439
edits
No edit summary |
|||
(14 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
=Power-Up Self-Tests= | |||
= | The module can perform the following power-up self-tests: | ||
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module: | ==Cryptographic algorithm tests== | ||
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module. (See the [http://mxr.mozilla.org/security/source/security/nss/lib/softoken/fipstest.c power-up self-tests source code].) | |||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
Line 11: | Line 12: | ||
Algorithm | Algorithm | ||
! | ! | ||
Tests | |||
|- | |- | ||
| RC2|| | | RC2|| | ||
RC2-ECB Single-Round Known Answer Encryption<br> | |||
RC2-ECB Single-Round Known Answer Decryption<br> | |||
RC2-CBC Single-Round Known Answer Encryption<br> | |||
RC2-CBC Single-Round Known Answer Decryption | |||
|- | |- | ||
| RC4|| | | RC4|| | ||
Single-Round Known Answer Encryption<br> | |||
Single-Round Known Answer Decryption | |||
|- | |- | ||
| DES|| | | DES|| | ||
DES-ECB Single-Round Known Answer Encryption<br> | |||
DES-ECB Single-Round Known Answer Decryption<br> | |||
DES-CBC Single-Round Known Answer Encryption<br> | |||
DES-CBC Single-Round Known Answer Decryption | |||
|- | |- | ||
| Triple DES|| | | Triple DES|| | ||
DES3-ECB Single-Round Known Answer Encryption<br> | |||
DES3-ECB Single-Round Known Answer Decryption<br> | |||
DES3-CBC Single-Round Known Answer Encryption<br> | |||
DES3-CBC Single-Round Known Answer Decryption | |||
|- | |- | ||
| AES-128|| | | AES-128, AES-192, AES-256|| | ||
AES-ECB Single-Round Known Answer Encryption<br> | |||
AES-ECB Single-Round Known Answer Decryption<br> | |||
AES-CBC Single-Round Known Answer Encryption<br> | |||
AES-CBC Single-Round Known Answer Decryption | |||
|- | |- | ||
| MD2|| | | MD2|| | ||
Single-Round Known Answer Hashing | |||
|- | |- | ||
| MD5|| | | MD5|| | ||
Single-Round Known Answer Hashing | |||
|- | |- | ||
| SHA-1 | | SHA-1, SHA-256, SHA-384, SHA-512|| | ||
Single-Round Known Answer Hashing | |||
|- | |- | ||
| HMAC-SHA-512|| | | HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512|| | ||
Single-Round Known Answer HMAC | |||
|- | |- | ||
| RSA|| | | RSA|| | ||
Single-Round Known Answer Encryption<br> | |||
Single-Round Known Answer Decryption<br> | |||
Single-Round Known Answer Signature Test SHA-1<br> | |||
Single-Round Known Answer Signature Test SHA-256<br> | |||
Single-Round Known Answer Signature Test SHA-384<br> | |||
Single-Round Known Answer Signature Test SHA-512<br> | |||
|- | |- | ||
| DSA|| | | DSA|| | ||
Single-Round Known Answer Signature<br> | |||
Single-Round Known Answer Verification | |||
|- | |- | ||
| RNG|| | | RNG|| | ||
NIST SP 800-90 Hash_Drbg Known Answer Test<br> | |||
NIST SP 800-90 Invalid input checks<br> | |||
NIST SP 800-90 Automatic reseed checks<br> | |||
[Collectively NIST SP 800-90 DRBG Health Checks] | |||
|- | |- | ||
| ECDSA | | ECDSA - NIST Curve P-256 (the Extended ECC version of the module also tests Curve K-283)|| | ||
Single-Round Known Answer Signature<br> | |||
Single-Round Known Answer Verification | |||
|} | |} | ||
<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div> | |||
==Random number generator test== | |||
See the known-answer test for RNG above. | |||
= | ==Software/firmware integrity test== | ||
An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails, the module immediately enters the Error state. | |||
==Critical functions test== | |||
No other critical functions tests are performed on power-up. |
edits