canmove, Confirmed users, Bureaucrats and Sysops emeriti
960
edits
No edit summary |
m (GPHemsley moved page Section 9: Self Tests to NSSCryptoModuleSpec/Section 9: Self Tests without leaving a redirect: NSSCryptoModuleSpec page) |
||
(6 intermediate revisions by 3 users not shown) | |||
Line 59: | Line 59: | ||
** Pair-wise consistency test (for public and private keys): the module performs the pair-wise consistency test specified in FIPS 140-2 Section 4.9.2 when it generates RSA, DSA, and ECDSA key pairs. | ** Pair-wise consistency test (for public and private keys): the module performs the pair-wise consistency test specified in FIPS 140-2 Section 4.9.2 when it generates RSA, DSA, and ECDSA key pairs. | ||
** Continuous random number generator test: the module performs the continuous random number generator test specified in FIPS 140-2 Section 4.9.2 that tests for failure to a constant value. | ** Continuous random number generator test: the module performs the continuous random number generator test specified in FIPS 140-2 Section 4.9.2 that tests for failure to a constant value. | ||
** In addtion to power up, NSS also performs health checks on the random number generate at instantiate and reseed time. | |||
** No other conditional tests are performed. | ** No other conditional tests are performed. | ||
Line 137: | Line 138: | ||
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ] | [http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ] | ||
|| | || | ||
[http://wiki.mozilla.org/FIPS_Operational_Environment#Software_Integrity_Test Software Integrity Test] | |||
|| Draft | || Draft | ||
Line 154: | Line 152: | ||
|| | || | ||
The critical security functions of the cryptographic module are: | The critical security functions of the cryptographic module are: | ||
* Random number generation. Used for the generation of cryptographic keys used by Approved cryptographic algorithms. Tested by the | * Random number generation. Used for the generation of cryptographic keys used by Approved cryptographic algorithms. Tested by the random number generator health tests on power up, instantiate and reseed time and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 continuous random number generator test]. | ||
* Operation of the cryptographic algorithms. Used for encryption, decryption, and authentication. Tested by the power-up [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html cryptographic algorithm tests] and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck pairwise consistency test] (when the module generates public and private keys). | * Operation of the cryptographic algorithms. Used for encryption, decryption, and authentication. Tested by the power-up [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html cryptographic algorithm tests] and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck pairwise consistency test] (when the module generates public and private keys). | ||
|| Draft | || Draft | ||
Line 199: | Line 197: | ||
[http://wiki.mozilla.org/VE_09#VE.09.43.01 VE.09.43.01 ] | [http://wiki.mozilla.org/VE_09#VE.09.43.01 VE.09.43.01 ] | ||
|| | || | ||
There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]. | |||
module | |||
|| Draft | || Draft | ||
|- | |- |