Power Up Selftests: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
The module can perform the following self-tests:
=Power-Up Self-Tests=
 
=Power-Up Selftests=


The module can perform the following power-up self-tests:


==Cryptographic algorithm tests==
==Cryptographic algorithm tests==
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module:
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module. (See the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html power-up self-tests source code].)


{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
Line 52: Line 51:
Single-Round Known Answer Hashing
Single-Round Known Answer Hashing
|-
|-
| HMAC-SHA-1||
| HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512||
Single-Round Known Answer HMAC
Single-Round Known Answer HMAC
|-
| HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512||
Single-Round Known Answer
|-
|-
| RSA||
| RSA||
Line 71: Line 67:
|-
|-
| RNG||
| RNG||
FIPS 182 CN-1 Known Answer Test
FIPS 182-2 Change Notice 1 Known Answer Test
|-
|-
| ECDSA||
| ECDSA||
Single-Round Known Answer Signature<br>
Single-Round Known Answer Signature<br>
Single-Round Known Answer Verification
Single-Round Known Answer Verification
|-
(see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html power-up self-tests source code]).<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div>
|}
|}
<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div>


==Random number generator test==
==Random number generator test==


==Software integrity test==
See the known-answer test for RNG above.
An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails the module immediately enters the Error state.


==Software/firmware test==
==Software/firmware integrity test==
No software tests are performed on power-up.
An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails, the module immediately enters the Error state.


==Critical functions test==
==Critical functions test==
No critical functions tests are performed on power-up.
No other critical functions tests are performed on power-up.
 
==Other self-tests==
No other tests are performed on power-up.

Revision as of 20:08, 7 August 2006

Power-Up Self-Tests

The module can perform the following power-up self-tests:

Cryptographic algorithm tests

A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module. (See the power-up self-tests source code.)

Algorithm

Tests

RC2

RC2-ECB Single-Round Known Answer Encryption
RC2-ECB Single-Round Known Answer Decryption
RC2-CBC Single-Round Known Answer Encryption
RC2-CBC Single-Round Known Answer Decryption

RC4

Single-Round Known Answer Encryption
Single-Round Known Answer Decryption

DES

DES-ECB Single-Round Known Answer Encryption
DES-ECB Single-Round Known Answer Decryption
DES-CBC Single-Round Known Answer Encryption
DES-CBC Single-Round Known Answer Decryption

Triple DES

DES3-ECB Single-Round Known Answer Encryption
DES3-ECB Single-Round Known Answer Decryption
DES3-CBC Single-Round Known Answer Encryption
DES3-CBC Single-Round Known Answer Decryption

AES-128, AES-192, AES-256

AES-ECB Single-Round Known Answer Encryption
AES-ECB Single-Round Known Answer Decryption
AES-CBC Single-Round Known Answer Encryption
AES-CBC Single-Round Known Answer Decryption

MD2

Single-Round Known Answer Hashing

MD5

Single-Round Known Answer Hashing

SHA-1, SHA-256, SHA-384, SHA-512

Single-Round Known Answer Hashing

HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

Single-Round Known Answer HMAC

RSA

Single-Round Known Answer Encryption
Single-Round Known Answer Decryption
Single-Round Known Answer Signature Test SHA-1
Single-Round Known Answer Signature Test SHA-256
Single-Round Known Answer Signature Test SHA-384
Single-Round Known Answer Signature Test SHA-512

DSA

Single-Round Known Answer Signature
Single-Round Known Answer Verification

RNG

FIPS 182-2 Change Notice 1 Known Answer Test

ECDSA

Single-Round Known Answer Signature
Single-Round Known Answer Verification

Note: Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.

Random number generator test

See the known-answer test for RNG above.

Software/firmware integrity test

An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails, the module immediately enters the Error state.

Critical functions test

No other critical functions tests are performed on power-up.

Retrieved from "https://wiki.allizom.org/index.php?title=Power_Up_Selftests&oldid=30836"