MozillaWiki

Power Up Selftests: Difference between revisions

Page Discussion

Power Up Selftests (view source)

Revision as of 19:35, 16 November 2011

88 bytes added ,  16 November 2011
→‎Cryptographic algorithm tests
 
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
The module can perform the following self-tests:
=Power-Up Self-Tests=
 
=Power-Up Selftests=


The module can perform the following power-up self-tests:


==Cryptographic algorithm tests==
==Cryptographic algorithm tests==
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module:
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module. (See the [http://mxr.mozilla.org/security/source/security/nss/lib/softoken/fipstest.c power-up self-tests source code].)


{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
Line 52: Line 51:
Single-Round Known Answer Hashing
Single-Round Known Answer Hashing
|-
|-
| HMAC-SHA-1||
| HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512||
Single-Round Known Answer HMAC
Single-Round Known Answer HMAC
|-
| HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512||
Single-Round Known Answer
|-
|-
| RSA||
| RSA||
Line 71: Line 67:
|-
|-
| RNG||
| RNG||
FIPS 182 CN-1 Known Answer Test
NIST SP 800-90 Hash_Drbg Known Answer Test<br>
NIST SP 800-90 Invalid input checks<br>
NIST SP 800-90 Automatic reseed checks<br>
[Collectively NIST SP 800-90 DRBG Health Checks]
|-
|-
| ECDSA||
| ECDSA - NIST Curve P-256 (the Extended ECC version of the module also tests Curve K-283)||
Single-Round Known Answer Signature<br>
Single-Round Known Answer Signature<br>
Single-Round Known Answer Verification
Single-Round Known Answer Verification
|-
(see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html power-up self-tests source code]).<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div>
|}
|}
<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div>


==Random number generator test==
==Random number generator test==


==Software integrity test==
See the known-answer test for RNG above.
An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails the module immediately enters the Error state.


==Software/firmware test==
==Software/firmware integrity test==
No software tests are performed on power-up.
An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails, the module immediately enters the Error state.


==Critical functions test==
==Critical functions test==
No critical functions tests are performed on power-up.
No other critical functions tests are performed on power-up.
 
==Other self-tests==
No other tests are performed on power-up.
Relyea
439

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/30687...370331"