TD0244: FCS_TLSC_EXT - TLS Client Curves Allowed
Publication Date
2017.11.16
Protection Profiles
PP_APP_v1.2, PP_MD_V3.1, PP_OS_V4.1, PP_WLAN_CLI_EP_V1.0
Other References
FCS_TLSC_EXT.2.1, FCS_TLSC_EXT.4.1, FCS_TLSC_EXT.1.4, FCS_TLSC_EXT.2/WLAN
Issue Description
FCS_TLSC_EXT.2 in MD PP v3.1 limits the curves that a client may propose. This also affects APP PP v1.2, OS PP v4.1, Base Virtualization PP v1.0, and WLAN Client EP v1.0. Resolution
07/30/2019: This TD is no longer applicable to the Base Virtualization PP v1.0 as TD0431 incorporates the necessary changes related to the Base Virtualization PP. Updated 3/27/2018 to include WLAN Client version 1.0. "No other curves" is removed from the MD PP v3.1, APP PP v1.2, OS PP v4.1, and Base Virtualization PP v1.0. MD PP v3.1:FCS_TLSC_EXT.2.1: The TSF shall present the Supported Elliptic Curves Extension in the Client Hello handshake message with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1, no other curves]. Application Note: If an elliptic-curve ciphersuite is selected in FCS_TLSC_EXT.1.1, then FCS_TLSC_EXT.2.1 shall be included in the ST. This requirement does not limit the elliptic curves the client may propose for authentication and key agreement. Rather, it asks the ST author to define which of the NIST curves from FCS_COP.1(3) and FCS_CKM.1 and FCS_CKM.2(1) the TOE supports. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(3) and FCS_CKM.1 and FCS_CKM.2(1). This extension is required for clients supporting Elliptic Curve ciphersuites. Assurance Activity: Test 1: The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE’s supported curves and shall verify that the TOE successfully connects to the server.
APP PP v1.2:FCS_TLSC_EXT.4.1: The application shall present the supported Elliptic Curves Extension in the Client Hello with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1] and no other curves. Applicaton Note: This requirement does not limit the elliptic curves the client may propose for authentication and key agreement. Rather, it asks the ST author to define which of the NIST curves from FCS_COP.1(3) and FCS_CKM.1(1) and FCS_CKM.2 the TOE supports. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(3) and FCS_CKM.1(1) and FCS_CKM.2. This extension is required for clients supporting Elliptic Curve ciphersuites. Assurance Activity: Test 1: The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE’s supported curves and shall verify that the TOE successfully connects to the server.
OS PP v4.1:FCS_TLSC_EXT.2.1: The OS shall present the Supported Elliptic Curves Extension in the Client Hello with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1] and no other curves. Applicaton Note: This requirement does not limit the elliptic curves the client may propose for authentication and key agreement. Rather, it asks the ST author to define which of the NIST curves from FCS_COP.1(3) and FCS_CKM.1(1) and FCS_CKM.2(1) the TOE supports. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(3) and FCS_CKM.1(1) and FCS_CKM.2(1). This extension is required for clients supporting Elliptic Curve ciphersuites. Assurance Activity: The evaluator will also perform the following test: The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE’s supported curves and shall verify that the TOE successfully connects to the server.
Base Virtualization PP v1.0:FCS_TLSC_EXT.1.4: The TSF shall present the Supported Elliptic Curves Extension in the Client Hello handshake message with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1] and no other curves. Application Note: If ciphersuites with elliptic curves were selected in FCS_TLSC_EXT.1.1, then this component is required. This requirement does not limit the elliptic curves the client may propose for authentication and key agreement. Rather, it asks the ST author to define which of the NIST curves from FCS_COP.1(2) and FCS_CKM.1 and FCS_CKM.2 the TOE supports. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(2) and FCS_CKM.1 and FCS_CKM.2. This extension is required for clients supporting Elliptic Curve ciphersuites. Assurance Activity: Test 1: The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE’s supported curves and shall verify that the TOE successfully connects to the server.
Wireless LAN Client EP v1.0:FCS_TLSC_EXT.2.1/WLAN The TSF shall present the Supported Elliptic Curves Extension in the Client Hello with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1] and no other curves. This TD supersedes TD0236. TD0236 will be archived.
Justification
The client can propose any curve it wants and the server can limit which curve is used. |