NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0436:  IPsec protocol ESP algorithms

Publication Date
2019.07.19

Protection Profiles
EP_VPN_GW_V2.1

Other References
FCS_IPSEC_EXT.1.4

Issue Description

Both AES-CBC and AES-GCM are no longer mandated and only one must be selected.

Resolution

FCS_IPSEC_EXT.1.4 in VPN GW v2.1 is replaced as follows:

FCS_IPSEC_EXT.1.4 The TSF shall implement the IPsec protocol ESP as defined by RFC 4303 using the cryptographic algorithms [selection: AES-CBC-128, AES-CBC-256 (specified in RFC 3602), AES-GCM-128, AES-GCM-256 (specified in RFC 4106)] and [selection: AES-CBC-192 (specified in RFC 3602), AES-GCM-192 (specified in RFC 4106), no other algorithm] together with a Secure Hash Algorithm (SHA)-based HMAC [selection: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, no other algorithm].

 

Application Note:

This SFR element has been modified from its definition in the NDcPP by mandating either 128 or 256 bit key sizes for AES and GCM, thereby disallowing for the sole selection of 192 bit key sizes. When an AES-CBC algorithm is selected, at least one SHA-based HMAC must also be chosen. If only an AES-GCM algorithm is selected, then a SHA-based HMAC is not required since AES-GCM satisfies both confidentiality and integrity functions. IPsec may utilize a truncated version of the SHA-based HMAC functions contained in the selections. Where a truncated output is utilized, this is described in the TSS.

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home