft

Integrity test for software components

VE.09.22.01 VE.09.22.02 VE.09.22.03

Software Integrity Test

Draft
EDC for software integrity VE.09.24.01 (N/A)
Critical functions test

VE.09.27.01

The critical security functions of the cryptographic module are:

  • Random number generation. Used for the generation of cryptographic keys used by Approved cryptographic algorithms. Tested by the random number generator health tests on power up, instantiate and reseed time and the conditional continuous random number generator test.
  • Operation of the cryptographic algorithms. Used for encryption, decryption, and authentication. Tested by the power-up cryptographic algorithm tests and the conditional pairwise consistency test (when the module generates public and private keys).
 Draft

Key transport method

VE.09.31.01

RSA encryption (Key Wrapping using RSA keys) is the only key transport method that VE.09.31.01 applies to. The pairwise consistency check, as defined in AS09.31, is implemented in the sftk_PairwiseConsistencyCheck function. (See the source code under the comment "Pairwise Consistency Check of Encrypt/Decrypt.") If the sftk_PairwiseConsistencyCheck call fails, FC_GenerateKeyPair sets sftk_fatalError to true (to enter the Error state) and returns the error code CKR_GENERAL_ERROR.

Draft

Digital signatures

VE.09.33.01

The sftk_PairwiseConsistencyCheck function of the module tests the pairwise consistency of the public and private keys used for digital signatures by the calculation and verification of a signature. If the signature cannot be verified, the test fails. (See the source code under the comment "Pairwise Consistency Check of Sign/Verify.") If the sftk_PairwiseConsistencyCheck call fails, FC_GenerateKeyPair sets sftk_fatalError to true (to enter the Error state) and returns the error code CKR_GENERAL_ERROR.

Draft

Approved authentication technique used for the software/firmware load test

VE.09.35.01 VE.09.35.02

N/A. No software or firmware components can be externally loaded into the cryptographic module.

Draft

Manual Key Entry Test

VE.09.40.01 VE.09.40.02

(N/A) The cryptographic module does not support manual key entry.

Random number generator is implemented, document the continuous RNG test performed

VE.09.42.01 VE.09.43.01

There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm Hash_DRBG of NIST SP 800-90.

Draft
Bypass Test

VE.09.45.01 VE.09.45.02 VE.09.46.01 VE.09.46.02

(N/A) NSS does not implement a bypass service. Draft

Return to: NSSCryptoModuleSpec

Retrieved from "https://wiki.allizom.org/index.php?title=NSSCryptoModuleSpec/Section_9:_Self_Tests&oldid=1073754"