|
Archived
TD0123: GCM Mode Added to FCS_KYC_EXT.1.1, FCS_COP.1.1(1), FPT_KYP_EXT.1.1
Publication Date
2016.11.03
Protection Profiles
PP_APP_SWFE_EP_v1.0
Other References
FCS_KYC_EXT.1.1; FCS_COP.1.1(1); FPT_KYP_EXT.1.1
Issue Description
TD #92 allowed the addition of key encryption as a method of protecting Keys in the key chain for TOEs conformant to the Software File Encryption EP. However, only CBC mode was allowed. It has been determined that additional modes should also be allowed.
Resolution
The Software File Encryption EP (note the modifications to FCS_KYC_EXT.1 build on those specified in TD #92) is modified as follows.
FCS_KYC_EXT.1 Key Chaining and Key Storage
FCS_KYC_EXT.1.1 The TSF shall maintain a primary key chain of:
[selection:
- a conditioned password as the FEK;
- KEKs originating from one or more authorization factors(s) to the
FEK(s) using the following method(s):
[selection:
- utilization of the platform key storage;
- utilization of platform key storage that performs key wrap
with a TSF provided key;
- implement key wrapping as specified in FCS_COP.1(5);
- implement key combining as specified in FCS_SMC_EXT.1;
- implement key encryption as specified in FCS_COP.1(1) in
[selection: CBC, GCM] mode
]
while maintaining an effective strength of [selection:
[selection: 128 bits, 256 bits] for symmetric keys;
[selection: 112 bits, 128 bits, 192 bits, 256 bits] for
asymmetric keys;
] commensurate with the strength of the FEK ] and [selection:
- no supplemental key chains,
- other supplemental key chains that protect a key or keys in the
primary key chain using the following method(s):
[selection:
- utilization of the platform key storage,
- utilization of the platform key storage that performs
key wrap with a TSF provided key,
- implement key wrapping as specified in FCS_COP.1(5),
- implement key combining as specified in FCS_SMC_EXT.1;
- implement key encryption as specified in FCS_COP.1(1) in
[selection: CBC, GCM] mode
]
].
There are no modifications necessary to the application notes or the assurance activities.
FCS_COP.1(1) Cryptographic operation (Data Encryption)
FCS_COP.1.1(1) Refinement: The application shall [selection: implement
platform-provided AES encryption, implement AES
encryption] to perform data encryption and decryption
in accordance with a specified cryptographic algorithm
AES used in
[selection:
- CBC (as defined in NIST SP 800-38A);
- XTS (as defined in NIST SP 800-38E);
- GCM (as defined in NIST SP 800-38D);
] mode and cryptographic key sizes
[selection:
- 128 bits;
- 256 bits
].
The assurance activity tests specified for AES in GCM mode in the underlying Application Software PP shall be performed in the case that "GCM" is selected in the requirement.
FPT_KYP_EXT.1 Extended: Protection of Key and Key Material (FPT_KYP_EXT)
FPT_KYP_EXT.1.1 The TSF shall
[selection:
- not store keys in non-volatile memory;
- only store keys in non-volatile memory when
[selection:
- wrapped, as specified in FCS_COP.1(5);
- encrypted, as specified in FCS_COP.1(1);
- The plaintext key is not part of the key chain as
specified in FCS_KYC_EXT.1;
- The plaintext key will no longer provide access to the
encrypted data after initial provisioning;
- The plaintext key is a key split that is combined as
specified in FCS_SMC_EXT.1, and the other half of the key
split is either
[selection:
- wrapped as specified in FCS_COP.1(5);
- derived and not stored in non-volatile memory.
]
- The plaintext key is stored on an external storage device
for use as an authorization factor.
- The plaintext key is used to wrap a key as specified in
FCS_COP.1(5) that is already wrapped as specified in
FCS_COP.1(5).
]
].
There are no modifications necessary to the application notes or the assurance activities.
Justification
Protection of keys using the GCM of AES is sufficient to meet the security objectives of this EP, and is therefore allowed.
|
