HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 203
FIPS self-tests, Power-up self-tests, Conditional self-tests, Triggering self-tests
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 203 highlights
FIPS self-tests FIPS provides self-test mechanisms, including power-up self-test and conditional self-test, to ensure the normal operation of cryptography modules. You can also trigger a self-test. If the power-up self-test fails, the device where the self-test process exists reboots. If the conditional self-test fails, the system outputs self-test failure information. NOTE: If a self-test fails, contact HP Support. Power-up self-tests The power-up self-test, also called "known-answer test," examines the availability of FIPS-allowed cryptographic algorithms. A cryptographic algorithm is run on data for which the correct output is already known. The calculated output is compared with the known answer. If they are not identical, the known-answer test fails. The power-up self-test examines the following cryptographic algorithms: • DSA (signature and authentication) • RSA (signature and authentication) • RSA (encryption and decryption) • AES • 3DES • SHA1 • HMAC-SHA1 • Random number generator algorithms Conditional self-tests A conditional self-test runs when an asymmetrical cryptographic module or a random number generator module is invoked. Conditional self-tests include the following types: • Pair-wise consistency test-This test is run when a DSA/RSA asymmetrical key-pair is generated. It uses the public key to encrypt a plain text, and uses the private key to decrypt the encrypted text. If the decryption is successful, the test succeeds. Otherwise, the test fails. • Continuous random number generator test-This test is run when a random number is generated. If two consecutive random numbers are different, the test succeeds. Otherwise, the test fails. This test can also be run when a DSA/RSA asymmetrical key-pair is generated. Triggering self-tests To examine whether the cryptography modules operate correctly, you can trigger a self-test on the cryptographic algorithms. The triggered self-test is the same as the power-up self-test. If the self-test fails, the device automatically reboots. To trigger a self-test: 194