NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0510:  Obtaining random bytes for iOS/macOS

Publication Date
2020.03.03

Protection Profiles
PP_APP_v1.3

Other References
FCS_RBG_EXT.1

Issue Description

FCS_RBG_EXT.1 lists SecRandomCopyBytes and /dev/random as approved interfaces for obtaining random bytes from the iOS platform and /dev/random as the approved interface for macOS.

Apple is transitioning to faster and more modern methods of generating random bytes. The new interface is CCRandomGenerateBytes in CommonRandom.c. This function calls CCRandomCopyBytes which calls ccDRBGGetRngState, which calls ccrng. ccrng.h defines the ccrng function as a function that returns a NIST SP800-90A CTR_DRBG(AES).

Resolution

For FCS_RBG_EXT.1, the tests for iOS and macOS are modified as follows, with underlines indicating additions:

For iOS: The evaluator shall verify that the application invokes either SecRandomCopyBytes, CCRandomGenerateBytes or CCRandomCopyBytes, or
uses /dev/random directly to acquire random.

For macOS: The evaluator shall verify that the application invokes either CCRandomGenerateBytes or CCRandomCopyBytes, or collects random from /dev/random.

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home