1.9 – Check Cryptographic PRNG Utilization

1.9 – Check Cryptographic PRNG Utilization

Requirement Description

Verify that the DUT uses a cryptographically secure pseudorandom number generator (PRNG) for all security-sensitive operations, preferably leveraging hardware-based random number generators provided by the chip manufacturer. If hardware RNG is unavailable, verify that an approved software-based cryptographic PRNG library is used instead.

DUT Confirmation Details

  • OEM Statement: (Insert vendor confirmation on PRNG type, source, and usage within the device.)

  • Observed State: (Insert tester’s findings after verification.)

DUT Software Details

  • Software Name/Version: ___________________

  • Build Date: ___________________

  • Build Number: ___________________

Hash Checksum Verification for DUT’s Software Image

  • Algorithm Used: SHA-256 (or equivalent approved algorithm)

  • Expected Hash: ___________________

  • Calculated Hash: ___________________

  • Result: Pass / Fail

DUT Configuration

(Insert commands, logs, or configurations used to verify PRNG usage.) Example:

cat /proc/sys/kernel/random/entropy_avail
rngtest < /dev/hwrng
openssl rand -hex 32

Pre-Conditions

The vendor shall provide the following:

  1. Documentation regarding the random generators (hardware-based, software-based, or hybrid) being used in the DUT, along with intended usage scenarios.

  2. For hardware-based RNGs:

    • SoC datasheet.

    • Technical specifications of the RNG, including entropy source and compliance standards (e.g., NIST SP 800-90).

  3. For software-based RNGs:

    • List of libraries used (e.g., OpenSSL RAND, mbedTLS CTR_DRBG) along with their version and security certification status.

Test Plan

Total Number of Test Cases: 2

Planned Test Cases:

  1. BIS-1.9.1 – Verification of PRNG source and configuration through documentation review and functional inspection.

  2. BIS-1.9.2 – Statistical and functional validation of PRNG output to ensure cryptographic strength.

Test-bed Diagram with Interfaces and IPs

(Attach diagram showing DUT, test system, connection to RNG interface, and relevant debug/monitoring tools.)

PreviousTest 1-2NextTest 1-2

Last updated

Was this helpful?