Specifications
Security Target Version 1.0 9/29/2014
33
5.2.2.7 Cryptographic Operation (Cryptographic Signature) (FCS_COP.1(2))
FCS_COP.1.1(2)
Refinement: The TSF shall perform cryptographic signature services in accordance with a [
(2) RSA Digital Signature Algorithm (rDSA) with a key size (modulus) of 2048 bits or
greater, or
(3) Elliptic Curve Digital Signature Algorithm (ECDSA) with a key size of 256 bits or
greater]
that meets the following:
Case: RSA Digital Signature Algorithm
[FIPS PUB 186-3, 'Digital Signature Standard']
Case: Elliptic Curve Digital Signature Algorithm
[FIPS PUB 186-3, 'Digital Signature Standard']
The TSF shall implement 'NIST curves' P-256, P-384 and [no other curves] (as
defined in FIPS PUB 186-3, 'Digital Signature Standard').
Component Assurance Activity:
The evaluator shall use the signature generation and signature verification portions of 'The Digital
Signature Algorithm Validation System' (DSA2VS), 'The Elliptic Curve Digital Signature
Algorithm Validation System' (ECDSA2VS), and 'The RSA Validation System' (RSA2VS) as a
guide in testing the requirement above. The Validation System used shall comply with the
conformance standard identified in the ST (i.e. FIPS PUB 186-3). This will require that the
evaluator have a trusted reference implementation of the algorithms that can produce test vectors
that are verifiable during the test.
5.2.2.8 Cryptographic Operation (Cryptographic Hashing) (FCS_COP.1(3))
FCS_COP.1.1(3)
Refinement: The TSF shall perform [cryptographic hashing services] in accordance with a
specified cryptographic algorithm [SHA-1, SHA-256, SHA-384] and message digest sizes [160,
256, 384] bits that meet the following: FIPS Pub 180-3, 'Secure Hash Standard.'
Component Assurance Activity:
The evaluator shall use 'The Secure Hash Algorithm Validation System (SHAVS)' as a guide in
testing the requirement above. This will require that the evaluator have a trusted reference
implementation of the algorithms that can produce test vectors that are verifiable during the test.
5.2.2.9 Cryptographic Operation (Keyed-Hash Message Authentication) (FCS_COP.1(4))
FCS_COP.1.1(4)
Refinement: The TSF shall perform keyed-hash message authentication in accordance with a
specified cryptographic algorithm HMAC- [SHA-1, SHA-256, SHA-384, SHA-1-96], key size
[128,256], and message digest size of [160, 256, 384] bits that meet the following: FIPS PUB 198-
1, 'The Keyed-Hash Message Authentication Code', and FIPS PUB 180-3, 'Secure Hash Standard'.
Component Assurance Activity:
The evaluator shall use 'The Keyed-Hash Message Authentication Code (HMAC) Validation
System (HMACVS)' as a guide in testing the requirement above. This will require that the
evaluator have a trusted reference implementation of the algorithms that can produce test vectors
that are verifiable during the test.
5.2.2.10 Cryptographic Operation (WPA2 Data Encryption/Decryption) (FCS_COP.1(5))
FCS_COP.1.1(5)
Refinement: The TSF shall perform encryption and decryption in accordance with the specified
cryptographic algorithm AES CCMP and cryptographic key size of 128 bits that meet the
following: FIPS PUB 197, NIST SP 800-38C and IEEE 802.11-2007.
Component Assurance Activity: