了解 FIPS 自检
加密模块强制执行安全规则,以确保以 FIPS 操作模式运行瞻博网络 Junos 操作系统 (Junos OS) 的设备满足 FIPS 140-3 级别 2 的安全要求。为了验证批准用于 FIPS 的加密算法的输出并测试某些系统模块的完整性,设备执行以下一系列已知应答测试 (KAT) 自检:
-
kernel_kats
- KAT 表示内核加密例程 -
md_kats
- KAT 代表 libmd 和 libc -
openssl_kats
—用于 OpenSSL 加密实现的 KAT -
openssl-102_kats
- 用于 OpenSSL v1.0.2 加密实现的 KAT -
quicksec_7_0_kats
- 用于Quicksec_7_0Toolkit加密实现的 KAT -
octcrypto_kats
- KAT 代表八进制
-
srxpfe_kats
— 用于 SRX 数据包转发引擎的 KAT
当设备上启用了 FIPS 操作模式时,KAT 自检会在启动和重新启动时自动执行。还会自动执行条件自检,以验证经过数字签名的软件包、生成的随机数、RSA 和 ECDSA 密钥对以及手动输入的密钥。
如果 KAT 成功完成,则会更新系统日志 (syslog) 文件以显示已执行的测试。
如果设备未通过 KAT,设备会将详细信息写入系统日志文件,进入 FIPS 错误状态(死),然后重新启动。
该 file show /var/log/messages
命令将显示系统日志。
重新启动完成后继续正常操作。如果发生错误,请联系瞻博网络技术支持中心 (JTAC)。
您必须具有管理 权限才能配置 FIPS 自检。设备必须在 FIPS 模式软件中运行评估版本的 Junos OS。
在此示例中,FIPS 自检于每周三上午 9:00 在美国纽约市执行。
在设备上执行开机自检
每次打开加密模块电源时,该模块都会测试加密算法是否仍正常运行以及敏感数据是否未损坏。通过重启模块电源,按需执行上电自检。打开设备电源或重置设备时,模块将执行以下自检。在模块使用任何其他加密之前,必须成功完成所有 KAT。如果其中一个 KAT 失败,模块将进入严重故障错误状态。运行上电自检时,模块显示SRX5400和SRX5800设备的以下状态输出:Initializing Verified Exec: random: randomdev_wait_until_seeded unblock wait uhub1: 2 ports with 2 removable, self powered uhub0: 2 ports with 2 removable, self powered ugen1.2: <vendor 0x8087 product 0x8002> at usbus1 uhub2 on uhub0 uhub2: <vendor 0x8087 product 0x8002, class 9/0, rev 2.00/0.05, addr 2> on usbus1 uhub2: 8 ports with 8 removable, self powered random: Entropy start-up health tests performed on 1024 samples passed. random: unblocking device. FIPS veriexec ECDSA Verify Known Answer Test: Passed Verified os-kernel-prd-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Enforcing Verified Exec: Verified os-libs-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Mounting os-libs-12-x86-64-20220607.2c547a1_builder_stable_12_222 Verified os-runtime-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Mounting os-runtime-x86-64-20220607.2c547a1_builder_stable_12_222 ** /dev/gpt/config ** Last Mounted on /.mount/config ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 31 files, 30 used, 406089 free (9 frags, 50760 blocks, 0.0% fragmentation) ***** FILE SYSTEM IS CLEAN ***** ** /dev/gpt/var ** Last Mounted on /.mount/var ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 942 files, 1550816 used, 2103356 free (636 frags, 262840 blocks, 0.0% fragmentation) ***** FILE SYSTEM IS CLEAN ***** @ 1665143338 [2022-10-07 11:48:58 UTC] verify pending ... Verified fips-mode-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jdocs-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified dsa-x86-64-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jinsight-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jmrt-base-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jphone-home-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jsd-x86-32-22.9-jet-1 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-daemons-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-daemons-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-dp-crypto-support-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-l2-rsi-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-compat32-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-compat32-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-srxtvp-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-modules-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-net-mtx-prd-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-openconfig-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-platform-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-platform-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-pppoe-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-probe-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-redis-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-aggregated-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-compat32-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-controller-external-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-mpls-oam-basic-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-lsys-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-runtime-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-runtime-srxtvp-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-runtime-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-net-prd-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified na-telemetry-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jweb-srxtvp-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-kernel-prd-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-compat32-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-crypto-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-boot-junos-ve-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-libs-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-runtime-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-libs-compat32-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-vmguest-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified py-base-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified py-extensions-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-zoneinfo-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 @ 1665143338 [2022-10-07 11:48:58 UTC] verify done @ 1665143338 [2022-10-07 11:48:58 UTC] activating Verified jail-runtime signed by PackageProductionECP256_2022 method ECDSA256+SHA256 kern.activate_pending_set: 0 -> 1 NOTE: 'pending' set now 'active' @ 1665143340 [2022-10-07 11:49:00 UTC] mount start @ 1665143340 [2022-10-07 11:49:00 UTC] junos 22.2R1.9 Mounting os-zoneinfo-20220607.2c547a1_builder_stable_12_222 Mounting os-libs-compat32-12-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting os-compat32-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting py-extensions-x86-32-20220617.153850_builder_junos_222_r1 Mounting py-base-x86-32-20220617.153850_builder_junos_222_r1 Mounting os-vmguest-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting os-crypto-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting junos-net-prd-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-libs-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-libs-compat32-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-runtime-x86-32-20220617.153850_builder_junos_222_r1 Starting watchdog daemon ... Mounting na-telemetry-x86-32-22.2R1.9 Mounting junos-libs-compat32-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-runtime-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-platform-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-platform-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-runtime-srxtvp-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-routing-mpls-oam-basic-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-lsys-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-controller-external-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-compat32-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-aggregated-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-redis-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-probe-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-pppoe-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-openconfig-x86-32-22.2R1.9 Mounting junos-modules-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-libs-srxtvp-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-libs-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-l2-rsi-20220617.153850_builder_junos_222_r1 Mounting junos-dp-crypto-support-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-daemons-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-daemons-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting jsd-x86-32-22.2R1.9-jet-1 Mounting jphone-home-x86-32-20220617.153850_builder_junos_222_r1 Mounting jmrt-base-x86-64-20220617.153850_builder_junos_222_r1 Mounting jinsight-x86-32-22.2R1.9 Mounting jdocs-x86-32-20220617.153850_builder_junos_222_r1 Mounting fips-mode-x86-64-20220617.153850_builder_junos_222_r1 Mounting dsa-x86-64-22.2R1.9 @ 1665143423 [2022-10-07 11:50:23 UTC] mount done grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory Removing /etc/malloc.conf Detected data disk Initialize /var subdirs... Mounting shared partition /var/host .. Detected swap drive Enable swap *** Creating PVIDb..\n 1371+0 records in 1371+0 records out 712920 bytes transferred in 0.010728 secs (66451475 bytes/sec) Copied libschema-filter-dd.tlv to /opt/lib/dd/filter\n Executing the Junos host files signature script Verified manifest signed by PackageDevelopmentECP256_2022 method ECDSA256+SHA256 mkdir: /mfs/var/run: File exists *** Mounting Host disks ... Verified fips-optest-x86-32-22.2R1 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 /usr/sbin/pkg: package fips-mode-x86-64-20220617.153850_builder_junos_222_r1 is already installed @ 1665143426 [2022-10-07 11:50:26 UTC] vmguest: setup ... @ 1665143426 [2022-10-07 11:50:26 UTC] vmguest: mounted /dev/vtbd2 @ 1665143426 [2022-10-07 11:50:26 UTC] vmguest: no config found: total 0 usage: umount [-fNnv] special ... | node ... | fsid ... umount -a | -A [-F fstab] [-fnv] [-h host] [-t type] Cannot find: jsim-pfe usage: /usr/sbin/pkg add <pkg> ... where <pkg> is a compressed tar file /usr/sbin/pkg: package fips-mode-x86-64-20220617.153850_builder_junos_222_r1 is already installed Checking platform support for: srxtvp Attempting to add missing junos-modules-srxtvp Verified junos-modules-srxtvp signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified contents/contents.izo Verified contents/contents.symlinks Verified package.xml Adding junos-modules-srxtvp-x86-64-20220617.153850_builder_junos_222_r1 ... The package junos-modules-srxtvp-x86-64-20220617.153850_builder_junos_222_r1 is now active Attempting to add missing junos-appsecure-tvp Verified junos-appsecure-tvp signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified contents/contents.izo Verified contents/contents.symlinks Verified package.xml Adding junos-appsecure-tvp-x86-32-20220617.153850_builder_junos_222_r1 ... The package junos-appsecure-tvp-x86-32-20220617.153850_builder_junos_222_r1 is now active Mounting junos-modules-srxtvp-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-appsecure-tvp-x86-32-20220617.153850_builder_junos_222_r1 @ 1665143430 [2022-10-07 11:50:30 UTC] mountlate start Mounting jweb-srxtvp-x86-32-20220617.153850_builder_junos_222_r1 Setup /packages/mnt/jweb-srxtvp-1860cb5b/jail/var/cache dir only for srxtvp mount_nullfs: /web-api: No such file or directory @ 1665143435 [2022-10-07 11:50:35 UTC] mountlate done kern.module_path: /packages/sets/pending/boot/os-vmguest/;/packages/sets/pending/boot/netstack/;/packages/sets/pending/boot/os-crypto/;/packages/sets/pending/boot/os-kernel/;/packages/sets/pending/boot/junos-net-platform/;/packages/sets/pending/boot/junos-modules/ -> /modules;/modules/ifpfe_drv;/modules/ifpfe_media;/modules/peertype;/modules/platform Loading JUNOS chassis module chassis_init_hw_chassis_startup_time: chassis startup time 0.000000, shared: 0x7ffffffff300, base: 0x7ffffffff000, offset: 0x300 IPsec: Initialized Security Association Processing. Loading the SLB driver Loading the Protobuf-C module hgcommdev0: <HGCOMMDEV For Host VM communication> mem 0xfebf3000-0xfebf3fff at device 22.0 on pci0 hgcommdev0: hgcommdev: registers at 0xfffff800febf3000 pci-hgcomdev module loaded bcmsdk_5_9_x kld Loading BCMSDK module..... Junosprocfs mounted on /junosproc. VirtIO PCI 9P Transport adapter is not present VirtIO PCI 9P Transport adapter is not present @ 1665143437 [2022-10-07 11:50:37 UTC] mgd start Creating initial configuration: ... mgd: Running FIPS Self-tests mgd: Testing kernel KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: SHA-2-384 Known Answer Test: Passed mgd: SHA-2-512 Known Answer Test: Passed mgd: AES128-CMAC Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: Testing MACSec KATS: mgd: AES128-CMAC Known Answer Test: Passed mgd: AES256-CMAC Known Answer Test: Passed mgd: AES-ECB Known Answer Test: Passed mgd: AES-KEYWRAP Known Answer Test: Passed mgd: KBKDF Known Answer Test: Passed mgd: Testing libmd KATS: mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: SHA-2-512 Known Answer Test: Passed mgd: Testing OpenSSL v1.0.2 KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: FIPS ECDSA Known Answer Test: Passed mgd: FIPS ECDH Known Answer Test: Passed mgd: FIPS RSA Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-SSH-SHA256 Known Answer Test: Passed mgd: KAS-ECC-EPHEM-UNIFIED-NOKC Known Answer Test: Passed mgd: KAS-FFC-EPHEM-NOKC Known Answer Test: Passed mgd: Testing OpenSSL KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: FIPS ECDSA Known Answer Test: Passed mgd: FIPS ECDH Known Answer Test: Passed mgd: FIPS RSA Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-SSH-SHA256 Known Answer Test: Passed mgd: KAS-ECC-EPHEM-UNIFIED-NOKC Known Answer Test: Passed mgd: KAS-FFC-EPHEM-NOKC Known Answer Test: Passed mgd: Testing QuickSec 7.0 KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: SSH-ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-IKE-V2 Known Answer Test: Passed mgd: Testing QuickSec KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-IKE-V2 Known Answer Test: Passed mgd: Testing SSH IPsec KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: Testing file integrity: mgd: File integrity Known Answer Test: Passed mgd: Testing crypto integrity: mgd: Crypto integrity Known Answer Test: Passed mgd: Expect an exec Authentication error... MAC/veriexec: no fingerprint (file=/sbin/kats/cannot-exec fsid=209 fileid=49356 gen=1 uid=0 pid=24703 ppid=24670 gppid=24666)mgd: /sbin/kats/run-tests: /sbin/kats/cannot-exec: Authentication error mgd: FIPS Self-tests Passed
Initializing Verified Exec: random: randomdev_wait_until_seeded unblock wait uhub0: 21 ports with 21 removable, self powered random: Entropy start-up health tests performed on 1024 samples passed. random: unblocking device. FIPS veriexec ECDSA Verify Known Answer Test: Passed Verified os-kernel-prd-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Enforcing Verified Exec: Verified os-libs-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Mounting os-libs-12-x86-64-20220607.2c547a1_builder_stable_12_222 Verified os-runtime-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Mounting os-runtime-x86-64-20220607.2c547a1_builder_stable_12_222 ** /dev/gpt/config FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 426502 free (6 frags, 53312 blocks, 0.0% fragmentation) ** /dev/gpt/var FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 12942661 free (317 frags, 1617793 blocks, 0.0% fragmentation) @ 1663137800 [2022-09-14 06:43:20 UTC] verify active ... Verified jail-runtime-x86-32-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified fips-optest-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jdocs-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified dsa-x86-64-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified fips-mode-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jinsight-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-common-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-X960-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-X-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jmrt-base-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jfirmware-x86-32-22.8 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-spc3-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-wrlinuxlts19-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-appid-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-aacl-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-alg-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jsd-x86-32-22.9-jet-1 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-cos-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-cpcd-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-crypto-base-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-hcm-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-idp-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-dnsf-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-ids-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-ipsec-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-jflow-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-llpdf-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-lrf-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-jdpi-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-mobile-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-mss-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-nat-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-pcef-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-rpm-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-rtcom-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-sfw-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-softwire-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-tcp-log-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-telemetry-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-traffic-dird-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-ssl-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-daemons-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-urlf-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-daemons-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-dp-crypto-support-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-appsecure-he-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-ike-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-l2-rsi-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-compat32-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-modules-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-compat32-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-modules-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-probe-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-net-mtx-prd-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-platform-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-openconfig-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-platform-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-compat32-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-redis-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-aggregated-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-lsys-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-runtime-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-mpls-oam-basic-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-runtime-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified