Closed Bug 347409 Opened 18 years ago Closed 18 years ago

Initiate the power-up self-tests on demand by restarting the NSS cryptographic module

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Version:
3.11
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.3

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(1 file)

Proposed patch
2.03 KB, patch
neil.williams
: review+
nelson
: review+
Details | Diff | Splinter Review 
FIPS 140-2 says:
  In addition to performing the power-up self-tests when
  powered up, a cryptographic module shall permit operator
  to initiate the tests on demand for periodic testing of
  the module.

It then says:
  Resetting, rebooting, and power cycling are acceptable
  means for the on-demand initiation of power-up tests.

For the NSS cryptographic module, "resetting, rebooting,
and power cycling" are equivalent to calling FC_Finalize
and FC_Initialize to shut down and restart the PKCS #11
module.

Right now we provide the on-demand initiation of power-up
self-tests by overloading FC_Login -- if the operator is
already logged into the FIPS token and calls FC_Login again,
it means he wants to initiate the power-up self-tests on
demand.  I propose that we take advantage of what FIPS 140-2
allows us to do, and just use restarting the PKCS #11 module
as the means for the on-demand initiation of power-up tests.
Then we will only need to call the power-up self-tests in
FC_Initialize.

Our FIPS documentation will need to be updated.
Attached patch Proposed patchSplinter Review 
Remove the on-demand initiation of power-up self-tests
(and the audit logging statement for self-test failure)
from FC_Login.

Note that I add a new Boolean variable 'successful' to
store the value of the common expression
(rv == CKR_OK) || (rv == CKR_USER_ALREADY_LOGGED_IN).
Attachment #232195 - Flags: superreview?(nelson)
Attachment #232195 - Flags: review?(neil.williams)
Comment on attachment 232195 [details] [diff] [review]
Proposed patch

My only uncertainty about this patch was the use of %l in this statement:

>+	PR_snprintf(msg,sizeof msg,
>+		    "C_Login(hSession=%lu, userType=%lu)=0x%08lX",
>+		    (PRUint32)hSession,(PRUint32)userType,(PRUint32)rv);

I seem to recall that NSPR's printf functions interpret %l differently
than libc's functions, but do not recall the details.
Attachment #232195 - Flags: superreview?(nelson) → review+
Nelson, NSPR uses %l for PRInt32 and PRUint32, whereas libc uses
%l for long and unsigned long.  Since the three variables I want
to print with PR_snprintf are all unsigned long's, I first cast
them to PRUint32 and then use the %l format.  (Since PKCS #11
supports 32-bit platforms, it's safe to cast those unsigned long
values to PRUint32 even on 64-bit platforms.)
I checked in the patch on the NSS trunk (NSS 3.12).

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.18; previous revision: 1.17
done

Neil, please review this patch so that I can check it in
on the NSS_3_11_BRANCH.  Thanks.
Status: NEW → ASSIGNED
Priority: -- → P2
Comment on attachment 232195 [details] [diff] [review]
Proposed patch

OK.
Attachment #232195 - Flags: review?(neil.williams) → review+
I checked in the patch on the NSS_3_11_BRANCH for NSS 3.11.3.

Checking in fipstokn.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v  <--  fipstokn.c
new revision: 1.11.2.8; previous revision: 1.11.2.7
done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Target Milestone: 3.11.5 → 3.11.3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: