Manualshelf

Specifications

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
21222324252627282930
Brocade MLXand NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 21 of 50
5.1.2.6 Cryptographic Operation (for keyed-hash message authentication) (FCS_COP.1(4))
FCS_COP.1(4).1
Refinement: The TSF shall perform keyed-hash message authentication in accordance with a
specified cryptographic algorithm HMAC-[SHA-1], key size [equal to the input block size], and
message digest sizes [160] bits that meet the following: FIPS Pub 198-1, 'The Keyed-Hash
Message Authentication Code', and FIPS Pub 180-3, 'Secure Hash Standard.'
Assurance Activity:
The evaluator shall use "The Keyed-Hash Message Authentication Code (HMAC) Validation
System (HMACVS)" as a guide in testing the requirement above. This will require that the
evaluator have a reference implementation of the algorithms known to be good that can produce
test vectors that are verifiable during the test.
5.1.2.7 Explicit: HTTPS (FCS_HTTPS_EXT.1)
FCS_HTTPS_EXT.1.1
The TSF shall implement the HTTPS protocol that complies with RFC 2818.
FCS_HTTPS_EXT.1.2
The TSF shall implement HTTPS using TLS as specified in FCS_TLS_EXT.1.
Component Assurance Activity:
The evaluator shall check the TSS to ensure that it is clear on how HTTPS uses TLS to establish
an administrative session, focusing on any client authentication required by the TLS protocol vs.
security administrator authentication which may be done at a different level of the processing
stack. Testing for this activity is done as part of the TLS testing; this may result in additional
testing if the TLS tests are done at the TLS protocol level.
5.1.2.8 Extended: Cryptographic Operation (Random Bit Generation) (FCS_RBG_EXT.1)
FCS_RBG_EXT.1.1
The TSF shall perform all random bit generation (RBG) services in accordance with [NIST
Special Publication 800-90 using [CTR_DRBG (AES-256)]] seeded by an entropy source that
accumulated entropy from [a software-based noise source and a TSF-hardware-based noise
source].
FCS_RBG_EXT.1.2
The deterministic RBG shall be seeded with a minimum of [256 bits] of entropy at least equal to
the greatest security strength of the keys and hashes that it will generate.
Assurance Activity:
Documentation shall be producedand the evaluator shall perform the activitiesin accordance
with Annex D, Entropy Documentation and Assessment.
Annex D: Entropy Documentation and Assessment
The documentation of the entropy source should be detailed enough that, after
reading, the evaluator will thoroughly understand the entropy source and why
it can be relied upon to provide entropy. This documentation should include
multiple detailed sections: design description, entropy justification, operating
conditions, and health testing. This documentation is not required to be part of
the TSS.
Design Description