Power Up Selftests: Difference between revisions

No edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
=Power-Up Self-Tests=


The module can perform the following power-up self-tests:
==Cryptographic algorithm tests==
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module. (See the [http://mxr.mozilla.org/security/source/security/nss/lib/softoken/fipstest.c power-up self-tests source code].)
{| border="1" cellpadding="2"
|+
|-
!
Algorithm
!
Tests
|-
| RC2||
RC2-ECB Single-Round Known Answer Encryption<br>
RC2-ECB Single-Round Known Answer Decryption<br>
RC2-CBC Single-Round Known Answer Encryption<br>
RC2-CBC Single-Round Known Answer Decryption
|-
| RC4||
Single-Round Known Answer Encryption<br>
Single-Round Known Answer Decryption
|-
| DES||
DES-ECB Single-Round Known Answer Encryption<br>
DES-ECB Single-Round Known Answer Decryption<br>
DES-CBC Single-Round Known Answer Encryption<br>
DES-CBC Single-Round Known Answer Decryption
|-
| Triple DES||
DES3-ECB Single-Round Known Answer Encryption<br>
DES3-ECB Single-Round Known Answer Decryption<br>
DES3-CBC Single-Round Known Answer Encryption<br>
DES3-CBC Single-Round Known Answer Decryption
|-
| AES-128, AES-192, AES-256||
AES-ECB Single-Round Known Answer Encryption<br>
AES-ECB Single-Round Known Answer Decryption<br>
AES-CBC Single-Round Known Answer Encryption<br>
AES-CBC Single-Round Known Answer Decryption
|-
| MD2||
Single-Round Known Answer Hashing
|-
| MD5||
Single-Round Known Answer Hashing
|-
| SHA-1, SHA-256, SHA-384, SHA-512||
Single-Round Known Answer Hashing
|-
| HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512||
Single-Round Known Answer HMAC
|-
| RSA||
Single-Round Known Answer Encryption<br>
Single-Round Known Answer Decryption<br>
Single-Round Known Answer Signature Test SHA-1<br>
Single-Round Known Answer Signature Test SHA-256<br>
Single-Round Known Answer Signature Test SHA-384<br>
Single-Round Known Answer Signature Test SHA-512<br>
|-
| DSA||
Single-Round Known Answer Signature<br>
Single-Round Known Answer Verification
|-
| RNG||
NIST SP 800-90 Hash_Drbg Known Answer Test<br>
NIST SP 800-90 Invalid input checks<br>
NIST SP 800-90 Automatic reseed checks<br>
[Collectively NIST SP 800-90 DRBG Health Checks]
|-
| ECDSA - NIST Curve P-256 (the Extended ECC version of the module also tests Curve K-283)||
Single-Round Known Answer Signature<br>
Single-Round Known Answer Verification
|}
<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div>
==Random number generator test==
See the known-answer test for RNG above.
==Software/firmware integrity test==
An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails, the module immediately enters the Error state.
==Critical functions test==
No other critical functions tests are performed on power-up.
439

edits