F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
287
Table 64 List of power-up self-tests
T
yp
e O
p
erations
Cryptographic algorithm
self-tests
Test the following algorithms
• DSA (signature and authentication)
• RSA (signature and authentication)
• RSA (encryption and decryption)
• AES
• 3DES
• SHA1
• SHA256
• HMAC-SHA1
• Random number generator algorithms
Cryptographic engine self-tests
Test the following algorithms used by cryptographic engines:
• DSA (signature and authentication)
• RSA (signature and authentication)
• RSA (encryption and decryption)
• AES
• 3DES
• SHA1
• HMAC-SHA1
• Random number generator algorithms
Cryptographic card self-tests
Test the following algorithms used by cryptographic cards:
• AES
• 3DES
• SHA1
• HMAC-SHA1
256BConditional self-tests
A conditional self-test runs when an asymmetrical cryptographic module or a random number generator
module is invoked. Conditional self-tests include the following:
• Pair-wise consistency test—This test is run when a DSA/RSA asymmetrical key-pair is generated. It
uses the public key to encrypt a plain text, and uses the private key to decrypt the encrypted text. If
the decryption is successful, the test succeeds. Otherwise, the test fails.
• Continuous random number generator test—This test is run when a random number is generated.
If two consecutive random numbers are different, the test succeeds. Otherwise, the test fails. This test
is also run when a DSA/RSA asymmetrical key pair is generated.
257BTriggered self-test
To verify whether the password algorithm modules operate normally, use this command to trigger a
self-test on the password algorithms. The triggered self-test is the same as the automatic self-test when the
device starts up.
If the self-test fails, the device automatically reboots.
Follow these steps to trigger a self-test: