On 07/28/2012 06:45 AM, Vasantharangan, Shruthi M. wrote:
So is the GenerateRandom which internally uses softtoken of NSS 3.11.4
generate a FIPS 140-2 level 2 random number ? I would like to make sure it's
not FIPS 140-2 level 1.
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#815
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#814
On RHEL -5, Yes. In the last column of 814, you will see "Overall Level:
2, as well as the FIPS approved algorithms (including RNG, Cert. #208).
Since 3.11.4 uses the DSA RNG, which is the tool in ~lib/freebl/cmd, that I can
use to validate the DSA test vectors? This is just to make sure we are using
NSS api's correctly.
You can't test the vectors for either RNG or DRBG from the exported
API's. This is because FIPS vectors want to be able to set the internal
seed for testing. NSS always provided rng data with a random internal
seed. The fipstest program links directly with the underlying code so we
can test the algorithms directly.
Actually none of our algorithms are tested at the high level.
Are you trying to run the tests for your own sanity, or are you trying
to do an actual reval?
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
