Hi, I have downloaded the source for 3.12.9 which supports the DRBG. The fipstest tool which uses the private interface for random number generation which calls from ~lib/freebl/drbg.c. I notice that for a DRBG input file (got from DRBG) consisting of input type Hash SHA256_DRBG, the generated bits does not match what is predicted by NIST. The fipstest.c correctly reads and sets the various parameters from the input file correctly. I am trying to do a sanity check before using the NSS api. We are looking at an option to install NSS manually (since the default shipped with RHEL 5 uses libsoftoken for 3.11.4).
Rgds Shruthi -----Original Message----- From: dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org [mailto:dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org] On Behalf Of Robert Relyea Sent: Monday, 30 July, 2012 2:49 PM To: dev-tech-crypto@lists.mozilla.org Subject: Re: RandomNumberGenerator that is FIPS 140-2 level 2 complaint On 07/28/2012 06:45 AM, Vasantharangan, Shruthi M. wrote: > > So is the GenerateRandom which internally uses softtoken of NSS 3.11.4 > generate a FIPS 140-2 level 2 random number ? I would like to make sure it's > not FIPS 140-2 level 1. > > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#8 > 15 > > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#8 > 14 On RHEL -5, Yes. In the last column of 814, you will see "Overall Level: 2, as well as the FIPS approved algorithms (including RNG, Cert. #208). > > > > Since 3.11.4 uses the DSA RNG, which is the tool in ~lib/freebl/cmd, that I > can use to validate the DSA test vectors? This is just to make sure we are > using NSS api's correctly. You can't test the vectors for either RNG or DRBG from the exported API's. This is because FIPS vectors want to be able to set the internal seed for testing. NSS always provided rng data with a random internal seed. The fipstest program links directly with the underlying code so we can test the algorithms directly. Actually none of our algorithms are tested at the high level. Are you trying to run the tests for your own sanity, or are you trying to do an actual reval? bob _____________________________________________________ This electronic message and any files transmitted with it contains information from iDirect, which may be privileged, proprietary and/or confidential. It is intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please delete it and immediately notify the sender. _____________________________________________________
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
