Reference Guide

26|

Aruba 3000, 6000/M3 Mobility Controller FIPS 140-2 Level 2 Security Policy

Self-Tests

The Aruba Controller performs both power-up and conditional self-tests. In the event any self-test fails,

the controller will enter an error state, log the error, and reboot automatically.

The following self-tests are performed:

ArubaOS OpenSSL Module:

 AES (encrypt/decrypt) KATs

 Triple-DES (encrypt/decrypt) KATs

 DRBG KAT

 RSA KAT

 ECDSA Sign/Verify

 SHS (SHA1, SHA256, SHA384 and SHA512) KATs

 HMAC (HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512) KATs

ArubaOS Crypto Module

 AES (encrypt/decrypt) KATs

 Triple-DES (encrypt/decrypt) KAT

 SHA (SHA1, SHA256, SHA384 and SHA512) KAT

 HMAC (HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512) KAT

 RSA KAT

 ECDSA Sign/Verify

 FIPS 186-2 RNG KAT

ArubaOS UBoot BootLoader Module

 Firmware Integrity Test: RSA PKCS#1 v1.5 (2048 bits) signature verification with SHA-1

Aruba Hardware Known Answer Tests:

 AES (encrypt/decrypt) KATs

 AES-CCM KAT

 AES-GCM KAT

 Triple-DES(encrypt/decrypt) KATs

 HMAC (HMAC-SHA1) KAT

The following Conditional Self-tests are performed in the controller:

ArubaOS OpenSSL Module

 Bypass Tests (Wired Bypass Test and Wireless Bypass Test)

 CRNG Test to Approved RNG (DRBG)

 ECDSA Pairwise Consistency Test

 RSA Pairwise Consistency Test

ArubaOS Crypto Module

 CRNG Test to Approved RNG (FIPS 186-2 RNG)

 ECDSA Pairwise Consistency Test

 RSA Pairwise Consistency Test