FIPS 자체 테스트 이해
암호화 모듈은 FIPS 운영 모드에서 주니퍼 네트웍스 Junos 운영 체제(Junos OS)를 실행하는 디바이스가 FIPS 140-3 레벨 2의 보안 요구 사항을 충족하도록 보안 규칙을 적용합니다. FIPS에 대해 승인된 암호화 알고리즘의 출력을 검증하고 일부 시스템 모듈의 무결성을 테스트하기 위해 디바이스는 다음과 같은 일련의 알려진 답변 테스트(KAT) 자체 테스트를 수행합니다.
-
kernel_kats
—커널 암호화 루틴의 경우 KAT -
md_kats
—libmd 및 libc의 경우 KAT -
openssl_kats
—OpenSSL 암호화 구현을 위한 KAT -
openssl-102_kats
—OpenSSL v1.0.2 암호화 구현을 위한 KAT -
quicksec_7_0_kats
—Quicksec_7_0Toolkit 암호화 구현을 위한 KAT -
octcrypto_kats
—KAT for Octeon
-
srxpfe_kats
—SRX 패킷 포워딩 엔진용 KAT
KAT 자체 테스트는 장치에서 FIPS 작동 모드가 활성화된 경우 시작 및 재부팅 시 자동으로 수행됩니다. 조건부 자체 테스트도 자동으로 수행되어 디지털 서명된 소프트웨어 패키지, 생성된 난수, RSA 및 ECDSA 키 쌍, 수동으로 입력한 키를 확인합니다.
KAT가 성공적으로 완료되면 시스템 로그(syslog) 파일이 업데이트되어 실행된 테스트가 표시됩니다.
디바이스가 KAT에 실패하면 디바이스는 시스템 로그 파일에 세부 정보를 기록하고 FIPS 오류 상태(패닉)로 전환한 후 재부팅합니다.
명령은 file show /var/log/messages
시스템 로그를 표시합니다.
재부팅이 완료된 후 정상 작동을 진행합니다. 오류가 발생하면 주니퍼 네트웍스 기술 지원 센터(JTAC)에 문의하십시오.
FIPS 자체 테스트를 구성하려면 관리자 권한이 있어야 합니다. 디바이스는 FIPS 모드 소프트웨어에서 평가된 버전의 Junos OS를 실행해야 합니다.
이 예에서 FIPS 자체 테스트는 매주 수요일 미국 뉴욕시에서 오전 9:00에 실행됩니다.
디바이스에서 전원 켜기 자체 테스트 수행
암호화 모듈의 전원을 켤 때마다 모듈은 암호화 알고리즘이 여전히 올바르게 작동하고 중요한 데이터가 손상되지 않았는지 테스트합니다. 전원 켜기 자체 테스트는 모듈의 전원을 껐다가 켜서 요청 시 수행됩니다. 장치의 전원을 켜거나 재설정할 때 모듈은 다음과 같은 자체 테스트를 수행합니다. 모듈에서 암호화를 사용하기 전에 모든 KAT를 성공적으로 완료해야 합니다. KAT 중 하나가 실패하면 모듈은 심각한 오류 상태로 들어갑니다. 모듈은 전원 공급 자체 테스트를 실행하는 동안 SRX5400 및 SRX5800 장치에 대해 다음과 같은 상태 출력을 표시합니다.Initializing Verified Exec: random: randomdev_wait_until_seeded unblock wait uhub0: 21 ports with 21 removable, self powered random: Entropy start-up health tests performed on 1024 samples passed. random: unblocking device. FIPS veriexec ECDSA Verify Known Answer Test: Passed Verified os-kernel-prd-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Enforcing Verified Exec: Verified os-libs-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Mounting os-libs-12-x86-64-20220607.2c547a1_builder_stable_12_222 Verified os-runtime-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Mounting os-runtime-x86-64-20220607.2c547a1_builder_stable_12_222 ** /dev/gpt/config FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 426502 free (6 frags, 53312 blocks, 0.0% fragmentation) ** /dev/gpt/var FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 12942661 free (317 frags, 1617793 blocks, 0.0% fragmentation) @ 1663137800 [2022-09-14 06:43:20 UTC] verify active ... Verified jail-runtime-x86-32-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified fips-optest-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jdocs-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified dsa-x86-64-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified fips-mode-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jinsight-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-common-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-X960-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-X-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jmrt-base-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jfirmware-x86-32-22.8 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-spc3-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jpfe-wrlinuxlts19-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-appid-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-aacl-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-alg-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jsd-x86-32-22.9-jet-1 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-cos-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-cpcd-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-crypto-base-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-hcm-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-idp-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-dnsf-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-ids-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-ipsec-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-jflow-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-llpdf-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-lrf-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-jdpi-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-mobile-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-mss-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-nat-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-pcef-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-rpm-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-rtcom-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-sfw-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-softwire-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-tcp-log-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-telemetry-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-traffic-dird-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-ssl-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-daemons-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jservices-urlf-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-daemons-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-dp-crypto-support-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-appsecure-he-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-ike-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-l2-rsi-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-compat32-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-modules-srx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-compat32-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-libs-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-modules-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-probe-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-net-mtx-prd-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-platform-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-openconfig-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-platform-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-compat32-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-redis-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-aggregated-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-lsys-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-runtime-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-routing-mpls-oam-basic-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-runtime-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified na-telemetry-x86-32-22.9 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified jweb-srx-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-net-prd-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-boot-junos-ve-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-compat32-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-libs-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-kernel-prd-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-crypto-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-runtime-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-vmguest-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-libs-compat32-12-x86-64-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified py-base-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified py-extensions-x86-32-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified junos-vmguest-mtx-x86-64-20220617 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 Verified os-zoneinfo-20220607 signed by PackageProductionECP256_2022 method ECDSA256+SHA256 @ 1663137801 [2022-09-14 06:43:21 UTC] verify done @ 1663137801 [2022-09-14 06:43:21 UTC] mount start @ 1663137801 [2022-09-14 06:43:21 UTC] junos 22.2R1.9 Mounting os-zoneinfo-20220607.2c547a1_builder_stable_12_222 Mounting junos-net-prd-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-libs-x86-64-20220617.153850_builder_junos_222_r1 Mounting os-libs-compat32-12-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting os-compat32-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting junos-libs-compat32-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-runtime-x86-32-20220617.153850_builder_junos_222_r1 Starting watchdog daemon ... Mounting junos-vmguest-mtx-x86-64-20220617.153850_builder_junos_222_r1 Mounting py-extensions-x86-32-20220617.153850_builder_junos_222_r1 Mounting py-base-x86-32-20220617.153850_builder_junos_222_r1 Mounting os-vmguest-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting os-crypto-x86-64-20220607.2c547a1_builder_stable_12_222 Mounting na-telemetry-x86-32-22.2R1.9 Mounting junos-libs-compat32-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-runtime-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-routing-mpls-oam-basic-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-lsys-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-compat32-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-routing-aggregated-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-redis-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-probe-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-platform-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-platform-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-openconfig-x86-32-22.2R1.9 Mounting junos-modules-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-modules-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-libs-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-l2-rsi-20220617.153850_builder_junos_222_r1 Mounting junos-dp-crypto-support-srx-x86-32-20220617.153850_builder_junos_222_r1 Mounting junos-daemons-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-daemons-srx-x86-64-20220617.153850_builder_junos_222_r1 Mounting junos-appsecure-he-x86-32-20220617.153850_builder_junos_222_r1 Mounting jsd-x86-32-22.2R1.9-jet-1 Mounting jpfe-wrlinuxlts19-x86-32-20220617.153850_builder_junos_222_r1 Mounting jpfe-spc3-x86-32-20220617.153850_builder_junos_222_r1 Mounting jpfe-X960-x86-32-20220617.153850_builder_junos_222_r1 Mounting jpfe-common-x86-32-20220617.153850_builder_junos_222_r1 Mounting jpfe-X-x86-32-20220617.153850_builder_junos_222_r1 Mounting jmrt-base-x86-64-20220617.153850_builder_junos_222_r1 Mounting jinsight-x86-32-22.2R1.9 Mounting jfirmware-x86-32-22.2R1.8 Mounting jdocs-x86-32-20220617.153850_builder_junos_222_r1 Mounting fips-optest-x86-32-22.2R1.9 Mounting fips-mode-x86-64-20220617.153850_builder_junos_222_r1 Mounting dsa-x86-64-22.2R1.9 @ 1663137842 [2022-09-14 06:44:02 UTC] mount done grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory grep: /var/etc/jlaunchd.inc: No such file or directory Removing /etc/malloc.conf Checking platform support for: srx5400 @ 1663137844 [2022-09-14 06:44:04 UTC] mountlate start Mounting jweb-srx-x86-32-20220617.153850_builder_junos_222_r1 Setup /packages/mnt/jweb-srx-5d585241/jail/var/cache dir only for srx5400 mount_nullfs: /web-api: No such file or directory Mounting junos-ike-x86-32-20220617.153850_builder_junos_222_r1 @ 1663137848 [2022-09-14 06:44:08 UTC] mountlate done kern.module_path: /packages/sets/active/boot/os-vmguest/;/packages/sets/active/boot/netstack/;/ packages/sets/active/boot/os-crypto/;/packages/sets/active/boot/os-kernel/;/packages/sets/active/ boot/junos-net-platform/;/packages/sets/active/boot/junos-modules/ -> /modules;/modules/dev;/ modules/ifpfe_drv;/modules/ifpfe_media;/modules/jam_core;/modules/jam_plugin;/modules/peertype;/ modules/platform besw0: mem 0xfeb80000-0xfeb8ffff irq 10 at device 5.0 on pci0 Loading BCMSDK module..... bcm_sdk_init(): DevID = 0xb680, RevID = 0x12 bcm_sdk_init: device ID: dev: 0xb680, rev: 0x12 bcm_sdk_init: device unit no: 0 bcm_soc_cm_device_init: device unit no: 0 bcore_init: after soc_reset_init bcore_init: after soc_misc_init bcore_init: after soc_mmu_init bcore_init: before bcm_init bcore_init: before port stuff bcore_init: after port stuff bcore_init: link scan interval is (soc_property): 4000000 bcore_mxseries_init: Finished mxseries port configuration bcore_init: Finished platform specific initialization bcm_sdk_init: Done sdk init Loading JUNOS chassis module chassis_init_hw_chassis_startup_time: chassis startup time 0.000000, shared: 0x7ffffffff300, base: 0x7ffffffff000, offset: 0x300 IPsec: Initialized Security Association Processing. hgcommdev0: port 0xc000-0xc0ff mem 0xfeba8000-0xfeba8fff at device 22.0 on pci0 hgcommdev0: hgcommdev: registers at 0xfffff800feba8000 pci-hgcomdev module loadedLoading the CHMIC module Loading POS driver Loading Aggregate sonet driver Loading the SLB driver Loading the IMA Group Media Layer; Attaching to media services layer Loading the IMA Link Media Layer; Attaching to media services layer Loading the SONET Media Layer; Attaching to media services layer Loading the Protobuf-C module Loading the JAM-Core module Loading the JAM-Core module - succeeded Loading Multilink Services PICs module. Loading the Mx Platform NETPFE module MTX Platform JAM-Core module - load success interface pci_hgcommdev.1 already present in the KLD 'pci-hgcomm.ko'! linker_load_file: /modules/platform/pci_hgcomm.ko - unsupported file type kldload: an error occurred while loading module pci_hgcomm.ko. Please check dmesg(8) for more details. Junosprocfs mounted on /junosproc. VirtIO PCI 9P Transport adapter is not present @ 1663137852 [2022-09-14 06:44:12 UTC] mgd start Creating initial configuration: ... mgd: Running FIPS Self-tests mgd: Testing kernel KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: SHA-2-384 Known Answer Test: Passed mgd: SHA-2-512 Known Answer Test: Passed mgd: AES128-CMAC Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: Testing MACSec KATS: mgd: AES128-CMAC Known Answer Test: Passed mgd: AES256-CMAC Known Answer Test: Passed mgd: AES-ECB Known Answer Test: Passed mgd: AES-KEYWRAP Known Answer Test: Passed mgd: KBKDF Known Answer Test: Passed mgd: Testing libmd KATS: mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: SHA-2-512 Known Answer Test: Passed mgd: Testing OpenSSL v1.0.2 KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: FIPS ECDSA Known Answer Test: Passed mgd: FIPS ECDH Known Answer Test: Passed mgd: FIPS RSA Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-SSH-SHA256 Known Answer Test: Passed mgd: KAS-ECC-EPHEM-UNIFIED-NOKC Known Answer Test: Passed mgd: KAS-FFC-EPHEM-NOKC Known Answer Test: Passed mgd: Testing OpenSSL KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: FIPS ECDSA Known Answer Test: Passed mgd: FIPS ECDH Known Answer Test: Passed mgd: FIPS RSA Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-SSH-SHA256 Known Answer Test: Passed mgd: KAS-ECC-EPHEM-UNIFIED-NOKC Known Answer Test: Passed mgd: KAS-FFC-EPHEM-NOKC Known Answer Test: Passed mgd: Testing QuickSec 7.0 KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: SSH-ECDSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-IKE-V2 Known Answer Test: Passed mgd: Testing QuickSec KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-224 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: HMAC-SHA2-384 Known Answer Test: Passed mgd: HMAC-SHA2-512 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: AES-GCM Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: KDF-IKE-V2 Known Answer Test: Passed mgd: Testing SSH IPsec KATS: mgd: NIST 800-90 HMAC DRBG Known Answer Test: Passed mgd: DES3-CBC Known Answer Test: Passed mgd: HMAC-SHA1 Known Answer Test: Passed mgd: HMAC-SHA2-256 Known Answer Test: Passed mgd: AES-CBC Known Answer Test: Passed mgd: SSH-RSA-ENC Known Answer Test: Passed mgd: SSH-RSA-SIGN Known Answer Test: Passed mgd: KDF-IKE-V1 Known Answer Test: Passed mgd: Testing file integrity: mgd: File integrity Known Answer Test: Passed mgd: Testing crypto integrity: mgd: Crypto integrity Known Answer Test: Passed mgd: Expect an exec Authentication error... MAC/veriexec: no fingerprint (file=/sbin/kats/cannot-exec fsid=225 fileid=49356 gen=1 uid=0 206 pid=8369 ppid=8335 gppid=8333)mgd: /sbin/kats/run-tests: /sbin/kats/cannot-exec: Authentication error mgd: FIPS Self-tests Passed
모듈은 전원 켜기 자체 테스트에 실패하는 동안 SRX5400 및 SRX5800 장치에 대해 다음 상태 출력을 표시합니다.
Testing kernel KATS: panic: pid 2121 (kernel_kats), uid 0, FIPS error 1: NIST 800-90 HMAC DRBG Known Answer Test: Failed Testing libmd KATS: panic: pid 91115 (md_kats), uid 0, FIPS error 1: HMAC-SHA1 Known Answer Test: Failed Testing OpenSSL v1.0.2 KATS: panic: pid 20121 (openssl-102_kats), uid 0, FIPS error 1: NIST 800-90 HMAC DRBG Known Answer Test: Failed Testing JSF Crypto (Octeon) KATs: panic: pid 2231 (jsf_crypto_octeon_k), uid 0, FIPS error 1: AES-GCM Known Answer Test: Failed Testing OpenSSL KATS: panic: pid 2340 (openssl_kats), uid 0, FIPS error 1: NIST 800-90 HMAC DRBG Known Answer Test: Failed Testing QuickSec 7.0 KATS: panic: pid 37538 (quicksec_7_0_kats), uid 0, FIPS error 1: NIST 800-90 HMAC DRBG Known Answer Test: Failed