API to invoke self-test in BCFIPS

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

API to invoke self-test in BCFIPS

Palod, Manish

Hi.

I am in process of incorporating BCFIPS for our product FIPS validation. [migrating from Crypto-J]

Which API I should call for invoking self-test, pair consistency checks, KATs and/or power-up tests?

 

With this API’s to assign crypto officer role to invoke these test and checking that used library is FIPS compliant or not.

 

I looked into security policy document, 100 Examples and BC-FIPS java docs

 

Thanks

Manish

Reply | Threaded
Open this post in threaded view
|

Re: API to invoke self-test in BCFIPS

David Hook-3

Hi Manish,

These tests are all done automatically. Either on startup or as the appropriate to the creation of a service object.

If you call FipsStatus.isReady() and it returns true you know that the library is ready for use. A failing self, or health, test
will result in FipsStatus.isReady() throwing an exception.

Regards,

David

On 27/04/18 11:03, Palod, Manish wrote:

Hi.

I am in process of incorporating BCFIPS for our product FIPS validation. [migrating from Crypto-J]

Which API I should call for invoking self-test, pair consistency checks, KATs and/or power-up tests?

 

With this API’s to assign crypto officer role to invoke these test and checking that used library is FIPS compliant or not.

 

I looked into security policy document, 100 Examples and BC-FIPS java docs

 

Thanks

Manish


Reply | Threaded
Open this post in threaded view
|

RE: API to invoke self-test in BCFIPS

Palod, Manish

Hi David,

 

Thank you.

I will use FipsStatus.isReady() method.

Is this call internally does all the test happen in SelfTestExecutor or have to call  SelfTestExecutor validate methods one after another?

 

Thanks

Manish

 

From: David Hook [mailto:[hidden email]]
Sent: Friday, April 27, 2018 10:26 AM
To: Palod, Manish <[hidden email]>; [hidden email]
Subject: Re: [dev-crypto] API to invoke self-test in BCFIPS

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.



Hi Manish,

These tests are all done automatically. Either on startup or as the appropriate to the creation of a service object.

If you call FipsStatus.isReady() and it returns true you know that the library is ready for use. A failing self, or health, test
will result in FipsStatus.isReady() throwing an exception.

Regards,

David

On 27/04/18 11:03, Palod, Manish wrote:

Hi.

I am in process of incorporating BCFIPS for our product FIPS validation. [migrating from Crypto-J]

Which API I should call for invoking self-test, pair consistency checks, KATs and/or power-up tests?

 

With this API’s to assign crypto officer role to invoke these test and checking that used library is FIPS compliant or not.

 

I looked into security policy document, 100 Examples and BC-FIPS java docs

 

Thanks

Manish

 

Reply | Threaded
Open this post in threaded view
|

Re: API to invoke self-test in BCFIPS

David Hook-3

Yes, this call triggers all the self tests, in fact they are also set up to get triggered when the core classes are loaded, in which case FipsStatus.isReady() just tells you if they worked, or not. There is no need to call them yourself.

Regards,

David
On 28/04/18 02:49, Palod, Manish wrote:

Hi David,

 

Thank you.

I will use FipsStatus.isReady() method.

Is this call internally does all the test happen in SelfTestExecutor or have to call  SelfTestExecutor validate methods one after another?

 

Thanks

Manish

 

From: David Hook [[hidden email]]
Sent: Friday, April 27, 2018 10:26 AM
To: Palod, Manish [hidden email]; [hidden email]
Subject: Re: [dev-crypto] API to invoke self-test in BCFIPS

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.



Hi Manish,

These tests are all done automatically. Either on startup or as the appropriate to the creation of a service object.

If you call FipsStatus.isReady() and it returns true you know that the library is ready for use. A failing self, or health, test
will result in FipsStatus.isReady() throwing an exception.

Regards,

David

On 27/04/18 11:03, Palod, Manish wrote:

Hi.

I am in process of incorporating BCFIPS for our product FIPS validation. [migrating from Crypto-J]

Which API I should call for invoking self-test, pair consistency checks, KATs and/or power-up tests?

 

With this API’s to assign crypto officer role to invoke these test and checking that used library is FIPS compliant or not.

 

I looked into security policy document, 100 Examples and BC-FIPS java docs

 

Thanks

Manish

 


Reply | Threaded
Open this post in threaded view
|

RE: API to invoke self-test in BCFIPS

Palod, Manish

Thank you David.

 

Thanks

Manish

 

From: David Hook [mailto:[hidden email]]
Sent: Saturday, April 28, 2018 9:55 AM
To: [hidden email]
Subject: Re: [dev-crypto] API to invoke self-test in BCFIPS

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.



Yes, this call triggers all the self tests, in fact they are also set up to get triggered when the core classes are loaded, in which case FipsStatus.isReady() just tells you if they worked, or not. There is no need to call them yourself.

Regards,

David
On 28/04/18 02:49, Palod, Manish wrote:

Hi David,

 

Thank you.

I will use FipsStatus.isReady() method.

Is this call internally does all the test happen in SelfTestExecutor or have to call  SelfTestExecutor validate methods one after another?

 

Thanks

Manish

 

From: David Hook [[hidden email]]
Sent: Friday, April 27, 2018 10:26 AM
To: Palod, Manish [hidden email]; [hidden email]
Subject: Re: [dev-crypto] API to invoke self-test in BCFIPS

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.



Hi Manish,

These tests are all done automatically. Either on startup or as the appropriate to the creation of a service object.

If you call FipsStatus.isReady() and it returns true you know that the library is ready for use. A failing self, or health, test
will result in FipsStatus.isReady() throwing an exception.

Regards,

David

On 27/04/18 11:03, Palod, Manish wrote:

Hi.

I am in process of incorporating BCFIPS for our product FIPS validation. [migrating from Crypto-J]

Which API I should call for invoking self-test, pair consistency checks, KATs and/or power-up tests?

 

With this API’s to assign crypto officer role to invoke these test and checking that used library is FIPS compliant or not.

 

I looked into security policy document, 100 Examples and BC-FIPS java docs

 

Thanks

Manish