AS II FIPS PIC Errors

JUNOS-FIPS errors stop all data output from the cryptographic module and cause the module to panic, except very early in the boot cycle. The AS II FIPS PICs react to the error either at image download or run time.

The AS II FIPS PIC image is downloaded from the Routing Engine and verifies the image signatures after a verification self-test is run on the PIC. If the self-test or image signature verification fails, the AS II FIPS PIC repeats the image download process. If the process fails again, or if the signature is missing from the image, the AS II PIC panics and reboots.

The AS II FIPS PIC software uses only FIPS-approved cryptographic algorithms, and only after a series of known answer self-tests. A self-test failure generates an AS II FIPS PIC error state.

The following AS II FIPS PIC errors create a panic:

• Know answer test failure
• Random number is not random
• Password authentication failure during AS II FIPS PIC authorization

Password authentication failure during authorization causes auto-zeroization of the AS II FIPS PIC, as well as a panic reboot.

The following AS II FIPS PIC errors during authorization create a system log report and clean up the error, but do not cause a panic reboot:

• SA installation failure due to lack of a session key to decrypt the IPSec SA keys received from the Routing Engine
• SA installation failure due to reception of unencrypted IPSec SA keys from the Routing Engine after the AS II FIPS PIC has been authorized
• Memory allocation error

For information about JUNOS-FIPS errors, see Errors and Error Status Messages .

Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice.