Table 8 Power-up self-test list
Type
Cryptographic algorithm
self-test
Conditional self-tests
A conditional self-test runs when an asymmetrical cryptographic module or a random number
generator module is invoked. Conditional self-tests include the following types:
•
Pair-wise consistency test—This test is run when a DSA/RSA asymmetrical key-pair is
generated. It uses the public key to encrypt a plain text, and uses the private key to decrypt the
encrypted text. If the decryption is successful, the test succeeds. Otherwise, the test fails.
•
Continuous random number generator test—This test is run when a random number is
generated. Each subsequent generation of a random number will be compared with the
previously generated number. The test fails if any two compared numbers are the same. This
test can also be run when a DSA/RSA asymmetrical key-pair is generated.
Triggering self-tests
To examine whether the cryptography modules operate correctly, you can trigger a self-test on the
cryptographic algorithms. The triggered self-test is the same as the power-up self-test. If the self-test
fails, the card where the self-test process exists reboots.
To trigger a self-test:
Step
1.
Enter system view.
2.
Trigger a self-test.
Displaying and maintaining FIPS
Execute the display command in any view.
Task
Display the FIPS mode state.
Operations
Tests the following algorithms:
•
DSA (signature and authentication)
•
RSA (signature and authentication)
•
RSA (encryption and decryption)
•
AES
•
3DES
•
SHA1
•
HMAC-SHA1
•
Random number generator algorithms
Command
system-view
fips self-test
Command
display fips status
210