Table of Contents
Advertisement
DES
3DES **
SHA-1
RSA Sign
RSA Verify
See the table in services section to identify the conditions necessary for
performing various HSM commands in the FIPS140-1 mode.
No plaintext private or symmetric keys can cross the cryptographic
boundary when the HSM is in the FIPS140-1 mode.
**The 3DES algorithm is used to secure private or symmetric keys stored
in flash and for the key wrapping and unwrapping functions.
11.2 Non-FIPS 140-1 Mode
In the non-FIPS140-1 mode, the user has greater flexibility in the types of
algorithms that can be performed and the manner that keys are handled.
For example, in the non-FIPS140-1 mode, the board can perform all
the functions of the FIPS140-1 mode plus other functions like MD5 and
RC4. In the non-FIPS140-1 mode, keys may cross the cryptographic
boundary in plaintext form for certain operations (e.g. DES, RSA CRT
exponentiation). It is still possible to store keys on the board so that
they cannot be extracted. These non-extractable keys will be erased if a
tamper attempt is detected. See the table in services section to identify
the conditions necessary for performing various HSM commands in the
non-FIPS140-1 mode.
12.0 Self-Tests
The following table describes all of the cryptographic self-tests performed
by the HSM module. The following abbrethroughtion is used:
KAT = Known Answer Test
Self-Test
RSA Encrypt
/Decrypt and
Sign/Verify KATs
DES KAT
3DES KAT
SHA-1 KAT
DSA KAT
MD5 KAT
Copyright © 2007-2008 Nortel Networks
.
FIPS 140-1
Non-FIPS
Mode
140-1 Mode
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
No
Yes
Nortel VPN Gateway
User Guide
NN46120-104 02.01 Standard
14 April 2008
12.0 Self-Tests 251
When performed
Power-up, Self-Test
Service (ondemand)
Power-up, Self-Test
Service (ondemand)
Power-up, Self-Test
Service (ondemand)
Power-up, Self-Test
Service (ondemand)
Power-up, Self-Test
Service (ondemand)
Power-up, Self-Test
Service (ondemand)
Advertisement
Table of Contents
