TD0760: FIT Technical Decision for FCS_SNI_EXT.1.3, FCS_COP.1(f)
FCS_SNI_EXT.1.3, FCS_COP.1(f), CPP_FDE_AA_V2.0E-SD
The FIT has issued a technical decision for FCS_SNI_EXT.1.3 and FCS_COP.1(f).
CPP_FDE_AA_V2.0E and its Supporting Document are modified as follows, with green highlight with bold indicating addition, and red highlight with strikethrough indicating deletion:
FCS_SNI_EXT.1.3 in CPP_FDE_AA_V2.0E is modified as follows:
FCS_SNI_EXT.1.3 The TSF shall [selection: use no IVs, create IVs in the following manner [selection:
• CBC: IVs shall be non-repeating and unpredictable;
• CCM: Nonce shall be non-repeating and unpredictable;
• XTS: No IV. Tweak values shall be non-negative integers, assigned consecutively, 28 and starting at an arbitrary non-negative integer;
• GCM: IV shall be non-repeating. The number of invocations of GCM shall not exceed 30 2^32 for a given secret key]].
The TSS Evaluation Activity for FCS_SNI_EXT.1.3 in CPP_FDE_AA_V2.0E-SD is modified as follows:
If salts are used, t
The Application Note for FCS_COP.1(f) in CPP_FDE_AA_V2.0E is modified as follows:
Application Note: The intent of this requirement in the context of this cPP is to provide a SFR that expresses the appropriate symmetric encryption/decryption algorithms suitable for use in the TOE. If the ST author incorporates the validation requirement (FCS_VAL_EXT.1) and chooses to select the option to decrypt a known value and perform a comparison, this is the requirement used to specify the algorithm, modes, and key sizes the ST author can choose from.
When the XTS mode is selected, a cryptographic key of 256-bit or of 512-bit is allowed as specified in IEEE 1619. XTS-AES key is divided into two AES keys of equal size -for example, AES-128 is used as the underlying algorithm, when 256-bit key and XTS mode are selected. AES-256 is used when a 512-bit key and XTS mode are selected.
For further information, please see the FIT decision.