NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

List every error state & error indicator - Document all error states associated with each self-test, and indicate for each error state the expected error indicator.

Module in Error State: Ensure that cryptographic operations cannot be performed while the module is in the error state. See VE02.06.01 for the vendor design requirement.

VE.09.05.01 VE.09.06.01

Power-up Self Test: 'PKCS#11 Initialization': As part of the PKCS#11 initialization of the FIPS-140-2 module, any error return from the battery of self tests will put the PKCS#11 module in the fatalError state. The fatalError state will inhibit further cryptographic operations.

List of mandatory & optional self-tests performed by the module - Provide a list of all self-tests, both mandatory and optional, that the module can perform. This list must include both power-up tests and conditional tests.

VE.09.07.01

[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html Power up Self Test Code]

Power up SelfTest Design

No operator call backs have been implemented at any point within the power-up self tests. These tests are mandatory for the FIPS-140-2 mode of operation.

For each error condition, document the actions neccessary to clear the condition and resume normal operation.

For fatal error conditions CKR_DEVICE_ERROR and CKR_HOST_MEMORY the only way to clear the condition is to reboot the module. Upon restart the power-up tests shall be initiated automatically and does not require operator intervention.

Describe self-test initiation on demand requires that the running of power-up self-tests not involve any inputs from actions by the operator.

The products will not have a user visible way to initiate these tests other than restarting the program.

Document cryptographic algorithm's known answer test The vendor shall document the indicator that the module outputs upon successful completion of the power-up self-tests.

Power Up Self Test Code This is demonstrated throughout the self test module. Each of the following functions declares static key material at the beginning of each test and upon successful completion returns CKR_OK:

sftk_fips_RC2_PowerUpSelfTest sftk_fips_RC4_PowerUpSelfTest sftk_fips_DES_PowerUpSelfTest sftk_fips_DES3_PowerUpSelfTest sftk_fips_MD2_PowerUpSelfTest sftk_fips_MD5_PowerUpSelfTest sftk_fips_SHA1_PowerUpSelfTest sftk_fips_RSA_PowerUpSelfTest sftk_fips_DSA_PowerUpSelfTest sftk_fips_AES_PowerUpSelfTest sftk_fipsPowerUpSelfTest

Procedure by which an operator can initiate the power-up self-tests

The products will not have a user visible way to initiate these tests other than restarting the program.

All self tests shall use a known answer.

A known answer shall be conducted for

all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm self test.

If the calculated output does not equal the known answer, the known-answer test shall fail.

CKR_DEVICE_ERROR is returned when ever the calculated output does not equal the known answer.

specify the method used to compare the calculated output with the known answer.

VE.09.17.01

PORT_Memcmp is used to compare the computed cipher text with the known ciphertext. sftk_fipsPowerUpSelfTest When keys are used for encryption/decryption the 'Pairwise Consistency Check Self Tests' are used.

Error State when two outputs are not equal.

VE.09.17.02

CKR_DEVICE_ERROR is returned when the two outputs are not equal.

Self-Test discription for all tests implemented.

VE.09.18.01 VE.09.18.02 VE.09.19.01 VE.09.19.02 VE.09.20.01

[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html Power up Self Test Code]

Power up SelfTest Design

No operator call backs have been implemented at any point within the power-up self tests. These tests are mandatory for the FIPS-140-2 mode of operation.

Random number generator is implemented, document the continuous RNG test performed

VE.09.42.01 VE.09.43.01

Continuous Pseudo-Random Number Self-Tests In this code reference, if the SHA-1 hash matches the previous SHA-1 hash (the odds are 2^160), then the error code SECFailure is returned. This will propogate up to calling functions to put the cryptographic module in critical error state.