NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0123:  GCM Mode Added to FCS_KYC_EXT.1.1, FCS_COP.1.1(1), FPT_KYP_EXT.1.1

Publication Date
2016.11.03

Protection Profiles
PP_APP_SWFE_EP_v1.0

Other References
FCS_KYC_EXT.1.1; FCS_COP.1.1(1); FPT_KYP_EXT.1.1

Issue Description

TD #92 allowed the addition of key encryption as a method of protecting Keys in the key chain for TOEs conformant to the Software File Encryption EP. However, only CBC mode was allowed.  It has been determined that additional modes should also be allowed.

Resolution

The Software File Encryption EP (note the modifications to FCS_KYC_EXT.1 build on those specified in TD #92) is modified as follows.

FCS_KYC_EXT.1  Key Chaining and Key Storage

FCS_KYC_EXT.1.1 The TSF shall maintain a primary key chain of:

[selection:
   - a conditioned password as the FEK;
   - KEKs originating from one or more authorization factors(s) to the
     FEK(s) using the following method(s):
     [selection:
        - utilization of the platform key storage;
        - utilization of platform key storage that performs key wrap
      with a TSF provided key;
        - implement key wrapping as specified in FCS_COP.1(5);
        - implement key combining as specified in FCS_SMC_EXT.1;
        - implement key encryption as specified in FCS_COP.1(1) in
          [selection: CBC, GCM] mode
     ]

     while maintaining an effective strength of [selection:
       [selection: 128 bits, 256 bits] for symmetric keys;
       [selection: 112 bits, 128 bits, 192 bits, 256 bits] for
         asymmetric keys;
     ] commensurate with the strength of the FEK ] and [selection:
     - no supplemental key chains,
     - other supplemental key chains that protect a key or keys in the
       primary key chain using the following method(s):
         [selection:
            - utilization of the platform key storage,
            - utilization of the platform key storage that performs
              key wrap with a TSF provided key,
            - implement key wrapping as specified in FCS_COP.1(5),
            - implement key combining as specified in FCS_SMC_EXT.1;
            - implement key encryption as specified in FCS_COP.1(1) in
              [selection: CBC, GCM] mode
         ]
    ].

There are no modifications necessary to the application notes or the assurance activities.


FCS_COP.1(1) Cryptographic operation (Data Encryption)

FCS_COP.1.1(1) Refinement: The application shall [selection: implement
               platform-provided AES encryption, implement AES
               encryption] to perform data encryption and decryption
               in accordance with a specified cryptographic algorithm
               AES used in
               [selection:
                  - CBC (as defined in NIST SP 800-38A);
                  - XTS (as defined in NIST SP 800-38E);
                  - GCM (as defined in NIST SP 800-38D);
               ] mode and cryptographic key sizes
               [selection:
                  - 128 bits;
                  - 256 bits
               ].

The assurance activity tests specified for AES in GCM mode in the underlying Application Software PP shall be performed in the case that "GCM" is selected in the requirement.



FPT_KYP_EXT.1 Extended: Protection of Key and Key Material (FPT_KYP_EXT)

FPT_KYP_EXT.1.1 The TSF shall
  [selection:
     - not store keys in non-volatile memory;
     - only store keys in non-volatile memory when
       [selection:
          - wrapped, as specified in FCS_COP.1(5);
          - encrypted, as specified in FCS_COP.1(1);
          - The plaintext key is not part of the key chain as
            specified in FCS_KYC_EXT.1;
          - The plaintext key will no longer provide access to the
            encrypted data after initial provisioning;
          - The plaintext key is a key split that is combined as
            specified in FCS_SMC_EXT.1, and the other half of the key
            split is either
              [selection:
                 - wrapped as specified in FCS_COP.1(5);
                 - derived and not stored in non-volatile memory.
              ]
          - The plaintext key is stored on an external storage device
            for use as an authorization factor.
          - The plaintext key is used to wrap a key as specified in
            FCS_COP.1(5) that is already wrapped as specified in
            FCS_COP.1(5).
       ]
  ].

There are no modifications necessary to the application notes or the assurance activities.

Justification

Protection of keys using the GCM of AES is sufficient to meet the security objectives of this EP, and is therefore allowed.

 
 
Site Map              Contact Us              Home