NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 171: Line 171:
||  
||  
RSA encryption (Key Wrapping using RSA keys) is the only key transport
RSA encryption (Key Wrapping using RSA keys) is the only key transport
method that VE.09.31.01 applies to. The pairwise consistency check, as defined in AS09.31, is implemented in the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck] function. See the source code under the comment "Pairwise Consistency Check of Encrypt/Decrypt."
method that VE.09.31.01 applies to. The pairwise consistency check, as defined in AS09.31, is implemented in the <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function. (See the source code under the comment "Pairwise Consistency Check of Encrypt/Decrypt.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>.
|| Draft
|| Draft
|-
|-
Line 179: Line 179:
[http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ]  
||
||
The [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck] function of the module tests the pairwise consistency of the public and private keys used for digital signatures by the calculation and verification of a signature. If the signature cannot be verified, the test fails. See the source code under the comment "Pairwise Consistency Check of Sign/Verify."
The <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function of the module tests the pairwise consistency of the public and private keys used for digital signatures by the calculation and verification of a signature. If the signature cannot be verified, the test fails. (See the source code under the comment "Pairwise Consistency Check of Sign/Verify.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>.
|| Draft
|| Draft
|-
|-
canmove, Confirmed users
937

edits