Self-Tests

Key Zeroization

All of the keys and CSPs of the module can be zeroized. Please refer to the Description column of Table 2 for information on methods to zeroize each key and CSP.

Self-Tests

To prevent secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The router includes an array of self-tests that are run during startup and periodically during operations. If any of the self-tests fail, the router transitions into an error state. Within the error state, all secure data transmission is halted and the router outputs status information indicating the failure.

Self-tests performed by the IOS image:

Power-up tests

Firmware integrity test

RSA signature KAT (both signature and verification)

DES KAT

TDES KAT

AES KAT

SHA-1 KAT

PRNG KAT

Power-up bypass test

Diffie-Hellman self-test

HMAC-SHA-1 KAT

Conditional tests

Conditional bypass test

Pairwise consistency test on RSA signature

Continuous random number generator tests

Self-tests performed by the VAM (cryptographic accelerator):

Power-up tests

Firmware integrity test

RSA signature KAT (both signature and verification)

DES KAT

TDES KAT

SHA-1 KAT

HMAC-SHA-1 KAT

PRNG KAT

Conditional tests

Pairwise consistency test on RSA signature

FIPS 140-2 Nonproprietary Security Policy for Cisco 7206VXR NPE-400 Router with VAM

 

OL-3959-01

15

 

 

 

Page 14 Page 16
Page 15
Image 15
Cisco Systems 7206VXR NPE-400 Self-Tests, Key Zeroization, DES KAT Tdes KAT AES KAT SHA-1 KAT Prng KAT, HMAC-SHA-1 KAT
Page 14 Page 16
Top Page Image Contents