na-telemetry-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jweb-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-net-prd-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-boot-junos-ve-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-compat32-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-libs-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-kernel-prd-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-crypto-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-runtime-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-vmguest-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-libs-compat32-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified py-base-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified py-extensions-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-vmguest-mtx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-zoneinfo-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 @ 1663137801 [2022-09-14 06:43:21 UTC] verify done @ 1663137801 [2022-09-14 06:43:21 UTC] mount start @ 1663137801 [2022-09-14 06:43:21 UTC] junos 22.2R1.9 Mounting os-zoneinfo-20220607.2c547a1_builder_stable_12_222 Mounting junos-net-prd-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-libs-x86-64-20220617.153850_builder_junos_222_r1 Mounting os-libs-compat32-12-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting os-compat32-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting junos-libs-compat32-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-runtime-x86-32-20220617.153850_builder_junos_222_r1 Starting watchdog daemon ... Mounting junos-vmguest-mtx-x86-64-20220617.153850_builder_junos_222_r1 Mounting py-extensions-x86-32-20220617.153850_builder_junos_222_r1 Mounting py-base-x86-32-20220617.153850_builder_junos_222_r1 Mounting os-vmguest-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting os-crypto-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting na-telemetry-x86-32-22.2R1.9 Mounting junos-libs-compat32-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-runtime-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-routing-mpls-oam-basic-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-lsys-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-compat32-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-aggregated-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-redis-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-probe-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-platform-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-platform-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-openconfig-x86-32-22.2R1.9 Mounting junos-modules-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-modules-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-libs-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-l2-rsi-20220617.153850_builder_junos_222_r1 Mounting junos-dp-crypto-support-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-daemons-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-daemons-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-appsecure-he-x86-32-20220617.153850_builder_junos_222_r1 Mounting jsd-x86-32-22.2R1.9-jet-1 Mounting jpfe-wrlinuxlts19-x86-32-20220617.153850_builder_junos_222_r1 Mounting jpfe-spc3-x86-32-20220617.153850_builder_junos_222_r1 Mounting jpfe-X960-x86-32-20220617.153850_builder_junos_222_r1 Mounting jpfe-common-x86-32-20220617.153850_builder_junos_222_r1 Mounting jpfe-X-x86-32-20220617.153850_builder_junos_222_r1 Mounting jmrt-base-x86-64-20220617.153850_builder_junos_222_r1 Mounting jinsight-x86-32-22.2R1.9 Mounting jfirmware-x86-32-22.2R1.8 Mounting jdocs-x86-32-20220617.153850_builder_junos_222_r1 Mounting fips-optest-x86-32-22.2R1.9 Mounting fips-mode-x86-64-20220617.153850_builder_junos_222_r1 Mounting dsa-x86-64-22.2R1.9 @ 1663137842 [2022-09-14 06:44:02 UTC] mount done grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory Removing /etc/malloc.conf Checking platform support for: srx5400 @ 1663137844 [2022-09-14 06:44:04 UTC] mountlate start Mounting jweb-srx-x86-32-20220617.153850_builder_junos_222_r1 Setup /packages/mnt/jweb-srx-5d585241/jail/var/cache dir only for srx5400 mount_nullfs: /web-api: No such file or directory Mounting junos-ike-x86-32-20220617.153850_builder_junos_222_r1 @ 1663137848 [2022-09-14 06:44:08 UTC] mountlate done kern.module_path: /packages/sets/active/boot/os-vmguest/;/packages/sets/active/boot/netstack/;/ packages/sets/active/boot/os-crypto/;/packages/sets/active/boot/os-kernel/;/packages/sets/active/ boot/junos-net-platform/;/packages/sets/active/boot/junos-modules/ -> /modules;/modules/dev;/ modules/ifpfe_drv;/modules/ifpfe_media;/modules/jam_core;/modules/jam_plugin;/modules/peertype;/ modules/platform besw0: mem 0xfeb80000-0xfeb8ffff irq 10 at device 5.0 on pci0 Loading BCMSDK module..... bcm_sdk_init(): DevID = 