Closed Bug 494073 Opened 15 years ago Closed 15 years ago

update RSA/DSA powerupself tests to be compliant for 2011

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.12.4
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.4

People

(Reporter: glenbeasley, Assigned: glenbeasley)

Details

(Whiteboard: FIPS)

Attachments

(1 file)

update sftk_fips_RSA_PowerUpSelfTest to use a 2048 bit key
38.96 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review 
In 2011, NIST mandates the use of 112-bit security strength cryptography.  This means that RSA 2048 with SHA256 will be the minimum acceptable size for FIPS use.  The CMVP requires that validated module perform their power-up self-test using the current, minimum, Approved key size.  Thus, in 2011, the CMVP may state that already validated modules that only provide a RSA 1024/SHA-1 power-up self-test may not be allowed to use RSA while in a FIPS mode of operation. CMVP did make a ruling along these lines when 56-bit crypto was phased out.  

But an RSA 2048-bit PKCS#1 with SHA-256 will be compliant in 2011 no matter how the CMVP rules. Note that this comment in general also applies to the DSA 1024-bit power-up integrity check.
This patch updates RSA KAT for encryption/decryption, SHA256, SHA384 and SHA512 Signature KAT tests using a known RSA 2048 bit key pair.

removed the RSA SHA1 KAT since a SHA1 KAT is in sftk_fips_SHA_PowerUpSelfTest and is not needed in sftk_fips_RSA_PowerUpSelfTest. 

since FIPS 186-3 is still in draft stage, we are not going to update DSA KAT. NSS implements DSA according to the current FIPS standard, FIPS 186-2 Change 
Notice 1.
Attachment #381442 - Flags: review?(rrelyea)
Whiteboard: FIPS SUN WANTS
Comment on attachment 381442 [details] [diff] [review]
update sftk_fips_RSA_PowerUpSelfTest to use a 2048 bit key

r+ assuming this is sufficient to still accept RSA SHA1 signatures until they go away (FIPS-wise) in 2010
Attachment #381442 - Flags: review?(rrelyea) → review+
thanks bob for the review. I asked the lab if I was allowed to remove the RSA SHA1 KAT before my patch: "You can remove the RSA-SHA1 KAT if you want, or can also leave it in. It does not matter either way as SHA-1 has a standalone KAT of its own too, and RSA is tested with the other SHA's as you point out."

also, Section 9 of the Implementation Guidance for FIPS PUB 140-2 allows for removal of redundant/duplicate KATs.
/cvsroot/mozilla/security/nss/lib/softoken/fipstest.c,v  <--  fipstest.c
new revision: 1.26; previous revision: 1.25
done
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: FIPS SUN WANTS → FIPS
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: