Enterasys Networks XSR-3250, XSR-1805 manual Self-Tests, Copyright 2003 Enterasys Networks Page 20

Self-Tests

The module performs a set of self-tests in order to ensure proper operation in compliance with FIPS 140-2. These self-tests are run during power-up (power-up self-tests) or when certain conditions are met (conditional self-tests).

Power-up Self-tests:

•Software integrity tests: the modules use an EDC, in the form of an MD5 checksum, to check the integrity of its various components

•Cryptographic algorithm tests:

oAES-CBC KAT

oDES-CBC KAT

oTriple-DES-CBC KAT

oPRNG KAT

oRSA pair-wise consistency test (signing and verification)

oDSA pair-wise consistency test

oSHA-1 KAT

oHMAC SHA-1 KAT

•Bypass mode test: the module performs SHA-1 check value verification to ensure that the IPSec policies are not modified.

•Software load test: the module uses HMAC SHA-1 to check the validity of the software. Only validated software can be loaded into the modules.

•Critical function test: during cold boot, the module performs power- up diagnostics to verify the functionality of installed hardware (memory and interfaces).

Conditional Self-tests:

•RSA pair-wise consistency test: this test is performed when RSA keys are generated for IKE.

•DSA pair-wise consistency test: this test is performed when DSA keys are generated for SSHv2.

© Copyright 2003 Enterasys Networks Page 20 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.