Configuring FIPS
Overview
Federal Information Processing Standards (FIPS), developed by the National Institute of Standard and
Technology (NIST) of the United States, specify the security requirements for cryptographic modules. FIPS
140-2 defines four levels of security, simply named "Level 1" to "Level 4" from low to high. Currently, the
device supports Level 2.
Unless otherwise noted, FIPS in the document refers to FIPS 140-2.
FIPS self-tests
CAUTION:
If the device reboots repeatedly, it might be caused by software failures or hardware damages. Contact
technical support engineers to upgrade the software or repair the damaged hardware.
When the switch operates in FIPS mode, it has self-test mechanisms, including the power-up self-test and
conditional self-tests, to ensure the normal operation of cryptography modules.
Power-up self-tests
The power-up self-test, also called "known-answer test", examines the availability of FIPS-allowed
cryptographic algorithms. A cryptographic algorithm is run on data for which the correct output is
already known. The calculated output is compared with the known answer. If they are not identical, the
known-answer test fails.
The power-up self-test examines the following cryptographic algorithms:
Table 48 List of power-up self-tests
Type
Cryptographic algorithm
self-tests
Operations
Test the following algorithms:
•
DSA (signature and authentication)
•
RSA (signature and authentication)
•
RSA (encryption and decryption)
•
AES
•
3DES
•
SHA1
•
SHA256
•
SHA512
•
HMAC-SHA1
•
Random number generator algorithms
534