219
edits
NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions
NSSCryptoModuleSpec/Section 9: Self Tests (view source)
Revision as of 20:53, 13 April 2006
, 13 April 2006no edit summary
No edit summary |
mNo edit summary |
||
| Line 35: | Line 35: | ||
|'''CKR_OK''' || Success, no error | |'''CKR_OK''' || Success, no error | ||
|} | |} | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 54: | Line 54: | ||
The fatalError state will inhibit further | The fatalError state will inhibit further | ||
cryptographic operations. | cryptographic operations. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 71: | Line 71: | ||
tests are mandatory for the FIPS-140-2 mode of | tests are mandatory for the FIPS-140-2 mode of | ||
operation. | operation. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 85: | Line 85: | ||
initiated automatically and does not require | initiated automatically and does not require | ||
operator intervention. | operator intervention. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 97: | Line 97: | ||
visible way to initiate these tests | visible way to initiate these tests | ||
other than restarting the program. | other than restarting the program. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 135: | Line 135: | ||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html stk_fipsPowerUpSelfTest] | [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html stk_fipsPowerUpSelfTest] | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 144: | Line 144: | ||
The products will not have a user visible way to initiate | The products will not have a user visible way to initiate | ||
these tests other than restarting the program. | these tests other than restarting the program. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 155: | Line 155: | ||
number generation) of each Approved | number generation) of each Approved | ||
cryptographic algorithm self test. | cryptographic algorithm self test. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 166: | Line 166: | ||
ever the calculated output does not | ever the calculated output does not | ||
equal the known answer. | equal the known answer. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 181: | Line 181: | ||
the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck 'Pairwise Consistency Check Self Tests'] | the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck 'Pairwise Consistency Check Self Tests'] | ||
are used. | are used. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 191: | Line 191: | ||
'''CKR_DEVICE_ERROR''' is returned when the two outputs | '''CKR_DEVICE_ERROR''' is returned when the two outputs | ||
are not equal. | are not equal. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 211: | Line 211: | ||
tests are mandatory for the FIPS-140-2 mode of | tests are mandatory for the FIPS-140-2 mode of | ||
operation. | operation. | ||
|| | || Draft | ||
|- | |- | ||
| '''Independant cryptographic algorithm implemenations''' | | '''Independant cryptographic algorithm implemenations''' | ||
| Line 217: | Line 217: | ||
|| | || | ||
(N/A) | (N/A) | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 235: | Line 235: | ||
|| | || Draft | ||
|- | |- | ||
| '''EDC for software integrity''' | | '''EDC for software integrity''' | ||
| Line 248: | Line 248: | ||
Random Number Generator Self tests are the | Random Number Generator Self tests are the | ||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_1_x3_1 Continuous Pseudo-Random Number Self-Tests ] | [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_1_x3_1 Continuous Pseudo-Random Number Self-Tests ] | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 264: | Line 264: | ||
two public/private key pairs (Diffie-Hellman or | two public/private key pairs (Diffie-Hellman or | ||
its elliptic curve variants). | its elliptic curve variants). | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 277: | Line 277: | ||
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ] | [http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ] | ||
is used. | is used. | ||
|| | || Draft | ||
|- | |- | ||
| | | | ||
| Line 299: | Line 299: | ||
propogate up to calling functions to put the cryptographic | propogate up to calling functions to put the cryptographic | ||
module in critical error state. | module in critical error state. | ||
|| | || Draft | ||
|- | |- | ||
| '''ByPass Service''' || | | '''ByPass Service''' || | ||
| Line 307: | Line 307: | ||
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ] | [http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ] | ||
|| (N/A) NSS does not implement a ByPass service. | || (N/A) NSS does not implement a ByPass service. | ||
|| | || Draft | ||
|} | |} | ||
Return to: [[NSSCryptoModuleSpec]] | Return to: [[NSSCryptoModuleSpec]] | ||