NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
mNo edit summary
Line 35: Line 35:
|'''CKR_OK''' || Success, no error
|'''CKR_OK''' || Success, no error
|}
|}
||
|| Draft
|-
|-
|  
|  
Line 54: Line 54:
The fatalError state will inhibit further  
The fatalError state will inhibit further  
cryptographic operations.
cryptographic operations.
||
|| Draft
|-
|-
|
|
Line 71: Line 71:
tests are mandatory for the FIPS-140-2 mode of
tests are mandatory for the FIPS-140-2 mode of
operation.
operation.
||
|| Draft
|-
|-
|  
|  
Line 85: Line 85:
initiated automatically and does not require
initiated automatically and does not require
operator intervention.   
operator intervention.   
||
|| Draft
|-
|-
|  
|  
Line 97: Line 97:
visible way to initiate these tests  
visible way to initiate these tests  
other than restarting the program.
other than restarting the program.
||
|| Draft
|-
|-
|  
|  
Line 135: Line 135:
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      stk_fipsPowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      stk_fipsPowerUpSelfTest]


||
|| Draft
|-
|-
|  
|  
Line 144: Line 144:
The products will not have a user visible way to initiate
The products will not have a user visible way to initiate
these tests other than restarting the program.
these tests other than restarting the program.
||
|| Draft
|-
|-
|  
|  
Line 155: Line 155:
number generation) of each Approved  
number generation) of each Approved  
cryptographic algorithm self test.
cryptographic algorithm self test.
||
|| Draft
|-
|-
|  
|  
Line 166: Line 166:
ever the calculated output does not  
ever the calculated output does not  
equal the known answer.  
equal the known answer.  
||
|| Draft
|-
|-
|  
|  
Line 181: Line 181:
the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck  'Pairwise Consistency Check Self Tests']  
the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck  'Pairwise Consistency Check Self Tests']  
are used.  
are used.  
||
|| Draft
|-
|-
|
|
Line 191: Line 191:
'''CKR_DEVICE_ERROR''' is returned when the two outputs
'''CKR_DEVICE_ERROR''' is returned when the two outputs
are not equal.  
are not equal.  
||
|| Draft
|-
|-
|  
|  
Line 211: Line 211:
tests are mandatory for the FIPS-140-2 mode of
tests are mandatory for the FIPS-140-2 mode of
operation.
operation.
||
|| Draft
|-
|-
| '''Independant cryptographic algorithm implemenations'''   
| '''Independant cryptographic algorithm implemenations'''   
Line 217: Line 217:
||
||
(N/A)  
(N/A)  
||
|| Draft
|-
|-
|  
|  
Line 235: Line 235:




||
|| Draft
|-
|-
| '''EDC for software integrity'''  
| '''EDC for software integrity'''  
Line 248: Line 248:
Random Number Generator Self tests are the  
Random Number Generator Self tests are the  
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_1_x3_1 Continuous Pseudo-Random Number Self-Tests ]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_1_x3_1 Continuous Pseudo-Random Number Self-Tests ]
||  
|| Draft
|-
|-
|
|
Line 264: Line 264:
two public/private key pairs (Diffie-Hellman or
two public/private key pairs (Diffie-Hellman or
its elliptic curve variants).  
its elliptic curve variants).  
||
|| Draft
|-
|-
|
|
Line 277: Line 277:
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ]  
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ]  
is used.   
is used.   
||
|| Draft
|-
|-
|  
|  
Line 299: Line 299:
propogate up to calling functions to put the cryptographic
propogate up to calling functions to put the cryptographic
module in critical error state.
module in critical error state.
||
|| Draft
|-
|-
| '''ByPass Service'''  ||  
| '''ByPass Service'''  ||  
Line 307: Line 307:
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ]  
|| (N/A) NSS does not implement a ByPass service.  
|| (N/A) NSS does not implement a ByPass service.  
||
|| Draft
|}
|}


Return to: [[NSSCryptoModuleSpec]]
Return to: [[NSSCryptoModuleSpec]]

Revision as of 20:53, 13 April 2006

Note: This is a draft - A work in progress! - Not official.


Document Description

DTR Section

Assessment

Status

List every error state & error indicator - Document all error states associated with each self-test, and indicate for each error state the expected error indicator.

VE.09.04.01
CKR_USER_NOT_LOGGED_IN User has not logged

in by supplying their password to the FIPS-140-2 PKCS#11 module.

CKR_DEVICE_ERROR Crypographic operation failure
CKR_HOST_MEMORY Memory allocation failure
CKR_OK Success, no error
Draft

Module in Error State: Ensure that cryptographic operations cannot be performed while the module is in the error state. See VE02.06.01 for the vendor design requirement.

VE.09.05.01 VE.09.06.01

Power-up Self Test: PKCS#11 Initialization: As part of the PKCS#11 initialization of the FIPS-140-2 module, any error return from the battery of self tests will put the PKCS#11 module in the fatalError state. The fatalError state will inhibit further cryptographic operations.

