NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0025:  Update to FCS_COP.1(2)

Publication Date
2014.11.26

Protection Profiles
PP_APP_v1.1

Other References
PP_APP_V1.1, requirement FCS_COP.1(2)

Issue Description

FCS_COP.1(2) as currently written requires SHA-1, which is required for FCS_TLSC_EXT.1. However, if there is no TLS requirement, implementations are still required to support SHA-1 when performing hashing. In the absence of TLS, SHA-1 is not desirable as the SHA-2 family provides higher security strengths.

Resolution

FCS_COP.1(2) should be revised to move SHA-1 inside the selection as follows:

 

FCS_COP.1.1(2) The application shall perform cryptographic hashing services in accordance with a specified cryptographic algorithm [selection:
SHA-1,
SHA-256,
SHA-384,
SHA-512
] and message digest sizes [selection:
160,
256,
384,
512
] bits that meet the following: FIPS Pub 180-4.

Application Note: Per NIST SP 800-131A, SHA-1 for generating digital signatures is no longer allowed, and SHA-1 for verification of digital signatures is strongly discouraged as there may be risk in accepting these signatures.

SHA-1 is currently required in order to comply with FCS_TLSC_EXT.1. If FCS_TLSC_EXT.1.1 is included in the ST, the hashing algorithms selection for FCS_COP.1(2) must match the hashing algorithms used in the mandatory and selected ciphersuites of FCS_TLSC_EXT.1.1. Vendors are strongly encouraged to implement updated protocols that support the SHA-2 family; until updated protocols are supported, this PP allows support for SHA-1 implementations in compliance with SP 800-131A.

The intent of this requirement is to specify the hashing function. The hash selection must support the message digest size selection. The hash selection should be consistent with the overall strength of the algorithm used (for example, SHA 256 for 128bit keys).

The next update of the App PP will reflect the TD.

Justification

FCS_COP.1(2) should be included in the ST for use cases that involve hashing outside the network protocol. For those use cases, we will not require SHA-1.  However, SHA-1 is mandatory in order to be consistent with FCS_TLSC_EXT.1.1. The modification allows implementations that do not include TLS to meet the requirement without being required to support SHA-1.

 
 
Site Map              Contact Us              Home