MozillaWiki

NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

Page Discussion

NSSCryptoModuleSpec/Section 9: Self Tests (view source)

Revision as of 23:26, 19 December 2006

11,552 bytes removed ,  19 December 2006
no edit summary
No edit summary
No edit summary
Line 1: Line 1:
'''''Note: This is a draft - A work in progress! - Not official.'''''


{| border="1" cellpadding="2"
|+
|-
!
Document Description
!
DTR
Section
!
Assessment
!
Status
|-
|
'''List every error state & error indicator'''
- Document all error states associated with
each self-test, and indicate for each error
state the expected error indicator.
|| [http://wiki.mozilla.org/VE_09#VE.09.04.01 VE.09.04.01 ]   
||
Failure of any of the power-up, conditional, or operator-initiated self-tests causes the cryptographic module to enter the Error state ([http://wiki.mozilla.org/FIPSFSM#States State 3 ]). If the pairwise consistency test fails, the <code>FC_GenerateKeyPair</code> function returns the error code <code>CKR_GENERAL_ERROR</code>. If any other self-test fails, the PKCS #11 function returns the error code <code>CKR_DEVICE_ERROR</code>. When the cryptographic module is in the Error state, most PKCS #11 functions (including all the functions that perform cryptographic operations) do nothing and return the error code <code>CKR_DEVICE_ERROR</code>. See also the [http://wiki.mozilla.org/Rolesandservices#Show_Status Show Status] service of the cryptographic module.
{| border="1" cellpadding="2"
|+
|-
|'''CKR_DEVICE_ERROR''' ||  Cryptographic module is in the Error state, or has entered the Error state because a self-test (other than the pairwise consistency test) fails.
|-
|'''CKR_GENERAL_ERROR''' ||  Cryptographic module has entered the Error state because the pairwise consistency test fails.
|}
|| Draft
|-
|
'''Module in Error State''':
Ensure that cryptographic operations cannot
be performed and all data output via the data output interface is inhibited while the module is in the
error state. See VE02.06.01 for the vendor
design requirement.
||
[http://wiki.mozilla.org/VE_09#VE.09.05.01 VE.09.05.01 ]          [http://wiki.mozilla.org/VE_09#VE.09.06.01 VE.09.06.01 ]   
||
All the PKCS #11 functions that perform cryptographic operations or output data check the Boolean state variable <code>sftk_fatalError</code> on entry. In the Error state (<code>sftk_fatalError</code> is true), no action besides returning the error code <code>CKR_DEVICE_ERROR</code> is taken by those functions, which prevents cryptograhic operations and data output. (See also [http://wiki.mozilla.org/ModuleInterfaces#In_Error_State In Error State].)
|| Draft
|-
|
'''List and describe the power-up & conditional self-tests
performed by the module'''
||
[http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ] [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] [http://wiki.mozilla.org/VE_09#VE.09.18.01 VE.09.18.01 ]   
[http://wiki.mozilla.org/VE_09#VE.09.18.02 VE.09.18.02 ]   
[http://wiki.mozilla.org/VE_09#VE.09.19.01 VE.09.19.01 ]   
[http://wiki.mozilla.org/VE_09#VE.09.19.02 VE.09.19.02 ]   
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ]
||
* [http://wiki.mozilla.org/Power_Up_Selftests Power-up tests ]
* Conditional tests
** Pair-wise consistency test (for public and private keys): the module performs the pair-wise consistency test specified in FIPS 140-2 Section 4.9.2 when it generates RSA, DSA, and ECDSA key pairs.
** Continuous random number generator test: the module performs the continuous random number generator test specified in FIPS 140-2 Section 4.9.2 that tests for failure to a constant value.
** No other conditional tests are performed.
These tests are mandatory for the FIPS 140-2 mode of
operation.
|| Draft
|-
|
'''For each error condition, document the
actions neccessary to clear the condition
and resume normal operation.'''
|| [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ]   
||
The cryptographic module has only one Error state, which is entered when any self-test fails. The error code <code>CKR_DEVICE_ERROR</code> returned by cryptographic functions indicates that the module is in the Error state. For the fatal error condition <code>CKR_DEVICE_ERROR</code>,
the only way to clear
the condition is to shut down and restart the module. Upon
restart the power-up tests will be
initiated automatically and do not require
operator intervention. 
|| Draft
|-
|
'''Describe automatic initiation of power-up self-tests'''
requires that the running of power-up
self-tests not involve any inputs from
or actions by the operator.
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ]   
||
When the <code>FC_Initialize</code> function is called, which initializes the PKCS #11 library of the NSS cryptographic module for the FIPS Approved mode of operation, the power-up self-tests are initiated automatically and don't require operator intervention.
|| Draft
|-
|
'''Results of power-up self-tests''' successful completion indicator for the power-up self-tests.
|| [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ]   
||
The <code>FC_Initialize</code> function returns the code <code>CKR_OK</code> upon successful completion of the power-up self-tests.
|| Draft
|-
|
'''Procedure by which an operator can
initiate the power-up self-tests on demand'''
