User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks Security Target

Page 54 of 67

NDPP

Source

Requirement

Assurance

Family

(ECDSAVS or ECDSA2VS), and "The RSA Validation System” (RSAVS) as a

guide in testing the requirement above. The Validation System used shall comply

with the conformance standard identified in the ST (i.e., FIPS PUB 186-2 or FIPS

PUB 186-3). This will require that the evaluator have a reference implementation

of the algorithms known to be good that can produce test vectors that are

verifiable during the test.

11.

FCS_COP.

1(3)

The evaluator shall use "The Keyed-Hash Message Authentication Code

(HMAC) Validation System (HMACVS)" as a guide in testing the requirement

above. This will require that the evaluator have a reference implementation of

the algorithms known to be good that can produce test vectors that are verifiable

during the test.

ATE_IND

12.

FCS_RBG

_EXT.1

Documentation shall be produced—and the evaluator shall perform the

activities—in accordance with NDPP Annex D, Entropy Documentation and

Assessment. The evaluator shall also perform the following tests, depending on

the standard to which the RBG conforms.

Implementations Conforming to FIPS 140-2, Annex C

The reference for the tests contained in this section is The Random Number

Generator Validation System (RNGVS) [RNGVS]. The evaluator shall conduct

the following two tests. Note that the "expected values" are produced by a

reference implementation of the algorithm that is known to be correct. Proof of

correctness is left to each Scheme.

The evaluator shall perform a Variable Seed Test. The evaluator shall provide a

set of 128 (Seed, DT) pairs to the TSF RBG function, each 128 bits. The

evaluator shall also provide a key (of the length appropriate to the AES

algorithm) that is constant for all 128 (Seed, DT) pairs. The DT value is

incremented by 1 for each set. The seed values shall have no repeats within the

set. The evaluator ensures that the values returned by the TSF match the

expected values.

The evaluator shall perform a Monte Carlo Test. For this test, they supply an

initial Seed and DT value to the TSF RBG function; each of these is 128 bits.

The evaluator shall also provide a key (of the length appropriate to the AES

algorithm) that is constant throughout the test. The evaluator then invokes the

TSF RBG 10,000 times, with the DT value being incremented by 1 on each

iteration, and the new seed for the subsequent iteration produced as specified in

NIST-Recommended Random Number Generator Based on ANSI X9.31

Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms, Section 3. The

evaluator ensures that the 10,000

value produced matches the expected value.

Entropy

Document

ATE_IND

13.

FCS_RBG

_EXT.1

Implementations Conforming to NIST Special Publication 800-90

The evaluator shall perform 15 trials for the RBG implementation. If the RBG is

configurable, the evaluator shall perform 15 trials for each configuration. The

evaluator shall also confirm that the operational guidance contains appropriate

instructions for configuring the RBG functionality.

If the RBG has prediction resistance enabled, each trial consists of (1) instantiate

drbg, (2) generate the first block of random bits (3) generate a second block of

random bits (4) uninstantiate. The evaluator verifies that the second block of

random bits is the expected value. The evaluator shall generate eight input

Entropy

Document

ATE_IND