7Self Tests
The module performs the following Self Tests after being configured into either Remote AP mode or Remote Mesh Portal mode. The module performs both power-up and conditional self-tests. In the event any self-test fails, the module enters an error state, logs the error, and reboots automatically.
The module performs the following power-up self-tests:
∙Aruba Hardware known Answer tests: o AES KAT
o HMAC-SHA1 KAT o Triple-DES KAT
∙ArubaOS OpenSSL AP Module
oAES KAT
oHMAC (HMAC-SHA1, HMAC-SHA256 and HMAC SHA384) KAT
oRNG KAT
oRSA KAT
oSHA (SHA1, SHA256 and SHA384) KAT
oTriple-DES KAT
∙ArubaOS Cryptographic Module
oAES KAT
oHMAC (HMAC-SHA1, HMAC-SHA256, HMAC SHA384, and HMAC512) KAT
oFIPS 186-2 RNG KAT
oRSA (sign/verify)
oSHA (SHA1, SHA256, SHA384, and SHA512) KAT
oTriple-DES KAT
∙ArubaOS Uboot Bootloader Module
oFirmware Integrity Test: RSA 2048-bit Signature Validation The following Conditional Self-tests are performed in the module:
∙Continuous Random Number Generator Test–This test is run upon generation of random data by the module's random number generators to detect failure to a constant value. The module stores the first random number for subsequent comparison, and the module compares the value of the new random number with the random number generated in the previous round and enters an error state if the comparison is successful. The test is performed for the approved as well as non- approved RNGs.
∙RSA pairwise Consistency Test
∙Firmware load test
These self-tests are run for the Cavium hardware cryptographic implementation as well as for the Aruba OpenSSL AP and ArubaOS cryptographic module implementations.
Self-test results are written to the serial console.
In the event of a KATs failure, the AP logs different messages, depending on the error.