|
1927 | 1927 | </selectables></col> |
1928 | 1928 | <col>KPF2 - KDF in Counter Mode using <selectables> |
1929 | 1929 | <selectable id="sel-fcs-ckm-5-kdf-ctr-cmac">AES-256-CMAC</selectable> |
1930 | | - <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac256">>HMAC-SHA-256</selectable> |
1931 | | - <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac256">>HMAC-SHA-384</selectable> |
1932 | | - <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac512">>HMAC-SHA-512</selectable> |
| 1930 | + <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac256">HMAC-SHA-256</selectable> |
| 1931 | + <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac256">HMAC-SHA-384</selectable> |
| 1932 | + <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac512">HMAC-SHA-512</selectable> |
1933 | 1933 | </selectables> as the PRF</col> |
1934 | 1934 | <col><selectables> |
1935 | 1935 | <selectable>256</selectable> |
|
1951 | 1951 | </selectables></col> |
1952 | 1952 | <col>KPF3 - KDF in Feedback Mode using <selectables> |
1953 | 1953 | <selectable id="sel-fcs-ckm-5-kdf-fb-cmac">AES-256-CMAC</selectable> |
1954 | | - <selectable id="sel-fcs-ckm-5-kdf-fb-hmac256">>HMAC-SHA-256</selectable> |
1955 | | - <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac256">>HMAC-SHA-384</selectable> |
1956 | | - <selectable id="sel-fcs-ckm-5-kdf-fb-hmac512">>HMAC-SHA-512</selectable> |
| 1954 | + <selectable id="sel-fcs-ckm-5-kdf-fb-hmac256">HMAC-SHA-256</selectable> |
| 1955 | + <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac256">HMAC-SHA-384</selectable> |
| 1956 | + <selectable id="sel-fcs-ckm-5-kdf-fb-hmac512">HMAC-SHA-512</selectable> |
1957 | 1957 | </selectables> as the PRF</col> |
1958 | 1958 | <col><selectables> |
1959 | 1959 | <selectable>256</selectable> |
|
1974 | 1974 | </selectables></col> |
1975 | 1975 | <col>KDF in Double Pipeline Iteration Mode using <selectables> |
1976 | 1976 | <selectable id="sel-fcs-ckm-5-kdf-dpi-cmac">AES-256-CMAC</selectable> |
1977 | | - <selectable id="sel-fcs-ckm-5-kdf-dpi-hmac256">>HMAC-SHA-256</selectable> |
1978 | | - <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac256">>HMAC-SHA-384</selectable> |
1979 | | - <selectable id="sel-fcs-ckm-5-kdf-dpi-hmac512">>HMAC-SHA-512</selectable> |
| 1977 | + <selectable id="sel-fcs-ckm-5-kdf-dpi-hmac256">HMAC-SHA-256</selectable> |
| 1978 | + <selectable id="sel-fcs-ckm-5-kdf-ctr-hmac256">HMAC-SHA-384</selectable> |
| 1979 | + <selectable id="sel-fcs-ckm-5-kdf-dpi-hmac512">HMAC-SHA-512</selectable> |
1980 | 1980 | </selectables> as the PRF</col> |
1981 | 1981 | <col><selectables> |
1982 | 1982 | <selectable>256</selectable> |
|
2983 | 2983 | <aactivity> |
2984 | 2984 | <TSS> |
2985 | 2985 | The evaluator shall examine the TSS to ensure that it describes the construction of any IVs, |
2986 | | - nonces, and tags in conformance with the relevant specifications. |
| 2986 | + nonces, and tags in conformance with the relevant specifications.<h:p/> |
| 2987 | + If a CCM mode algorithm is selected, then the evaluator shall examine the TOE summary |
| 2988 | + specification to confirm that it describes how the nonce is generated and that the same nonce is |
| 2989 | + never reused to encrypt different plaintext pairs under the same key.<h:p/> |
| 2990 | + If a GCM mode algorithm is selected, then the evaluator shall examine the TOE summary |
| 2991 | + specification to confirm that it describes how the IV is generated and that the same IV is never |
| 2992 | + reused to encrypt different plaintext pairs under the same key. The evaluator shall also confirm |
| 2993 | + that for each invocation of GCM, the length of the plaintext is at most (2<h:sup>32</h:sup>)-2 blocks. |
2987 | 2994 | </TSS> |
2988 | 2995 | <Guidance/> |
2989 | 2996 | <Tests> |
2990 | | - The following tests require the developer to provide access to a test platform that |
| 2997 | + The following tests may require the developer to provide access to a test platform that |
2991 | 2998 | provides the evaluator with tools that are typically not found on factory products.<h:p/> |
2992 | 2999 | The following tests are conditional based upon the selections made in the SFR. The |
2993 | 3000 | evaluator shall perform the following test or witness respective tests executed by |
|
3152 | 3159 | </TSS> |
3153 | 3160 | <Guidance/> |
3154 | 3161 | <Tests> |
3155 | | - The following tests require the developer to provide access to a test platform that |
| 3162 | + The following tests may require the developer to provide access to a test platform that |
3156 | 3163 | provides the evaluator with tools that are typically not found on factory products.<h:p/> |
3157 | 3164 | The following tests are conditional based upon the selections made in the SFR. The |
3158 | 3165 | evaluator shall perform the following test or witness respective tests executed by |
|
