R0106-HP MSR Router Series Security Configuration Guide(V7)
440
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Disable FIPS mode.
undo fips mode enable
By default, the FIPS mode is
disabled.
FIPS self-tests
To ensure the correct operation of cryptography modules, FIPS provides self-test mechanisms, including
power-up self-test and conditional self-test. You can also trigger a self-test. If the power-up self-test fails,
the card where the self-test process exists reboots. If the conditional self-test fails, the system outputs
self-test failure information.
NOTE:
If a self-test fails, contact HP Support.
Power-up self-tests
The power-up self-test, also called "known-answer test", examines the availability of FIPS-allowed
cryptographic algorithms. A cryptographic algorithm is run on data for which the correct output is
already known. The calculated output is compared with the known answer. If they are not identical, the
known-answer test fails.
The power-up self-test examines the cryptographic algorithms listed in Table 14.
Table 14 Power-up self-test list
T
yp
e O
p
erations
Cryptographic algorithm
self-test
Tests the following algorithms:
• DSA (signature and authentication)
• RSA (signature and authentication)
• RSA (encryption and decryption)
• AES
• 3DES
• SHA1
• HMAC-SHA1
• Random number generator algorithms
Cryptographic engine self-test
Tests the following algorithms used by cryptographic engines:
• SHA1
• HMAC-SHA1
• AES
• RSA (signature and authentication)
• RSA (encryption and decryption)
• DSA (signature and authentication)
• Random number generator algorithms