canmove, Confirmed users
937
edits
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
'''''Note: This is a draft - A work in progress! - Not official.''''' | |||
{| border="1" cellpadding="2" | |||
|+ | |||
|- | |||
! | |||
Document Description | |||
! | |||
DTR | |||
Section | |||
! | |||
Assessment | |||
! | |||
Status | |||
|- | |||
| | |||
'''List every error state & error indicator''' | |||
- Document all error states associated with | |||
each self-test, and indicate for each error | |||
state the expected error indicator. | |||
|| [http://wiki.mozilla.org/VE_09#VE.09.04.01 VE.09.04.01 ] | |||
|| | |||
Failure of any of the power-up, conditional, or operator-initiated self-tests causes the cryptographic module to enter the Error state ([http://wiki.mozilla.org/FIPSFSM#States State 3 ]). If the pairwise consistency test fails, the <code>FC_GenerateKeyPair</code> function returns the error code <code>CKR_GENERAL_ERROR</code>. If any other self-test fails, the PKCS #11 function returns the error code <code>CKR_DEVICE_ERROR</code>. When the cryptographic module is in the Error state, most PKCS #11 functions (including all the functions that perform cryptographic operations) do nothing and return the error code <code>CKR_DEVICE_ERROR</code>. See also the [http://wiki.mozilla.org/Rolesandservices#Show_Status Show Status] service of the cryptographic module. | |||
{| border="1" cellpadding="2" | |||
|+ | |||
|- | |||
|'''CKR_DEVICE_ERROR''' || Cryptographic module is in the Error state, or has entered the Error state because a self-test (other than the pairwise consistency test) fails. | |||
|- | |||
|'''CKR_GENERAL_ERROR''' || Cryptographic module has entered the Error state because the pairwise consistency test fails. | |||
|} | |||
|| Draft | |||
|- | |||
| | |||
'''Module in Error State''': | |||
Ensure that cryptographic operations cannot | |||
be performed and all data output via the data output interface is inhibited while the module is in the | |||
error state. See VE02.06.01 for the vendor | |||
design requirement. | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.05.01 VE.09.05.01 ] [http://wiki.mozilla.org/VE_09#VE.09.06.01 VE.09.06.01 ] | |||
|| | |||
All the PKCS #11 functions that perform cryptographic operations or output data check the Boolean state variable <code>sftk_fatalError</code> on entry. In the Error state (<code>sftk_fatalError</code> is true), no action besides returning the error code <code>CKR_DEVICE_ERROR</code> is taken by those functions, which prevents cryptograhic operations and data output. (See also [http://wiki.mozilla.org/ModuleInterfaces#In_Error_State In Error State].) | |||
|| Draft | |||
|- | |||
| | |||
'''List and describe the power-up & conditional self-tests | |||
performed by the module''' | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ] [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] [http://wiki.mozilla.org/VE_09#VE.09.18.01 VE.09.18.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.18.02 VE.09.18.02 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.19.01 VE.09.19.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.19.02 VE.09.19.02 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ] | |||
|| | |||
* [http://wiki.mozilla.org/Power_Up_Selftests Power-up tests ] | |||
* Conditional tests | |||
** Pair-wise consistency test (for public and private keys): the module performs the pair-wise consistency test specified in FIPS 140-2 Section 4.9.2 when it generates RSA, DSA, and ECDSA key pairs. | |||
** Continuous random number generator test: the module performs the continuous random number generator test specified in FIPS 140-2 Section 4.9.2 that tests for failure to a constant value. | |||
** No other conditional tests are performed. | |||
These tests are mandatory for the FIPS 140-2 mode of | |||
operation. | |||
|| Draft | |||
|- | |||
| | |||
'''For each error condition, document the | |||
actions neccessary to clear the condition | |||
and resume normal operation.''' | |||
|| [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ] | |||
|| | |||
The cryptographic module has only one Error state, which is entered when any self-test fails. The error code <code>CKR_DEVICE_ERROR</code> returned by cryptographic functions indicates that the module is in the Error state. For the fatal error condition <code>CKR_DEVICE_ERROR</code>, | |||
the only way to clear | |||
the condition is to shut down and restart the module. Upon | |||
restart the power-up tests will be | |||
initiated automatically and do not require | |||
operator intervention. | |||
|| Draft | |||
|- | |||
| | |||
'''Describe automatic initiation of power-up self-tests''' | |||
requires that the running of power-up | |||
self-tests not involve any inputs from | |||
or actions by the operator. | |||
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ] | |||
|| | |||
When the <code>FC_Initialize</code> function is called, which initializes the PKCS #11 library of the NSS cryptographic module for the FIPS Approved mode of operation, the power-up self-tests are initiated automatically and don't require operator intervention. | |||
|| Draft | |||
|- | |||
| | |||
'''Results of power-up self-tests''' successful completion indicator for the power-up self-tests. | |||
|| [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ] | |||
|| | |||
The <code>FC_Initialize</code> function returns the code <code>CKR_OK</code> upon successful completion of the power-up self-tests. | |||
|| Draft | |||
|- | |||
| | |||
'''Procedure by which an operator can | |||
initiate the power-up self-tests on demand''' | |||
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ] | |||
|| | |||
The operator can initiate the power-up self-tests on demand by calling the <code>FC_Finalize</code> and <code>FC_Initialize</code> functions to shut down and restart the module. | |||