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ]   
||
The operator can initiate the power-up self-tests on demand by calling the <code>FC_Finalize</code> and <code>FC_Initialize</code> functions to shut down and restart the module.
|| Draft
|-
|
'''specify the method used to compare the
calculated output with the known answer.'''
||
[http://wiki.mozilla.org/VE_09#VE.09.17.01 VE.09.17.01 ]   
||
<code>PORT_Memcmp</code>, a synonym for <code>memcmp</code>, is used to compare the calculated output with the known answer byte by byte.
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fipsPowerUpSelfTest]
|| Draft
|-
|
'''Error State''' when two outputs are
not equal.
||
[http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ]   
||
When the two outputs are not equal, the module enters the Error state (by setting the Boolean state variable <code>sftk_fatalError</code> to true) and returns the error code <code>CKR_DEVICE_ERROR</code>.
|| Draft
|-
| '''Independant cryptographic algorithm implemenations''' 
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ] 
||
(N/A) The NSS cryptographic module doesn't include two independent implementations of the same cryptographic algorithm.
|| Draft
|-
|
'''Integrity test for software components'''
||
[http://wiki.mozilla.org/VE_09#VE.09.22.01 VE.09.22.01 ]   
[http://wiki.mozilla.org/VE_09#VE.09.22.02 VE.09.22.02 ]   
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ]   
||
[http://wiki.mozilla.org/FIPS_Operational_Environment#Software_Integrity_Test Software Integrity Test]
|| Draft
|-
| '''EDC for software integrity'''
|| [http://wiki.mozilla.org/VE_09#VE.09.24.01 VE.09.24.01 ]
|| (N/A) ||
|-
| '''Critical functions test'''
||
[http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ]
||
The critical security functions of the cryptographic module are:
* Random number generation. Used for the generation of cryptographic keys used by Approved cryptographic algorithms. Tested by the power-up random number generator known-answer test and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 continuous random number generator test].
* Operation of the cryptographic algorithms. Used for encryption, decryption, and authentication. Tested by the power-up [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html cryptographic algorithm tests] and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck pairwise consistency test] (when the module generates public and private keys).
|| Draft
|-
|
'''Key transport method'''
||
[http://wiki.mozilla.org/VE_09#VE.09.31.01 VE.09.31.01]
||
RSA encryption (Key Wrapping using RSA keys) is the only key transport
method that VE.09.31.01 applies to. The pairwise consistency check, as defined in AS09.31, is implemented in the <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function. (See the source code under the comment "Pairwise Consistency Check of Encrypt/Decrypt.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>.
|| Draft
|-
|
'''Digital signatures'''
||
[http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ]
||
The <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function of the module tests the pairwise consistency of the public and private keys used for digital signatures by the calculation and verification of a signature. If the signature cannot be verified, the test fails. (See the source code under the comment "Pairwise Consistency Check of Sign/Verify.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>.
|| Draft
|-
|
'''Approved authentication technique used for the software/firmware load test'''
||
[http://wiki.mozilla.org/VE_09#VE.09.35.01 VE.09.35.01 ]
[http://wiki.mozilla.org/VE_09#VE.09.35.02 VE.09.35.02 ]
||
N/A. No software or firmware components can be externally loaded into the cryptographic
module.
|| Draft
|-
|
'''Manual Key Entry Test'''
||
[http://wiki.mozilla.org/VE_09#VE.09.40.01 VE.09.40.01 ]
[http://wiki.mozilla.org/VE_09#VE.09.40.02 VE.09.40.02 ]
|| (N/A) The cryptographic module does not support manual key entry. ||
|-
|
'''Random number generator''' is implemented, document
the continuous RNG test performed
||
[http://wiki.mozilla.org/VE_09#VE.09.42.01 VE.09.42.01 ]
[http://wiki.mozilla.org/VE_09#VE.09.43.01 VE.09.43.01 ]
||
The module performs the continuous random number generator test on the Approved RNG. In the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 alg_fips186_2_cn_1] function, if the 320-bit block <code>x_j</code> matches
the previous 320-bit block <code>rng->Xj</code> (the odds are 2^320), then
the status code <code>SECFailure</code> is returned. This will
propogate up to calling functions to put the cryptographic
module in the Error state. The first block is not used (see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#prng_RandomUpdate prng_RandomUpdate] function) but is saved for comparison with the next block.
|| Draft
|-
| '''Bypass Test'''  ||
[http://wiki.mozilla.org/VE_09#VE.09.45.01 VE.09.45.01 ]
[http://wiki.mozilla.org/VE_09#VE.09.45.02 VE.09.45.02 ]
[http://wiki.mozilla.org/VE_09#VE.09.46.01 VE.09.46.01 ]
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ]
|| (N/A) NSS does not implement a bypass service.
|| Draft
|}
Return to: [[NSSCryptoModuleSpec]]
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/44869"