Deterministic Random Bit Generator (DRBG) health and error checks are performed on the management module (MP) crypto module used in the Brocade NetIron MLXe device
The FIPS self-test is executed at system startup, which includes DRBG health and error checks. This startup test executes a known answer test, which includes DRBG health and error checks.
DRBG tests are performed on demand by the user by using the following command:
fips crypto drbg
The expected result is the test is passed. In the event of failure, the system will restart, and perform the test again as part of FIPS self-tests executed at system startup.
System boot-up and at regular intervals.
On-demand and periodic testing after 2^24 uses, during instantiate and reseed.
DRBG check immediately after powering on the system.
Type of DRBG mechanism: CTR_DRBG
Cryptographic primitives used: AES-256
Security strengths of the cryptographic algorithms supported by the implementation: AES-256
Personalization String
Note
The DRBG mechanism functions are not distributed. In the case of
CTR_DRBG, a derivation function is used. The code used to perform the DRBG Health Test on IPSec MP is from OpenSSL FIPS205.
DRBG functions can be tested on a demand basis as shown in the following CLI example.
device# fips crypto drbg generating 1024 random bytes generating random signed 32 bit and 64 bit values random 32 bit int 1961644244 and 64 bit 1870544140 generating random unsigned 32 bit and 64 bit values random unsigned int 338113164 and 64 bit 63160224 cli_fips_crypto_drbg successful. device# fips crypto force-failure drbg Random number generation success and setting force failure device# fips crypto drbg Failed to generate 1024 random bytes SYSLOG: <10>Sep 6 19:17:17 FIPS Fatal Cryptographic Module Failure. Reason: Generic NetIron XMR/MLX Boot Code Version 5.9.0 ..MPP. Enter 'a' to stop at memory test Enter 'b' to stop at boot monitor