Tests for FCS_SRTP_EXT.1 are inadvertently referring to DTLS.  DTLS support is a selection-based requirement and is only used in the PP for securing the signaling channel (SIP over DTLS), not for directly keying/securing the SRTP session - the PP only allows SDES-SRTP, not DTLS-SRTP. A TD will be issued to correct.

Also, additional cipher suites are allowed per TD0279.

FCS_SRTP_EXT.1 Secure Real-time Transport Protocol AA tests are changed as follows:

Test       The evaluator shall perform the following tests:

Test 1:

1.       If necessary, configure the TOE to use SRTP.

2.       Deploy a packet capture tool that is capable of sniffing traffic on the network interface where SRTP traffic will be transmitted.

3.       Establish a SRTP connection with the TOE and verify using packet captures and audit logs that SRTP communications are established and that encrypted traffic is transmitted over the SRTP channel.

4.       Repeat this test for each ciphersuite supported for the SRTP implementation.

Test 2:

1.       Configure the TOE to enable use of the SRTP NULL algorithm.

2.       Deploy a packet capture tool that is capable of sniffing traffic on the network interface where SRTP traffic will be transmitted.

3.       Transmit SRTP NULL message to the TOE and observe that it is accepted.

4.       Configure the TOE to disable use of the SRTP NULL algorithm.

5.       Transmit SRTP NULL message to the TOE and observe that it is rejected.

Test 3:

1.       Configure the TOE to use a specified port for SRTP traffic.

2.       Deploy a packet capture tool that is capable of sniffing traffic on the network interface where SRTP traffic will be transmitted.

3.       Transmit SRTP traffic to the TOE and observe that the traffic is transmitted over the specified port.

4.       Configure the TOE to use a different port for SRTP traffic.

5.       Transmit SRTP traffic to the TOE and observe that the traffic is transmitted over the newly-specified port.

See issue description.