Conditional self-tests, Triggering a self-test – H3C Technologies H3C SecPath F1000-E User Manual

260

Table 58 Power-up self-tests

Type

Operations

Cryptographic algorithm
self-test

Test the following algorithms:

•

DSA (signature and authentication)

•

RSA (signature and authentication)

•

RSA (encryption and decryption)

•

AES

•

3DES

•

SHA1

•

SHA256

•

HMAC-SHA1

•

Random number generator algorithms

Cryptographic engine self-test

Test the following algorithms used by cryptographic engines:

•

DSA (signature and authentication)

•

RSA (signature and authentication)

•

RSA (encryption and decryption)

•

AES

•

3DES

•

SHA1

•

HMAC-SHA1

•

Random number generator algorithms

Conditional self-tests

A conditional self-test runs when an asymmetrical cryptographic module or a random number generator
module is invoked. Conditional self-tests include the following:

•

Pair-wise consistency test—This test is run when a DSA/RSA asymmetrical key-pair is generated. It
uses the public key to encrypt a plain text, and uses the private key to decrypt the encrypted text. If

the decryption is successful, the test succeeds. Otherwise, the test fails.

•

Continuous random number generator test—This test is run when a random number is generated.
If two consecutive random numbers are different, the test succeeds. Otherwise, the test fails. This test

is also run when a DSA/RSA asymmetrical key pair is generated.

Triggering a self-test

To examine whether the cryptography modules operate normally, you can use a command to trigger a

self-test on the cryptographic algorithms. The triggered self-test is the same as the power-up self-test.
If the self-test fails, the device automatically reboots.
To trigger a self-test:

Step Command

1.

Enter system view.

system-view

2.

Trigger a self-test.

fips self-test