ksreedha...@gmail.com wrote:
On Jan 14, 10:21 am, Glen Beasley <glen.beas...@sun.com> wrote:
Sreedhar Kamishetti wrote:
Hello,
I just started looking at JSS.
Can some one point me to the API provided by JSS for running Power Up
and Conditional Self Tests for various cryptographic modules/algorithms?
JSS is a JAVA interface to NSS; basically a JNI wrapper for NSS. JSS in
FIPS mode or Non-FIPS mode does not do any crypto
at the java layer and instead, via JNI calls, requests NSS to perform
the cryptographic operations.
Thus the PowerUp and Conditional Self Test are in
NSS.http://mxr.mozilla.org/security/source/security/nss/lib/softoken/fips...
The PowerUp tests will be performed when NSS is initialized in FIPS mode.
Java application using JSS are said to be FIPS compliant by either
loading NSS in FIPS mode
or using the JSS provided methods to put NSS in FIPS mode. As with C
applications that want to
be FIPS compliant, Java applications using JSS loading (NSS in FIPS
mode) must adhere to
the "Security Rules" specified in the NSS security policy:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp814.pdf
Some Related links:https://wiki.mozilla.org/FIPS_Validation
Sample test
program:http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/t...
-glen
Thanks Glen for the reply. I understood that NSS takes care of Self
Tests. But FIPS require on demand tests also right. So, I wondering is
there an easy way to trigger these tests.
Shutting down and restarting the application satisfies the requirement
to execute power-up self-tests on demand
by the user as defined in Section 4.9.1 of FIPS 140-2 . Each time you
launch your java app and initialize JSS, it can
load NSS in FIPS mode and run the power up self tests.
"In addition to performing the power-up tests when powered up, a
cryptographic module shall permit
operators to initiate the tests on demand for periodic testing of the
module. Resetting, rebooting, and power
cycling are acceptable means for the on-demand initiation of power-up
tests. "
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
-glen
Thanks,
Sreedhar
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto