TD0559: Modes for AES Data Encryption/Decryption
There was no intent to mandate GCM or GCMP modes in FCS_COP.1 for data encryption/decription.
FCS_COP.1(1) is replaced as follows:
FCS_COP.1/DataEncryption Cryptographic Operation (AES Data Encryption/Decryption)
FCS_COP.1.1/DataEncryption Refinement: The TSF shall perform encryption/decryption in accordance with a specified cryptographic algorithm AES used in CBC, CCMP, and [selection: CTR, GCM, GCMP, no other] modes and cryptographic key sizes 128 bits and [selection: 192 bits, 256 bits, no other key sizes] that meet the following: AES as specified in ISO 18033-3, CBC as specified in ISO 10116, CCMP as specified in NIST SP 800-38C and IEEE 802.11-2012, [selection: CTR as specified in ISO 10116, GCM as specified in ISO 19772, GCMP as specified in NIST SP 800-38D and IEEE 802.11ac-2013, no other standards].
Application Note: This requirement mandates two modes for AES with key size of 128 bits be implemented. It is not expected that these modes will both be used for all encryption/decryption functionality. Rather, the mandates serve particular purposes: to comply with the FCS_IPSEC requirements, CBC mode is mandated, and to comply with IEEE 802.11-2012, AES-CCMP (which uses AES in CCM as specified in SP 800-38C) must be implemented.
For the first selection, the ST author should choose the additional mode or modes in which AES operates. For the second selection, the ST author should choose the key sizes that are supported by this functionality. 128-bit CCMP is required in order to comply with FCS_CKM.1.1(2).
Note that optionally, AES-CCMP-256 or AES-GCMP-256 with cryptographic key size of 256 bits may be implemented for IEEE 802.11ac connections. In the future, one of these modes may be required.
CTR mode is not used for WLAN AS capabilities but remains selectable since it may be required by another part of the TSF.
See issue description.