3275 | 3282 | </TSS> |
3276 | 3283 | <Guidance/> |
3277 | 3284 | <Tests> |
3278 | | - The following tests require the developer to provide access to a test platform that |
| 3285 | + The following tests may require the developer to provide access to a test platform that |
3279 | 3286 | provides the evaluator with tools that are typically not found on factory products.<h:p/> |
3280 | 3287 | The following tests are conditional based upon the selections made in the SFR. The |
3281 | 3288 | evaluator shall perform the following test or witness respective tests executed by |
|
3545 | 3552 |
|
3546 | 3553 | <selectable id="sel-fcs-cop-keyencap-kas1"> |
3547 | 3554 | <col>KAS1</col> |
3548 | | - <col>KAS1 [RSA-single party]</col> |
| 3555 | + <col>RSASVE</col> |
3549 | 3556 | <col><selectables> |
3550 | 3557 | <selectable>3072</selectable> |
3551 | 3558 | <selectable>4096</selectable> |
3552 | 3559 | <selectable>6144</selectable> |
3553 | 3560 | <selectable>8192</selectable> |
3554 | 3561 | </selectables> bits</col> |
3555 | | - <col>NIST SP 800-56B Revision 2 (Sections 6.3 and 8.2)</col> |
| 3562 | + <col>NIST SP 800-56B Revision 2 (Section 7.2.1)</col> |
3556 | 3563 | </selectable> |
3557 | 3564 |
|
3558 | 3565 | <selectable id="sel-fcs-cop-keyencap-kts"> |
3559 | 3566 | <col>KTS-OAEP</col> |
3560 | | - <col>KTS-OAEP [RSA-OAEP]</col> |
| 3567 | + <col>RSA-OAEP</col> |
3561 | 3568 | <col><selectables> |
3562 | 3569 | <selectable>3072</selectable> |
3563 | 3570 | <selectable>4096</selectable> |
|
3590 | 3597 | </TSS> |
3591 | 3598 | <Guidance/> |
3592 | 3599 | <Tests> |
3593 | | - The following tests require the developer to provide access to a test platform that |
| 3600 | + The following tests may require the developer to provide access to a test platform that |
3594 | 3601 | provides the evaluator with tools that are typically not found on factory products.<h:p/> |
3595 | 3602 | The following tests are conditional based upon the selections made in the SFR. The |
3596 | 3603 | evaluator shall perform the following test or witness respective tests executed by |
|
3601 | 3608 | environment and TOE execution environment shall be described.<h:p/> |
3602 | 3609 |
|
3603 | 3610 | <!-- KAS1 --> |
3604 | | - <h:br/><h:b>KAS1 [RSA-single party]</h:b><h:p/> |
| 3611 | + <h:br/><h:b>KAS1 [RSASVE single-party]</h:b><h:p/> |
3605 | 3612 | <h:table border="1"> |
3606 | 3613 | <h:tr class="header" bgcolor="#cccccc"> |
3607 | 3614 | <h:td valign="top">Identifier</h:td> |
|
3611 | 3618 | </h:tr> |
3612 | 3619 | <h:tr> |
3613 | 3620 | <h:td valign="top">KAS1</h:td> |
3614 | | - <h:td valign="top">KAS1 [RSA-single party]</h:td> |
| 3621 | + <h:td valign="top">RSASVE</h:td> |
3615 | 3622 | <h:td valign="top">[<h:b>selection:</h:b> 3072, 4096, 6144, 8192] bits</h:td> |
3616 | | - <h:td valign="top">NIST SP 800-56B Revision 2 (Sections 6.3 & 8.2)</h:td> |
| 3623 | + <h:td valign="top">NIST SP 800-56B Revision 2 (Section 7.2.1)</h:td> |
3617 | 3624 | </h:tr> |
3618 | 3625 | </h:table><h:p/> |
3619 | | - To test the TOE’s implementation of the of KAS1 RSA Single-Party Key Encapsulation, the |
| 3626 | + To test the TOE’s implementation of the of KAS1 RSASVE Single-Party Key Encapsulation, the |
3620 | 3627 | evaluator shall perform the Algorithm Functional Test and Validation Test using the following |
3621 | 3628 | input parameters:<h:ul> |
3622 | 3629 | <h:li>RSA Private key format [Basic with fixed public exponent, Prime Factor with fixed |
3623 | 3630 | public exponent, Chinese Remainder Theorem with fixed public exponent, Basic with |
3624 | 3631 | random public exponent, Prime Factor with random public exponent, Chinese |
3625 | 3632 | Remainder Theorem with random public exponent]</h:li> |
3626 | | - <h:li>Modulus value [3072, 4096, 6144, 8192]</h:li> |
| 3633 | + <h:li>Modulo value [3072, 4096, 6144, 8192]</h:li> |
3627 | 3634 | <h:li>Role [initiator, responder]</h:li> |
3628 | | - <h:li>Key confirmation supported [yes, no] [not included in KAS2]</h:li></h:ul><h:p/> |
| 3635 | + <h:li>Key confirmation supported [yes, no]</h:li></h:ul><h:p/> |
3629 | 3636 | The evaluator shall generate a test group (i.e. set of tests) for each parameter value of the above |
3630 | 3637 | parameter type with the largest number of supported values. For example, if the TOE supports all |
3631 | 3638 | six key formats, then the evaluator shall generate six test groups. Each of the above supported |
|
3662 | 3669 | </h:tr> |
3663 | 3670 | <h:tr> |
3664 | 3671 | <h:td valign="top">KTS-OAEP</h:td> |
3665 | | - <h:td valign="top">KTS-OAEP [RSA-OAEP]</h:td> |
| 3672 | + <h:td valign="top">RSA-OAEP</h:td> |
3666 | 3673 | <h:td valign="top">[<h:b>selection:</h:b> 3072, 4096, 6144, 8192] bits</h:td> |
3667 | 3674 | <h:td valign="top">NIST SP 800-56B Revision 2 (Sections 6.3 & 9)</h:td> |
3668 | 3675 | </h:tr> |
|
0 commit comments