Manualshelf

Hardware manual

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
21222324252627282930
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 22 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
Guidance Assurance Activities: None Defined
Testing Assurance Activities: None Defined
2.2.8.2 FCS_RBG_EXT.1.2
TSS Assurance Activities: Documentation shall be producedand the evaluator shall perform the activitiesin
accordance with Annex D, Entropy Documentation and Assessment of the NDPP.
The Entropy description is provided in a separate (non-ST) document that has been delivered to CCEVS for
approval and has been accepted.
Guidance Assurance Activities: None Defined
Testing Assurance Activities: The evaluator shall also perform the following tests, depending on the standard to
which the RBG conforms.
Implementations Conforming to FIPS 140-2, Annex C
The reference for the tests contained in this section is The Random Number Generator Validation System (RNGVS)
[RNGVS]. The evaluator shall conduct the following two tests. Note that the 'expected values' are produced by a
reference implementation of the algorithm that is known to be correct. Proof of correctness is left to each Scheme.
The evaluator shall perform a Variable Seed Test. The evaluator shall provide a set of 128 (Seed, DT) pairs to the
TSF RBG function, each 128 bits. The evaluator shall also provide a key (of the length appropriate to the AES
algorithm) that is constant for all 128 (Seed, DT) pairs. The DT value is incremented by 1 for each set. The seed
values shall have no repeats within the set. The evaluator ensures that the values returned by the TSF match the
expected values.
The evaluator shall perform a Monte Carlo Test. For this test, they supply an initial Seed and DT value to the TSF
RBG function; each of these is 128 bits. The evaluator shall also provide a key (of the length appropriate to the AES
algorithm) that is constant throughout the test. The evaluator then invokes the TSF RBG 10,000 times, with the DT
value being incremented by 1 on each iteration, and the new seed for the subsequent iteration produced as
specified in NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key
Triple DES and AES Algorithms, Section 3. The evaluator ensures that the 10,000th value produced matches the
expected value.