Self-tests, Ests – Enterasys Networks XSR-1805 User Manual

Self-Tests

The module performs a set of self-tests in order to ensure proper
operation in compliance with FIPS 140-2. These self-tests are run during
power-up (power-up self-tests) or when certain conditions are met
(conditional self-tests).

Power-up Self-tests:

• Software integrity tests: the modules use an EDC, in the form of an

MD5 checksum, to check the integrity of its various components

• Cryptographic algorithm tests:

o AES-CBC KAT

o DES-CBC KAT

o Triple-DES-CBC KAT

o PRNG KAT

o RSA pair-wise consistency test (signing and verification)

o DSA pair-wise consistency test

o SHA-1 KAT

o HMAC SHA-1 KAT

• Bypass mode test: the module performs SHA-1 check value

verification to ensure that the IPSec policies are not modified.

• Software load test: the module uses HMAC SHA-1 to check the

validity of the software. Only validated software can be loaded into
the modules.

• Critical function test: during cold boot, the module performs power-

up diagnostics to verify the functionality of installed hardware
(memory and interfaces).

Conditional Self-tests:

• RSA pair-wise consistency test: this test is performed when RSA

keys are generated for IKE.

• DSA pair-wise consistency test: this test is performed when DSA

keys are generated for SSHv2.

© Copyright 2003

Enterasys Networks

Page 20 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.