TD0381: FCS_SMIME_EXT.1 Test 3
Test 3, which focuses on encryption, contains the following text: "After verifying the message decrypts, the evaluator shall send an encrypted message using each of the algorithms specified in the ST and use a man-in-the-middle tool to modify at least one byte of the message such that the encryption is no longer valid. The evaluator shall verify that the received message fails to decrypt." This reads as an integrity test, but RFC5751 states that "It is important to note that sending enveloped but not signed messages does not provide for data integrity. It is possible to replace ciphertext in such a way that the processed message will still be valid, but the meaning can be altered."
Test 3 shall be rewritten as follows:
a) The evaluator shall send an encrypted message from the TOE to an OE receiver using each of the algorithms specified in the ST. The evaluator shall verify that each message is encrypted and the OE receiver can successfully decrypt each message.
b) The evaluator shall use the OE receiver to send an encrypted reply back to the TOE for each message sent in a). The evaluator shall verify that each reply is encrypted and the TOE can successfully decrypt each reply.
See issue description. Integrity is tested in Test 2.