2 non-fips 140-1 mode, 0 self-tests – Nortel Networks NN46120-104 User Manual
Page 251
12.0 Self-Tests
251
DES
3DES **
SHA-1
RSA Sign
RSA Verify
See the table in services section to identify the conditions necessary for
performing various HSM commands in the FIPS140-1 mode.
No plaintext private or symmetric keys can cross the cryptographic
boundary when the HSM is in the FIPS140-1 mode.
**The 3DES algorithm is used to secure private or symmetric keys stored
in flash and for the key wrapping and unwrapping functions.
11.2 Non-FIPS 140-1 Mode
In the non-FIPS140-1 mode, the user has greater flexibility in the types of
algorithms that can be performed and the manner that keys are handled.
For example, in the non-FIPS140-1 mode, the board can perform all
the functions of the FIPS140-1 mode plus other functions like MD5 and
RC4. In the non-FIPS140-1 mode, keys may cross the cryptographic
boundary in plaintext form for certain operations (e.g. DES, RSA CRT
exponentiation). It is still possible to store keys on the board so that
they cannot be extracted. These non-extractable keys will be erased if a
tamper attempt is detected. See the table in services section to identify
the conditions necessary for performing various HSM commands in the
non-FIPS140-1 mode.
12.0 Self-Tests
The following table describes all of the cryptographic self-tests performed
by the HSM module. The following abbrethroughtion is used:
KAT = Known Answer Test
Self-Test
FIPS 140-1
Mode
Non-FIPS
140-1 Mode
When performed
RSA Encrypt
/Decrypt and
Sign/Verify KATs
Yes
Yes
Power-up, Self-Test
Service (ondemand)
DES KAT
Yes
Yes
Power-up, Self-Test
Service (ondemand)
3DES KAT
Yes
Yes
Power-up, Self-Test
Service (ondemand)
SHA-1 KAT
Yes
Yes
Power-up, Self-Test
Service (ondemand)
DSA KAT
No
Yes
Power-up, Self-Test
Service (ondemand)
MD5 KAT
No
Yes
Power-up, Self-Test
Service (ondemand)
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.