TD #48 adds ECC over curve 25519to FCS_CKM.1(1) and FCS_CKM.2(1), primarily to allow implementations to use this functionality for data-at-rest applications.  FCS_SRV_EXT.1 mandates all mandatory and selected algorithms in FCS_CKM.2(1) be offered to applications, and allows the selection of “all mandatory and selected algorithms in FCS_CKM.1(1)” as well. It is not the intent (through TD #48) that these functions using ECC over curve 25519 be made available to applications.

Key Generation (FCS_CKM.1(1)) and Key Establishment (FCS_CKM.2(1)) functions using ECC over curve 25519 are not required to be provided in accordance with FCS_SRV_EXT.1.  Therefore, FCS_SRV_EXT.1.1 shall be modified as follows:

Change the first bullet to read:

• All mandatory and [selection: selected algorithms, selected algorithms with the exception of ECC over curve 25519-based algorithms] in FCS_CKM.2(1).

Change the first bullet in the block selection to read:

• All mandatory and [selection: selected algorithms, selected algorithms with the exception of ECC over curve 25519-based algorithms] in FCS_CKM.1(1).

Clarification of requirements