gsk_perform

Conducts a set of known answer tests for the System SSL algorithms validated by NIST. The caller must set FIPS mode (see gsk_fips_state_set()) before calling this function.

Format

#include <gskcms.h>

gsk_status gsk_perform_kat ()

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:

[CMSERR_API_NOT_SUPPORTED]: The API is not supported in non-FIPS mode.
[CMSERR_KATPW_FAILED]: A known answer test has failed. This is a severe error and the application should terminate.
[CMSERR_KATPW_ICSF_FAILED]: A known answer test failed because ICSF was not available or ICSF encountered an error.

Usage

The gsk_perform_kat() routine can be used whenever an application, in order to meet security requirements, needs to check the correctness of cryptographic algorithms that are part of the product. The routine performs Known Answer Tests on the following cryptographic algorithms:

AES CBC 128-bit and AES CBC 256-bit encryption and decryption
TripleDES encryption and decryption
RSA signature generation/verification and encryption/decryption
RSA encrypt and decrypt
DSA signature generation and verification
SHA Digest Algorithms: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, HMAC-SHA-1, HMAC-SHA-256, and HMAC-SHA-384

If an error is encountered during testing, the gsk_perform_kat() routine will terminate and return the appropriate error code.

The gsk_perform_kat() routine will test software or hardware cryptographic algorithms depending on the value of the GSK_HW_CRYPTO environment variable at the time the CMS DLL (GSKCMS31 or GSKCMS64) is loaded.