FIPSセルフテストの概要
暗号化モジュールは、FIPS モードのジュニパーネットワークス Junosオペレーティングシステム(Junos OS)が FIPS 140-3 レベル 1 のセキュリティ要件を満たすようにセキュリティ ルールを適用します。FIPS で承認された暗号化アルゴリズムの出力を検証し、一部のシステム モジュールの整合性をテストするために、デバイスは次の一連の既知の応答テスト(KAT)セルフテストを実行します。
kernel_kats—カーネル暗号化ルーチンの KAT-
macsec_kats—MACsec暗号化実装のKAT md_kats—libmd と libc の KATopenssl_kats—OpenSSL暗号化実装のためのKATquicksec_kats—KAT for QuickSec Toolkit 暗号化実装
手記:
MACsec 認定のためには、LC KAT は AES-GCM-128 および AES-GCM-256 で実行する必要があります。
KAT セルフテストは、起動時に自動的に実行されます。条件付きセルフテストも自動的に実行され、デジタル署名されたソフトウェアパッケージ、生成された乱数、RSAとECDSAのキーペア、および手動で入力されたキーを検証します。
KAT が正常に完了すると、システム ログ(syslog)ファイルが更新され、実行されたテストが表示されます。
KAT の 1 つに障害が発生すると、デバイスはパニック状態になり、継続的に再起動します。デバイスは、USBインストールを使用して回復できます。
file show /var/log/messagesコマンドは、システムログを表示します。
root@host:fips> request system fips self-test Testing kernel KATS: NIST 800-90 HMAC DRBG Known Answer Test: Passed DES3-CBC Known Answer Test: Passed HMAC-SHA1 Known Answer Test: Passed HMAC-SHA2-256 Known Answer Test: Passed SHA-2-384 Known Answer Test: Passed SHA-2-512 Known Answer Test: Passed AES128-CMAC Known Answer Test: Passed AES-CBC Known Answer Test: Passed Testing MACSec KATS: AES128-CMAC Known Answer Test: Passed AES256-CMAC Known Answer Test: Passed AES-ECB Known Answer Test: Passed AES-KEYWRAP Known Answer Test: Passed KBKDF Known Answer Test: Passed Testing libmd KATS: HMAC-SHA1 Known Answer Test: Passed HMAC-SHA2-256 Known Answer Test: Passed SHA-2-512 Known Answer Test: Passed Testing OpenSSL v1.0.2 KATS: FIPS ECDSA Known Answer Test: Passed FIPS ECDH Known Answer Test: Passed DES3-CBC Known Answer Test: Passed HMAC-SHA1 Known Answer Test: Passed HMAC-SHA2-224 Known Answer Test: Passed HMAC-SHA2-256 Known Answer Test: Passed HMAC-SHA2-384 Known Answer Test: Passed HMAC-SHA2-512 Known Answer Test: Passed AES-CBC Known Answer Test: Passed AES-GCM Known Answer Test: Passed RSA-ENC Known Answer Test: Passed RSA-SIGN Known Answer Test: Passed KDF-IKE-V1 Known Answer Test: Passed KDF-SSH-SHA256 Known Answer Test: Passed KAS-ECC-EPHEM-UNIFIED-NOKC Known Answer Test: Passed KAS-FFC-EPHEM-NOKC Known Answer Test: Passed Testing OpenSSL KATS: FIPS ECDSA Known Answer Test: Passed FIPS ECDH Known Answer Test: Passed DES3-CBC Known Answer Test: Passed HMAC-SHA1 Known Answer Test: Passed HMAC-SHA2-224 Known Answer Test: Passed HMAC-SHA2-256 Known Answer Test: Passed HMAC-SHA2-384 Known Answer Test: Passed HMAC-SHA2-512 Known Answer Test: Passed AES-CBC Known Answer Test: Passed AES-GCM Known Answer Test: Passed RSA-ENC Known Answer Test: Passed RSA-SIGN Known Answer Test: Passed KDF-IKE-V1 Known Answer Test: Passed KDF-SSH-SHA256 Known Answer Test: Passed KAS-ECC-EPHEM-UNIFIED-NOKC Known Answer Test: Passed KAS-FFC-EPHEM-NOKC Known Answer Test: Passed Testing QuickSec 7.0 KATS: DES3-CBC Known Answer Test: Passed HMAC-SHA1 Known Answer Test: Passed HMAC-SHA2-224 Known Answer Test: Passed HMAC-SHA2-256 Known Answer Test: Passed HMAC-SHA2-384 Known Answer Test: Passed HMAC-SHA2-512 Known Answer Test: Passed AES-CBC Known Answer Test: Passed AES-GCM Known Answer Test: Passed SSH-RSA-ENC Known Answer Test: Passed SSH-RSA-SIGN Known Answer Test: Passed SSH-ECDSA-SIGN Known Answer Test: Passed KDF-IKE-V1 Known Answer Test: Passed KDF-IKE-V2 Known Answer Test: Passed Testing QuickSec KATS: DES3-CBC Known Answer Test: Passed HMAC-SHA1 Known Answer Test: Passed HMAC-SHA2-224 Known Answer Test: Passed HMAC-SHA2-256 Known Answer Test: Passed HMAC-SHA2-384 Known Answer Test: Passed HMAC-SHA2-512 Known Answer Test: Passed AES-CBC Known Answer Test: Passed AES-GCM Known Answer Test: Passed SSH-RSA-ENC Known Answer Test: Passed SSH-RSA-SIGN Known Answer Test: Passed KDF-IKE-V1 Known Answer Test: Passed KDF-IKE-V2 Known Answer Test: Passed Testing SSH IPsec KATS: NIST 800-90 HMAC DRBG Known Answer Test: Passed DES3-CBC Known Answer Test: Passed HMAC-SHA1 Known Answer Test: Passed HMAC-SHA2-256 Known Answer Test: Passed AES-CBC Known Answer Test: Passed SSH-RSA-ENC Known Answer Test: Passed SSH-RSA-SIGN Known Answer Test: Passed KDF-IKE-V1 Known Answer Test: Passed Testing file integrity: File integrity Known Answer Test: Passed Testing crypto integrity: Crypto integrity Known Answer Test: Passed Expect an exec Authentication error... /sbin/kats/run-tests: /sbin/kats/cannot-exec: Authentication error
手記:
このモジュールは、承認された操作モードで使用されていない暗号化ライブラリとアルゴリズムを実装しています。