On Jan 15, 10:53 am, Glen Beasley <glen.beas...@sun.com> wrote: > ksreedha...@gmail.com wrote: > > On Jan 14, 10:21 am, Glen Beasley <glen.beas...@sun.com> wrote: > > >> Sreedhar Kamishetti wrote: > > >>> Hello, > > >>> I just started looking at JSS. > > >>> Can some one point me to the API provided by JSS for running Power Up > >>> and Conditional Self Tests for various cryptographic modules/algorithms? > > >> JSS is a JAVA interface to NSS; basically a JNI wrapper for NSS. JSS in > >> FIPS mode or Non-FIPS mode does not do any crypto > >> at the java layer and instead, via JNI calls, requests NSS to perform > >> the cryptographic operations. > > >> Thus the PowerUp and Conditional Self Test are in > >> NSS.http://mxr.mozilla.org/security/source/security/nss/lib/softoken/fips... > > >> The PowerUp tests will be performed when NSS is initialized in FIPS mode. > > >> Java application using JSS are said to be FIPS compliant by either > >> loading NSS in FIPS mode > >> or using the JSS provided methods to put NSS in FIPS mode. As with C > >> applications that want to > >> be FIPS compliant, Java applications using JSS loading (NSS in FIPS > >> mode) must adhere to > >> the "Security Rules" specified in the NSS security policy: > > >>http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp814.pdf > > >> Some Related links:https://wiki.mozilla.org/FIPS_Validation > >> Sample test > >> program:http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/t... > > >> -glen > > > Thanks Glen for the reply. I understood that NSS takes care of Self > > Tests. But FIPS require on demand tests also right. So, I wondering is > > there an easy way to trigger these tests. > > Shutting down and restarting the application satisfies the requirement > to execute power-up self-tests on demand > by the user as defined in Section 4.9.1 of FIPS 140-2 . Each time you > launch your java app and initialize JSS, it can > load NSS in FIPS mode and run the power up self tests. > > "In addition to performing the power-up tests when powered up, a > cryptographic module shall permit > operators to initiate the tests on demand for periodic testing of the > module. Resetting, rebooting, and power > cycling are acceptable means for the on-demand initiation of power-up > tests. " > > http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf > > -glen > > > > > Thanks, > > Sreedhar > > _______________________________________________ > > dev-tech-crypto mailing list > > dev-tech-cry...@lists.mozilla.org > >https://lists.mozilla.org/listinfo/dev-tech-crypto- Hide quoted text - > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
Thanks Glen. How about the RNG continuous tests? Also, how can we get the states of Finite state model of the cryptographic modules of NSS from JSS as required by FIPS. Thanks, Sreedhar _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
