Canmove, confirm
937
edits
Changes
→Auditable Events
Every audit record contains the following information about the event:
* date and time of the event
* the string <code>"NSS ''<softoken library name>''"</code>, which identifies the NSS cryptographic module. On Red Hat Enterprise Linux and Solaris, this string is <code>"NSS libsoftokn3.so"</code>.
* process ID (pid) of the process using the NSS cryptographic module
* user ID (uid) of the user who owns the process
* the actual audit text message, which usually consists of
** the PKCS #11 function that generated the event. For example, <code>FC_Login</code>.
** the arguments and return code (error code) of the function. Arguments that contain sensitive information such as passwords are omitted.
** (optional) an error message. For example, <code>"power-up self-tests failed"</code>.
The following events are auditable by the NSS cryptographic module.
* attempts to provide invalid input for crypto officer functions: We log the use of all crypto officer functions with the return code. The return code tells us whether the operator attempted to provide invalid input.
** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>
*** If <code>slotID</code> is invalid, the return code 0x00000003 (<code>0x00000003 (CKR_SLOT_ID_INVALID)</code> ) is logged.
*** The other input arguments are ignored. (The password of the Crypto Officer is not used because the module depends on the OS to authenticate the Crypto Officer and doesn't perform further authentication.)
** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code>
*** If <code>hSession</code> is invalid, the return code 0x000000B3 (<code>0x000000B3 (CKR_SESSION_HANDLE_INVALID)</code> ) is logged.*** If the password that <code>pPin</code> points to has an invalid UTF-8 character, the return code 0x000000A1 (<code>0x000000A1 (CKR_PIN_INVALID)</code> ) is logged.*** If <code>ulPinLen</code> is too short or too long, or the password that <code>pPin</code> points to is too weak (doesn't have enough character types), the return code 0x000000A2 (<code>0x000000A2 (CKR_PIN_LEN_RANGE)</code> ) is logged.
* the addition or deletion of an operator to/from a crypto officer role: Since any authorized operator can assume the crypto officer role, this event is equivalent to the addition or deletion of a user account in the OS. These events are recorded by the audit mechanism of the OS.
** Red Hat Enterprise Linux 4: FAU_SMR.1 ''Modifications to the group of users that are part of a role'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, page 32.)
** Trusted Solaris 8: Audit.2 ''Attempts to access to objects are auditable''. (See [http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf Security Target], page 54.)
* requests to use authentication data management mechanisms
** <code>FC_InitPIN </code> calls (which initialize the NSS User's password)*** "C_InitPIN(hSession=''<session handle>'')=''<return code>''"** <code>FC_SetPIN </code> calls (which change the NSS User's password)*** "C_SetPIN(hSession=''<session handle>'')=''<return code>''"
* use of a security-relevant crypto officer function
** <code>FC_InitToken </code> calls (which re-initialize the module)*** "C_InitToken(slotID=''<slot ID>'', pLabel=''"<token label>"'')=''<return code>''"** <code>FC_InitPIN </code> calls (which initialize the NSS User's password)*** "C_InitPIN(hSession=''<session handle>'')=''<return code>''"
* requests to access authentication data associated with the cryptographic module
** N/A. The module doesn't give the operator access to the authentication data.
* use of an authentication mechanism (e.g., login) associated with the cryptographic module
** <code>FC_Login </code> calls*** "C_Login(hSession=''<session handle>'', userType=''<user type>'')=''<return code>''"** <code>FC_Logout </code> calls*** "C_Logout(hSession=''<session handle>'')=''<return code>''",
* explicit requests to assume a crypto officer role
** N/A. The crypto officer role is assumed implicitly when the operator performs crypto officer functions.
* other auditable events
** Power-up self-test failure
*** "C_Initialize()=''<return code> '' power-up self-tests failed"
** Pair-wise consistency test failure
*** "C_GenerateKeyPair(hSession=''<session handle>'', pMechanism->mechanism=''<mechanism>'')=''<return code> '' self-test: pair-wise consistency test failed"
** Continuous random number generator test failure
*** "C_GenerateRandom(hSession=''<session handle>'', pRandomData=''<pointer>'', ulRandomLen=''<length>'')=''<return code> '' self-test: continuous RNG test failed"
** Switching between FIPS and non-FIPS modes
*** "enabled FIPS mode"
*** "disabled FIPS mode"
