NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0244:  FCS_TLSC_EXT - TLS Client Curves Allowed

Publication Date
2017.11.16

Protection Profiles
PP_APP_v1.2, PP_BASE_VIRTUALIZATION_V1.0, PP_MD_V3.1, PP_OS_V4.1

Other References
FCS_TLSC_EXT.2.1

Issue Description

FCS_TLSC_EXT.2 in MD PP v3.1 limits the curves that a client may propose.  This also affects APP PP v1.2, OS PP v4.1, and Base Virtualization PP v1.0.

Resolution

"No other curves" is removed from the MD PP v3.1, APP PP v1.2, OS PP v4.1, and Base Virtualization PP v1.0.

MD PP v3.1:

FCS_TLSC_EXT.2.1:     The TSF shall present the Supported Elliptic Curves Extension in the Client Hello handshake message with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1, no other curves].

Application Note:

If an elliptic-curve ciphersuite is selected in FCS_TLSC_EXT.1.1, then FCS_TLSC_EXT.2.1 shall be included in the ST. This requirement does not limit the elliptic curves the client may propose for authentication and key agreement.  Rather, it asks the ST author to define which of the NIST curves from FCS_COP.1(3) and FCS_CKM.1 and FCS_CKM.2(1) the TOE supports. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(3) and FCS_CKM.1 and FCS_CKM.2(1).  This extension is required for clients supporting Elliptic Curve ciphersuites.

Assurance Activity:

Test 1:  The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE’s supported curves and shall verify that the TOE successfully connects to the server. 
The evaluator shall configure the server to perform an ECDHE key exchange message in the TLS connection using a non-supported ECDHE curve (for example, P-192) and shall verify that the TOE disconnects after receiving the server's Key Exchange handshake message.

 

APP PP v1.2:

FCS_TLSC_EXT.4.1:     The application shall present the supported Elliptic Curves Extension in the Client Hello with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1] and no other curves.

Applicaton Note:

This requirement does not limit the elliptic curves the client may propose for authentication and key agreement.  Rather, it asks the ST author to define which of the NIST curves from FCS_COP.1(3) and FCS_CKM.1(1) and FCS_CKM.2 the TOE supports. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(3) and FCS_CKM.1(1) and FCS_CKM.2.  This extension is required for clients supporting Elliptic Curve ciphersuites.

Assurance Activity:

Test 1:  The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE’s supported curves and shall verify that the TOE successfully connects to the server. 
The evaluator shall configure the server to perform an ECDHE key exchange message in the TLS connection using a non-supported ECDHE curve (for example, P-192) and shall verify that the TOE disconnects after receiving the server's Key Exchange handshake message.

 

OS PP v4.1:

FCS_TLSC_EXT.2.1:     The OS shall present the Supported Elliptic Curves Extension in the Client Hello with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1] and no other curves.

Applicaton Note:

This requirement does not limit the elliptic curves the client may propose for authentication and key agreement.  Rather, it asks the ST author to define which of the NIST curves from FCS_COP.1(3) and FCS_CKM.1(1) and FCS_CKM.2(1) the TOE supports. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(3) and FCS_CKM.1(1) and FCS_CKM.2(1).  This extension is required for clients supporting Elliptic Curve ciphersuites.

Assurance Activity:

The evaluator will also perform the following test: 

The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE’s supported curves and shall verify that the TOE successfully connects to the server. 
The evaluator shall configure the server to perform an ECDHE key exchange message in the TLS connection using a non-supported ECDHE curve (for example, P-192) and shall verify that the TOE disconnects after receiving the server's Key Exchange handshake message.

 

Base Virtualization PP v1.0:

FCS_TLSC_EXT.1.5:     The TSF shall present the Supported Elliptic Curves Extension in the Client Hello handshake message with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1] and no other curves.

Application Note:

If ciphersuites with elliptic curves were selected in FCS_TLSC_EXT.1.1, then this component is required. This requirement does not limit the elliptic curves the client may propose for authentication and key agreement.  Rather, it asks the ST author to define which of the NIST curves from FCS_COP.1(2) and FCS_CKM.1 and FCS_CKM.2 the TOE supports. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(2) and FCS_CKM.1 and FCS_CKM.2.  This extension is required for clients supporting Elliptic Curve ciphersuites.

Assurance Activity:

Test 1:  The evaluator shall configure a server to perform ECDHE key exchange using each of the TOE’s supported curves and shall verify that the TOE successfully connects to the server. 
The evaluator shall configure the server to perform an ECDHE key exchange message in the TLS connection using a non-supported ECDHE curve (for example, P-192) and shall verify that the TOE disconnects after receiving the server's Key Exchange handshake message.

Justification

The client can propose any curve it wants and the server can limit which curve is used.

 
 
Site Map              Contact Us              Home