NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

Jump to navigation Jump to search

NSSCryptoModuleSpec/Section 9: Self Tests (view source)

Revision as of 19:18, 21 September 2005

874 bytes added ,  21 September 2005
m
no edit summary
mNo edit summary
mNo edit summary
Line 96: Line 96:
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ]     
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ]     
||
||
'''The products will not have a user  
The products will not have a user  
visible way to initiate these tests  
visible way to initiate these tests  
other than restarting the program.'''
other than restarting the program.
||
||
|-
|-
Line 132: Line 132:
|  
|  
'''Procedure by which an operator can
'''Procedure by which an operator can
initiate the power-up self-tests  
initiate the power-up self-tests'''
'''
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ]     
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ]     
||
||
'''The products will not have a user visible way to initiate
The products will not have a user visible way to initiate
these tests other than restarting the program.'''
these tests other than restarting the program.
||
||
|-
|-
Line 197: Line 196:
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ]   
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ]   
||
||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html Power up Self Test Code]
Power up Self Test Code]


[[Power up SelfTest Design]]
[[Power up SelfTest Design]]
Line 206: Line 204:
tests are mandatory for the FIPS-140-2 mode of
tests are mandatory for the FIPS-140-2 mode of
operation.
operation.
||
|-
|-
| '''Independant cryptographic algorithm implemenations'''   
| '''Independant cryptographic algorithm implemenations'''   
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ]   
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ]   
||  
||
(N/A) ||
(N/A)  
||
|-
|-
|  
|  
Integrity test for software components
'''Integrity test for software components'''
||  
||  
[http://wiki.mozilla.org/VE_09#VE.09.22.01 VE.09.22.01 ]     
[http://wiki.mozilla.org/VE_09#VE.09.22.01 VE.09.22.01 ]     
Line 219: Line 219:
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ]     
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ]     
||  
||  
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ] is used as the approved authentication
technique for the integrity test of the software component. When the softokn library (libsoftokn3/softokn3) is built a DSA signature checksum is
generated and stored in a file libsoftokn3.chk/softokn3.chk. When the module is in FIPS mode, at initialization the softoken computes its checksum and compares it with the value in libsoftokn3.chk/softokn3.chk.
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html#FC_Initialize    FC_Initialize ] calls [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11.c.dep.html#nsc_CommonInitialize nsc_CommonInitialize ] and then the DSS signature is check before the module
is allowed to load.


||
||
Line 226: Line 234:
| '''Critical Functions'''  
| '''Critical Functions'''  
|| [http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ]   
|| [http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ]   
||
||  
||  
|-
|-
Line 231: Line 240:
'''Conditional tests'''
'''Conditional tests'''
|| [http://wiki.mozilla.org/VE_09#VE.09.28.01 VE.09.28.01 ]   
|| [http://wiki.mozilla.org/VE_09#VE.09.28.01 VE.09.28.01 ]   
||  
||
||
|-
|-
'''Verification of Digital Signatures'''
'''Verification of Digital Signatures'''
Glen
219

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/12110"

Navigation menu