Moved selectables appending to diff function

commoncriteria · Aug 8, 2024 · af094a4 · af094a4
1 parent 646dcbf
commit af094a4
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/input/application.xml b/input/application.xml
@@ -400,9 +400,9 @@
           <depends on="sel_impl_genkey"/>
           <f-element id="fel-asym-key-gen-impl">
             <title>The <h:b>application</h:b>  shall<selectables onlyone="yes"><selectable id="fcs_ckm.1.1_AK_1" >invoke platform-provided functionality</selectable><selectable id="fcs_ckm.1.1_AK_2" >implement functionality</selectable></selectables>to generate <h:b>asymmetric</h:b>  cryptographic keys in accordance with a specified cryptographic key generation algorithm<selectables ><selectable id="fcs_ckm.1.1_AK_3" ><h:b>[RSA schemes]</h:b> using cryptographic key sizes of <h:b>[2048-bit or greater]</h:b> that meet
-							the following <h:b> FIPS PUB 186-4, "Digital Signature Standard (DSS), Appendix B.3"</h:b></selectable><selectable id="fcs_ckm.1.1_AK_4"><h:b>[ECC schemes]</h:b> using <h:b>[“NIST curves” P-256, P-384 and <selectables><selectables ><selectable id="fcs_ckm.1.1_AK_5" exclusive="yes"> P-521 </selectable><selectable id="fcs_ckm.1.1_AK_6" exclusive="yes"> no other curves </selectable></selectables></selectables> ]</h:b>that meet the following: <h:b>[FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4]</h:b></selectable><selectable id="fcs_ckm.1.1_AK_7" ><h:b>[FFC schemes]</h:b> using cryptographic key sizes of <h:b>[2048-bit or greater]</h:b> 
+							the following <h:b> FIPS PUB 186-4, "Digital Signature Standard (DSS), Appendix B.3"</h:b></selectable><selectable id="fcs_ckm.1.1_AK_4"><h:b>[ECC schemes]</h:b> using <h:b>[“NIST curves” P-256, P-384 and <selectables><selectable id="fcs_ckm.1.1_AK_5" exclusive="yes"> P-521 </selectable><selectable id="fcs_ckm.1.1_AK_6" exclusive="yes"> no other curves </selectable></selectables> ]</h:b>that meet the following: <h:b>[FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4]</h:b></selectable><selectable id="fcs_ckm.1.1_AK_7" ><h:b>[FFC schemes]</h:b> using cryptographic key sizes of <h:b>[2048-bit or greater]</h:b> 
 							that meet the following: <h:b>[FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.1]</h:b></selectable><selectable id="fcs_ckm.1.1_AK_8" ><h:b>[FFC Schemes]</h:b><h:b> using Diffie-Hellman group 14</h:b> that meet the following: 
-							<h:b>RFC 3526, Section 3</h:b></selectable><selectable id="fcs_ckm.1.1_AK_9"><h:b>[FFC Schemes]</h:b><h:b> using “safe-prime” groups</h:b> that meet the following: <h:b>NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”</h:b> and <selectables><selectables ><selectable id="fcs_ckm.1.1_AK_10" >RFC 3526</selectable><selectable id="fcs_ckm.1.1_AK_11" >RFC 7919</selectable></selectables></selectables></selectable></selectables>.</title>
+							<h:b>RFC 3526, Section 3</h:b></selectable><selectable id="fcs_ckm.1.1_AK_9"><h:b>[FFC Schemes]</h:b><h:b> using “safe-prime” groups</h:b> that meet the following: <h:b>NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”</h:b> and <selectables><selectable id="fcs_ckm.1.1_AK_10" >RFC 3526</selectable><selectable id="fcs_ckm.1.1_AK_11" >RFC 7919</selectable></selectables></selectable></selectables>.</title>
             <note role="application">
 					The ST author shall select all key generation schemes used for key 
 					establishment and entity authentication. When key generation is used for key 
@@ -576,7 +576,7 @@
 							Schemes Using Discrete Logarithm Cryptography”]</h:b></selectable><selectable id="fcs_ckm.2.1_6" ><h:b>[Finite field-based key establishment schemes]</h:b> that meets the following: 
 							<h:b>[NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key 
 							Establishment Schemes Using Discrete Logarithm Cryptography”]</h:b></selectable><selectable id="fcs_ckm.2.1_7" ><h:b>[Key establishment scheme using Diffie-Hellman group 14]</h:b>
-							that meets the following: <h:b>RFC 3526, Section 3</h:b></selectable><selectable id="fcs_ckm.2.1_8"><h:b>[FFC Schemes using “safe-prime” groups]</h:b> that meet the following: <h:b>‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”</h:b> and <selectables><selectables ><selectable id="fcs_ckm.2.1_9" >RFC 3526</selectable><selectable id="fcs_ckm.2.1_10" >RFC 7919</selectable></selectables></selectables>. </selectable></selectables>.</title>
+							that meets the following: <h:b>RFC 3526, Section 3</h:b></selectable><selectable id="fcs_ckm.2.1_8"><h:b>[FFC Schemes using “safe-prime” groups]</h:b> that meet the following: <h:b>‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”</h:b> and <selectables><selectable id="fcs_ckm.2.1_9" >RFC 3526</selectable><selectable id="fcs_ckm.2.1_10" >RFC 7919</selectable></selectables>. </selectable></selectables>.</title>
             <note role="application">
 					The ST author shall select all key establishment schemes used for the selected cryptographic 
 					protocols. TLS requires cipher suites that use RSA-based key establishment 
@@ -783,7 +783,7 @@
           <f-element id="fel-sign">
             <title>The <h:b>application</h:b>  shall perform <h:i>cryptographic signature services (generation and
 					verification)</h:i>  in accordance with a specified cryptographic algorithm<selectables ><selectable id="fcs_cop.1.1_Sig_1" ><h:b>RSA schemes</h:b> using cryptographic key sizes of 2048-bit or greater that meet the 
-							following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 4</selectable><selectable id="fcs_cop.1.1_Sig_2"><h:b>ECDSA schemes</h:b> using “NIST curves” P-256, P-384 and <selectables><selectables ><selectable id="fcs_cop.1.1_Sig_3" >P-521</selectable><selectable id="fcs_cop.1.1_Sig_4" exclusive="yes">no other curves</selectable></selectables></selectables> that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 5</selectable></selectables>.</title>
+							following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 4</selectable><selectable id="fcs_cop.1.1_Sig_2"><h:b>ECDSA schemes</h:b> using “NIST curves” P-256, P-384 and <selectables><selectable id="fcs_cop.1.1_Sig_3" >P-521</selectable><selectable id="fcs_cop.1.1_Sig_4" exclusive="yes">no other curves</selectable></selectables> that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 5</selectable></selectables>.</title>
             <note role="application">
 					This is dependent on implementing cryptographic functionality, as in FTP_DIT_EXT.1.<h:p/>
 					The ST Author should choose the algorithm implemented to perform
@@ -1427,7 +1427,7 @@
         <!--FCS_STO_EXT.1 Storage of Credentials-->
         <f-component cc-id="fcs_sto_ext.1" id="fcs-sto-ext-1" name="Storage of Credentials">
           <f-element id="fel-store-creds">
-            <title>The application shall<selectables ><selectable id="fcs_sto_ext.1.1_1" exclusive="yes">not store any credentials</selectable><selectable id="fcs_sto_ext.1.1_2">invoke the functionality provided by the platform to securely store <assignable>list of credentials </assignable></selectable><selectable id="sel_impl_sto">implement functionality to securely store <assignable>list of credentials </assignable> according to <selectables><selectables ><selectable id="sel-fcs-sto-skc" >FCS_COP.1/SKC</selectable><selectable id="sel-fcs-sto-pbkdf" >FCS_CKM.1/PBKDF</selectable></selectables></selectables></selectable></selectables>to non-volatile memory.</title>
+            <title>The application shall<selectables ><selectable id="fcs_sto_ext.1.1_1" exclusive="yes">not store any credentials</selectable><selectable id="fcs_sto_ext.1.1_2">invoke the functionality provided by the platform to securely store <assignable>list of credentials </assignable></selectable><selectable id="sel_impl_sto">implement functionality to securely store <assignable>list of credentials </assignable> according to <selectables><selectable id="sel-fcs-sto-skc" >FCS_COP.1/SKC</selectable><selectable id="sel-fcs-sto-pbkdf" >FCS_CKM.1/PBKDF</selectable></selectables></selectable></selectables>to non-volatile memory.</title>
             <note role="application">
 					This requirement ensures that persistent credentials (secret keys, PKI private keys, passwords, etc) 
 					are stored securely, and never persisted in cleartext form. 
