NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

m
GPHemsley moved page Section 9: Self Tests to NSSCryptoModuleSpec/Section 9: Self Tests without leaving a redirect: NSSCryptoModuleSpec page
No edit summary
m (GPHemsley moved page Section 9: Self Tests to NSSCryptoModuleSpec/Section 9: Self Tests without leaving a redirect: NSSCryptoModuleSpec page)
 
(6 intermediate revisions by 3 users not shown)
Line 59: Line 59:
** Pair-wise consistency test (for public and private keys): the module performs the pair-wise consistency test specified in FIPS 140-2 Section 4.9.2 when it generates RSA, DSA, and ECDSA key pairs.
** Pair-wise consistency test (for public and private keys): the module performs the pair-wise consistency test specified in FIPS 140-2 Section 4.9.2 when it generates RSA, DSA, and ECDSA key pairs.
** Continuous random number generator test: the module performs the continuous random number generator test specified in FIPS 140-2 Section 4.9.2 that tests for failure to a constant value.
** Continuous random number generator test: the module performs the continuous random number generator test specified in FIPS 140-2 Section 4.9.2 that tests for failure to a constant value.
** In addtion to power up, NSS also performs health checks on the random number generate at instantiate and reseed time.
** No other conditional tests are performed.
** No other conditional tests are performed.


Line 137: Line 138:
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ]     
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ]     
||  
||  
 
The [http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf Digital Signature Algorithm (DSA)] is used as the Approved authentication technique ([http://csrc.nist.gov/cryptval/dss/dsaval.htm#172 validation certificate# 172]) for the integrity test of the software components. [http://wiki.mozilla.org/FIPS_Module_Specification#Module_Components Software components ] protected using the digital signatures are the softoken (PKCS #11) and freebl libraries (e.g., libsoftokn3.so and libfreebl3.so). (See [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Security Policy Rule #36 ] for a list of module files by platform.) When the softoken and freebl libraries are built, a DSA public/private key pair with a 1024-bit prime modulus p is generated, the private key is used to generate a DSA signature of the library, and the public key and signature are stored in a file with the name ''libraryname''.chk. When the self-test is initiated (e.g., at initialization for the FIPS mode), the module verifies the signatures (in the ''libraryname''.chk files) of the softoken and freebl libraries. If the signature verification fails, the self-test fails.
[http://wiki.mozilla.org/FIPS_Operational_Environment#Software_Integrity_Test Software Integrity Test]
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html#FC_Initialize    FC_Initialize] calls [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11.c.dep.html#nsc_CommonInitialize nsc_CommonInitialize] and then the DSA signature is verified before the library initialization is allowed to proceed.
 


|| Draft
|| Draft
Line 154: Line 152:
||
||
The critical security functions of the cryptographic module are:
The critical security functions of the cryptographic module are:
* Random number generation. Used for the generation of cryptographic keys used by Approved cryptographic algorithms. Tested by the power-up random number generator known-answer test and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 continuous random number generator test].
* Random number generation. Used for the generation of cryptographic keys used by Approved cryptographic algorithms. Tested by the random number generator health tests on power up, instantiate and reseed time and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 continuous random number generator test].
* Operation of the cryptographic algorithms. Used for encryption, decryption, and authentication. Tested by the power-up [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html cryptographic algorithm tests] and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck pairwise consistency test] (when the module generates public and private keys).
* Operation of the cryptographic algorithms. Used for encryption, decryption, and authentication. Tested by the power-up [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html cryptographic algorithm tests] and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck pairwise consistency test] (when the module generates public and private keys).
|| Draft
|| Draft
Line 199: Line 197:
[http://wiki.mozilla.org/VE_09#VE.09.43.01 VE.09.43.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.43.01 VE.09.43.01 ]  
||  
||  
The module performs the continuous random number generator test on the Approved RNG. In the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 alg_fips186_2_cn_1] function, if the 320-bit block <code>x_j</code> matches
There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90].
the previous 320-bit block <code>rng->Xj</code> (the odds are 2^320), then
the status code <code>SECFailure</code> is returned. This will
propogate up to calling functions to put the cryptographic
module in the Error state. The first block is not used (see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#prng_RandomUpdate prng_RandomUpdate] function) but is saved for comparison with the next block.
|| Draft
|| Draft
|-
|-
canmove, Confirmed users, Bureaucrats and Sysops emeriti
960

edits