The VPN Client PP-Module did not have the current key generation and key establishment selections necessary for use with the App PP. In addition, it did not allow for or contain the necessary updates required to use the App PP v1.3 as a Base-PP. DH Group 5 also needed to be removed as a selection for IPsec.

This TD  supersedes TD 373.

MOD_VPN_CLI_V2.1 is modified as follows:

Section 5.3.2 Applicable Modified SFRs

FCS_CKM.1.1(1)    The application shall [selection: invoke platform-provided functionality, implement functionality] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm

[ECC schemes] using [“NIST curves” P-256, P-384 and [selection: P-521, no other curves]] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4]; and

[selection:

§  [FFC schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.1];

§  [FFC Schemes] using Diffie-Hellman group 14 that meet the following: [RFC 3526, Section 3]];and

[selection:

§  FFC Schemes using “safe-prime” groups] that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: RFC 3526, RFC 7919];

§   [RSA schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3];

§  no other key generation methods].

Application Note: This SFR is selection-based in the App PP depending on the selection made in FCS_CKM_EXT.1. Because key generation services (whether implemented by the TOE or invoked from the platform) are required for IPsec, this SFR is mandatory for any TOE that claims conformance to this PP-Module.

This SFR is functionally identical to what is defined in the App PP except that FFC and ECC key generation have been made mandatory in support of IPsec due to the mandated support for DH groups 14, 19, and 20 in FCS_IPSEC_EXT.1.8. RSA remains present as a selection since it may be used by facets of the Application Software TOE that are not specifically related to VPN client functionality.

FCS_CKM.2.1  The application shall [selection: invoke platform-provided functionality, implement functionality] to perform cryptographic key establishment in accordance with a specified cryptographic key establishment method:

[Elliptic curve-based key establishment schemes] that meets the following: [NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”]; and

[selection:

·         [Finite field-based key establishment schemes] that meets the following: [NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”];

·         Key establishment scheme using Diffie-Hellman group 14 that meets the following: RFC 3526, Section 3]; and

 [selection:

·         [RSA-based key establishment schemes] that meets the following: RSAES-PKCS1-v1_5 as specified in Section 7.2 of RFC 8017, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.2;

·         [RSA-based key establishment schemes] that meets the following: [NIST Special Publication 800-56B, “Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography”],

·         FFC Schemes using “safe-prime” groups] that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: RFC 3526, RFC 7919];

·         No other schemes.]

Application Note:  This SFR differs from its definition in the App PP by moving elliptic curve-based key establishment schemes from selectable to mandatory (due to the mandated support for DH groups 19 and 20 in FCS_IPSEC_EXT.1.8). It also provides the ability to claim either NIST SP 800-56A or RFC 3526 for key establishment using finite field cryptography. One of these two claims must be made in support of DH group 14 in FCS_IPSEC_EXT.1.8.

FCS_CKM_EXT.1.1 The application shall [selection: invoke platform-provided functionality for asymmetric key generation, implement asymmetric key generation].

Application Note: This selection differs from its definition in the App PP by  removing the selection for “generate no asymmetric cryptographic keys” for this PP-Module because a VPN Client TOE will either perform its own key generation or interface with the underlying platform to provide this service (either of which causes FCS_CKM.1(1) to be claimed).

FCS_COP.1(1) Cryptographic Operation - Encryption/Decryption

FCS_COP.1.1(1) The application shall perform encryption/decryption in accordance with a specified cryptographic algorithm:

·         AES-CBC (as defined in NIST SP 800-38A) mode, and

·         AES-GCM (as defined in NIST SP 800-38D) mode

and cryptographic key sizes 128-bit key sizes and [256-bit key sizes].

Application Note: This SFR is refined from what is defined in the App PP by mandating support for CBC and GCM mode in order to address the requirements for FCS_IPSEC_EXT.1. This SFR is selection-based in the App PP and is still selection-based for this PP-Module since the application’s underlying platform can still provide cryptographic services on behalf of the TOE.

FIA_X509_EXT.2 X.509 Certificate Authentication

FIA_X509_EXT.2.1 The application shall use X.509v3 certificates as defined by RFC 5280 to support authentication for IPsec and [selection: HTTPS , TLS , DTLS, SSH, no other protocol].

FTP_DIT_EXT.1 Protection of Data in Transit

FTP_DIT_EXT.1.1 The application shall [encrypt all transmitted [sensitive data, data]] with [IPsec as defined in the PP-Module for VPN Client] between itself and another trusted IT product.

Application Note: This SFR is refined from what is defined in the App PP as the ST author is forced to select the ‘encrypt all transmitted sensitive data’ and ‘encrypt all data’ options using IPsec.

Section 5.4.1

FCS_IPSEC_EXT.1.8         The [selection: TOE, TOE platform] shall ensure that all IKE protocols implement DH groups 14 (2048-bit MODP), 19 (256-bit Random ECP), 20 (384-bit Random ECP), and [selection: 24 (2048-bit MODP with 256-bit POS), 15 (3072-bit MODP), no other DH groups].

 Application Note: The selection is used to specify additional DH groups supported. This applies to IKEv1 and IKEv2 exchanges. It should be noted that if any additional DH groups are specified, they must comply with the requirements (in terms of the ephemeral keys that are established) listed in FCS_CKM.1.

Since the implementation may allow different Diffie-Hellman groups to be negotiated for use in forming the SAs, the assignments in FCS_IPSEC_EXT.1.9 and FCS_IPSEC_EXT.1.10 may contain multiple values. For each DH group supported, the ST author consults Table 2 in 800-57 to determine the “bits of security” associated with the DH group. Each unique value is then used to fill in the assignment (for 1.9 they are doubled; for 1.10 they are inserted directly into the assignment). For example, suppose the implementation supports DH group 14 (2048-bit MODP) and group 20 (ECDH using NIST curve P-384). From Table 2, the bits of security value for group 14 is 112, and for group 20 it is 192. For FCS_IPSEC_EXT.1.9, then, the assignment would read “[224, 384]” and for FCS_IPSEC_EXT.1.10 it would read “[112, 192]” (although in this case the requirement should probably be refined so that it makes sense mathematically).

F. References

The App PP reference is replaced as follows:

[App PP] Protection Profile for Application Software, Version: 1.3, 2019-03-01

MOD_VPN_CLI_V2.1-SD is modified as follows:

Section 2.3.2.1.2: FCS_CKM.2 Cryptographic Key Establishment

For all key establishment schemes refer to the Assurance Activity for FCS_CKM.2 in the App PP.

8. References

The App PP reference is replaced as follows:

[App PP] Protection Profile for Application Software, Version: 1.3, 2019-03-01

The changes updated the PP-Module as required to use App PP v1.3 as it's Base-PP.