Self-Tests

The module performs power-up self-tests and conditional self-tests to ensure that it is functioning properly. Power-up self-tests are performed when the module is powered up, i.e. when the DLL is first attached to the parent Windows process. Conditional self-tests are performed when certain security functions are invoked.

Power-up Self-Tests

The following power-up self-tests are performed:-

Cryptographic algorithm test:

• AES-128/192/256 known-answer tests
• Triple DES known-answer test
• Blowfish known-answer test
• SHA-1/224/256/384/512 known-answer tests
• MD5 known-answer test
• HMAC known-answer tests for SHA-1/224/256/384/512 and MD5
• CMAC known-answer tests for Triple DES (TDEA, DES-EDE) and AES-128/192/256
• Health check for SP800-90 RNG algorithm

Software integrity test:

The integrity of the software module is tested using a 32-bit error detection code (EDC). The value of this EDC is set and stored when the module is created. On testing, the EDC is re-computed for the DLL module file being used and compared with the stored value. If the values do not match, the test fails.

In addition to this automatic software integrity test, the integrity of the entire DLL file can be independently verified by the user using published SHA-1 and MD5 message digest and CRC-32 values before and after installation.

Conditional Tests

The following conditional tests are performed:-

Continuous random number generator test

When the module is first loaded or instantiated in a new thread, the RNG generates a 64-bit block which not used but is saved in thread-safe memory for comparison with the next 64-bit block to be generated. Each subsequent generation of a 64-bit block is compared with the previously generated block. The test fails if any two compared 64-bit blocks are equal. In addition, each time the RNG function is called it compares the first 64-bit block generated with the first 64-bit block generated on the previous call. The test fails if these blocks are equal. No blocks are saved that have actually been previously output by the generator.

Action if a self-test fails

Any failure of a power-up test or conditional test will cause the following actions to take place:

1. An error message will be logged to the event log (NT+ systems only).
2. The system will (try to) save the error message in a log file* in the same directory as the calling process executable.
3. A message box will display on the screen.
4. The DLL will terminate the process to prevent further use of cryptographic functions.

* The error log file will be given a filename "apierr.log". If the process does not have permissions to write to that directory, no log file will be created.

You can make settings in the machine's registry to prevent the message box displaying and to change the destination directory of the log file. See Optional Registry Settings. It is not possible to prevent the DLL from exiting if a critical error happens.

The user may call the power-up self-tests on demand with the API_PowerUpTests function. In the event that such an "on demand" test fails, the module will log the error event and return an error code but will not terminate the process.

Note that the automatic self-tests fail only in exceptional circumstances. You should never see one in practice unless the software module has been tampered with.

[Contents] [Index]