FCS_COP.1/KeyedHash in Application Software PP v1.4 currently incorrectly includes SHAs instead of HMAC-SHAs.  Additionally, the SFR should allow HMAC-SHA-384 or HMAC-SHA-512 in place of HMAC-SHA-256 as the selected cryptographic algorithm.

This TD was archived on 1/18/2023 and replaced by TD0717.

FCS_COP.1.1/KeyedHash in App PP v1.4 is modified as follows, with underlines denoting additions and strikethroughs denoting deletions:

The application shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm [selection:

• HMAC-SHA-256,
• HMAC-SHA-384,
• HMAC-SHA-512]

and [selection:

• HMAC-SHA-1,
• HMAC-SHA-384,
• HMAC-SHA-512,
• no other algorithms

] with key sizes [assignment: key size (in bits) used in HMAC] and message digest sizes [selection: 256, 384, 512] and [selection: 160, 384, 512, no other size] bits that meet the following: FIPS Pub 198-1, ‘The Keyed-Hash Message Authentication Code’ and FIPS Pub 180-4, ‘Secure Hash Standard’.

See issue description