Closed
Bug 494073
Opened 15 years ago
Closed 15 years ago
update RSA/DSA powerupself tests to be compliant for 2011
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.4
People
(Reporter: glenbeasley, Assigned: glenbeasley)
Details
(Whiteboard: FIPS)
Attachments
(1 file)
38.96 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
In 2011, NIST mandates the use of 112-bit security strength cryptography. This means that RSA 2048 with SHA256 will be the minimum acceptable size for FIPS use. The CMVP requires that validated module perform their power-up self-test using the current, minimum, Approved key size. Thus, in 2011, the CMVP may state that already validated modules that only provide a RSA 1024/SHA-1 power-up self-test may not be allowed to use RSA while in a FIPS mode of operation. CMVP did make a ruling along these lines when 56-bit crypto was phased out. But an RSA 2048-bit PKCS#1 with SHA-256 will be compliant in 2011 no matter how the CMVP rules. Note that this comment in general also applies to the DSA 1024-bit power-up integrity check.
Assignee | ||
Comment 1•15 years ago
|
||
This patch updates RSA KAT for encryption/decryption, SHA256, SHA384 and SHA512 Signature KAT tests using a known RSA 2048 bit key pair. removed the RSA SHA1 KAT since a SHA1 KAT is in sftk_fips_SHA_PowerUpSelfTest and is not needed in sftk_fips_RSA_PowerUpSelfTest. since FIPS 186-3 is still in draft stage, we are not going to update DSA KAT. NSS implements DSA according to the current FIPS standard, FIPS 186-2 Change Notice 1.
Attachment #381442 -
Flags: review?(rrelyea)
Assignee | ||
Updated•15 years ago
|
Whiteboard: FIPS SUN WANTS
Comment 2•15 years ago
|
||
Comment on attachment 381442 [details] [diff] [review] update sftk_fips_RSA_PowerUpSelfTest to use a 2048 bit key r+ assuming this is sufficient to still accept RSA SHA1 signatures until they go away (FIPS-wise) in 2010
Attachment #381442 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 3•15 years ago
|
||
thanks bob for the review. I asked the lab if I was allowed to remove the RSA SHA1 KAT before my patch: "You can remove the RSA-SHA1 KAT if you want, or can also leave it in. It does not matter either way as SHA-1 has a standalone KAT of its own too, and RSA is tested with the other SHA's as you point out." also, Section 9 of the Implementation Guidance for FIPS PUB 140-2 allows for removal of redundant/duplicate KATs.
Assignee | ||
Comment 4•15 years ago
|
||
/cvsroot/mozilla/security/nss/lib/softoken/fipstest.c,v <-- fipstest.c new revision: 1.26; previous revision: 1.25 done
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: FIPS SUN WANTS → FIPS
You need to log in
before you can comment on or make changes to this bug.
Description
•