Archived TD0255: NIT Technical Decision for TLS Server Tests - Issue 3: Verification of application of encryption
ND SD V1.0, FCS_TLSS_EXT.1, FCS_TLSS_EXT.2
The NIT has issued a technical decision for TLS Server Tests - Issue 3: Verification of application of encryption.
FCS_TLSS_EXT.1.1 Test 4e and FCS_TLSS_EXT.2.1 Test 4e shall therefore be modified as follows:
"Test Intent: The intent of this test is to ensure that the server's TLS implementation immediately makes use of the key exchange and authentication algorithms to:
a) Correctly encrypt TLS Finished message
b) Encrypt every TLS message after session keys are negotiated
Test 4 e): The evaluator shall use one of the claimed ciphersuites to complete a successful handshake and observe transmission of properly encrypted application data. The evaluator shall verify that no Alert with alert level Fatal (2) messages were sent.
The evaluator shall verify that the Finished message (handshake type hexadecimal 16) is sent immediately after the server's ChangeCipherSpec (handshake type hexadecimal 14) message. The evaluator shall examine the Finished message (encrypted example in hexadecimal, 16 03 03 00 40 xx xx xx xx xx... where xx represents ciphertext) and confirm that it does not contain unencrypted data (unencrypted example in hexadecimal, 16 03 03 00 40 14 00 00 0c yy yy yy where yy represents cleartext), where '14' is the hexidecimal message type code in the verify_data header and '00 00 0c' is the verify_data field length. According to RFC 5246, chap. 7.4.9, the standard length for the verify_data is 12 which is represented by the verify_data field length of '00 00 0c'. If a cipher suite is chosen that explicitly specifies this length, the corresponding value shall be used for verification instead of '00 00 0c'.
encrypted example: 16 03 03 00 40 xx xx xx xx xx
unencrypted example: 16 03 03 00 40 14 00 00 0c yy yy yy
Note: With the fixed value '14' for the message type code and the known verify_data field length, this test can be regarded as 'known value' test which is independent from the input data."
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201643c_Issue3.pdf
See issue description.