FIPS Operational Environment: Difference between revisions

Jump to navigation Jump to search

FIPS Operational Environment (view source)

Revision as of 22:58, 15 September 2006

128 bytes added ,  15 September 2006
→‎Auditable Events
Line 165: Line 165:
Every audit record contains the following information about the event:
Every audit record contains the following information about the event:
* date and time of the event
* date and time of the event
* the string <code>"NSS <softoken library name>"</code>, which identifies the NSS cryptographic module. On Red Hat Enterprise Linux and Solaris, this string is <code>"NSS libsoftokn3.so"</code>.
* the string "NSS ''<softoken library name>''", which identifies the NSS cryptographic module. On Red Hat Enterprise Linux and Solaris, this string is "NSS libsoftokn3.so"
* process ID (pid) of the process using the NSS cryptographic module
* process ID (pid) of the process using the NSS cryptographic module
* user ID (uid) of the user who owns the process
* user ID (uid) of the user who owns the process
* the actual audit message, which usually consists of
* the audit text message, which usually consists of
** the PKCS #11 function that generated the event. For example, <code>FC_Login</code>.
** the PKCS #11 function that generated the event. For example, <code>FC_Login</code>.
** the arguments and return code (error code) of the function. Arguments that contain sensitive information such as passwords are omitted.
** the arguments and return code (error code) of the function. Arguments that contain sensitive information such as passwords are omitted.
** (optional) an error message. For example, <code>"power-up self-tests failed"</code>.
** (optional) an error message. For example, "power-up self-tests failed".