@@ -3074,7 +3074,7 @@
         <!--FTP_DIT_EXT.1 Protection of Data in Transit-->
         <f-component cc-id="ftp_dit_ext.1" id="ftp-dit-ext-1" name="Protection of Data in Transit">
           <f-element id="fel-transmit">
-            <title>The application shall<selectables ><selectable id="ftp_dit_ext.1.1_1">not transmit any <selectables><selectables ><selectable id="ftp_dit_ext.1.1_2" exclusive="yes">data</selectable><selectable id="ftp_dit_ext.1.1_3" exclusive="yes">sensitive data</selectable></selectables></selectables></selectable><selectable id="ftp_dit_ext.1.1_4">encrypt all transmitted <selectables><selectables ><selectable id="ftp_dit_ext.1.1_5" exclusive="yes">sensitive data</selectable><selectable id="ftp_dit_ext.1.1_6" exclusive="yes">data</selectable></selectables></selectables> with <selectables><selectables ><selectable id="sel_all_https_cl" >HTTPS as a client in accordance with FCS_HTTPS_EXT.1/Client</selectable><selectable id="sel_all_https_sv" >HTTPS as a server in accordance with FCS_HTTPS_EXT.1/Server</selectable><selectable id="sel_all_https_ma" >HTTPS as a server using mutual authentication in accordance with FCS_HTTPS_EXT.2</selectable><selectable id="sel_all_tls" >TLS as defined in the  <h:a href="https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&amp;id=439">Functional Package for TLS</h:a></selectable><selectable id="sel_all_dtls" >DTLS as defined in the  <h:a href="https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&amp;id=439">Functional Package for TLS</h:a></selectable><selectable id="sel_all_ssh" >SSH as defined in the  <h:a href="https://www.niap-ccevs.org/Profile/Info.cfm?PPID=459&amp;id=459">Functional Package for Secure Shell</h:a></selectable><selectable id="ftp_dit_ext.1.1_7" >IPsec as defined in the  <h:a href="https://www.niap-ccevs.org/Profile/Info.cfm?PPID=419&amp;id=419">PP-Module for VPN Client</h:a></selectable></selectables></selectables></selectable><selectable id="ftp_dit_ext.1.1_8">invoke platform-provided functionality to encrypt all transmitted sensitive data with <selectables><selectables ><selectable id="ftp_dit_ext.1.1_9" >HTTPS</selectable><selectable id="ftp_dit_ext.1.1_10" >TLS</selectable><selectable id="ftp_dit_ext.1.1_11" >DTLS</selectable><selectable id="ftp_dit_ext.1.1_12" >SSH</selectable></selectables></selectables></selectable><selectable id="ftp_dit_ext.1.1_13">invoke platform-provided functionality to encrypt all transmitted data with <selectables><selectables ><selectable id="ftp_dit_ext.1.1_14" >HTTPS</selectable><selectable id="ftp_dit_ext.1.1_15" >TLS</selectable><selectable id="ftp_dit_ext.1.1_16" >DTLS</selectable><selectable id="ftp_dit_ext.1.1_17" >SSH</selectable></selectables></selectables></selectable></selectables>between itself and another trusted IT product.</title>
+            <title>The application shall<selectables ><selectable id="ftp_dit_ext.1.1_1">not transmit any <selectables><selectable id="ftp_dit_ext.1.1_2" exclusive="yes">data</selectable><selectable id="ftp_dit_ext.1.1_3" exclusive="yes">sensitive data</selectable></selectables></selectable><selectable id="ftp_dit_ext.1.1_4">encrypt all transmitted <selectables><selectable id="ftp_dit_ext.1.1_5" exclusive="yes">sensitive data</selectable><selectable id="ftp_dit_ext.1.1_6" exclusive="yes">data</selectable></selectables> with <selectables><selectable id="sel_all_https_cl" >HTTPS as a client in accordance with FCS_HTTPS_EXT.1/Client</selectable><selectable id="sel_all_https_sv" >HTTPS as a server in accordance with FCS_HTTPS_EXT.1/Server</selectable><selectable id="sel_all_https_ma" >HTTPS as a server using mutual authentication in accordance with FCS_HTTPS_EXT.2</selectable><selectable id="sel_all_tls" >TLS as defined in the  <h:a href="https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&amp;id=439">Functional Package for TLS</h:a></selectable><selectable id="sel_all_dtls" >DTLS as defined in the  <h:a href="https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&amp;id=439">Functional Package for TLS</h:a></selectable><selectable id="sel_all_ssh" >SSH as defined in the  <h:a href="https://www.niap-ccevs.org/Profile/Info.cfm?PPID=459&amp;id=459">Functional Package for Secure Shell</h:a></selectable><selectable id="ftp_dit_ext.1.1_7" >IPsec as defined in the  <h:a href="https://www.niap-ccevs.org/Profile/Info.cfm?PPID=419&amp;id=419">PP-Module for VPN Client</h:a></selectable></selectables></selectable><selectable id="ftp_dit_ext.1.1_8">invoke platform-provided functionality to encrypt all transmitted sensitive data with <selectables><selectable id="ftp_dit_ext.1.1_9" >HTTPS</selectable><selectable id="ftp_dit_ext.1.1_10" >TLS</selectable><selectable id="ftp_dit_ext.1.1_11" >DTLS</selectable><selectable id="ftp_dit_ext.1.1_12" >SSH</selectable></selectables></selectable><selectable id="ftp_dit_ext.1.1_13">invoke platform-provided functionality to encrypt all transmitted data with <selectables><selectable id="ftp_dit_ext.1.1_14" >HTTPS</selectable><selectable id="ftp_dit_ext.1.1_15" >TLS</selectable><selectable id="ftp_dit_ext.1.1_16" >DTLS</selectable><selectable id="ftp_dit_ext.1.1_17" >SSH</selectable></selectables></selectable></selectables>between itself and another trusted IT product.</title>
             <note role="application">
 					Encryption is not required for applications transmitting data that is not sensitive.<h:p/>
 					If "<h:i>encrypt all transmitted</h:i>" is selected and "<h:i>TLS</h:i>" is selected, then