NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0580:  NIT Technical Decision for clarification about use of DH14 in NDcPPv2.2e

Publication Date
2021.04.09

Protection Profiles
CPP_ND_V2.2E

Other References
FCS_CKM.1.1, FCS_CKM.2.1

Issue Description

The NIT has issued a technical decision for clarification about use of DH14 in NDcPPv2.2e.

Resolution

To address the issue described above, the last option in FCS_CKM.2.1 shall be modified as follows:

FFC Schemes using “safe-prime” groups that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: groups listed in RFC 3526, groups listed in RFC 7919]

The following paragraph shall be added to Application Note 10 for FCS_CKM.2.1:

The option "FFC Schemes using “safe-prime” groups that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: groups listed in RFC 3526, groups listed in RFC 7919]." shall be read as 'the TOE performs Key Agreement as specified in SP800-56Ar3', but not necessarily adhering to the protocol restrictions for these groups, as indicated in Appendix D, tables 25 and 26. Instead, the use of those methods for particular protocols is in accordance with the SFR for the specific protocols. E.g. the use of DH group 14 for (D)TLS is specified in FCS_(D)TLSS_EXT.1.4.

The following parts defined in NDSDv2.2 for FCS_CKM.2 shall be removed:

From the TSS section:

<remove> If Diffie-Hellman group 14 is selected from FCS_CKM.2.1, the TSS shall claim the TOE meets RFC 3526 Section 3.

<remove> row 'Diffie-Hellman (Group 14)' from the table

From the Test section:

<remove> Diffie-Hellman Group 14 The evaluator shall verify the correctness of the TSF’s implementation of Diffie-Hellman group 14 by using a known good implementation for each protocol selected in FTP_TRP.1/Admin, FTP_TRP.1/Join, FTP_ITC.1 and FPT_ITT.1 that uses Diffie-Hellman group 14.

For FCS_CKM.1 the last two paragraphs from Application Note 9 shall be removed as follows:

<remove> If the TOE acts as a receiver in the key establishment schemes and is not configured to support mutual authentication, the TOE does not need to implement key generation.

In a distributed TOE, if the TOE component acts as a receiver in the key establishment scheme, the TOE does not need to implement key generation.

The test section defined in NDSDv2.2 for FCS_CKM.1 shall be modified as follows:

FFC Schemes using “safe-prime” groups

 

Testing for FFC Schemes using safe-prime groups is done as part of testing in CKM.2.1.

For further information, please see NIT Interpreation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI202027.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home