VE 07KeyMgmt: Difference between revisions

← Older edit

VE 07KeyMgmt (view source)

Revision as of 23:14, 18 August 2009

678 bytes removed , 18 August 2009

m

→‎Key Generation

Glen

219

edits

@@ Line 20: / Line 20: @@
 #* Diffie-Hellman public keys and private keys (used for key agreement)
 #* EC Diffie-Hellman public keys and private keys (used for key agreement)
-#* seed keys (for the Approved RNG)
 #* TLS premaster secret (used in deriving the TLS master secret)
 #* TLS master secret (used in the generation of symmetric cipher keys, IVs, and MAC secrets for TLS)
@@ Line 35: / Line 34: @@
 The <code>FC_GenerateKey</code> and <code>FC_GenerateKeyPair</code> functions of the NSS cryptographic module perform key generation. <code>FC_GenerateKey</code> generates secret keys and domain parameters, and <code>FC_GenerateKeyPair</code> generates public/private key pairs.
-'''Approved key generation method:''' The NSS cryptographic module uses the Approved RNG specified as Algorithm 1 of FIPS 186-2 Change Notice 1 to generate cryptographic keys used by the Approved and non-Approved security functions. The validation certificate for the Approved RNG is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].
+'''Approved key generation method:''' The NSS cryptographic module uses the Approved RNG specified as Algorithm Algorithm Hash_DRBG of SP 800-90 to generate cryptographic keys used by the Approved and non-Approved security functions. The validation certificate for the Approved RNG is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].
 Secret keys for symmetric key algorithms and HMAC are generated using the output of the Approved RNG.
@@ Line 47: / Line 46: @@
 ECDSA public and private keys are generated using the method specified in ANSI X9.62-1998.
-'''Security of key generation method:''' The seed-key, ''XKEY'', of the Approved RNG is 256 bits. The keys generated by the NSS cryptographic module have at most 256 bits of security. (See NIST [http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf Special Publication (SP) 800-57 Part 1], Table 2 in Section 5.6.1 on page 63.) Therefore, compromising the security of the key generation method (e.g., guessing the seed value to initialize the Approved RNG) requires at least as many operations as determining the value of the generated key.
+'''Security of key generation method:''' The keys generated by the NSS cryptographic module have at most 256 bits of security. (See NIST [http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf Special Publication (SP) 800-57 Part 1], Table 2 in Section 5.6.1 on page 63.) Therefore, compromising the security of the key generation method (e.g., guessing the seed value to initialize the Approved RNG) requires at least as many operations as determining the value of the generated key.
 The initial value of ''XKEY'' is derived using the following procedure.
@@ Line 76: / Line 75: @@
 ** information about the file system and volume of the root of the current directory returned by <code>GetVolumeInformation(NULL, ...)</code>
 ** information about the current disk, including the amount of free space on the current disk, returned by <code>GetDiskFreeSpace(NULL, ...)</code>
-** the number of files in <code>C:\WINDOWS\system32</code> and the status information and contents of at least 10 of them
+** the number of files in <code>C:\WINDOWS\system32</code> and the status information and contents of the first 10 readable files and then 10 or 11 files spread throughout the directory
 '''References'''
@@ Line 102: / Line 101: @@
 * EC Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 256 bits of encryption strength)
 * RSA (PKCS #1, key wrapping, key establishment methodology provides between 80 bits and 192 bits of encryption strength)
-The [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Security Policy] is also annotated with these caveats.
+The [http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy Rule 20] is also annotated with these caveats.
 </div>
@@ Line 140: / Line 139: @@
 =Random Number Generator=
-There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm 1 of FIPS 186-2 Change Notice 1. (The RNG validation certificate is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].) The Approved RNG is used within the NSS cryptographic module for all cryptographic purposes, including the generation of cryptographic keys used by an Approved security function.
+There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]. (The RNG validation certificate is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208 NEEDSUPDATEFOR_3_12_X].) The Approved RNG is used within the NSS cryptographic module for all cryptographic purposes, including the generation of cryptographic keys used by an Approved security function.
-If the seed and seed key input to the Approved RNG have the same value, the Approved RNG returns a failure status code and doesn't produce any output. The check is done by the <code>memcmp</code> function call in the function <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#FIPS186Change_GenerateX FIPS186Change_GenerateX]</code>:
-            if (memcmp(XKEY_old, XSEEDj, BSIZE) == 0) {
-                /* Should we add the error code SEC_ERROR_BAD_RNG_SEED? */
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                rv = SECFailure;
-                goto done;
-            }
 =Key Zeroization=
-The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a plaintext secret key, private key, or password. The function used to zeroize memory used by plaintext secret and private keys and passwords is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>:
+The NSS cryptographic module performs explicit zeroization steps to clear the memory region previously occupied by a plaintext secret key, private key, or password. The function used to zeroize memory used by plaintext secret and private keys and passwords is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>:
    #define PORT_Memset     memset
-If the memory is allocated from the heap, the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/util/secport.c.dep.html#PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zeroize and free memory:
+If the memory is allocated from the heap, the [http://mxr.mozilla.org/security/ident?i=PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zeroize and free memory:
    void
    PORT_ZFree(void *ptr, size_t len)
@@ Line 171: / Line 161: @@
 * the NSS cryptographic module is shut down (with a <code>FC_Finalize</code> call),
 * the NSS cryptographic module is reinitialized (with a <code>FC_InitToken</code> call), or
-* the NSS cryptographic module switches between the FIPS and non-FIPS modes (with a <code>C_Finalize</code>/<code>FC_Initialize</code> or <code>FC_Finalize</code>/<code>C_Initialize</code> call sequence).
+* the NSS cryptographic module switches between the FIPS and non-FIPS modes (with a <code>NSC_Finalize</code>/<code>FC_Initialize</code> or <code>FC_Finalize</code>/<code>NSC_Initialize</code> call sequence).
 Passwords are automatically zeroized by the NSS cryptographic module immediately after use.
 The <code>memset()</code> function is extremely fast. Zeroization can be performed in a time that is not sufficient to compromise plaintext secret and private keys and passwords.