FIPS Operational Environment: Difference between revisions

FIPS Operational Environment (view source)

1,080 bytes added , 26 September 2006

canmove, Confirmed users

937

edits

@@ Line 174: / Line 174: @@
 The following events are auditable by the NSS cryptographic module.
+* modifications, accesses, deletions, and additions of cryptographic data (e.g., cryptographic keys and audit data) and CSPs (e.g., secret and private cryptographic keys, and authentication data such as passwords and PINs): audit data and authentication data are handled below.  Here we only handle cryptographic keys.
+** Object management functions, where the object is a cryptographic key (object class <code>CKO_PUBLIC_KEY</code>, <code>CKO_PRIVATE_KEY</code>, and <code>CKO_SECRET_KEY</code>)
+*** <code>FC_CreateObject</code>
+*** <code>FC_CopyObject</code>
+*** <code>FC_DestroyObject</code>
+*** <code>FC_GetObjectSize</code>
+*** <code>FC_GetAttributeValue</code>
+*** <code>FC_SetAttributeValue</code>
+** Key management functions
+*** <code>FC_GenerateKey</code>
+*** <code>FC_GenerateKeyPair</code>
+*** <code>FC_UnwrapKey</code>
+*** <code>FC_DeriveKey</code>
+** Cipher "Init" functions
+*** <code>C_EncryptInit</code>
+*** <code>C_DecryptInit</code>
+*** <code>C_SignInit</code>
+*** <code>C_SignRecoverInit</code>
+*** <code>C_VerifyInit</code>
+*** <code>C_VerifyRecoverInit</code>
 * attempts to provide invalid input for crypto officer functions: We log the use of all crypto officer functions with the return code. The return code tells us whether the operator attempted to provide invalid input.
 ** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>