NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

Jump to navigation Jump to search
m
no edit summary
mNo edit summary
mNo edit summary
Line 17: Line 17:
each self-test, and indicate for each error  
each self-test, and indicate for each error  
state the expected error indicator.
state the expected error indicator.
|| [http://wiki.mozilla.org/VE_09#VE.09.04.01 VE.09.04.01 ] ||  
|| [http://wiki.mozilla.org/VE_09#VE.09.04.01 VE.09.04.01 ]  
||  
{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
|+
|+
Line 40: Line 41:
design requirement.
design requirement.
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.05.01 VE.09.05.01 ] [http://wiki.mozilla.org/VE_09#VE.09.06.01 VE.09.06.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.05.01 VE.09.05.01 ]     [http://wiki.mozilla.org/VE_09#VE.09.06.01 VE.09.06.01 ]  
||  
||  
'''Power-up Self Test''':
'''Power-up Self Test''':
Line 60: Line 61:
tests.  
tests.  
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.07.01 VE.09.07.01 ]  
||  
||  


Line 78: Line 79:
actions neccessary to clear the condition  
actions neccessary to clear the condition  
and resume normal operation.'''  
and resume normal operation.'''  
|| [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ] ||  
|| [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ]  
||  
For fatal error conditions CKR_DEVICE_ERROR  
For fatal error conditions CKR_DEVICE_ERROR  
and CKR_HOST_MEMORY the only way to clear  
and CKR_HOST_MEMORY the only way to clear  
Line 92: Line 94:
self-tests not involve any inputs from  
self-tests not involve any inputs from  
actions by the operator.
actions by the operator.
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ] ||
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ]  
||
'''The products will not have a user  
'''The products will not have a user  
visible way to initiate these tests  
visible way to initiate these tests  
Line 103: Line 106:
indicator that the module outputs upon
indicator that the module outputs upon
successful completion of the power-up self-tests.
successful completion of the power-up self-tests.
|| [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ] ||
|| [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ]  
 
||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.html Power Up Self Test Code] This is  
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.html Power Up Self Test Code] This is  
demonstrated throughout the self test
demonstrated throughout the self test
Line 131: Line 134:
initiate the power-up self-tests  
initiate the power-up self-tests  
'''
'''
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ] ||
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ]  
 
||
'''The products will not have a user visible way to initiate
'''The products will not have a user visible way to initiate
these tests other than restarting the program.'''
these tests other than restarting the program.'''
Line 139: Line 142:
|  
|  
'''All self tests shall use a known answer'''.  
'''All self tests shall use a known answer'''.  
|| [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] ||
|| [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ]  
||
  A known answer shall be conducted for
  A known answer shall be conducted for
all cryptographic functions (e.g., encryption,  
all cryptographic functions (e.g., encryption,  
Line 148: Line 152:
|-
|-
|  
|  
'''If the calculated output does not  
'''If the calculated output does not  
equal the known answer, the  
equal the known answer, the  
known-answer test shall fail.'''
known-answer test shall fail.'''
|| [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] ||  
|| [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ]  
 
||  
CKR_DEVICE_ERROR is returned when  
CKR_DEVICE_ERROR is returned when  
ever the calculated output does not  
ever the calculated output does not  
equal the known answer.  
equal the known answer.  
||
||
|-
|-
Line 164: Line 166:
calculated output with the known answer.'''
calculated output with the known answer.'''
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.17.01 VE.09.17.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.17.01 VE.09.17.01 ]  
||  
||  


Line 179: Line 181:
not equal.  
not equal.  
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ]  
||  
||  
'''CKR_DEVICE_ERROR''' is returned when the two outputs
'''CKR_DEVICE_ERROR''' is returned when the two outputs
Line 189: Line 191:
all tests implemented.  
all tests implemented.  
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.18.01 VE.09.18.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.18.01 VE.09.18.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.18.02 VE.09.18.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.18.02 VE.09.18.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.19.01 VE.09.19.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.19.01 VE.09.19.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.19.02 VE.09.19.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.19.02 VE.09.19.02 ]  
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ]
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ]  
||
||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html   
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html   
Line 205: Line 207:
operation.
operation.
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ] || (N/A) ||
| '''Independant cryptographic algorithm implemenations''' 
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ]  
||  
(N/A) ||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.22.01 VE.09.22.01 ] || ||
|  
Integrity test for software components
||  
[http://wiki.mozilla.org/VE_09#VE.09.22.01 VE.09.22.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.22.02 VE.09.22.02 ]   
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ]   
||  
 
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.22.02 VE.09.22.02 ] || ||
| '''EDC for software integrity''' || [http://wiki.mozilla.org/VE_09#VE.09.24.01 VE.09.24.01 ] || (N/A) ||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ] || ||
| '''Critical Functions'''
|| [http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ]  
||  
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.24.01 VE.09.24.01 ] || (N/A) ||
|  
'''Conditional tests'''
|| [http://wiki.mozilla.org/VE_09#VE.09.28.01 VE.09.28.01 ]  
||  
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ] || ||
'''Verification of Digital Signatures'''
|  
'''Key transport method'''
||  
[http://wiki.mozilla.org/VE_09#VE.09.31.01 VE.09.31.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.32.01 VE.09.32.01 ]
||  
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.28.01 VE.09.28.01 ] || ||
|
'''Approved authentication technique'''
||  
[http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ]  
[http://wiki.mozilla.org/VE_09#VE.09.35.01 VE.09.35.01 ]
[http://wiki.mozilla.org/VE_09#VE.09.35.02 VE.09.35.02 ]
||
DSS signature see 09.22.03
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.31.01 VE.09.31.01 ] || ||
|  
|-
'''Manual Key Entry'''
| || [http://wiki.mozilla.org/VE_09#VE.09.32.01 VE.09.32.01 ] || ||
||  
|-
[http://wiki.mozilla.org/VE_09#VE.09.40.01 VE.09.40.01 ]  
| || [http://wiki.mozilla.org/VE_09#VE.09.33.01 VE.09.33.01 ] || ||
[http://wiki.mozilla.org/VE_09#VE.09.40.02 VE.09.40.02 ]  
|-
|| (N/A) NSS does not implement manual Key entry ||
| || [http://wiki.mozilla.org/VE_09#VE.09.35.01 VE.09.35.01 ] || ||
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.35.02 VE.09.35.02 ] || ||
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.40.01 VE.09.40.01 ] || (N/A) ||
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.40.02 VE.09.40.02 ] || (N/A) ||
|-
|-
|  
|  
Line 248: Line 274:
||
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.45.01 VE.09.45.01 ] || (N/A) ||
| '''ByPass Service'''  ||  
|-
[http://wiki.mozilla.org/VE_09#VE.09.45.01 VE.09.45.01 ]  
| || [http://wiki.mozilla.org/VE_09#VE.09.45.02 VE.09.45.02 ] || ||
[http://wiki.mozilla.org/VE_09#VE.09.45.02 VE.09.45.02 ]  
|-
[http://wiki.mozilla.org/VE_09#VE.09.46.01 VE.09.46.01 ]  
| || [http://wiki.mozilla.org/VE_09#VE.09.46.01 VE.09.46.01 ] || ||
[http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ]  
|-
|| (N/A) NSS does not implement a ByPass service.
| || [http://wiki.mozilla.org/VE_09#VE.09.46.02 VE.09.46.02 ] || (N/A) ||
||
|}
|}


Return to: [[NSSCryptoModuleSpec]]
Return to: [[NSSCryptoModuleSpec]]
219

edits

Navigation menu