Reference Guide
Secure Operation of Crypto-C ME 25
RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy
Level 1
3.4 Operating Crypto-C ME
Crypto-C ME operates in an unrestricted mode on startup, providing access to all
cryptographic algorithms available from the FIPS 140-2 provider set against the
library context. To restrict the module to a specific set of algorithms, call
R_LIB_CTX_set_mode() with one of the mode filters listed in listed in Table 6 on
page 24.
After setting
Crypto-C ME
into a FIPS 140-2-approved mode,
Crypto-C ME
enforces
only the algorithms listed in Table 4 on page 18 are available to operators. To disable
FIPS 140-2 mode, call
R_LIB_CTX_set_mode() with NULL to put Crypto-C ME
back into an unrestricted mode.
R_PROV_FIPS140_self_tests_full() is restricted to operation by the Crypto
Officer.
The user of
Crypto-C ME
links with the ccme_core and ccme_fipsprov static
libraries for their platform. At run time,
ccme_fipsprov loads the cryptocme
master shared library, which then loads all of the resource shared libraries. For more
information, see “FIPS 140-2 Libraries” in Chapter 7, FIPS 140-2 Operations, in the
RSA BSAFE Crypto-C Micro Edition Developers Guide.
The current Crypto-C ME role is determined
by calling
R_LIB_CTX_get_info
()
with
R_LIB_CTX_INFO_ID_ROLE
.
The role is changed by calling
R_PROV_FIPS140_assume_role() with one of the information identifiers listed
in Table 5 on page 23.
3.5 Startup Self-tests
Crypto-C ME provides the ability to configure when power-up self-tests are executed. To
operate Crypto-C ME in a FIPS 140-2-compliant manner, the default shipped
configuration, which executes the self-tests when the module is first loaded, must be used.
For more information about this configuration setting, see the RSA BSAFE
Crypto-C Micro Edition Installation Guide.