NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

NSSCryptoModuleSpec/Section 9: Self Tests (view source)

Revision as of 23:11, 16 September 2005

34 bytes added , 16 September 2005

m

no edit summary

Glen

219

edits

@@ Line 13: / Line 13: @@
 |-
 |
-'''List every error state & error indicator''' - Document all error states associated with each self-test, and indicate for each error state the expected error indicator.
+'''List every error state & error indicator'''
+- Document all error states associated with
+each self-test, and indicate for each error
+state the expected error indicator.
 || [http://wiki.mozilla.org/VE_09#VE.09.04.01 VE.09.04.01 ] ||
 {| border="1" cellpadding="2"
 |+
 |-
-|'''CKR_USER_NOT_LOGGED_IN''' || User has not logged in by supplying their password to the FIPS-140-1 PKCS#11 module.
+|'''CKR_USER_NOT_LOGGED_IN''' || User has not logged
+in by supplying their password to the
+FIPS-140-2 PKCS#11 module.
 |-
 |'''CKR_DEVICE_ERROR''' ||  Crypographic operation failure
@@ Line 30: / Line 35: @@
 |
 '''Module in Error State''':
-Ensure that cryptographic operations cannot be performed while the module is in the error state. See VE02.06.01 for the vendor design requirement.
+Ensure that cryptographic operations cannot
+be performed while the module is in the
+error state. See VE02.06.01 for the vendor
+design requirement.
 ||
 [http://wiki.mozilla.org/VE_09#VE.09.05.01 VE.09.05.01 ]  [http://wiki.mozilla.org/VE_09#VE.09.06.01 VE.09.06.01 ]
 ||
 '''Power-up Self Test''':
-[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.html#FC_Initialize PKCS#11 Initialization]: As part of the PKCS#11 initialization of the FIPS-140-2 module, any error return
+[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html#FC_Initialize 'PKCS#11 Initialization']:
-from the battery of self tests will put the PKCS#11
+As part of the PKCS#11 initialization of the
-module in the fatalError state. The fatalError state
+FIPS-140-2 module, any error return
-will inhibit further cryptographic operations.
+from the battery of self tests will put the
+PKCS#11 module in the fatalError state.
+The fatalError state will inhibit further
+cryptographic operations.
 ||
 |-
 |
-'''List of mandatory & optional self-tests performed by the module''' - Provide a list of all self-tests, both mandatory and optional, that the module can perform. This list must include both power-up tests and conditional tests.
+'''List of mandatory & optional self-tests
+performed by the module''' - Provide a list
+of all self-tests, both mandatory and optional,
+that the module can perform. This list must
+include both power-up tests and conditional
+tests.
 ||
 [http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ]
@@ Line 63: / Line 79: @@
 and resume normal operation.'''
 || [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ] ||
+For fatal error conditions CKR_DEVICE_ERROR
-For fatal error conditions CKR_DEVICE_ERROR and CKR_HOST_MEMORY
+and CKR_HOST_MEMORY the only way to clear
-the only way to clear the condition is to reboot the module. Upon
+the condition is to reboot the module. Upon
-restart the power-up tests shall be initiated automatically
+restart the power-up tests shall be
-and do not require operator intervention.
+initiated automatically and does not require
+operator intervention.
 ||
 |-
 |
-'''Describe self-test initiation on demand''' -  requires that the running of power-up self-tests not involve any inputs from or actions by the operator.
+'''Describe self-test initiation on demand'''
+requires that the running of power-up
+self-tests not involve any inputs from
+actions by the operator.
 || [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ] ||
+'''The products will not have a user
-'''The products will not have a user visible way to initiate
+visible way to initiate these tests
-these tests other than restarting the program.'''
+other than restarting the program.'''
 ||
 |-
 |
-'''Document cryptographic algorithm's known answer test:'''
+'''Document cryptographic algorithm's known
- The vendor shall document the indicator that the module outputs upon
+answer test''' The vendor shall document the
+indicator that the module outputs upon
 successful completion of the power-up self-tests.
 || [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ] ||
-[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.html Power Up Self Test Code] This is demonstrated throughout
+[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.html Power Up Self Test Code] This is
-the self test module. Each of the following functions declares
+demonstrated throughout the self test
-static key material at the beginning of each test and upon
+module. Each of the following functions
+declares static key material at the
+beginning of each test and upon
 successful completion returns CKR_OK:
@@ Line 112: / Line 135: @@
 '''The products will not have a user visible way to initiate
 these tests other than restarting the program.'''
 ||
 |-
@@ Line 118: / Line 140: @@
 '''All self tests shall use a known answer'''.
 || [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] ||
-a known answer is shall be conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm self test.
+a known answer is shall be conducted for
+ all cryptographic functions (e.g., encryption,
+decryption, authentication and random
+number generation) of each Approved
+cryptographic algorithm self test.
 ||
 |-
 |
-'''If the calculated output does not equal the known answer, the known-answer test shall fail.'''
+'''If the calculated output does not
+equal the known answer, the
+known-answer test shall fail.'''
 || [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] ||
-CKR_DEVICE_ERROR is returned when ever the calculated output does not equal
+CKR_DEVICE_ERROR is returned when
-the known answer.
+ever the calculated output does not
+equal the known answer.
 ||
 |-
 |
-'''specify the method used to compare the calculated output with the known answer.'''
+'''specify the method used to compare the
+calculated output with the known answer.'''
 || [http://wiki.mozilla.org/VE_09#VE.09.17.01 VE.09.17.01 ] ||
-PORT_Memcmp is used to compare the computed cipher text with the known
+PORT_Memcmp is used to compare the computed
-ciphertext.
+cipher text with the known ciphertext.
 [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fipsPowerUpSelfTest]
-When keys are used for encryption/decryption the
+When keys are used for encryption/decryption
-[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck  'Pairwise Consistency Check Self Tests'] are used.
+the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck  'Pairwise Consistency Check Self Tests']
+are used.
 ||
 |-