NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0282:  Test Activities added for Key Distribution and Key Generation

Publication Date
2018.01.19

Protection Profiles
PP_WLAN_AS_EP_V1.0

Other References
FCS_CKM.1(2). FCS_CKM.2(3)

Issue Description

FCS_CKM.1(2) did not include all tests align with WPA2 certification and FCS_CKM.2(3) was missing a selection for KWP and the KW and KWP test actvities.

Resolution

For FCS_CKM.1(2), the following Test is added to the Assurance Activity:

Additionally, the evaluator shall test the PRF function using the test vectors from:

  • Section 2.4 “The PRF Function – PRF(key, prefix, data, length)” of the IEEE 802.11-02/362r6 document "Proposed Test vectors for IEEE 802.11 TGi" dated September 10, 2002, and
  • Annex M.3 “PRF reference implementation and test vectors” of IEEE 802.11-2012.

 

FCS_CKM.2(3) is modified to add a selection and tests for AES Key Wrap (AES-KW) and Key Wrap with Padding (AES-KWP) as follows:

FCS_CKM.2(3) Cryptographic Key Distribution (GTK)

FCS_CKM.2.1(3) Refinement: The TSF shall distribute Group Temporal Key (GTK) in accordance with a specified cryptographic key distribution method: [selection: AES Key Wrap in an EAPOL-Key frame, AES Key Wrap with Padding in an EAPOL-Key frame] that meets the following: [NIST SP 800-38F, IEEE 802.11-2012 for the packet format and timing considerations] and does not expose the cryptographic keys.

 

AES Key Wrap (AES-KW) Tests

Test 1: The evaluator shall test the authenticated encryption functionality of AES-KW for EACH combination of the following input parameter lengths:

128 and 256 bit key encryption keys (KEKs)

Three plaintext lengths. One of the plaintext lengths shall be two semi-blocks (128 bits). One of the plaintext lengths shall be three semi-blocks (192 bits). The third data unit length shall be the longest supported plaintext length less than or equal to 64 semi-blocks (4096 bits).

using a set of 100 key and plaintext pairs and obtain the ciphertext that results from AES-KW authenticated encryption. To determine correctness, the evaluator shall use the AES-KW authenticated-encryption function of a known good implementation.

Test 2: The evaluator shall test the authenticated-decryption functionality of AES-KW using the same test as for authenticated-encryption, replacing plaintext values with ciphertext values and AES-KW authenticated-encryption with AES-KW authenticated-decryption. Additionally, the evaluator shall modify one byte of the ciphertext, attempt to decrypt the modified ciphertext, and ensure that a failure is returned rather than plaintext.

AES Key Wrap with Padding (AES-KWP) Tests

Test 1: The evaluator shall test the authenticated-encryption functionality of AES-KWP for EACH combination of the following input parameter lengths:

128 and 256 bit key encryption keys (KEKs)

Three plaintext lengths. One plaintext length shall be one octet. One plaintext length shall be 20 octets (160 bits). One plaintext length shall be the longest supported plaintext length less than or equal to 512 octets (4096 bits).

using a set of 100 key and plaintext pairs and obtain the ciphertext that results from AES-KWP authenticated encryption. To determine correctness, the evaluator shall use the AES-KWP authenticated-encryption function of a known good implementation.

Test 2: The evaluator shall test the authenticated-decryption functionality of AES-KWP using the same test as for AES-KWP authenticated-encryption, replacing plaintext values with ciphertext values and AES-KWP authenticated-encryption with AES-KWP authenticated-decryption. Additionally, the evaluator shall modify one byte of the ciphertext, attempt to decrypt the modified ciphertext, and ensure that a failure is returned rather than plaintext.

Justification

See issue description.

 
 
Site Map              Contact Us              Home