canmove, Confirmed users
937
edits
NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions
NSSCryptoModuleSpec/Section 9: Self Tests (view source)
Revision as of 01:41, 2 August 2006
, 2 August 2006no edit summary
No edit summary |
No edit summary |
||
| Line 50: | Line 50: | ||
|- | |- | ||
| | | | ||
'''List | '''List and describe the power-up & conditional self-tests | ||
performed by the module''' | performed by the module''' | ||
|| | || | ||
[http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ] [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] | [http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ] [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] [http://wiki.mozilla.org/VE_09#VE.09.18.01 VE.09.18.01 ] | ||
[http://wiki.mozilla.org/VE_09#VE.09.18.02 VE.09.18.02 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.19.01 VE.09.19.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.19.02 VE.09.19.02 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ] | |||
|| | || | ||
The module can perform the following self-tests: | The module can perform the following self-tests: | ||
* Power-up self-tests | * Power-up self-tests | ||
** Cryptographic algorithm tests: A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each cryptographic algorithm implemented by the cryptographic module: RC2, RC4, DES, Triple DES, AES-128, AES-192, AES-256, MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, RSA, DSA, RNG, and ECDSA ([http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html source code]). Note that the message digest algorithms have independent known-answer tests. | ** Cryptographic algorithm tests: A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module: RC2, RC4, DES, Triple DES, AES-128, AES-192, AES-256, MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, RSA, DSA, RNG, and ECDSA (see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html power-up self-tests source code]). Note that the message digest algorithms have independent known-answer tests. | ||
** Software integrity test | ** Software integrity test | ||
* Conditional self-tests | * Conditional self-tests | ||
| Line 113: | Line 117: | ||
|| | || | ||
PORT_Memcmp is used to compare the | PORT_Memcmp is used to compare the calculated | ||
output with the known answer. | |||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html sftk_fipsPowerUpSelfTest] | [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html sftk_fipsPowerUpSelfTest] | ||
|| Draft | || Draft | ||
|- | |- | ||
| Line 127: | Line 128: | ||
[http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ] | [http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ] | ||
|| | || | ||
When the two outputs are not equal, the module enters the Error state (by setting the Boolean state variable <code>sftk_fatalError</code> to true) and returns the error code <code>CKR_DEVICE_ERROR</code>. | |||
are not equal | |||
|| Draft | || Draft | ||
|- | |- | ||
| Line 154: | Line 134: | ||
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ] | || [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ] | ||
|| | || | ||
(N/A) | (N/A) The NSS cryptographic module doesn't include two independent implementations of the same cryptographic algorithm. | ||
|| Draft | || Draft | ||
|- | |- | ||