rationale for the FIPS 140-3 Pre-operational Integrity Technique Self-test
The FIPS 140-3 10.2.A Pre-operational Integrity Technique Self-test introduces new requirement. Prior to that, in FIPS 140-2, a Power On Self Test was done in order to be able to use a given part of a cryptographic module (e.g. RSA). With FIPS 140-3, the algorithm used to perform the integrity test needs to be self tested first. There are 2 possible methods listed how to satisfy the requirement by either:
- running the algorithm self test and than the integrity test, possibly with different parameters (key lengths / digest sizes)
- running the integrity test twice, possibly with different inputs
The FIPS 140-3 document quotes ISO/IEC 19790:2012 Section 7.10.1 to explain the background:
A cryptographic algorithm that is used to perform the approved integrity technique for the pre-operational software/firmware test shall [10.20] first pass the cryptographic algorithm self-test specified in 7.10.3.2.
What is the rationale behind this ? i.e. what extra protection does the double test provide when it uses the same implementation ? This does not seem to be as much about security but possibly for faster failure detection ?
The context for this question specifically is software implementation, e.g. a library or operating system kernel module.