The following events are auditable by the NSS cryptographic module.
The following events are auditable by the NSS cryptographic module.
* attempts to provide invalid input for crypto officer functions: We log the use of all crypto officer functions with the return code. The return code tells us whether the operator attempted to provide invalid input.
* attempts to provide invalid input for crypto officer functions: We log the use of all crypto officer functions with the return code. The return code tells us whether the operator attempted to provide invalid input.
** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>
** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>
*** If <code>slotID</code> is invalid, the return code <code>0x00000003 (CKR_SLOT_ID_INVALID)</code> is logged.
*** If <code>slotID</code> is invalid, the return code 0x00000003 (<code>CKR_SLOT_ID_INVALID</code>) is logged.
*** The other input arguments are ignored. (The password of the Crypto Officer is not used because the module depends on the OS to authenticate the Crypto Officer and doesn't perform further authentication.)
*** The other input arguments are ignored. (The password of the Crypto Officer is not used because the module depends on the OS to authenticate the Crypto Officer and doesn't perform further authentication.)
** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code>
** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code>
*** If <code>hSession</code> is invalid, the return code <code>0x000000B3 (CKR_SESSION_HANDLE_INVALID)</code> is logged.
*** If <code>hSession</code> is invalid, the return code 0x000000B3 (<code>CKR_SESSION_HANDLE_INVALID</code>) is logged.
*** If the password that <code>pPin</code> points to has an invalid UTF-8 character, the return code <code>0x000000A1 (CKR_PIN_INVALID)</code> is logged.
*** If the password that <code>pPin</code> points to has an invalid UTF-8 character, the return code 0x000000A1 (<code>CKR_PIN_INVALID</code>) is logged.
*** If <code>ulPinLen</code> is too short or too long, or the password that <code>pPin</code> points to is too weak (doesn't have enough character types), the return code <code>0x000000A2 (CKR_PIN_LEN_RANGE)</code> is logged.
*** If <code>ulPinLen</code> is too short or too long, or the password that <code>pPin</code> points to is too weak (doesn't have enough character types), the return code 0x000000A2 (<code>CKR_PIN_LEN_RANGE</code>) is logged.
* the addition or deletion of an operator to/from a crypto officer role: Since any authorized operator can assume the crypto officer role, this event is equivalent to the addition or deletion of a user account in the OS. These events are recorded by the audit mechanism of the OS.
* the addition or deletion of an operator to/from a crypto officer role: Since any authorized operator can assume the crypto officer role, this event is equivalent to the addition or deletion of a user account in the OS. These events are recorded by the audit mechanism of the OS.
** Red Hat Enterprise Linux 4: FAU_SMR.1 ''Modifications to the group of users that are part of a role'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, page 32.)
** Red Hat Enterprise Linux 4: FAU_SMR.1 ''Modifications to the group of users that are part of a role'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, page 32.)
Line 189: Line 189:
** Trusted Solaris 8: Audit.2 ''Attempts to access to objects are auditable''. (See [http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf Security Target], page 54.)
** Trusted Solaris 8: Audit.2 ''Attempts to access to objects are auditable''. (See [http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf Security Target], page 54.)
* requests to use authentication data management mechanisms
* requests to use authentication data management mechanisms
** FC_InitPIN calls (which initialize the NSS User's password)
** <code>FC_InitPIN</code> calls (which initialize the NSS User's password)
*** "C_InitPIN(hSession=<session handle>)=<return code>"
*** "C_InitPIN(hSession=''<session handle>'')=''<return code>''"
** FC_SetPIN calls (which change the NSS User's password)
** <code>FC_SetPIN</code> calls (which change the NSS User's password)
*** "C_SetPIN(hSession=<session handle>)=<return code>"
*** "C_SetPIN(hSession=''<session handle>'')=''<return code>''"
* use of a security-relevant crypto officer function
* use of a security-relevant crypto officer function
** FC_InitToken calls (which re-initialize the module)
** <code>FC_InitToken</code> calls (which re-initialize the module)
*** "C_InitToken(slotID=<slot ID>, pLabel="<token label>")=<return code>"
*** "C_InitToken(slotID=''<slot ID>'', pLabel=''"<token label>"'')=''<return code>''"
** FC_InitPIN calls (which initialize the NSS User's password)
** <code>FC_InitPIN</code> calls (which initialize the NSS User's password)
*** "C_InitPIN(hSession=<session handle>)=<return code>"
*** "C_InitPIN(hSession=''<session handle>'')=''<return code>''"
* requests to access authentication data associated with the cryptographic module
* requests to access authentication data associated with the cryptographic module
** N/A. The module doesn't give the operator access to the authentication data.
** N/A. The module doesn't give the operator access to the authentication data.
* use of an authentication mechanism (e.g., login) associated with the cryptographic module
* use of an authentication mechanism (e.g., login) associated with the cryptographic module
** FC_Login calls
** <code>FC_Login</code> calls
*** "C_Login(hSession=<session handle>, userType=<user type>)=<return code>"
*** "C_Login(hSession=''<session handle>'', userType=''<user type>'')=''<return code>''"
** FC_Logout calls
** <code>FC_Logout</code> calls
*** "C_Logout(hSession=<session handle>)=<return code>",
*** "C_Logout(hSession=''<session handle>'')=''<return code>''"
* explicit requests to assume a crypto officer role
* explicit requests to assume a crypto officer role
** N/A. The crypto officer role is assumed implicitly when the operator performs crypto officer functions.
** N/A. The crypto officer role is assumed implicitly when the operator performs crypto officer functions.
Line 211: Line 211:
* other auditable events
* other auditable events
** Power-up self-test failure
** Power-up self-test failure
*** "C_Initialize()=<return code> power-up self-tests failed"
*** "C_Initialize()=''<return code>'' power-up self-tests failed"
** Pair-wise consistency test failure
** Pair-wise consistency test failure
*** "C_GenerateKeyPair(hSession=<session handle>, pMechanism->mechanism=<mechanism>)=<return code> self-test: pair-wise consistency test failed"
*** "C_GenerateKeyPair(hSession=''<session handle>'', pMechanism->mechanism=''<mechanism>'')=''<return code>'' self-test: pair-wise consistency test failed"
** Continuous random number generator test failure
** Continuous random number generator test failure
*** C_GenerateRandom(hSession=<session handle>, pRandomData=<pointer>, ulRandomLen=<length>)=<return code> self-test: continuous RNG test failed"
*** "C_GenerateRandom(hSession=''<session handle>'', pRandomData=''<pointer>'', ulRandomLen=''<length>'')=''<return code>'' self-test: continuous RNG test failed"
** Switching between FIPS and non-FIPS modes
** Switching between FIPS and non-FIPS modes
*** "enabled FIPS mode"
*** "enabled FIPS mode"
*** "disabled FIPS mode"
*** "disabled FIPS mode"
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/34143"

Navigation menu