Triggering Self-Tests; Displaying And Maintaining Fips; Fips Configuration Examples; Entering Fips Mode Through Automatic Reboot - H3C S5830V2 Security Configuration Manual

Pair-wise consistency test—This test is run when a DSA/RSA asymmetrical key-pair is generated. It
•
uses the public key to encrypt a plain text, and uses the private key to decrypt the encrypted text. If
the decryption is successful, the test succeeds. Otherwise, the test fails.
• Continuous random number generator test—This test is run when a random number is generated.
If two consecutive random numbers are different, the test succeeds. Otherwise, the test fails. This test
can also be run when a DSA/RSA asymmetrical key-pair is generated.

Triggering self-tests

To examine whether the cryptography modules operate correctly, you can trigger a self-test on the
cryptographic algorithms. The triggered self-test is the same as the power-up self-test. If the self-test fails,
the device automatically reboots.
To trigger a self-test:
Step
1. Enter system view.
2. Trigger a self-test.

Displaying and maintaining FIPS

Execute the display command in any view.
Task
Display FIPS mode state.

FIPS configuration examples

Entering FIPS mode through automatic reboot

Network requirements
Use the automatic reboot method to enter FIPS mode, and use a console port to log in to the device in
FIPS mode.
Configuration procedure
# If you want to save the current configuration, execute the save command before you enable FIPS mode.
# Enable FIPS mode, choose the automatic reboot method to enter FIPS mode. Configure the username
as root and the password as 12345zxcvb!@#$%ZXCVB.
<Sysname> system-view
[Sysname] fips mode enable
Create a new start-up configuration file named fips-strartup.cfg used for FIPS mode. After
setting the login username and password for FIPS mode, the device will be rebooted
automatically. Are you sure? [Y/N]:y
Enter username(1~55 characters): root
Command
system-view
fips self-test
Command
display fips status
236