Power Up Selftests: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 2: Line 2:


=Power-Up Selftests=
=Power-Up Selftests=
* Cryptographic algorithm tests
==Cryptographic algorithm tests==
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module:
A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module:


Line 20: Line 20:
|-
|-
| RC4||
| RC4||
RC4 Single-Round Known Answer Encryption<br>
Single-Round Known Answer Encryption<br>
RC4 Single-Round Known Answer Decryption
Single-Round Known Answer Decryption
|-
|-
| DES||
| DES||
Line 42: Line 42:
|-
|-
| MD2||
| MD2||
MD2 Single-Round Known Answer Hashing
Single-Round Known Answer Hashing
|-
|-
| MD5||
| MD5||
Single-Round Known Answer Hashing
|-
|-
| SHA-1||
| SHA-1, SHA-256, SHA-384, SHA-512||
|-
Single-Round Known Answer Hashing
| SHA-256||
|-
| SHA-384||
|-
| SHA-512||
|-
|-
| HMAC-SHA-1||
| HMAC-SHA-1||
Single-Round Known Answer HMAC
|-
|-
| HMAC-SHA-256||
| HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512||
|-
Single-Round Known Answer
| HMAC-SHA-384||
|-
| HMAC-SHA-512||
|-
|-
| RSA||
| RSA||
Single-Round Known Answer Encryption<br>
Single-Round Known Answer Decryption<br>
Single-Round Known Answer Signature Test SHA-1<br>
Single-Round Known Answer Signature Test SHA-256<br>
Single-Round Known Answer Signature Test SHA-384<br>
Single-Round Known Answer Signature Test SHA-512<br>
|-
|-
| DSA||
| DSA||
Single-Round Known Answer Signature<br>
Single-Round Known Answer Verification
|-
|-
| RNG||
| RNG||
|-
|-
| ECDSA||
| ECDSA||
Single-Round Known Answer Signature<br>
Single-Round Known Answer Verification
|-
|-
  (see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html power-up self-tests source code]).<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div>
  (see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html power-up self-tests source code]).<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div>
|}
|}


* Software integrity test
==Software integrity test==


=Conditional self-tests=
=Conditional self-tests=

Revision as of 23:43, 3 August 2006

The module can perform the following self-tests:

Power-Up Selftests

Cryptographic algorithm tests

A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module:

(see the power-up self-tests source code).
Note: Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.

Algorithm

Tests

RC2

RC2-ECB Single-Round Known Answer Encryption
RC2-ECB Single-Round Known Answer Decryption
RC2-CBC Single-Round Known Answer Encryption
RC2-CBC Single-Round Known Answer Decryption

RC4

Single-Round Known Answer Encryption
Single-Round Known Answer Decryption

DES

DES-ECB Single-Round Known Answer Encryption
DES-ECB Single-Round Known Answer Decryption
DES-CBC Single-Round Known Answer Encryption
DES-CBC Single-Round Known Answer Decryption

Triple DES

DES3-ECB Single-Round Known Answer Encryption
DES3-ECB Single-Round Known Answer Decryption
DES3-CBC Single-Round Known Answer Encryption
DES3-CBC Single-Round Known Answer Decryption

AES-128, AES-192, AES-256

AES-ECB Single-Round Known Answer Encryption
AES-ECB Single-Round Known Answer Decryption
AES-CBC Single-Round Known Answer Encryption
AES-CBC Single-Round Known Answer Decryption

MD2

Single-Round Known Answer Hashing

MD5

Single-Round Known Answer Hashing

SHA-1, SHA-256, SHA-384, SHA-512

Single-Round Known Answer Hashing

HMAC-SHA-1

Single-Round Known Answer HMAC

HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

Single-Round Known Answer

RSA

Single-Round Known Answer Encryption
Single-Round Known Answer Decryption
Single-Round Known Answer Signature Test SHA-1
Single-Round Known Answer Signature Test SHA-256
Single-Round Known Answer Signature Test SHA-384
Single-Round Known Answer Signature Test SHA-512

DSA

Single-Round Known Answer Signature
Single-Round Known Answer Verification

RNG
ECDSA

Single-Round Known Answer Signature
Single-Round Known Answer Verification

Software integrity test

Conditional self-tests

  • Pair-wise consistency test (for public and private keys)
  • Continous random number generator test

These tests are mandatory for the FIPS 140-2 mode of operation.

Retrieved from "https://wiki.allizom.org/index.php?title=Power_Up_Selftests&oldid=30656"