Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
41424344454647484950
44 Secure Operation of Crypto-C ME
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
with Level 2 Roles, Services and Authentication
2.4 Operating Crypto-C ME
Crypto-C ME operates in an unrestricted mode on startup, providing access to all
cryptographic algorithms available from the FIPS 140-2 provider set against the
library context. To restrict the module to a specific set of algorithms, call
R_LIB_CTX_set_mode() with one of the mode filters listed in listed in Table 13.
After setting Crypto-C ME into a FIPS 140-2-approved mode, only the algorithms
listed in Table 4 are available to operators.
To disable FIPS 140-2 mode, call
R_LIB_CTX_set_mode() with NULL to put
Crypto-C ME back into an unrestricted mode.
To retrieve the current Crypto-C ME FIPS 140-2 mode, call
R_LIB_CTX_get_mode().
To run self-tests on the FIPS 140-2 module the application must ensure that there are
no cryptographic operations using the module.
R_PROV_FIPS140_self_tests_full() is restricted to operation by the Crypto
Officer.
The user of Crypto-C ME links with the
ccme_core and ccme_fipsprov static
libraries for their platform. At run time,
ccme_fipsprov loads the cryptocme
master shared library, which then loads all of the resource shared libraries. For more
information, see Get Stated with Crypto-C ME > About Your Binary Installation
> Installed Library Files in the RSA BSAFE Crypto-C Micro Edition Developers
Guide.
The current Crypto-C ME role is determined
by calling
R_LIB_CTX_get_info
()
with
R_LIB_CTX_INFO_ID_ROLE
.
Authenticate and switch to a new role by calling
R_PROV_FIPS140_authenticate_role() with one of the information
identifiers listed in Table 12.
2.5 Startup Self-tests
To operate in a FIPS 140-2-compliant manner, Crypto-C ME executes self-tests when
the module is first loaded.