NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

m
no edit summary
No edit summary
mNo edit summary
Line 35: Line 35:
|'''CKR_OK''' || Success, no error
|'''CKR_OK''' || Success, no error
|}
|}
||
|| Draft
|-
|-
|  
|  
Line 54: Line 54:
The fatalError state will inhibit further  
The fatalError state will inhibit further  
cryptographic operations.
cryptographic operations.
||
|| Draft
|-
|-
|
|
Line 71: Line 71:
tests are mandatory for the FIPS-140-2 mode of
tests are mandatory for the FIPS-140-2 mode of
operation.
operation.
||
|| Draft
|-
|-
|  
|  
Line 85: Line 85:
initiated automatically and does not require
initiated automatically and does not require
operator intervention.   
operator intervention.   
||
|| Draft
|-
|-
|  
|  
Line 97: Line 97:
visible way to initiate these tests  
visible way to initiate these tests  
other than restarting the program.
other than restarting the program.
||
|| Draft
|-
|-
|  
|  
Line 135: Line 135:
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      stk_fipsPowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      stk_fipsPowerUpSelfTest]


||
|| Draft
|-
|-
|  
|  
Line 144: Line 144:
The products will not have a user visible way to initiate
The products will not have a user visible way to initiate
these tests other than restarting the program.
these tests other than restarting the program.
||
|| Draft
|-
|-
|  
|  
Line 155: Line 155:
number generation) of each Approved  
number generation) of each Approved  
cryptographic algorithm self test.
cryptographic algorithm self test.
||
|| Draft
|-
|-
|  
|  
Line 166: Line 166:
ever the calculated output does not  
ever the calculated output does not  
equal the known answer.  
equal the known answer.  
||
|| Draft
|-
|-
|  
|  
Line 181: Line 181:
the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck  'Pairwise Consistency Check Self Tests']  
the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck  'Pairwise Consistency Check Self Tests']  
are used.  
are used.  
||
|| Draft
|-
|-
|
|
Line 191: Line 191:
'''CKR_DEVICE_ERROR''' is returned when the two outputs
'''CKR_DEVICE_ERROR''' is returned when the two outputs
are not equal.  
are not equal.  
||
|| Draft
|-
|-
|  
|  
Line 211: Line 211:
tests are mandatory for the FIPS-140-2 mode of
tests are mandatory for the FIPS-140-2 mode of
operation.
operation.
||
|| Draft
|-
|-
| '''Independant cryptographic algorithm implemenations'''   
| '''Independant cryptographic algorithm implemenations'''   
Line 217: Line 217:
||
||
(N/A)  
(N/A)  
||
|| Draft
|-
|-
|  
|  
Line 235: Line 235:




||
|| Draft
|-
|-
| '''EDC for software integrity'''  
| '''EDC for software integrity'''  
Line 248: Line 248:
Random Number Generator Self tests are the  
Random Number Generator Self tests are the  
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_1_x3_1 Continuous Pseudo-Random Number Self-Tests ]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_1_x3_1 Continuous Pseudo-Random Number Self-Tests ]
||  
|| Draft
|-
|-
|
|
Line 264: Line 264:
two public/private key pairs (Diffie-Hellman or
two public/private key pairs (Diffie-Hellman or
its elliptic curve variants).  
its elliptic curve variants).  
||
|| Draft
|-
|-
|
|
Line 277: Line 277:
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ]  
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ]  
is used.   
is used.   
||
|| Draft
|-
|-
|  
|  
Line 299: Line 299:
propogate up to calling functions to put the cryptographic
propogate up to calling functions to put the cryptographic
module in critical error state.
module in critical error state.
||
|| Draft
|-
|-
| '''ByPass Service'''  ||  
| '''ByPass Service'''  ||  
Line 307: Line 307:
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ]  
|| (N/A) NSS does not implement a ByPass service.  
|| (N/A) NSS does not implement a ByPass service.  
||
|| Draft
|}
|}


Return to: [[NSSCryptoModuleSpec]]
Return to: [[NSSCryptoModuleSpec]]
219

edits