Nokia IP265 Security Guide - Page 24
Power-up Self-tests, Conditional Self-tests
View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 24 highlights
2.9 Self-Tests The modules perform a set of self-tests to ensure proper operation in compliance with FIPS 140-2. These self-tests are run during power-up (power-up self-tests) or when certain conditions are met (conditional selftests). Self tests are performed by both IPSO and the Check Point VPN-1 firmware components as appropriate. IPSO also implements self tests on the algorithms provided by the hardware encryption accelerator chips. All module versions were functionally tested during FIPS 140-2 conformance testing. Power-up Self-tests: • Integrity tests: the modules use a CRC-32 to check the integrity of its various firmware components, including verifying the integrity of the Check Point VPN-1 binary code. • Cryptographic algorithm tests: o AES-CBC KAT o DES-CBC KAT o Triple-DES-CBC KAT o ANSI X9.31 PRNG KAT o RSA sign/verify and encrypt/decrypt KAT o DSA sign/verify KAT o SHA-1 KAT o HMAC SHA-1 KAT • Policy file integrity test (bypass mode test): the module performs a SHA-1 check value verification to ensure that the policy files are not modified. Conditional Self-tests: • RSA pair-wise consistency test: this test is performed when RSA keys are generated for SSHv1. • DSA pair-wise consistency test: this test is performed when DSA keys are generated for SSHv2. • Continuous random number generator tests: these tests are constantly run to detect failure of the random number generators of the module. © Copyright 2005, 2006, 2007 Nokia Page 24 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.