Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Crypto-J
21222324252627282930
Crypto-C ME Cryptographic Toolkit 21
RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy
Level 1
2.6.2 Conditional Self-tests
Crypto-C ME performs two conditional self-tests:
A pair-wise consistency test each time Crypto-C ME generates a DSA, RSA, or
EC public/private key pair.
A Continuous Random Number Generation (CRNG) test each time the toolkit
produces random data, as per the FIPS 140-2 standard. The CRNG test is
performed on all approved and non-approved PRNGs (CTR DRBG, HMAC DRBG,
FIPS 186-2, Dual EC DRBG, Entropy RNG, and OTP RNG).
2.6.3 Critical Functions Tests
Crypto-C ME performs known answer tests for:
MD5 and HMAC-MD5, which are available when the
R_MODE_FILTER_FIPS140_SSL and R_MODE_FILTER_JCMVP_SSL mode
filters are set.
Camellia ECB, CBC, CFB, and OFB for key sizes 128, 192, and 256 bits, which
are available when the
R_MODE_FILTER_JCMVP and
R_MODE_FILTER_JCMVP_SSL mode filters are set.
2.6.4 Mitigation of Other Attacks
RSA key operations implement blinding, a reversible way of modifying the input data,
so as to make the RSA operation immune to timing attacks. Blinding has no effect on
the algorithm other than to mitigate attacks on the algorithm. Blinding is implemented
through blinding modes, and the following options are available:
Blinding mode off.
Blinding mode with no update, where the blinding value is constant for each
operation.
Blinding mode with full update, where a new blinding value is used for each
operation.