Manualshelf

Hardware manual

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
21222324252627282930
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 23 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
Implementations Conforming to NIST Special Publication 800-90
The evaluator shall perform 15 trials for the RBG implementation. If the RBG is configurable, the evaluator shall
perform 15 trials for each configuration. The evaluator shall also confirm that the operational guidance contains
appropriate instructions for configuring the RBG functionality.
If the RBG has prediction resistance enabled, each trial consists of (1) instantiate drbg, (2) generate the first block
of random bits (3) generate a second block of random bits (4) uninstantiate. The evaluator verifies that the second
block of random bits is the expected value. The evaluator shall generate eight input values for each trial. The first is
a count (0 14). The next three are entropy input, nonce, and personalization string for the instantiate operation.
The next two are additional input and entropy input for the first call to generate. The final two are additional input
and entropy input for the second call to generate. These values are randomly generated. “generate one block of
random bits” means to generate random bits with number of returned bits equal to the Output Block Length (as
defined in NIST SP 800-90).
If the RBG does not have prediction resistance, each trial consists of (1) instantiate drbg, (2) generate the first
block of random bits (3) reseed, (4) generate a second block of random bits (5) uninstantiate. The evaluator verifies
that the second block of random bits is the expected value. The evaluator shall generate eight input values for
each trial. The first is a count (0 14). The next three are entropy input, nonce, and personalization string for the
instantiate operation. The fifth value is additional input to the first call to generate. The sixth and seventh are
additional input and entropy input to the call to reseed. The final value is additional input to the second generate
call.
The following paragraphs contain more information on some of the input values to be generated/selected by the
evaluator.
- Entropy input: the length of the entropy input value must equal the seed length.
- Nonce: If a nonce is supported (CTR_DRBG with no df does not use a nonce), the nonce bit length is one-half the
seed length.
- Personalization string: The length of the personalization string must be <= seed length. If the implementation only
supports one personalization string length, then the same length can be used for both values. If more than one
string length is support, the evaluator shall use personalization strings of two different lengths. If the
implementation does not use a personalization string, no value needs to be supplied.
- Additional input: the additional input bit lengths have the same defaults and restrictions as the personalization
string lengths.
The Entropy description is provided in a separate (non-ST) document that has been delivered to CCEVS for
approval. Note that the entropy analysis has been accepted by CCEVS/NSA.
The TOE has been FIPS approved. The RSA certificate numbers are 452 and 454.