beautypg.com

2 non-fips 140-1 mode, 0 self-tests – Nortel Networks NN46120-104 User Manual

Page 251

background image

12.0 Self-Tests

251

DES
3DES **
SHA-1
RSA Sign
RSA Verify
See the table in services section to identify the conditions necessary for
performing various HSM commands in the FIPS140-1 mode.
No plaintext private or symmetric keys can cross the cryptographic
boundary when the HSM is in the FIPS140-1 mode.
**The 3DES algorithm is used to secure private or symmetric keys stored
in flash and for the key wrapping and unwrapping functions.

11.2 Non-FIPS 140-1 Mode

In the non-FIPS140-1 mode, the user has greater flexibility in the types of
algorithms that can be performed and the manner that keys are handled.
For example, in the non-FIPS140-1 mode, the board can perform all
the functions of the FIPS140-1 mode plus other functions like MD5 and
RC4. In the non-FIPS140-1 mode, keys may cross the cryptographic
boundary in plaintext form for certain operations (e.g. DES, RSA CRT
exponentiation). It is still possible to store keys on the board so that
they cannot be extracted. These non-extractable keys will be erased if a
tamper attempt is detected. See the table in services section to identify
the conditions necessary for performing various HSM commands in the
non-FIPS140-1 mode.

12.0 Self-Tests

The following table describes all of the cryptographic self-tests performed
by the HSM module. The following abbrethroughtion is used:
KAT = Known Answer Test

Self-Test

FIPS 140-1
Mode

Non-FIPS
140-1 Mode

When performed

RSA Encrypt
/Decrypt and
Sign/Verify KATs

Yes

Yes

Power-up, Self-Test
Service (ondemand)

DES KAT

Yes

Yes

Power-up, Self-Test
Service (ondemand)

3DES KAT

Yes

Yes

Power-up, Self-Test
Service (ondemand)

SHA-1 KAT

Yes

Yes

Power-up, Self-Test
Service (ondemand)

DSA KAT

No

Yes

Power-up, Self-Test
Service (ondemand)

MD5 KAT

No

Yes

Power-up, Self-Test
Service (ondemand)

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.