0xb680, RevID = 0x12 bcm_sdk_init: device ID: dev: 0xb680, rev: 0x12 bcm_sdk_init: device unit no: 0 bcm_soc_cm_device_init: device unit no: 0 bcore_init: after soc_reset_init bcore_init: after soc_misc_init bcore_init: after soc_mmu_init bcore_init: before bcm_init bcore_init: before port stuff bcore_init: after port stuff bcore_init: link scan interval is (soc_property): 4000000 bcore_mxseries_init: Finished mxseries port configuration bcore_init: Finished platform specific initialization bcm_sdk_init: Done sdk init Loading JUNOS chassis module chassis_init_hw_chassis_startup_time: chassis startup time 0.000000, shared: 0x7ffffffff300, base: 0x7ffffffff000, offset: 0x300 IPsec: Initialized Security Association Processing. hgcommdev0: port 0xc000-0xc0ff mem 0xfeba8000-0xfeba8fff at device 22.0 on pci0 hgcommdev0: hgcommdev: registers at 0xfffff800feba8000 pci-hgcomdev module loadedLoading the CHMIC module Loading POS driver Loading Aggregate sonet driver Loading the SLB driver Loading the IMA Group Media Layer; Attaching to media services layer Loading the IMA Link Media Layer; Attaching to media services layer Loading the SONET Media Layer; Attaching to media services layer Loading the Protobuf-C module Loading the JAM-Core module Loading the JAM-Core module - succeeded Loading Multilink Services PICs module. Loading the Mx Platform NETPFE module MTX Platform JAM-Core module - load success interface pci_hgcommdev.1 already present in the KLD 'pci-hgcomm.ko'! linker_load_file: /modules/platform/pci_hgcomm.ko - unsupported file type kldload: an error occurred while loading module pci_hgcomm.ko. Please check dmesg(8) for more details. Junosprocfs mounted on /junosproc. VirtIO PCI 9P Transport adapter is not present @ 1663137852 [2022-09-14 06:44:12 UTC] mgd start Creating initial configuration: ... mgd: Running FIPS Self-tests mgd: Testing kernel KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: SHA-2-384 Known Answer Test: Passed mgd: SHA-2-512 Known Answer Test: Passed mgd: AES128-CMAC Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: Testing MACSec KATS: mgd: AES128-CMAC Known Answer Test: Passed mgd: AES256-CMAC Known Answer Test: Passed mgd: AES-ECB Known Answer Test: Passed mgd: AES-KEYWRAP Known Answer Test: Passed mgd: KBKDF Known Answer Test: Passed mgd: Testing libmd KATS: mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: SHA-2-512 Known Answer Test: Passed mgd: Testing OpenSSL v1.0.2 KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: FIPS ECDSA Known Answer Test: Passed mgd: FIPS ECDH Known Answer Test: Passed mgd: FIPS RSA Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-SSH-SHA256 Known Answer Test: Passed mgd: KAS-ECC-EPHEM-UNIFIED-NOKC Known Answer Test: Passed mgd: KAS-FFC-EPHEM-NOKC Known Answer Test: Passed mgd: Testing OpenSSL KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: FIPS ECDSA Known Answer Test: Passed mgd: FIPS ECDH Known Answer Test: Passed mgd: FIPS RSA Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-SSH-SHA256 Known Answer Test: Passed mgd: KAS-ECC-EPHEM-UNIFIED-NOKC Known Answer Test: Passed mgd: KAS-FFC-EPHEM-NOKC Known Answer Test: Passed mgd: Testing QuickSec 7.0 KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: SSH-ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-IKE-V2 Known Answer Test: Passed mgd: Testing QuickSec KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-IKE-V2 Known Answer Test: Passed mgd: Testing SSH IPsec KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: Testing file integrity: mgd: File integrity Known Answer Test: Passed mgd: Testing crypto integrity: mgd: Crypto integrity Known Answer Test: Passed mgd: Expect an exec Authentication error... MAC/veriexec: no fingerprint (file=/sbin/kats/cannot-exec fsid=225 fileid=49356 gen=1 uid=0 206 pid=8369 ppid=8335 gppid=8333)mgd: /sbin/kats/run-tests: /sbin/kats/cannot-exec: Authentication error mgd: FIPS Self-tests Passed
当开机自检失败时,模块显示SRX5400和SRX5800设备的以下状态输出:
Testing kernel KATS: panic: pid 2121 (kernel_kats), uid 0, FIPS error 1: NIST 800-90 HMAC DRBG Known Answer Test: Failed Testing libmd KATS: panic: pid 91115 (md_kats), uid 0, FIPS error 1: HMAC-SHA1 Known Answer Test: Failed Testing OpenSSL v1.0.2 KATS: panic: pid 20121 (openssl-102_kats), uid 0, FIPS error 1: NIST 800-90 HMAC DRBG Known Answer Test: Failed Testing JSF Crypto (Octeon) KATs: panic: pid 2231 (jsf_crypto_octeon_k), uid 0, FIPS error 1: AES-GCM Known Answer Test: Failed Testing OpenSSL KATS: panic: pid 2340 (openssl_kats), uid 0, FIPS error 1: NIST 800-90 HMAC DRBG Known Answer Test: Failed Testing QuickSec 7.0 KATS: panic: pid 37538 (quicksec_7_0_kats), uid 0, FIPS error 1: NIST 800-90 HMAC DRBG Known Answer Test: Failed