Archived
TD0723: Correction to ECDSA Curve Selection
Publication Date
2023.02.22
Protection Profiles
MOD_VPNGW_v1.2
Other References
FCS_CKM.1/IKE
Issue Description
The VPNGW v1.2 requires a selection of P-256 (and P-384) if ECDSA is selected. However, the CSfC selections for VPNGW v1.2 FCS_CKM.1/IKE prohibit the use of P-256 and mandate P-384. Resolution
FCS_CKM.1/IKE in Section 5.2.3 of MOD_VPNGW_v1.2 is modified as follows, with strikethroughs in red highlights denoting deletions and underlines in green highlights denoting additions: FCS_CKM.1.1/IKE The TSF shall generate asymmetric cryptographic keys used for IKE peer authentication in accordance with a specified cryptographic key generation algorithm: [selection: -FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3 for RSA schemes, -FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4 for ECDSA schemes and implementing “NIST curves” P-256, P-384 and [selection: P-256, P-521, no other curves] ] and [selection: -FFC Schemes using “safe-prime” groups that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: RFC 3526, RFC 7919], -no other key generation algorithm ] and specified cryptographic key sizes [equivalent to, or greater than, a symmetric key strength of 112 bits]. Justification
See issue description. Also, P-256 is not compliant with CNSA 1.0, so should not be mandated. |