Brocade Communications Systems FCX Series User Manual download pdf (Page 22)

Version 1.1, 05/19/2014

GSS CCT Evaluation Technical Report Page 22 of 53

Document: AAR-BrocadeFastIron8010

The evaluator shall perform a Monte Carlo Test. For this test, they supply an initial Seed and DT value to the TSF

RBG function; each of these is 128 bits. The evaluator shall also provide a key (of the length appropriate to the AES

algorithm) that is constant throughout the test. The evaluator then invokes the TSF RBG 10,000 times, with the DT

value being incremented by 1 on each iteration, and the new seed for the subsequent iteration produced as

specified in NIST-Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key

Triple DES and AES Algorithms, Section 3. The evaluator ensures that the 10,000th value produced matches the

expected value.

Implementations Conforming to NIST Special Publication 800-90

The evaluator shall perform 15 trials for the RBG implementation. If the RBG is configurable, the evaluator shall

perform 15 trials for each configuration. The evaluator shall also confirm that the operational guidance contains

appropriate instructions for configuring the RBG functionality.

If the RBG has prediction resistance enabled, each trial consists of (1) instantiate dr/jointfilesconvert/439789/bg, (2) generate the first block

of random bits (3) generate a second block of random bits (4) uninstantiate. The evaluator verifies that the second

block of random bits is the expected value. The evaluator shall generate eight input values for each trial. The first is

a count (0 – 14). The next three are entropy input, nonce, and personalization string for the instantiate operation.

The next two are additional input and entropy input for the first call to generate. The final two are additional input

and entropy input for the second call to generate. These values are randomly generated. “generate one block of

random bits” means to generate random bits with number of returned bits equal to the Output Block Length (as

defined in NIST SP 800-90).

If the RBG does not have prediction resistance, each trial consists of (1) instantiate dr/jointfilesconvert/439789/bg, (2) generate the first

block of random bits (3) reseed, (4) generate a second block of random bits (5) uninstantiate. The evaluator verifies

that the second block of random bits is the expected value. The evaluator shall generate eight input values for

each trial. The first is a count (0 – 14). The next three are entropy input, nonce, and personalization string for the

instantiate operation. The fifth value is additional input to the first call to generate. The sixth and seventh are

additional input and entropy input to the call to reseed. The final value is additional input to the second generate

call.

The following paragraphs contain more information on some of the input values to be generated/selected by the

evaluator.

• Entropy input: the length of the entropy input value must equal the seed length.

• Nonce: If a nonce is supported (CTR_DRBG with no df does not use a nonce), the nonce bit length is one-half

the seed length.

• Personalization string: The length of the personalization string must be <= seed length. If the implementation

only supports one personalization string length, then the same length can be used for both values. If more

than one string length is support, the evaluator shall use personalization strings of two different lengths. If the

implementation does not use a personalization string, no value needs to be supplied.

1 2 ... 17 18 19 20 21 22 23 24 25 26 27 ... 52 53

No comments

Brocade Communications Systems FCX Series User Manual Page 22