NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

NSSCryptoModuleSpec/Section 9: Self Tests (view source)

Revision as of 02:10, 1 August 2006

106 bytes added , 1 August 2006

m

no edit summary

Neil.williams

198

edits

@@ Line 193: / Line 193: @@
 |-
 |
-'''Self-Test discription''' for
+'''Self-Test description''' for
 all tests implemented.
 ||
@@ Line 226: / Line 226: @@
 ||
-[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ] is used as the approved authentication
+[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ] is used as the approved ([http://csrc.nist.gov/cryptval/dss/dsaval.htm#172 DSA]) authentication technique for the integrity test of the software component. When the softokn and freebl libraries (libsoftokn3/softokn3/libfreebl*) are built a DSA signature checksum is generated and stored in a file with the name ''libraryname''.chk. When the module is in FIPS mode, at initialization the softoken computes checksums for its library and for freebl and compares it with the values in ''libraryname''.chk
-technique for the integrity test of the software component. When the softokn library (libsoftokn3/softokn3) is built a DSA signature checksum is
-generated and stored in a file libsoftokn3.chk/softokn3.chk. When the module is in FIPS mode, at initialization the softoken computes its checksum and compares it with the value in libsoftokn3.chk/softokn3.chk.
 [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html#FC_Initialize     FC_Initialize ] calls [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11.c.dep.html#nsc_CommonInitialize nsc_CommonInitialize ] and then the DSS signature is checked before the module