canmove, Confirmed users
937
edits
| No edit summary | No edit summary | ||
| Line 1: | Line 1: | ||
| =Power-Up Self-Tests= | |||
| The module can perform the following power-up self-tests: | |||
| ==Cryptographic algorithm tests== | |||
| A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module. (See the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html power-up self-tests source code].) | |||
| {| border="1" cellpadding="2" | |||
| |+ | |||
| |- | |||
| !  | |||
| Algorithm | |||
| ! | |||
| Tests | |||
| |- | |||
| | RC2|| | |||
| RC2-ECB Single-Round Known Answer Encryption<br> | |||
| RC2-ECB Single-Round Known Answer Decryption<br> | |||
| RC2-CBC Single-Round Known Answer Encryption<br> | |||
| RC2-CBC Single-Round Known Answer Decryption | |||
| |- | |||
| | RC4|| | |||
| Single-Round Known Answer Encryption<br> | |||
| Single-Round Known Answer Decryption | |||
| |- | |||
| | DES|| | |||
| DES-ECB Single-Round Known Answer Encryption<br> | |||
| DES-ECB Single-Round Known Answer Decryption<br> | |||
| DES-CBC Single-Round Known Answer Encryption<br> | |||
| DES-CBC Single-Round Known Answer Decryption | |||
| |- | |||
| | Triple DES|| | |||
| DES3-ECB Single-Round Known Answer Encryption<br> | |||
| DES3-ECB Single-Round Known Answer Decryption<br> | |||
| DES3-CBC Single-Round Known Answer Encryption<br> | |||
| DES3-CBC Single-Round Known Answer Decryption | |||
| |- | |||
| | AES-128, AES-192, AES-256|| | |||
| AES-ECB Single-Round Known Answer Encryption<br> | |||
| AES-ECB Single-Round Known Answer Decryption<br> | |||
| AES-CBC Single-Round Known Answer Encryption<br> | |||
| AES-CBC Single-Round Known Answer Decryption | |||
| |- | |||
| | MD2|| | |||
| Single-Round Known Answer Hashing | |||
| |- | |||
| | MD5|| | |||
| Single-Round Known Answer Hashing | |||
| |- | |||
| | SHA-1, SHA-256, SHA-384, SHA-512|| | |||
| Single-Round Known Answer Hashing | |||
| |- | |||
| | HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512|| | |||
| Single-Round Known Answer HMAC | |||
| |- | |||
| | RSA|| | |||
| Single-Round Known Answer Encryption<br> | |||
| Single-Round Known Answer Decryption<br> | |||
| Single-Round Known Answer Signature Test SHA-1<br> | |||
| Single-Round Known Answer Signature Test SHA-256<br> | |||
| Single-Round Known Answer Signature Test SHA-384<br> | |||
| Single-Round Known Answer Signature Test SHA-512<br> | |||
| |- | |||
| | DSA|| | |||
| Single-Round Known Answer Signature<br> | |||
| Single-Round Known Answer Verification | |||
| |- | |||
| | RNG|| | |||
| FIPS 182-2 Change Notice 1 Known Answer Test | |||
| |- | |||
| | ECDSA - NIST Curve P-256 (the Extended ECC version of the module also tests Curve K-283)|| | |||
| Single-Round Known Answer Signature<br> | |||
| Single-Round Known Answer Verification | |||
| |} | |||
| <div class=note>'''Note:''' Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.</div> | |||
| ==Random number generator test== | |||
| See the known-answer test for RNG above. | |||
| ==Software/firmware integrity test== | |||
| An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails, the module immediately enters the Error state. | |||
| ==Critical functions test== | |||
| No other critical functions tests are performed on power-up. | |||