# Power Up Selftests

## Contents

# Power-Up Self-Tests

The module can perform the following power-up self-tests:

## Cryptographic algorithm tests

A known-answer test is conducted for all cryptographic functions (e.g., encryption, decryption, authentication, and random number generation) of each Approved cryptographic algorithm implemented by the cryptographic module. (See the power-up self-tests source code.)

Algorithm |
Tests |
---|---|

RC2 |
RC2-ECB Single-Round Known Answer Encryption |

RC4 |
Single-Round Known Answer Encryption |

DES |
DES-ECB Single-Round Known Answer Encryption |

Triple DES |
DES3-ECB Single-Round Known Answer Encryption |

AES-128, AES-192, AES-256 |
AES-ECB Single-Round Known Answer Encryption |

MD2 |
Single-Round Known Answer Hashing |

MD5 |
Single-Round Known Answer Hashing |

SHA-1, SHA-256, SHA-384, SHA-512 |
Single-Round Known Answer Hashing |

HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 |
Single-Round Known Answer HMAC |

RSA |
Single-Round Known Answer Encryption |

DSA |
Single-Round Known Answer Signature |

RNG |
NIST SP 800-90 Hash_Drbg Known Answer Test |

ECDSA - NIST Curve P-256 (the Extended ECC version of the module also tests Curve K-283) |
Single-Round Known Answer Signature |

**Note:**Cryptographic algorithms whose outputs vary for a given set of inputs (DSA and ECDSA) are tested using a known-answer test. The message digest algorithms have independent known-answer tests.

## Random number generator test

See the known-answer test for RNG above.

## Software/firmware integrity test

An integrity check is performed on the libraries that contain the NSS cryptographic module. If the check fails, the module immediately enters the Error state.

## Critical functions test

No other critical functions tests are performed on power-up.