On Jan 14, 10:21 am, Glen Beasley <glen.beas...@sun.com> wrote: > Sreedhar Kamishetti wrote: > > > Hello, > > > I just started looking at JSS. > > > Can some one point me to the API provided by JSS for running Power Up > > and Conditional Self Tests for various cryptographic modules/algorithms? > > JSS is a JAVA interface to NSS; basically a JNI wrapper for NSS. JSS in > FIPS mode or Non-FIPS mode does not do any crypto > at the java layer and instead, via JNI calls, requests NSS to perform > the cryptographic operations. > > Thus the PowerUp and Conditional Self Test are in > NSS.http://mxr.mozilla.org/security/source/security/nss/lib/softoken/fips... > > The PowerUp tests will be performed when NSS is initialized in FIPS mode. > > Java application using JSS are said to be FIPS compliant by either > loading NSS in FIPS mode > or using the JSS provided methods to put NSS in FIPS mode. As with C > applications that want to > be FIPS compliant, Java applications using JSS loading (NSS in FIPS > mode) must adhere to > the "Security Rules" specified in the NSS security policy: > > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp814.pdf > > Some Related links:https://wiki.mozilla.org/FIPS_Validation > Sample test > program:http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/t... > > -glen > > > > > > > Thanks, > > > Sreedhar > > > ------------------------------------------------------------------------ > > > _______________________________________________ > > dev-tech-crypto mailing list > > dev-tech-cry...@lists.mozilla.org > >https://lists.mozilla.org/listinfo/dev-tech-crypto- Hide quoted text - > > - Show quoted text -
Thanks Glen for the reply. I understood that NSS takes care of Self Tests. But FIPS require on demand tests also right. So, I wondering is there an easy way to trigger these tests. One way I thought was to initialize the CryptoManage each time we want to run these self tests. But once it is initialized, It does not allow to call initialize again throwing "AlreadyInitializedException". In one of the bug fix in NSS, it was stated that FC_finalize and FC_initialize would do the trick. So, I was searching something similar in JSS API. Thanks, Sreedhar _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
