TD0500: Cryptographic selections and updates for CAPP
Publication Date
2020.09.03
Protection Profiles
PP_CA_V2.1
Other References
FCS_CKM.1 and FCS_CKM.2
Issue Description
FCS_CKM.1 and FCS_CKM.2 in the CAPP do not include/specify appropriate selections for the key agreement groups in FCS_IPSEC_EXT.1.11. Also, FCS_CKM.2 allows or requires compliant TOEs to meet SP800-56B. Resolution
In Section B.3, FCS_CKM.1 and FCS_CKM.2 are modified as follows: FCS_CKM.1.1 Refinement: The TSF shall [selection: generate, invoke interfaces provided by the Operational Environment to generate] asymmetric cryptographic keys in accordance with the specified key generation algorithm: [selection:· RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following FIPS PUB 186-4, "Digital Signature Standard (DSS), Appendix B.3", · ECC schemes using "NIST curves" [selection: P-256, P-384, P-521] that meet the following: FIPS PUB 186-4, Digital Signature Standard (DSS), Appendix B.4, · FFC schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, Digital Signature Standard (DSS), Appendix B.1, · FFC Schemes using “safe-prime” groups that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography,” · FFC Schemes using Diffie-Hellman group 14 that meets the following: RFC 3526] and specified cryptographic key sizes [assignment: equivalent to or greater than a symmetric key strength of 112 bits]
Application Note: The ST authors should specify whether the TOE generates these keys or whether the Operational Environment is used. For keys used for authentication, only RSA- or ECC-based selections are allowed. The ST author will make clear in the ST which keys are used for what purpose. This component requires that the TSF or Operational Environment be able to generate the public/private key pairs that are used for key establishment purposes for the various cryptographic protocols (HTTPS, TLS, IPsec, SSH) used by the TOE.The ST author selects all key establishment schemes used for the selected cryptographic protocols. For Diffie-Hellman group 14, ST authors should make the corresponding selection from the SFR instead of using the Finite field-based key establishment selection. Since the domain parameters to be used are specified by the requirements of the protocol in this PP, it is not expected that the TOE will generate domain parameters, and therefore there is no additional domain parameter validation needed when the TOE complies with the protocols specified in this PP. The generated key strength of 2048-bit DSA and RSA keys need to be equivalent to, or greater than, a symmetric key strength of 112 bits. See NIST Special Publication 800-57, “Recommendation for Key Management” for information about equivalent key strengths.
The TSS and Guidance activities remain unchanged. The following is added to the Test evaluation activities: Diffie-Hellman Group 14 and FFC Schemes using "safe-prime" groups
Testing for FFC Schemes using Diffie-Hellman group 14 and/or "safe-prime" groups is done as part of testing in FCS_CKM.2.1.
FCS_CKM.2.1 Refinement: The TSF shall [selection: perform, invoke interfaces provided by the Operational Environment to perform] key establishment in accordance with a specified cryptographic key establishment algorithm [selection: · RSA-based key establishment schemes that meet the following: RSAES-PKCS1-v1_5 as specified in Section 7.2 of RFC 8017, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.2; · Elliptic curve-based key establishment schemes that meet the following: NIST Special Publication 800-56A Revision 3, “Recommendation for Pair- Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”; · Finite field-based key establishment schemes that meet the following: NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”; · Key establishment scheme using Diffie-Hellman group 14 that meets the following: RFC 3526]
Application Note: This is a refinement of the SFR FCS_CKM.2 to deal with key establishment rather than key distribution. The ST authors should specify whether the TOE performs the key establishment function or whether the Operational Environment is used. The ST author selects all key establishment schemes used for the selected cryptographic protocols. For Diffie-Hellman group 14, ST authors should make the corresponding selection from the SFR instead of using the Finite field-based key establishment selection. The elliptic curves used for the key establishment scheme correlate with the curves specified in FCS_CKM.1.1. The domain parameters used for the finite field-based key establishment scheme are specified by the key generation according to FCS_CKM.1.1. Assurance Activity The TSS and Guidance activities remain unchanged. The test activity is modified as follows: SP800-56B Key Establishment Schemes is replaced with the following: RSAES-PKCS1-v_5 Key Establishment Schemes The evaluator shall verify the correctness of the TSF’s implementation of RSAES-PKCS1-v1_5 by using a known good implementation for each protocol selected in FTP_ITC, FTP_TRP, and FPT_ITT. Diffie-Hellman Group 14 is replaced with the following: The evaluator shall verify the correctness of the TSF’s implementation of Diffie-Hellman group 14 by using a known good implementation for each protocol selected in FTP_TRP.1, FTP_ITC.1, and FPT_ITT.1 that uses Diffie-Hellman group 14.
Justification
See issue description. |