Configuring the device as an sftp client, Sftp client configuration task list, Fips self-tests – H3C Technologies H3C S12500-X Series Switches User Manual
Page 257: Power-up self-tests, Conditional self-tests
245
152B
FIPS self-tests
To ensure the correct operation of cryptography modules, FIPS provides self-test mechanisms, including
power-up self-test and conditional self-test. You can also trigger a self-test. If the power-up self-test fails,
the card where the self-test process exists reboots. If the conditional self-test fails, the system outputs
self-test failure information.
NOTE:
If a self-test fails, contact H3C Support.
329B
Power-up self-tests
The power-up self-test, also called "known-answer test", examines the availability of FIPS-allowed
cryptographic algorithms. A cryptographic algorithm is run on data for which the correct output is
already known. The calculated output is compared with the known answer. If they are not identical, the
known-answer test fails.
The power-up self-test examines the cryptographic algorithms listed in
941H
Table 12
:
Table 11 Power-up self-test list
Type Operations
Cryptographic algorithm
self-test
Tests the following algorithms:
•
DSA (signature and authentication)
•
RSA (signature and authentication)
•
RSA (encryption and decryption)
•
AES
•
3DES
•
SHA1
•
HMAC-SHA1
•
Random number generator algorithms
Cryptographic engine self-test
Tests the following algorithms used by cryptographic engines:
•
DSA (signature and authentication)
•
RSA (signature and authentication)
•
RSA (encryption and decryption)
•
AES
•
3DES
•
SHA1
•
HMAC-SHA1
•
Random number generator algorithms
330B
Conditional self-tests
A conditional self-test runs when an asymmetrical cryptographic module or a random number generator
module is invoked. Conditional self-tests include the following types: