219
edits
NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions
NSSCryptoModuleSpec/Section 9: Self Tests (view source)
Revision as of 19:18, 21 September 2005
, 21 September 2005no edit summary
mNo edit summary |
mNo edit summary |
||
| Line 96: | Line 96: | ||
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ] | || [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ] | ||
|| | || | ||
The products will not have a user | |||
visible way to initiate these tests | visible way to initiate these tests | ||
other than restarting the program. | other than restarting the program. | ||
|| | || | ||
|- | |- | ||
| Line 132: | Line 132: | ||
| | | | ||
'''Procedure by which an operator can | '''Procedure by which an operator can | ||
initiate the power-up self-tests | initiate the power-up self-tests''' | ||
''' | |||
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ] | || [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ] | ||
|| | || | ||
The products will not have a user visible way to initiate | |||
these tests other than restarting the program. | these tests other than restarting the program. | ||
|| | || | ||
|- | |- | ||
| Line 197: | Line 196: | ||
[http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ] | [http://wiki.mozilla.org/VE_09#VE.09.20.01 VE.09.20.01 ] | ||
|| | || | ||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html | [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html Power up Self Test Code] | ||
Power up Self Test Code] | |||
[[Power up SelfTest Design]] | [[Power up SelfTest Design]] | ||
| Line 206: | Line 204: | ||
tests are mandatory for the FIPS-140-2 mode of | tests are mandatory for the FIPS-140-2 mode of | ||
operation. | operation. | ||
|| | |||
|- | |- | ||
| '''Independant cryptographic algorithm implemenations''' | | '''Independant cryptographic algorithm implemenations''' | ||
|| [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ] | || [http://wiki.mozilla.org/VE_09#VE.09.20.02 VE.09.20.02 ] | ||
|| | || | ||
(N/A) || | (N/A) | ||
|| | |||
|- | |- | ||
| | | | ||
Integrity test for software components | '''Integrity test for software components''' | ||
|| | || | ||
[http://wiki.mozilla.org/VE_09#VE.09.22.01 VE.09.22.01 ] | [http://wiki.mozilla.org/VE_09#VE.09.22.01 VE.09.22.01 ] | ||
| Line 219: | Line 219: | ||
[http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ] | [http://wiki.mozilla.org/VE_09#VE.09.22.03 VE.09.22.03 ] | ||
|| | || | ||
[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Standard (DSS) ] is used as the approved authentication | |||
technique for the integrity test of the software component. When the softokn library (libsoftokn3/softokn3) is built a DSA signature checksum is | |||
generated and stored in a file libsoftokn3.chk/softokn3.chk. When the module is in FIPS mode, at initialization the softoken computes its checksum and compares it with the value in libsoftokn3.chk/softokn3.chk. | |||
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.dep.html#FC_Initialize FC_Initialize ] calls [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11.c.dep.html#nsc_CommonInitialize nsc_CommonInitialize ] and then the DSS signature is check before the module | |||
is allowed to load. | |||
|| | || | ||
| Line 226: | Line 234: | ||
| '''Critical Functions''' | | '''Critical Functions''' | ||
|| [http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ] | || [http://wiki.mozilla.org/VE_09#VE.09.27.01 VE.09.27.01 ] | ||
|| | |||
|| | || | ||
|- | |- | ||
| Line 231: | Line 240: | ||
'''Conditional tests''' | '''Conditional tests''' | ||
|| [http://wiki.mozilla.org/VE_09#VE.09.28.01 VE.09.28.01 ] | || [http://wiki.mozilla.org/VE_09#VE.09.28.01 VE.09.28.01 ] | ||
|| | || | ||
|| | |||
|- | |- | ||
'''Verification of Digital Signatures''' | '''Verification of Digital Signatures''' | ||