Archived
TD0061: AES_CCMP Requirement is Optional in SVPP
Publication Date
2015.09.10
Protection Profiles
PP_SV_V1.0
Other References
PP_SV_v1.0
Issue Description
The FCS_COP.1(1) Cryptographic Operation (AES Data Encryption/ Decryption) requirement is inconsistent with FCS_SSHS_EXT.1. FCS_COP.1(1) requires support for AES_CCMP; however, the SSH requirements in FCS_SSHS_EXT.1.4 do not include AES_CCMP. If the TOE only implements SSH, then AES_CCMP is not applicable. Resolution
AES_CCMP is optional on TLS inclusion. The requirement now appears as follows: FCS_COP.1.1(1) The TSF shall perform [encryption/decryption] in accordance with a specified cryptographic algorithm [selection:
and cryptographic key sizes [selection: 128-bit key sizes, 256-bit key sizes]. Application Note: For the first selection of FCS_COP.1.1(1), the ST author should choose the mode or modes in which AES operates. For the second selection, the ST author should choose the key sizes that are supported by this functionality. Justification
Removes requirement inconsistencies |