Conditional self-tests
A conditional self-tests runs when an asymmetrical cryptographic module or a random number generator
module is invoked. Conditional self-tests include the following:
Pair-wise consistency test—This test is run when a DSA/RSA asymmetrical key-pair is generated. It
•
uses the public key to encrypt a plain text, and uses the private key to decrypt the encrypted text. If
the decryption is successful, the test succeeds. Otherwise, the test fails.
Continuous random number generator test—This test is run when a random number is generated. If
•
two consecutive random numbers are different, the test succeeds. Otherwise, the test fails. This test
is also run when a DSA/RSA asymmetrical key pair is generated.
Triggered self-test
To verify whether the password algorithm modules operate normally, use this command to trigger a self-
test on the password algorithms. The triggered self-test is the same as the automatic self-test when the
device starts up.
If the self-test fails, the device automatically reboots.
To trigger a self-test:
To do...
1.
Enter system view.
2.
Trigger a self-test.
Displaying and maintaining FIPS
To do...
Display FIPS state.
Command...
system-view
fips self-test
Command...
display fips status
442
Remarks
—
Required
Remarks
Available in any view