439
edits
Power Up Selftests: Difference between revisions
→Cryptographic algorithm tests
No edit summary |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
=Power-Up Self-Tests= | |||
The module can perform the following power-up self-tests: | |||
==Cryptographic algorithm tests== | |||
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module. (See the [http://mxr.mozilla.org/security/source/security/nss/lib/softoken/fipstest.c power-up self-tests source code].) | |||
{| border="1" cellpadding="2" | |||
|+ | |||
|- | |||
! | |||
Algorithm | |||
! | |||
Tests | |||
|- | |||
| RC2|| | |||
RC2-ECB Single-Round Known Answer Encryption<br> | |||
RC2-ECB Single-Round Known Answer Decryption<br> | |||
RC2-CBC Single-Round Known Answer Encryption<br> | |||
RC2-CBC Single-Round Known Answer Decryption | |||
|- | |||
| RC4|| | |||
Single-Round Known Answer Encryption<br> | |||
Single-Round Known Answer Decryption | |||
|- | |||
| DES|| | |||
DES-ECB Single-Round Known Answer Encryption<br> | |||
DES-ECB Single-Round Known Answer Decryption<br> | |||
DES-CBC Single-Round Known Answer Encryption<br> | |||
DES-CBC Single-Round Known Answer Decryption | |||
|- | |||
| Triple DES|| | |||
DES3-ECB Single-Round Known Answer Encryption<br> | |||
DES3-ECB Single-Round Known Answer Decryption<br> | |||
DES3-CBC Single-Round Known Answer Encryption<br> | |||
DES3-CBC Single-Round Known Answer Decryption | |||
|- | |||
| AES-128, AES-192, AES-256|| | |||
AES-ECB Single-Round Known Answer Encryption<br> | |||
AES-ECB Single-Round Known Answer Decryption<br> | |||
AES-CBC Single-Round Known Answer Encryption<br> | |||
AES-CBC Single-Round Known Answer Decryption | |||
|- | |||
| MD2|| | |||
Single-Round Known Answer Hashing | |||
|- | |||
| MD5|| | |||
Single-Round Known Answer Hashing | |||
|- | |||
| SHA-1, SHA-256, SHA-384, SHA-512|| | |||
Single-Round Known Answer Hashing | |||
|- | |||
| HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512|| | |||
Single-Round Known Answer HMAC | |||
|- | |||
| RSA|| | |||
Single-Round Known Answer Encryption<br> | |||
Single-Round Known Answer Decryption<br> | |||
Single-Round Known Answer Signature Test SHA-1<br> | |||
Single-Round Known Answer Signature Test SHA-256<br> | |||
Single-Round Known Answer Signature Test SHA-384<br> | |||
Single-Round Known Answer Signature Test SHA-512<br> | |||
|- | |||
| DSA|| | |||
Single-Round Known Answer Signature<br> | |||
Single-Round Known Answer Verification | |||
|- | |||
| RNG|| | |||
NIST SP 800-90 Hash_Drbg Known Answer Test<br> | |||
NIST SP 800-90 Invalid input checks<br> | |||
NIST SP 800-90 Automatic reseed checks<br> | |||
[Collectively NIST SP 800-90 DRBG Health Checks] | |||
|- | |||
| ECDSA - NIST Curve P-256 (the Extended ECC version of the module also tests Curve K-283)|| | |||
Single-Round Known Answer Signature<br> | |||
Single-Round Known Answer Verification | |||
|} | |||
<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div> | |||
==Random number generator test== | |||
See the known-answer test for RNG above. | |||
==Software/firmware integrity test== | |||
An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails, the module immediately enters the Error state. | |||
==Critical functions test== | |||
No other critical functions tests are performed on power-up. | |||