Reference Guide
Crypto-C ME Cryptographic Toolkit 29
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
with Level 2 Roles, Services and Authentication
1.6 Self Tests
Crypto-C ME performs a number of power-up and conditional self-tests to ensure
proper operation.
If a power-up self-test fails for one of the resource libraries, all cryptographic services
for the library are disabled. Services for a disabled library can only be re-enabled by
reloading the FIPS 140-2 module. If a conditional self-test fails, the operation fails but
no services are disabled.
For self-test failures (power-up or conditional) the library notifies the user through the
returns and error codes for the API.
1.6.1 Power-up Self-test
Crypto-C ME implements the following power-up self-tests:
• AES in CCM, GCM, GMAC, and XTS mode Known Answer Tests (KATs)
(encrypt/decrypt)
• Triple-DES KATs (encrypt/decrypt)
• SHA-1,
SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256,
SHA3-224, SHA3-256, SHA3-384, and SHA3-512 KATs
• HMAC SHA-1,
HMAC SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256,
HMAC SHA3-224, SHA3-256, SHA3-384, and SHA3-512 KATs
• ANSI X9.63 KDF |
HKDF
Singe-step KDF
TLS 1.0/1.1 PRF, TLS 1.2 PRF KATs
• RSA sign/verify KATs
• RSA sign/verify test
• DSA sign/verify test
• ECDSA sign/verify test
• DH, ECDH and ECDHC conditional tests
• PRNG (CTR DRBG and HMAC DRBG) KATs
• Software integrity test using DSA signature verification.
Power-up self-tests are executed automatically when the module loads into memory.