Reference Guide

Aruba 7200 Series Controllers FIPS 140-2 Level 2 Security Policy|25

Aruba Hardware Known Answer Tests:

 AES (encrypt/decrypt) KATs

 AES-CCM KAT

 AES-GCM KAT

 Triple-DES(encrypt/decrypt) KATs

 HMAC (HMAC-SHA1) KAT

The following Conditional Self-tests are performed in the controller:

ArubaOS OpenSSL Module

 Bypass Tests (Wired Bypass Test and Wireless Bypass Test)

 CRNG Test on Approved RNG (DRBG)

 ECDSA Pairwise Consistency Test

 RSA Pairwise Consistency Test

ArubaOS Crypto Module

 CRNG Test on Approved RNG (FIPS 186-2 RNG)

 ECDSA Pairwise Consistency Test

 RSA Pairwise Consistency Test

ArubaOS UBoot BootLoader Module

 Firmware Load Test - RSA PKCS#1 v1.5 (2048 bits) signature verification

Conditional Tests on Hardware:

 CRNG Test on non-Approved RNGs

Self-test results are logged in a log file. Upon successful completion of the power-up self tests, the

module logs a KATS: passed message into a log file. Confirm the file update by checking the associated

time of the file.

In the event of a hardware KATs failure, the log file records one of the following messages depending on

the algorithm being validated:

 AES256 HMAC-SHA1 hash failed

 AES256 Encrypt failed

 AES256 Decrypt Failed

 3DES HMAC-SHA1 hash failed

 3DES Encrypt failed

 3DES Decrypt Failed

 DES HMAC-SHA1 hash failed

 DES Encrypt failed

 DES Decrypt Failed

 HW KAT test failed for AESCCM CTR. Rebooting

 AESCCM Encrypt Failed

This text is followed by this message:

The POST Test failed!!!!

Rebooting…