Configuring the device as an sftp client, Sftp client configuration task list, Fips self-tests – H3C Technologies H3C S12500-X Series Switches User Manual

245

152B

FIPS self-tests

To ensure the correct operation of cryptography modules, FIPS provides self-test mechanisms, including
power-up self-test and conditional self-test. You can also trigger a self-test. If the power-up self-test fails,

the card where the self-test process exists reboots. If the conditional self-test fails, the system outputs

self-test failure information.

NOTE:

If a self-test fails, contact H3C Support.

329B

Power-up self-tests

The power-up self-test, also called "known-answer test", examines the availability of FIPS-allowed

cryptographic algorithms. A cryptographic algorithm is run on data for which the correct output is

already known. The calculated output is compared with the known answer. If they are not identical, the

known-answer test fails.
The power-up self-test examines the cryptographic algorithms listed in

941H

Table 12

:

Table 11 Power-up self-test list

Type Operations

Cryptographic algorithm
self-test

Tests the following algorithms:

•

DSA (signature and authentication)

•

RSA (signature and authentication)

•

RSA (encryption and decryption)

•

AES

•

3DES

•

SHA1

•

HMAC-SHA1

•

Random number generator algorithms

Cryptographic engine self-test

Tests the following algorithms used by cryptographic engines:

•

DSA (signature and authentication)

•

RSA (signature and authentication)

•

RSA (encryption and decryption)

•

AES

•

3DES

•

SHA1

•

HMAC-SHA1

•

Random number generator algorithms

330B

Conditional self-tests

A conditional self-test runs when an asymmetrical cryptographic module or a random number generator

module is invoked. Conditional self-tests include the following types: