Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Example: Configuring FIPS Self Tests

When a KAT self-test fails, a log message is written to the system log messages file with details of the test failure. Then the system panics and reboots.

Example: CLI Quick Configuration

To quickly configure this example, copy the following commands into a text file, remove any line breaks, and then paste the commands into the CLI at the [edit] hierarchy level.

Step by Step Procedure

To configure the FIPS self-test:

  • Configure the FIPS self-test to execute at 9:00 AM every Wednesday.
  • If you are done configuring the device, commit the configuration.

Results

From configuration mode, confirm your configuration by issuing the show system command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Verification

Confirm that the configuration is working properly. Verify that the FIPS self-test is enabled.

To verify, run the FIPS self-test manually by issuing the request system fips self-test command. Now, the system log file is updated to display the KATs that are executed. To view the system log file, issue the file show /var/log/messages command. The system log file displays the date and the time at which the KATs were executed and their status.

Performing Power-On Self-Tests on the Device

Each time the cryptographic module is powered on, the module tests that the cryptographic algorithms still operate correctly and that sensitive data has not been damaged. Power-on self-tests are performed on demand by power cycling the module.

On powering on or resetting the device, the module performs the following self-tests. All KATs must be completed successfully prior to any other use of cryptography by the module. If one of the KATs fail, the module enters the Critical Failure error state.

If the device fails a KAT, the device writes the details to a system log file, enters FIPS error state (panic), and reboots.

The module displays the following status output for SRX1500 and SRX4XXX devices devices while running the power-on self-tests:

Note:

The module implements cryptographic libraries and algorithms that are not utilized in the approved mode of operation.

The module displays the following status output for SRX1500 and SRX4XXX devices while failure of the power-on self-tests:

Related Documentation