44
7 Self Tests
The module performs the following Self Tests after being configured into either Remote AP mode or
Remote Mesh Portal mode. The module performs both power-up and conditional self-tests. In the event any
self-test fails, the module enters an error state, logs the error, and reboots automatically.
The module performs the following power-up self-tests:
Aruba Hardware known Answer tests:
o
AES KAT
o
HMAC-SHA1 KAT
o
Triple-DES KAT
ArubaOS OpenSSL AP Module
o
AES KAT
o
HMAC (HMAC-SHA1, HMAC-SHA256 and HMAC SHA384) KAT
o
RNG KAT
o
RSA KAT
o
SHS (SHA1, SHA256 and SHA384) KAT
o
Triple-DES KAT
ArubaOS Cryptographic Module
o
AES KAT
o
HMAC (HMAC-SHA1, HMAC-SHA256, HMAC SHA384, and HMAC512) KAT
o
FIPS 186-2 RNG KAT
o
RSA (sign/verify)
o
SHS (SHA1, SHA256, SHA384, and SHA512) KAT
o
Triple-DES KAT
ArubaOS Uboot Bootloader Module
o
Firmware Integrity Test: RSA 2048-bit Signature Validation
Aruba Atheros hardware CCM
o
AES-CCM KAT
The following Conditional Self-tests are performed in the module:
Continuous Random Number Generator Test–This test is run upon generation of random data by
the module’s random number generators to detect failure to a constant value. The module stores
the first random number for subsequent comparison, and the module compares the value of the
new random number with the random number generated in the previous round and enters an error
state if the comparison is successful. The test is performed for the approved as well as non-
approved RNGs.
RSA pairwise Consistency Test
Firmware load test
These self-tests are run for the Atheros hardware cryptographic implementation as well as for the Aruba
OpenSSL and ArubaOS cryptographic module implementations.