Self -Tests; Self-Tests Performed By The Ios Image - Cisco 7609-S User Manual

DRBG V SP 800‐90
Diffie DH
Hellman
shared
secret
Diffie DH
Hellman
private
exponent
SSH keys/CSPs
SSH RSA
Private
key
SSH Triple‐
session DES/AES
key
2.7 Self-Tests
In order to prevent any secure data from being released, it is important to test the cryptographic
components of a security module to insure all components are functioning correctly. The router
includes an array of self-tests that are run during startup and periodically during operations.

2.7.1 Self-tests performed by the IOS image

• IOS Self Tests
o POST tests
© Copyright 2011 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
256‐bits This is the seed key for
SP 800‐90 DRBG.
1024‐4096 bits This is the shared
secret agreed upon as
part of DH exchange
1024‐4096 bits The private exponent
used in Diffie‐Hellman
(DH) exchange.
1024‐2048 bits This is the SSH private
key used to
authenticate the
module
3‐key Triple‐ This is the symmetric
DES SSH key used to
128/192/256 protect SSH session
bits AES keys
Table 8 Cryptographic Keys and CSPs
AES Known Answer Test
RSA Signature Known Answer Test (both signature/verification)
Software/firmware test
generated from
entropy source via
the CTR_DRBG
derivation function
N/A
Generated using FIPS
approved DRBG
Generated or
entered like any RSA
key
Created as part of
SSH session set‐up
20
DRAM power cycle
(plaintext) the device
DRAM Zeroized upon
(plaintext) deletion
DRAM Automatically
(plaintext) after shared
secret
generated.
NVRAM Zeroized by
(plaintext) either deletion
(via # crypto
key zeroize
rsa) or by
overwriting
with a new
value of the
key
DRAM Zeroized
(plaintext) automatically
when SSH
session is
closed