NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0626:  FCS_COP.1 Keyed Hash Selections

Publication Date
2022.02.28

Protection Profiles
PP_APP_v1.4

Other References
FCS_COP.1/KeyedHash

Issue Description

FCS_COP.1/KeyedHash in Application Software PP v1.4 currently incorrectly includes SHAs instead of HMAC-SHAs.  Additionally, the SFR should allow HMAC-SHA-384 or HMAC-SHA-512 in place of HMAC-SHA-256 as the selected cryptographic algorithm.

Resolution

 

FCS_COP.1.1/KeyedHash in App PP v1.4 is modified as follows, with underlines denoting additions and strikethroughs denoting deletions:

The application shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm [selection:

  • HMAC-SHA-256,
  • HMAC-SHA-384,
  • HMAC-SHA-512]

and [selection:

  • HMAC-SHA-1,
  • HMAC-SHA-384,
  • HMAC-SHA-512,
  • no other algorithms

 

] with key sizes [assignmentkey size (in bits) used in HMAC] and message digest sizes [selection: 256384512] and [selection160384512, no other size] bits that meet the following: FIPS Pub 198-1, ‘The Keyed-Hash Message Authentication Code’ and FIPS Pub 180-4, ‘Secure Hash Standard’.

 

Justification

See issue description

 
 
Site Map              Contact Us              Home