Self-Tests
Section 4.9 of Security Requirements For Cryptographic Modules mandates that cryptographic modules perform power-on self-tests and conditional self-tests to ensure that the module is functioning properly. Power-on self-tests are performed when the cryptographic module powers up. Conditional self-tests are performed when an RSA or RNG operation is requested.
Power-on Self-Tests
Acme Packet FIPS-compliant platforms perform the following power-up tests when power is enabled on the module. These self-tests require no input from the user.
Firmware Integrity Test
- RSA 2048 Firmware Integrity Test
Mocana Self-Tests
- AES (Encrypt/Decrypt) Known Answer Test
- Triple-DES (Encrypt/Decrypt) Known Answer Test
- SHA-1 Known Answer Test
- HMAC-SHA-1 Known Answer Test
- HMAC-SHA-256 Known Answer Test
- RSA Verify Known Answer Test
- IKEv2KDF Known Answer Test
OpenSSL Self-Tests
- SHA-1 Known Answer Test
- SHA-256 Known Answer Test
- SHA-512 Known Answer Test
- HMAC-SHA-1 Known Answer Test
- HMAC-SHA-256 Known Answer Test
- HMAC-SHA-384 Known Answer Test
- HMAC SHA-512 Known Answer Test
- AES (Encrypt/Decrypt) Known Answer Test
- AES CBC Known Answer Test
- AES GCM (Encrypt/Decrypt) Known Answer Test
- AES GCM Known Answer Test
- AES ECB Known Answer Test
- AES CTR Known Answer Test
- Triple-DES (Encrypt/Decrypt) Known Answer Test
- Triple-DES CBC Known Answer Test
- SP 800-90A DRBG Known Answer Test
- RSA sign/verify Known Answer Test
- ECDSA sign/verify Known Answer Test
- DRBG Known Answer Test
- DRBG Health Test
Note:
When the module is in a power-up self-test state or error state, the data output interface is inhibited and remains inhibited until the module can transition into an operational state.