|| Draft | |||
|- | |||
| | |||
'''specify the method used to compare the | |||
calculated output with the known answer.''' | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.17.01 VE.09.17.01 ] | |||
|| | |||
<code>PORT_Memcmp</code>, a synonym for <code>memcmp</code>, is used to compare the calculated output with the known answer byte by byte. | |||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html sftk_fipsPowerUpSelfTest] | |||
|| Draft | |||
|- | |||
| | |||
'''Error State''' when two outputs are | |||
not equal. | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ] | |||
|| | |||
When the two outputs are not equal, the module enters the Error state (by setting the Boolean state variable <code>sftk_fatalError</code> to true) and returns the error code <code>CKR_DEVICE_ERROR</code>. | |||
|| Draft | |||
|- | |||
| '''Independant cryptographic algorithm implemenations''' | |||
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ] | |||
|| | |||
(N/A) The NSS cryptographic module doesn't include two independent implementations of the same cryptographic algorithm. | |||
|| Draft | |||
|- | |||
| | |||
'''Integrity test for software components''' | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.22.01 VE.09.22.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.22.02 VE.09.22.02 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ] | |||
|| | |||
[http://wiki.mozilla.org/FIPS_Operational_Environment#Software_Integrity_Test Software Integrity Test] | |||
|| Draft | |||
|- | |||
| '''EDC for software integrity''' | |||
|| [http://wiki.mozilla.org/VE_09#VE.09.24.01 VE.09.24.01 ] | |||
|| (N/A) || | |||
|- | |||
| '''Critical functions test''' | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ] | |||
|| | |||
The critical security functions of the cryptographic module are: | |||
* Random number generation. Used for the generation of cryptographic keys used by Approved cryptographic algorithms. Tested by the power-up random number generator known-answer test and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 continuous random number generator test]. | |||
* Operation of the cryptographic algorithms. Used for encryption, decryption, and authentication. Tested by the power-up [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html cryptographic algorithm tests] and the conditional [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck pairwise consistency test] (when the module generates public and private keys). | |||
|| Draft | |||
|- | |||
| | |||
'''Key transport method''' | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.31.01 VE.09.31.01] | |||
|| | |||
RSA encryption (Key Wrapping using RSA keys) is the only key transport | |||
method that VE.09.31.01 applies to. The pairwise consistency check, as defined in AS09.31, is implemented in the <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function. (See the source code under the comment "Pairwise Consistency Check of Encrypt/Decrypt.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>. | |||
|| Draft | |||
|- | |||
| | |||
'''Digital signatures''' | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ] | |||
|| | |||
The <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck sftk_PairwiseConsistencyCheck]</code> function of the module tests the pairwise consistency of the public and private keys used for digital signatures by the calculation and verification of a signature. If the signature cannot be verified, the test fails. (See the source code under the comment "Pairwise Consistency Check of Sign/Verify.") If the <code>sftk_PairwiseConsistencyCheck</code> call fails, <code>FC_GenerateKeyPair</code> sets <code>sftk_fatalError</code> to true (to enter the Error state) and returns the error code <code>CKR_GENERAL_ERROR</code>. | |||
|| Draft | |||
|- | |||
| | |||
'''Approved authentication technique used for the software/firmware load test''' | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.35.01 VE.09.35.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.35.02 VE.09.35.02 ] | |||
|| | |||
N/A. No software or firmware components can be externally loaded into the cryptographic | |||
module. | |||
|| Draft | |||
|- | |||
| | |||
'''Manual Key Entry Test''' | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.40.01 VE.09.40.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.40.02 VE.09.40.02 ] | |||
|| (N/A) The cryptographic module does not support manual key entry. || | |||
|- | |||
| | |||
'''Random number generator''' is implemented, document | |||
the continuous RNG test performed | |||
|| | |||
[http://wiki.mozilla.org/VE_09#VE.09.42.01 VE.09.42.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.43.01 VE.09.43.01 ] | |||
|| | |||
The module performs the continuous random number generator test on the Approved RNG. In the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#alg_fips186_2_cn_1 alg_fips186_2_cn_1] function, if the 320-bit block <code>x_j</code> matches | |||
the previous 320-bit block <code>rng->Xj</code> (the odds are 2^320), then | |||
the status code <code>SECFailure</code> is returned. This will | |||
propogate up to calling functions to put the cryptographic | |||
module in the Error state. The first block is not used (see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#prng_RandomUpdate prng_RandomUpdate] function) but is saved for comparison with the next block. | |||
|| Draft | |||
|- | |||
| '''Bypass Test''' || | |||
[http://wiki.mozilla.org/VE_09#VE.09.45.01 VE.09.45.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.45.02 VE.09.45.02 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.46.01 VE.09.46.01 ] | |||
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ] | |||
|| (N/A) NSS does not implement a bypass service. | |||
|| Draft | |||
|} | |||
Return to: [[NSSCryptoModuleSpec]] |