NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0326:  RSA-based key establishment schemes

Publication Date
2018.05.21

Protection Profiles
PP_APP_v1.2

Other References
FCS_CKM.1, FCS_CKM.2, FCS_TLSS_EXT.1.3

Issue Description

If an ST author chooses any options other than TLS-RSA (i.e. DHE, ECDHE, etc.) for a TOE that does not use RSA-based key establishment schemes then FCS_CKM.2 as currently defined should not apply as it is inconsistent with FCS_TLSS_EXT.1.3.

Resolution

This TD supersedes TD0293.

This TD also supersedes TD0107 for AppSW v1.2 only.

FCS_CKM.1.1(1) is  replaced as follows:

The application shall [selection: invoke platform-provided functionality, implement functionality] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [selection:

 [RSA schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3];

[ECC schemes] using [“NIST curves” P-256, P-384 and [selection: P-521 , no other curves ] ] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4] ,

[FFC schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.1]

] .

This requirement depends upon selection in FCS_CKM_EXT.1.1.

 

Application Note: The ST author shall select all key generation schemes used for key establishment and entity authentication. When key generation is used for key establishment, the schemes in FCS_CKM.2.1 and selected cryptographic protocols must match the selection. When key generation is used for entity authentication, the public key is expected to be associated with an X.509v3 certificate.


If the TOE acts as a receiver in the RSA key establishment scheme, the TOE does not need to implement RSA key generation.

 

 

FCS_CKM.2.1 is replaced as follows:

 

The application shall [selection: invoke platform-provided functionality , implement functionality ] to perform cryptographic key establishment in accordance with a specified cryptographic key establishment method:

 [selection:

 

[RSA-based key establishment schemes] that meets the following: [NIST Special Publication 800-56B, “Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography”],

 [Elliptic curve-based key establishment schemes] that meets the following: [NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”] ,

[Finite field-based key establishment schemes] that meets the following: [NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”]

] .

 

This requirement depends upon selection in FCS_TLSC_EXT.1.1.

 

Application Note: The ST author shall select all key establishment schemes used for the selected cryptographic protocols. FCS_TLSC_EXT.1 allows for cipher suites that use RSA-based key establishment schemes.
The RSA-based key establishment schemes are described in Section 9 of NIST SP 800-56B; however, Section 9 relies on implementation of other sections in SP 800-56B. If the TOE acts as a receiver in the RSA key establishment scheme, the TOE does not need to implement RSA key generation.
The elliptic curves used for the key establishment scheme shall correlate with the curves specified in FCS_CKM.1.1(1).
The domain parameters used for the finite field-based key establishment scheme are specified by the key generation according to FCS_CKM.1.1(1).

 

FCS_TLSS_EXT.1.3 is replaced as follows:

 

FCS_TLSS_EXT.1.3:  The application shall generate key establishment parameters using using [selection: RSA with key size [selection: 2048 bits, 3072 bits, 4096 bits], ECDHE over NIST curves [selection: secp256r1, secp384r1, secp521r1] and no other curves, Diffie-Hellman parameters of size [selection: 2048 bits, 3072 bits]].

 

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home