Conditional self-tests, Triggering a self-test – H3C Technologies H3C SecPath F1000-E User Manual
Page 270
260
Table 58 Power-up self-tests
Type
Operations
Cryptographic algorithm
self-test
Test the following algorithms:
•
DSA (signature and authentication)
•
RSA (signature and authentication)
•
RSA (encryption and decryption)
•
AES
•
3DES
•
SHA1
•
SHA256
•
HMAC-SHA1
•
Random number generator algorithms
Cryptographic engine self-test
Test the following algorithms used by cryptographic engines:
•
DSA (signature and authentication)
•
RSA (signature and authentication)
•
RSA (encryption and decryption)
•
AES
•
3DES
•
SHA1
•
HMAC-SHA1
•
Random number generator algorithms
Conditional self-tests
A conditional self-test runs when an asymmetrical cryptographic module or a random number generator
module is invoked. Conditional self-tests include the following:
•
Pair-wise consistency test—This test is run when a DSA/RSA asymmetrical key-pair is generated. It
uses the public key to encrypt a plain text, and uses the private key to decrypt the encrypted text. If
the decryption is successful, the test succeeds. Otherwise, the test fails.
•
Continuous random number generator test—This test is run when a random number is generated.
If two consecutive random numbers are different, the test succeeds. Otherwise, the test fails. This test
is also run when a DSA/RSA asymmetrical key pair is generated.
Triggering a self-test
To examine whether the cryptography modules operate normally, you can use a command to trigger a
self-test on the cryptographic algorithms. The triggered self-test is the same as the power-up self-test.
If the self-test fails, the device automatically reboots.
To trigger a self-test:
Step Command
1.
Enter system view.
system-view
2.
Trigger a self-test.
fips self-test