Revision as of 00:44, 4 August 2006

The module can perform the following self-tests:

Power-Up Selftests

Software integrity test

An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails the module immediately enters the Error state.

Cryptographic algorithm tests

A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module:

(see the power-up self-tests source code).

Note: Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.


Algorithm	Tests
RC2	RC2-ECB Single-Round Known Answer Encryption RC2-ECB Single-Round Known Answer Decryption RC2-CBC Single-Round Known Answer Encryption RC2-CBC Single-Round Known Answer Decryption
RC4	Single-Round Known Answer Encryption Single-Round Known Answer Decryption
DES	DES-ECB Single-Round Known Answer Encryption DES-ECB Single-Round Known Answer Decryption DES-CBC Single-Round Known Answer Encryption DES-CBC Single-Round Known Answer Decryption
Triple DES	DES3-ECB Single-Round Known Answer Encryption DES3-ECB Single-Round Known Answer Decryption DES3-CBC Single-Round Known Answer Encryption DES3-CBC Single-Round Known Answer Decryption
AES-128, AES-192, AES-256	AES-ECB Single-Round Known Answer Encryption AES-ECB Single-Round Known Answer Decryption AES-CBC Single-Round Known Answer Encryption AES-CBC Single-Round Known Answer Decryption
MD2	Single-Round Known Answer Hashing
MD5	Single-Round Known Answer Hashing
SHA-1, SHA-256, SHA-384, SHA-512	Single-Round Known Answer Hashing
HMAC-SHA-1	Single-Round Known Answer HMAC
HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512	Single-Round Known Answer
RSA	Single-Round Known Answer Encryption Single-Round Known Answer Decryption Single-Round Known Answer Signature Test SHA-1 Single-Round Known Answer Signature Test SHA-256 Single-Round Known Answer Signature Test SHA-384 Single-Round Known Answer Signature Test SHA-512
DSA	Single-Round Known Answer Signature Single-Round Known Answer Verification
RNG
ECDSA	Single-Round Known Answer Signature Single-Round Known Answer Verification

@@ Line 2: / Line 2: @@
 =Power-Up Selftests=
+==Software integrity test==
+An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails the module immediately enters the Error state.
 ==Cryptographic algorithm tests==
 A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module:
@@ Line 76: / Line 80: @@
   (see the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html power-up self-tests source code]).<div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div>
 |}
-==Software integrity test==
-=Conditional self-tests=
-* Pair-wise consistency test (for public and private keys)
-* Continous random number generator test
-These tests are mandatory for the FIPS 140-2 mode of
-operation.

Power Up Selftests: Difference between revisions

Revision as of 00:44, 4 August 2006

Power-Up Selftests

Software integrity test

Cryptographic algorithm tests

Navigation menu

Power Up Selftests: Difference between revisions

Revision as of 00:44, 4 August 2006

Power-Up Selftests

Software integrity test

Cryptographic algorithm tests

Navigation menu

Search