![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0145: Enabling/Disabling of Verification of Cryptographic Key Testing in WLAN PP
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2008-09-12 |
| Last Modified | 2008-09-12 |
Issue
The WLAN PP requires that the TOE include a FIPS-140-2 validated module (FCS_BCM_EXP.1). The TOE's cryptographic module must run the suite of FIPS 140-2 self-tests after the generation of a key (FPT_TST_EXP.2.2).
The WLAN PP additionally requires that the TOE be able to enable/disable verification of cryptographic key testing in the following requirement (FMT_SMF.1.1(3):
FMT_SMF.1.1(3)
The TSF shall be capable of performing the following security management functions: [set, modify, and delete the cryptographic keys and key data in support of the Wireless Client Policy and enable/disable verification of cryptographic key testing].
The FMT_SMF.1.1(3) requirement includes the capability to "enable/disable verification of cryptographic key testing". However, the meaning of this functionality is not clear; specifically, it is unclear what is meant by verification of testing. It is not clear if the required functionality the same as mandating that the TSF be able to allow for the enabling and disabling of key testing.
If the intent was to refer to enabling/disabling of key testing, This appears to violate the self-test requirements of FIPS 140-2, which mandate that key testing be performed after the generation of keys. In particular, there should be no capability required to disable key testing.
Resolution
In the US Government Protection Profile Wireless Local Area Network (WLAN) Client for Basic Robustness Environments, Version 1.1 (pp_wlan_cli_br_v1.1) and the US Government Wireless Local Area Network (WLAN) Access System for Basic Robustness Environments, Version 1.1 (pp_wlan_as_br_v1.1), as well as the prior versions of these profiles that have been sunsetted, the SFR FMT_SMF.1.1(3) is modified to delete the phrase "and enable/disable verification of cryptographic key testing" from the completion of the assignment, giving:
- FMT_SMF.1.1(3)
- The TSF shall be capable of performing the following security management functions: [set, modify, and delete the cryptographic keys and key data in support of the Wireless Client Policy].
Note that products must still provide the ability to test keys after generation, as this is required per FIPS 140-2. The TSF, however, is not required to provide a capability to enable or disable this testing capability.
Support
FIPS 140-2 mandates that keys be tested after generation. In order to be FIPS compliant, this capability must never be disabled, and the PP requires FIPS compliance. Thus, requiring the ability to disable the capability is pointless. If there is no way to disable the capability, and FIPS requires the capability to be present (and thus enabled), there is no need to provide the ability to enable the capability once the system is operational.
Modification History:
- 2008-09-12
- PD Assigned. (July 2008 ODRB Agenda Item 3.a.iii)
References:
- US Government Protection Profile Wireless Local Area Network (WLAN) Client For Basic Robustness Environments, March 2006, Version 1.0.
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0273