TD0233: FIT Technical Decision for Contents in Selected Long Message Test – Bitoriented Mode
Publication Date
2017.08.25
Protection Profiles
CPP_FDE_AA_V2.0, CPP_FDE_EE_V2.0
Other References
FDE_AA_SD_V2.0, FDE_EE_SD_V2.0, FCS_COP.1( b )
Issue Description
The FIT has issued a technical decision for Contents in Selected Long Message Test – Bitoriented Mode.
Resolution
FCS_COP.1(b) in the FDE_AA_SD and FDE_EE_SD shall therefore be modified as follows:
TSS
The evaluator shall check that the association of the hash function with other TSF cryptographic functions (for example, the digital signature verification function) is documented in the TSS. 4.1.2.2.2 Operational Guidance
The evaluator checks the operational guidance documents to determine that any system configuration necessary to enable required hash size functionality is provided. 4.1.2.2.3 KMD There are no KMD evaluation activities for this SFR. 4.1.2.2.4 Test
The TSF hashing functions can be implemented in one of two modes. The first mode is the byteoriented mode. In this mode the TSF only hashes messages that are an integral number of bytes in length; i.e., the length (in bits) of the message to be hashed is divisible by 8. The second mode is the bitoriented mode. In this mode the TSF hashes messages of arbitrary length. As there are different tests for each mode, an indication is given in the following sections for the bit¬oriented vs. the byteoriented test mode.
The evaluator shall perform all of the following tests for each hash algorithm implemented by the TSF and used to satisfy the requirements of this cPP.
Short Messages Test Bitoriented Mode The evaluators devise an input set consisting of m+1 messages, where m is the block length of the hash algorithm. The length of the messages range sequentially from 0 to m bits. The message text shall be pseudorandomly generated. The evaluators compute the message digest for each of the messages and ensure that the correct result is produced when the messages are provided to the TSF. Short Messages Test Byteoriented Mode
The evaluators devise an input set consisting of m/8+1 messages, where m is the block length of the hash algorithm. The length of the messages range sequentially from 0 to m/8 bytes, with each message being an integral number of bytes. The message text shall be pseudorandomly generated. The evaluators compute the message digest for each of the messages and ensure that the correct result is produced when the messages are provided to the TSF.
Selected Long Messages Test Bitoriented Mode
The evaluators devise an input set consisting of m messages, where m is the block length of the hash algorithm. For SHA256, the length of the ith message is 512 + 99*i, where 1 ≤ i ≤ m. For SHA512, the length of the ith message is 1024 + 99*i, where 1 ≤ i ≤ m. The message text shall be pseudorandomly generated. The evaluators compute the message digest for each of the messages and ensure that the correct result is produced when the messages are provided to the TSF.
Selected Long Messages Test Byteoriented Mode
The evaluators devise an input set consisting of m/8 messages, where m is the block length of the hash algorithm. For SHA256, the length of the ith message is 512 + 8*99*i, where 1 ≤ i ≤ m/8. For SHA512, the length of the ith message is 1024 + 8*99*i, where 1 ≤ i ≤ m/8. The message text shall be pseudorandomly generated. The evaluators compute the message digest for each of the messages and ensure that the correct result is produced when the messages are provided to the TSF. Pseudorandomly Generated Messages Test
This test is for byteoriented implementations only. The evaluators randomly generate a seed that is n bits long, where n is the length of the message digest produced by the hash function to be tested. The evaluators then formulate a set of 100 messages and associated digests by following the algorithm provided in Figure 1 of [SHAVS]. The evaluators then ensure that the correct result is produced when the messages are provided to the TSF.
For further information, please see the FIT interpretation at: https://www.niapccevs.org/Documents_and_Guidance/ccevs/FITDecision201705.pdf
Justification
