Closed Bug 347409 Opened 18 years ago Closed 18 years ago

Initiate the power-up self-tests on demand by restarting the NSS cryptographic module

Categories

(NSS :: Libraries, enhancement, P2)

3.11
enhancement

Tracking

(Not tracked)

RESOLVED FIXED
3.11.3

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(1 file)

FIPS 140-2 says: In addition to performing the power-up self-tests when powered up, a cryptographic module shall permit operator to initiate the tests on demand for periodic testing of the module. It then says: Resetting, rebooting, and power cycling are acceptable means for the on-demand initiation of power-up tests. For the NSS cryptographic module, "resetting, rebooting, and power cycling" are equivalent to calling FC_Finalize and FC_Initialize to shut down and restart the PKCS #11 module. Right now we provide the on-demand initiation of power-up self-tests by overloading FC_Login -- if the operator is already logged into the FIPS token and calls FC_Login again, it means he wants to initiate the power-up self-tests on demand. I propose that we take advantage of what FIPS 140-2 allows us to do, and just use restarting the PKCS #11 module as the means for the on-demand initiation of power-up tests. Then we will only need to call the power-up self-tests in FC_Initialize. Our FIPS documentation will need to be updated.
Attached patch Proposed patchSplinter Review
Remove the on-demand initiation of power-up self-tests (and the audit logging statement for self-test failure) from FC_Login. Note that I add a new Boolean variable 'successful' to store the value of the common expression (rv == CKR_OK) || (rv == CKR_USER_ALREADY_LOGGED_IN).
Attachment #232195 - Flags: superreview?(nelson)
Attachment #232195 - Flags: review?(neil.williams)
Comment on attachment 232195 [details] [diff] [review] Proposed patch My only uncertainty about this patch was the use of %l in this statement: >+ PR_snprintf(msg,sizeof msg, >+ "C_Login(hSession=%lu, userType=%lu)=0x%08lX", >+ (PRUint32)hSession,(PRUint32)userType,(PRUint32)rv); I seem to recall that NSPR's printf functions interpret %l differently than libc's functions, but do not recall the details.
Attachment #232195 - Flags: superreview?(nelson) → review+
Nelson, NSPR uses %l for PRInt32 and PRUint32, whereas libc uses %l for long and unsigned long. Since the three variables I want to print with PR_snprintf are all unsigned long's, I first cast them to PRUint32 and then use the %l format. (Since PKCS #11 supports 32-bit platforms, it's safe to cast those unsigned long values to PRUint32 even on 64-bit platforms.)
I checked in the patch on the NSS trunk (NSS 3.12). Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.18; previous revision: 1.17 done Neil, please review this patch so that I can check it in on the NSS_3_11_BRANCH. Thanks.
Status: NEW → ASSIGNED
Priority: -- → P2
Comment on attachment 232195 [details] [diff] [review] Proposed patch OK.
Attachment #232195 - Flags: review?(neil.williams) → review+
I checked in the patch on the NSS_3_11_BRANCH for NSS 3.11.3. Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.11.2.8; previous revision: 1.11.2.7 done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Target Milestone: 3.11.5 → 3.11.3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: