TD0717: Format changes for PP_APP_V1.4
Publication Date
2023.01.18
Protection Profiles
PP_APP_v1.4
Other References
FCS_CKM.1, FCS_CKM.2, FCS_CKM.1/AK, FCS_CKM.1/PBKDF, FCS_COP.1/Hash, FCS_COP.1/KeyedHash, FCS_COP.1/Sig, FCS_COP.1/SKC
Issue Description
Multiple SFRs in PP APP V1.4 have inconsistencies with CC Part 2, two of which were previously modified by TDs. Resolution
TDs 659 and 626 are archived, and their changes replicated here.
PP_APP_V1.4 is updated as follows:
All references to FCS_CKM.1 and FCS_CKM.1.1 are renamed to FCS_CKM_EXT.1 and FCS_CKM_EXT.1.1, except for the reference in the FCS_CKM.2. TSS evaluation activity, which is replaced with FCS_CKM.1.1/AK. All references to FCS_CKM.1/PBKDF, FCS_CKM.1.1/PBKDF, FCS_CKM.1.2/PBKDF are renamed to FCS_CKM_EXT.1/PBKDF, FCS_CKM_EXT.1.1/PBKDF, FCS_CKM_EXT.1.2/PBKDF.
The following SFRs are updated as follows, with green highlight indicating a format change, yellow highlight and underline indicating addition, and red highlight and strikethrough indicating deletion:
The application shall [selection: · invoke platform-provided functionality, · implement functionality ] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [selection: · [RSA schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, "Digital Signature Standard (DSS)”, Appendix B.3 · [ECC schemes] using [“NIST curves” · [FFC schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.1], · [FFC Schemes] using [Diffie-Hellman group 14] that meet the following: [RFC 3526, Section 3], · [FFC Schemes] using [“safe-prime” groups] that meet the following: [NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: RFC 3526, RFC 7919]] ].
FCS_COP.1.1/Hash The application shall perform [cryptographic hashing services] in accordance with a specified cryptographic algorithm [selection: · SHA-1, · SHA-256, · SHA-384, · SHA-512, · no other ] and message digest sizes [selection: · 160, · 256, · 384, · 512, · no other ] bits that meet the following: [FIPS Pub 180-4].
FCS_COP.1.1/KeyedHash The application shall perform [keyed-hash message authentication] in accordance with a specified cryptographic algorithm [selection:
] and [selection:
] with key sizes [assignment: key size (in bits) used in HMAC] and message digest sizes [selection: 256, 384, 512] and [selection: 160,
FCS_COP.1.1/Sig The application shall perform [cryptographic signature services (generation and verification)] in accordance with a specified cryptographic algorithm [selection: · RSA schemes using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section · ECDSA schemes using [“NIST curves” P-256, P-384 and [selection: P-521, no other curves]] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section ].
FCS_COP.1.1/SKC The application shall perform [encryption/decryption] in accordance with a specified cryptographic algorithm [selection: · AES-CBC (as defined in NIST SP 800-38A) mode, · AES-GCM (as defined in NIST SP 800-38D) mode, · AES-XTS (as defined in NIST SP 800-38E) mode, · AES-CCM (as defined in NIST SP 800-38C) mode, · AES-CTR (as defined in NIST SP 800-38A) mode ] and cryptographic key sizes [selection: 128-bit, 256-bit]. Justification
Corrections required to complete certification report, and previous TD changes need to be incorporated. |