VE 07KeyMgmt: Difference between revisions

← Older edit

VE 07KeyMgmt (view source)

Revision as of 23:14, 18 August 2009

745 bytes removed , 18 August 2009

m

→‎Key Generation

Glen

219

edits

@@ Line 20: / Line 20: @@
 #* Diffie-Hellman public keys and private keys (used for key agreement)
 #* EC Diffie-Hellman public keys and private keys (used for key agreement)
-#* seed-key of the Approved RNG
 #* TLS premaster secret (used in deriving the TLS master secret)
 #* TLS master secret (used in the generation of symmetric cipher keys, IVs, and MAC secrets for TLS)
@@ Line 35: / Line 34: @@
 The <code>FC_GenerateKey</code> and <code>FC_GenerateKeyPair</code> functions of the NSS cryptographic module perform key generation. <code>FC_GenerateKey</code> generates secret keys and domain parameters, and <code>FC_GenerateKeyPair</code> generates public/private key pairs.
-'''Approved key generation method:''' The NSS cryptographic module uses the Approved RNG specified as Algorithm 1 of FIPS 186-2 Change Notice 1 to generate cryptographic keys used by the Approved and non-Approved security functions. The validation certificate for the Approved RNG is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].
+'''Approved key generation method:''' The NSS cryptographic module uses the Approved RNG specified as Algorithm Algorithm Hash_DRBG of SP 800-90 to generate cryptographic keys used by the Approved and non-Approved security functions. The validation certificate for the Approved RNG is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].
 Secret keys for symmetric key algorithms and HMAC are generated using the output of the Approved RNG.
@@ Line 47: / Line 46: @@
 ECDSA public and private keys are generated using the method specified in ANSI X9.62-1998.
-'''Security of key generation method:''' The seed-key, ''XKEY'', of the Approved RNG is 256 bits. The keys generated by the NSS cryptographic module have at most 256 bits of security. (See NIST [http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf Special Publication (SP) 800-57 Part 1], Table 2 in Section 5.6.1 on page 63.) Therefore, compromising the security of the key generation method (e.g., guessing the seed value to initialize the Approved RNG) requires at least as many operations as determining the value of the generated key.
+'''Security of key generation method:''' The keys generated by the NSS cryptographic module have at most 256 bits of security. (See NIST [http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf Special Publication (SP) 800-57 Part 1], Table 2 in Section 5.6.1 on page 63.) Therefore, compromising the security of the key generation method (e.g., guessing the seed value to initialize the Approved RNG) requires at least as many operations as determining the value of the generated key.
 The initial value of ''XKEY'' is derived using the following procedure.
@@ Line 140: / Line 139: @@
 =Random Number Generator=
-There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm 1 of FIPS 186-2 Change Notice 1. (The RNG validation certificate is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208].) The Approved RNG is used within the NSS cryptographic module for all cryptographic purposes, including the generation of cryptographic keys used by an Approved security function.
+There is only one random number generator (RNG) used in the NSS cryptographic module. The RNG is an Approved RNG, implementing Algorithm Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]. (The RNG validation certificate is [http://csrc.nist.gov/cryptval/rng/rngval.html#208 Cert# 208 NEEDSUPDATEFOR_3_12_X].) The Approved RNG is used within the NSS cryptographic module for all cryptographic purposes, including the generation of cryptographic keys used by an Approved security function.
-If the seed and seed key input to the Approved RNG have the same value, the Approved RNG returns a failure status code and doesn't produce any output. The check is done by the <code>memcmp</code> function call in the function <code>[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/freebl/prng_fips1861.c.dep.html#FIPS186Change_GenerateX FIPS186Change_GenerateX]</code>:
-            if (memcmp(XKEY_old, XSEEDj, BSIZE) == 0) {
-                /* Should we add the error code SEC_ERROR_BAD_RNG_SEED? */
-                PORT_SetError(SEC_ERROR_INVALID_ARGS);
-                rv = SECFailure;
-                goto done;
-            }
 =Key Zeroization=
-The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a plaintext secret key, private key, or password. The function used to zeroize memory used by plaintext secret and private keys and passwords is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>:
+The NSS cryptographic module performs explicit zeroization steps to clear the memory region previously occupied by a plaintext secret key, private key, or password. The function used to zeroize memory used by plaintext secret and private keys and passwords is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>:
    #define PORT_Memset     memset
-If the memory is allocated from the heap, the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/util/secport.c.dep.html#PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zeroize and free memory:
+If the memory is allocated from the heap, the [http://mxr.mozilla.org/security/ident?i=PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zeroize and free memory:
    void
    PORT_ZFree(void *ptr, size_t len)