Technical issue in the TSS Assurance Activities for SFR FCS_CKM.1/SKG in HCD SD v1.0

[ansukert]

An issue from Masatoshi Kawashima, Information Technology Security Center

HCD SD Version 1.0
Section 2.2.1. FCS_CKM.1/SKG Cryptographic key generation (Symmetric Keys)” of HCD SD, Section 2.2.1.1 TSS”
As last selection of FCS_CKM.1.1/SKG, one can select Section 6.1 or 6.3 of NIST SP 800-133 Rev.2. Section 6.1 of SP 800-133 describes symmetric keys that are directly generated from the output of an RBG, and Section 6.3 describes symmetric keys produced by combining keys and other data.

On the other hand, Section 2.2.1.1 of HCD SD says that the evaluator shall verify how the TOE obtains a symmetric key through direct generation from a random bit generator. This requirement is considered to be inadequate when SP 800-133 Rev.2 Section 6.3 is selected.

Proposed Resolution (if any):
The word “direct” should be deleted from Section 2.2.1.1 of HCD SD.

[gcolunga]

I have implemented the following fix:
2.2.1.1. TSS
The evaluator shall review the TSS to determine that it describes how the functionality described by FCS_RBG_EXT.1 is invoked and how the TOE obtains a symmetric key through direct generation from a random bit generator as specified in FCS_RBG_EXT.1 or by combining one or more keys and other data.

The fix is marked by the text in bold above.

The fix is available here:
HCD-iTC/HCD-iTC-Template@38fb9da

[gcolunga]

This issue is addressed by the following TD:

• HCD0006

The TD above is located at the following location:

• https://github.com/HCD-iTC/HCD-iTC-Template/tree/Working/TD