Revision as of 20 April 2016: Updated to reflect applicability to VVOIP EP v1.0.

Revision as of 28 December 2015: This TD was originally issued on 13 October 2015 and referenced a draft RFC. It is being revised to reference the published RFC (RFC 7714, AES-GCM for SRTP).

The current SRTP requirements mandate AES with 128 bit key size. The requirements currently read:

FCS_SRTP_EXT.1.2 The VoIP client application shall implement SDES-SRTP supporting the following ciphersuites in accordance with RFC 4568: AES_CM_128_HMAC_SHA1_80.

and

FCS_SRTP_EXT.1.2 The TSF shall implement SDES-SRTP supporting the following ciphersuites in accordance with RFC 4568: AES_CM_128_HMAC_SHA1_80.

Larger key sizes should be able to be used and validated.

The requirements are revised to include other ciphersuites as follows:

For PP_VOIP_V1.3:

FCS_SRTP_EXT.1.2 The VoIP client application shall implement SDES-SRTP supporting the following ciphersuites: AES_CM_128_HMAC_SHA1_80 in accordance with RFC 4568 and [selection: AES_256_CM_HMAC_SHA1_80 in accordance with RFC 6188, AEAD_AES_256_GCM in accordance with RFC 7714, no other].

For EP_VVOIP_V1.0:

FCS_SRTP_EXT.1.2 The TSF shall implement SDES-SRTP supporting the following ciphersuites: AES_CM_128_HMAC_SHA1_80 in accordance with RFC 4568 and [selection: AES_256_CM_HMAC_SHA1_80 in accordance with RFC 6188, AEAD_AES_256_GCM in accordance with RFC 7714, no other].

For CPP_ND_SBC_EP_V1.0:

FCS_SRTP_EXT.1.2 The TSF shall implement SDES-SRTP supporting the following ciphersuites: AES_CM_128_HMAC_SHA1_80 in accordance with RFC 4568 and [selection: AES_256_CM_HMAC_SHA1_80 in accordance with RFC 6188, AEAD_AES_256_GCM in accordance with RFC 7714, no other].

The verification of the cryptographic primitives in the additional ciphersuites is performed via the applicable FCS_COP requirements, so update to the Assurance Activity for this requirement is not needed.

Allowance of additional ciphersuites.