canmove, Confirmed users
937
edits
NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions
NSSCryptoModuleSpec/Section 9: Self Tests (view source)
Revision as of 23:31, 4 August 2006
, 4 August 2006no edit summary
No edit summary |
No edit summary |
||
| Line 171: | Line 171: | ||
|| | || | ||
RSA encryption (Key Wrapping using RSA keys) is the only key transport | RSA encryption (Key Wrapping using RSA keys) is the only key transport | ||
method that VE.09.31.01 applies to. The pairwise consistency check, as defined in AS09.31, is implemented in the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck] function. See the source code under the comment "Pairwise Consistency Check of Encrypt/Decrypt." | method that VE.09.31.01 applies to. The pairwise consistency check, as defined in AS09.31, is implemented in the <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function. (See the source code under the comment "Pairwise Consistency Check of Encrypt/Decrypt.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>. | ||
|| Draft | || Draft | ||
|- | |- | ||
| Line 179: | Line 179: | ||
[http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ] | [http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ] | ||
|| | || | ||
The [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck] function of the module tests the pairwise consistency of the public and private keys used for digital signatures by the calculation and verification of a signature. If the signature cannot be verified, the test fails. See the source code under the comment "Pairwise Consistency Check of Sign/Verify." | The <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function of the module tests the pairwise consistency of the public and private keys used for digital signatures by the calculation and verification of a signature. If the signature cannot be verified, the test fails. (See the source code under the comment "Pairwise Consistency Check of Sign/Verify.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>. | ||
|| Draft | || Draft | ||
|- | |- | ||