Archived TD0067: Revision to FCS_CKM.1(A) SFR & AA in SWFE EP v1.0
The Security Functional Requirement for FCS_CKM.1.1(A), the application notes, and the Assurance Activities are being revised for clarity and to properly classify FCS_CKM.1(A) as an extended requirement.
1. Change FCS_CKM.1(A) to read:
FCS_CKM_EXT.1(A) Extended: Cryptographic key generation (Password/Passphrase conditioning)
FCS_CKM_EXT.1.1(A) The TSF shall support a password/passphrase of up to [assignment: maximum password size, positive integer of 64 or more] characters used to generate a password authorization factor.
FCS_CKM_EXT.1.2(A) The TSF shall allow passwords to be composed of any combination of upper case characters, lower case characters, numbers, and the following special characters: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, and “)”, and [selection: [assignment: other supported special characters], no other characters].
FCS_CKM_EXT.1.3(A) The TSF shall perform Password-based Key Derivation Functions in accordance with a specified cryptographic algorithm [HMAC-[selection: SHA-256, SHA-384, SHA- 512]], with [assignment: positive integer of 4096 or more] iterations, and output cryptographic key sizes [selection: 128, 256] that meet the following: [NIST SP 800-132].
FCS_CKM_EXT.1.4(A) The TSF shall not accept passwords less than [selection: a value settable by the administrator, [assignment: minimum password length accepted by the TOE, must be >= 1]] and greater than the maximum password length defined in FCS_CKM_EXT.1.1(A).
FCS_CKM_EXT.1.5(A) The TSF shall generate all salts using a RBG that meets FCS_RBG_EXT.1 (from the AS PP) and with entropy corresponding to the security strength selected for PBKDF in FCS_CKM_EXT.1.3(A).
2. Change the application note to read:
The password/passphrase is represented on the host machine as a sequence of characters whose encoding depends on the TOE and the underlying OS. This sequence must be conditioned into a string of bits that is to be used as a KEK that is the same size as the FEK.
For FCS_CKM_EXT.1.1(A), the ST author assigns the maximum size of the password/passphrase it supports; it must support at least 64 characters.
For FCS_CKM_EXT.1.2(A), the ST author assigns any other supported characters; if there are no other supported characters, they should select “no other characters”.
For FCS_CKM_EXT.1.3(A), the ST author selects the parameters based on the PBKDF used by the TSF. The key cryptographic key sizes in are made to correspond to the KEK key sizes selected in FCS_CKM_EXT.1.
The password/passphrase must be conditioned into a string of bits that forms the submask to be used as input into the KEK. Conditioning is performed using one of the identified hash functions in accordance with the process described in NIST SP 800-132. SP 800-132 requires the use of a pseudo-random function (PRF) consisting of HMAC with an approved hash function.
Appendix A of SP 800-132 recommends setting the iteration count in order to increase the computation needed to derive a key from a password and, therefore, increase the workload of performing a password recovery attack. However, for this EP, a minimum iteration count of 4096 is required in order to ensure that twelve bits of security is added to the password/passphrase value. A significantly higher value is recommended to ensure optimal security.
For FCS_CKM_EXT.1.4(A) If the minimum password length is settable, then ST author chooses “a value settable by the administrator for this component, as well as the “configure password/passphrase complexity setting” item for FMT_SMF.1.1. If the minimum length is not settable, the ST author fills in the assignment with the minimum length the password must be (zero-length passwords are not allowed for compliant TOEs).
3. Replace the “Support for minimum length:” paragraph in the TSS Assurance Activity with the following:
Support for Password/Passphrase length: The evaluators shall check to ensure that the TSS describes the allowable ranges for password/passphrase lengths, and that at least 64 characters may be specified by the user.
4. Replace the “Support for minimum length:” paragraph in the Guidance Assurance Activity with the following:
The evaluators shall check the Operational Guidance to determine that there are instructions on how to generate large passwords/passphrases, and instructions on how to configure the password/passphrase length (and optional complexity settings) to provide entropy commensurate with the keys that the authorization factor is protecting. This is important because many default settings for passwords/passphrases will not meet the necessary entropy needed as specified in this EP.
5. Replace the “Support for minimum length:” paragraph and tests in the Testing Assurance Activity with the following:
Support for Password/Passphrase characteristics: In addition to the analysis above, the evaluator shall also perform the following tests on a TOE configured according to the Operational Guidance:
The current version of FCS_CKM.1(A) is not a valid refinement of FCS_CKM.1, so an extended requirement needs to be created.
The current version of FCS_CKM.1(A) is unclear with respect to the specification and testing of minimum and maximum password/passphrase lengths, so the SFR is revised to provide clarification for these aspects of the requirement.