NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0510:  Obtaining random bytes for iOS/macOS

Publication Date

Protection Profiles

Other References

Issue Description

FCS_RBG_EXT.1 lists SecRandomCopyBytes and /dev/random as approved interfaces for obtaining random bytes from the iOS platform and /dev/random as the approved interface for macOS.

Apple is transitioning to faster and more modern methods of generating random bytes. The new interface is CCRandomGenerateBytes in CommonRandom.c. This function calls CCRandomCopyBytes which calls ccDRBGGetRngState, which calls ccrng. ccrng.h defines the ccrng function as a function that returns a NIST SP800-90A CTR_DRBG(AES).


For FCS_RBG_EXT.1, the tests for iOS and macOS are modified as follows, with underlines indicating additions:

For iOS: The evaluator shall verify that the application invokes either SecRandomCopyBytes, CCRandomGenerateBytes or CCRandomCopyBytes, or
uses /dev/random directly to acquire random.

For macOS: The evaluator shall verify that the application invokes either CCRandomGenerateBytes or CCRandomCopyBytes, or collects random from /dev/random.



See issue description.

Site Map              Contact Us              Home