Draft

List of mandatory & optional self-tests performed by the module

VE.09.07.01

Power up Self Test Code

Power up SelfTest Design

No operator call backs have been implemented at any point within the power-up self tests. These tests are mandatory for the FIPS-140-2 mode of operation.

Draft

For each error condition, document the actions neccessary to clear the condition and resume normal operation.

VE.09.07.02

For fatal error conditions CKR_DEVICE_ERROR and CKR_HOST_MEMORY the only way to clear the condition is to reboot the module. Upon restart the power-up tests shall be initiated automatically and does not require operator intervention.

Draft

Describe self-test initiation on demand requires that the running of power-up self-tests not involve any inputs from actions by the operator.

VE.09.09.01

The products will not have a user visible way to initiate these tests other than restarting the program.

Draft

Cryptographic algorithm's known answer test successful completion indicator for the power-up self-tests.

VE.09.10.01

Power Up Self Test Code This is demonstrated throughout the self test module. Each of the following functions declares static key material at the beginning of each test and upon successful completion returns CKR_OK:


sftk_fips_RC2_PowerUpSelfTest

sftk_fips_RC4_PowerUpSelfTest

sftk_fips_DES_PowerUpSelfTest

sftk_fips_DES3_PowerUpSelfTest

sftk_fips_MD2_PowerUpSelfTest

sftk_fips_MD5_PowerUpSelfTest

sftk_fips_SHA1_PowerUpSelfTest

sftk_fips_RSA_PowerUpSelfTest

sftk_fips_DSA_PowerUpSelfTest

sftk_fips_AES_PowerUpSelfTest

stk_fipsPowerUpSelfTest

Draft

Procedure by which an operator can initiate the power-up self-tests

VE.09.12.01

The products will not have a user visible way to initiate these tests other than restarting the program.

Draft

All self tests shall use a known answer.

VE.09.13.01 
A known answer shall be conducted for all cryptographic

functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm self test.

Draft

If the calculated output does not equal the known answer, the known-answer test shall fail.

VE.09.16.01

CKR_DEVICE_ERROR is returned when ever the calculated output does not equal the known answer.

Draft

specify the method used to compare the calculated output with the known answer.

VE.09.17.01

PORT_Memcmp is used to compare the computed cipher text with the known ciphertext. sftk_fipsPowerUpSelfTest When keys are used for encryption/decryption the 'Pairwise Consistency Check Self Tests' are used.

Draft

Error State when two outputs are not equal.

VE.09.17.02

CKR_DEVICE_ERROR is returned when the two outputs are not equal.

Draft

Self-Test discription for all tests implemented.

VE.09.18.01 VE.09.18.02 VE.09.19.01 VE.09.19.02 VE.09.20.01

Power up Self Test Code

Power up SelfTest Design

No operator call backs have been implemented at any point within the power-up self tests. These tests are mandatory for the FIPS-140-2 mode of operation.

Draft
Independant cryptographic algorithm implemenations VE.09.20.02

(N/A)

Draft

Integrity test for software components

VE.09.22.01 VE.09.22.02 VE.09.22.03

Digital Signature Standard (DSS) is used as the approved authentication technique for the integrity test of the software component. When the softokn library (libsoftokn3/softokn3) is built a DSA signature checksum is generated and stored in a file libsoftokn3.chk/softokn3.chk. When the module is in FIPS mode, at initialization the softoken computes its checksum and compares it with the value in libsoftokn3.chk/softokn3.chk.

FC_Initialize calls nsc_CommonInitialize and then the DSS signature is checked before the module is allowed to load.


Draft
EDC for software integrity VE.09.24.01 (N/A)
Critical Functions

VE.09.27.01 VE.09.28.01

Random Number Generator Self tests are the Continuous Pseudo-Random Number Self-Tests

Draft

Key transport method

VE.09.31.01 VE.09.32.01

RSA encryption is the only FIPS approved key transport method that VE.09.31.01 applies to. See sftk_PairwiseConsistencyCheck

The other key transport/establishment methods either use a symmetric wrapping key (encrypting/wrapping with TDES or AES) or require two public/private key pairs (Diffie-Hellman or its elliptic curve variants).

Draft

Approved authentication technique

VE.09.33.01 VE.09.35.01 VE.09.35.02

When components are externally loaded in the cryptographic module, Digital Signature Standard (DSS) is used.

Draft

Manual Key Entry

VE.09.40.01 VE.09.40.02

(N/A) NSS does not implement manual Key entry

Random number generator is implemented, document the continuous RNG test performed

VE.09.42.01 VE.09.43.01

Continuous Pseudo-Random Number Self-Tests In this code reference, if the SHA-1 hash matches the previous SHA-1 hash (the odds are 2^160), then the error code SECFailure is returned. This will propogate up to calling functions to put the cryptographic module in critical error state.

Draft
ByPass Service

VE.09.45.01 VE.09.45.02 VE.09.46.01 VE.09.46.02

(N/A) NSS does not implement a ByPass service. Draft

Return to: NSSCryptoModuleSpec

Retrieved from "https://wiki.allizom.org/index.php?title=NSSCryptoModuleSpec/Section_9:_Self_Tests&oldid=23995"