Specifications
Security Target Version 1.0 9/29/2014
37
Assurance Activity:
The evaluator shall check to ensure that the DH groups specified in the requirement are listed as
being supported in the TSS. If there is more than one DH group supported, the evaluator checks to
ensure the TSS describes how a particular DH group is specified/negotiated with a peer. The
evaluator shall also perform the following test:
Test 1: For each supported DH group, the evaluator shall test to ensure that all IKE protocols can
be successfully completed using that particular DH group.
FCS_IPSEC_EXT.1.8
The TSF shall ensure that all IKE protocols implement peer authentication using Pre-shared Keys
and [rDSA, ECDSA] that use X.509v3 certificates that conform to RFC 4945.
Assurance Activity:
The evaluator shall check to ensure that the TSS describes how pre-shared keys are established
and used in authentication of IPsec connections. The evaluator shall check that the operational
guidance describes how pre-shared keys are to be generated and established for a TOE. The
description in the TSS and the operational guidance shall also indicate how pre-shared key
establishment is accomplished for both TOEs that can generate a pre-shared key as well as TOEs
that simply use a pre-shared key. The evaluator shall also perform the following test:
Test 1: The evaluator shall generate a pre-shared key and use it, as indicated in the operational
guidance, to establish an IPsec connection between two peers. If the TOE supports generation of
the pre-shared key, the evaluator shall ensure that establishment of the key is carried out for an
instance of the TOE generating the key as well as an instance of the TOE merely taking in and
using the key.
The evaluator shall check that the TSS contains a description of the IKE peer authentication
process used by the TOE, and that this description covers the use of the algorithm or algorithms
specified in the selection. As part of the assurance activity for FCS_IPSEC_EXT.1.1, required and
optional elements of RFC 4945 shall be documented. The evaluator shall also perform the
following tests:
Test 1: For each supported algorithm, the evaluator shall test that peer authentication using that
algorithm can be successfully achieved.
Test 2: For each supported identification payload (from RFC 4945), the evaluator shall test that
peer authentication can be successfully achieved.
Test 3: The evaluator shall devise a test that demonstrates that a corrupt or invalid certification
path for a certificate will be detected during IKE peer authentication and will result in a
connection not being established.
Test 4: The evaluator shall devise a test that demonstrates that a certificate that has been revoked
through a CRL will be detected during IKE peer authentication and will result in a connection not
being established.
FCS_IPSEC_EXT.1.9
The TSF shall be able to ensure by default that the strength of the symmetric algorithm (in terms
of the number of bits in the key) negotiated to protect the [IKEv1 Phase 1, IKEv2 IKE_SA]
connection is greater than or equal to the strength of the symmetric algorithm (in terms of the
number of bits in the key) negotiated to protect the [IKEv1 Phase 2, IKEv2 CHILD_SA]
connection.
Assurance Activity:
The evaluator shall check that the TSS describes the potential strengths (in terms of the number of
bits in the symmetric key) of the algorithms that are allowed for the IKE and ESP exchanges. The