Version 1.1, 05/19/2014
GSS CCT Evaluation Technical Report Page 21 of 53
© 2014 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeFastIron8010
All rights reserved.
2.2.7 EXTENDED: CRYPTOGRAPHIC OPERATION (RANDOM BIT GENERATION)
(FCS_RBG_EXT.1)
2.2.7.1 FCS_RBG_EXT.1.1
TSS Assurance Activities: None Defined
Guidance Assurance Activities: None Defined
Testing Assurance Activities: None Defined
2.2.7.2 FCS_RBG_EXT.1.2
TSS Assurance Activities: Documentation shall be produced—and the evaluator shall perform the activities—in
accordance with Annex D, Entropy Documentation and Assessment of the NDPP.
The Entropy description is provided in a separate (non-ST) document that has been delivered to CCEVS for
approval. Note that the entropy analysis has been accepted by CCEVS/NSA.
Guidance Assurance Activities: None Defined
Testing Assurance Activities: The evaluator shall also perform the following tests, depending on the standard to
which the RBG conforms.
Implementations Conforming to FIPS 140-2, Annex C
The reference for the tests contained in this section is The Random Number Generator Validation System (RNGVS)
[RNGVS]. The evaluator shall conduct the following two tests. Note that the 'expected values' are produced by a
reference implementation of the algorithm that is known to be correct. Proof of correctness is left to each Scheme.
The evaluator shall perform a Variable Seed Test. The evaluator shall provide a set of 128 (Seed, DT) pairs to the
TSF RBG function, each 128 bits. The evaluator shall also provide a key (of the length appropriate to the AES
algorithm) that is constant for all 128 (Seed, DT) pairs. The DT value is incremented by 1 for each set. The seed
values shall have no repeats within the set. The evaluator ensures that the values returned by the TSF match the
expected values.
Comments to this Manuals