Table of Contents
Advertisement
AES ECB Encrypt KAT (OKM agent and firmware)
AES ECB Decrypt KAT (OKM agent and firmware)
AES CBC Encrypt KAT (firmware and TLS implementation)
AES CBC Decrypt KAT (firmware and TLS implementation)
AES CCM Encrypt KAT (firmware)
AES CCM Decrypt KAT (firmware)
AES CCM Encrypt KAT (hardware)
AES CCM Decrypt KAT (hardware)
AES Key Wrap KAT (OKM agent)
RSA Sign/Verify KAT (firmware)
ECDSA Sign/Verify (firmware)
SHA-1 KAT (firmware and TLS implementation)
HMAC SHA-1 KAT (firmware, OKM agent and TLS implementation)
SHA-256 KAT (firmware)
SP 800-90A CTR DRBG KAT (firmware)
ECDH KAT (firmware)
TLS KDF KAT (TLS implementation)
2.9.3 Conditional Self-Tests
The StorageTek T10000D Tape Drive performs a Continuous Random Number
Generator Test (CRNGT) on the output from the DRBG each time a new random
number is generated. In addition, a CRNGT is performed on the output from the
NDRNG prior to being used as entropy input for the DRBG. If any of the
CRNGTs fail, the module will generate a dump file. If the dump file is to be
encrypted, the module will attempt to perform the CRNGT a second time. If the
CRNGT passes on the second attempt, the ETD will encrypt the dump file and
then reboot. If the CRNGT fails on the second attempt, the dump file is discarded
and the module will then reboot.
The StorageTek T10000D Tape Drive performs a Pairwise Consistency Test on
each Asymetric key pair (RSA and Elliptic Curve) generated in support of
establishing a SSH session.
In each mode, a firmware load test is performed on new firmware being loaded
onto the module. Firmware can be loaded onto the module via the Host Interface,
the Tape Head interface, or via the Ethernet Interface. The ETD uses a 2048-bit
RSA digital signature verification to confirm the integrity of the firmware prior to
This document may be freely reproduced and distributed whole and intact including this Copyright notice.
© Copyright 2017 Oracle Corporation
Page 42 of 51
Advertisement
Table of Contents
