Archived
TD0659: Change to Required NIST Curves for FCS_CKM.1/AK
Publication Date
2022.07.13
Protection Profiles
PP_APP_v1.4
Other References
FCS_CKM.1/AK
Issue Description
In FCS_CKM.1.1/AK in the App PP, the "[ECC schemes]" selection currently mandates both P-256 and P-384, with P-521 being optional. However, FCS_TLSC_EXT.5.1 in the TLS Package is open-ended with respect to the values that may be claimed in the Supported Groups Extension when ECDHE schemes are supported. Resolution
This TD was archived on 1/18/2023 and replaced by TD0717. The following change is made to FCS_CKM.1/AK in Section B.1 in Appendix B in PP_APP_V1.4, with strikethrough denoting deletion and underline denoting addition: FCS_CKM.1.1/AK The application shall [selection: - invoke platform-provided functionality, - implement functionality ] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [selection: [RSA schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following FIPS PUB 186-4, "Digital Signature Standard (DSS), Appendix B.3", [ECC schemes] using [“NIST curves” P-256, P-384 and [selection: P-256, P-521 , no other curves ] ] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4], [FFC schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.1], [FFC Schemes] using Diffie-Hellman group 14 that meet the following: RFC 3526, Section 3, [FFC Schemes] using “safe-prime” groups that meet the following: NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: RFC 3526, RFC 7919] ].
Justification
Support for 384 is required by the current CNSA RFC for TLS (RFC 9151), but 256 is sometimes still useful for interoperability. |