The TSF may employ cryptographic functionality to help satisfy several high-level security objectives. These include (but are not limited to): identification and authentication, non-repudiation, trusted path, trusted channel and data separation. This class is used when the TOE implements cryptographic functions, the implementation of which could be in hardware, firmware and/or software.
The FCS class is composed of two families: FCS_CKM Cryptographic key management and FCS_COP Cryptographic operation . The FCS_CKM family addresses the management aspects of cryptographic keys, while the FCS_COP family is concerned with the operational use of those cryptographic keys.
Figure E.1 shows the decomposition of this class into its constituent components.
Figure E.1 - Cryptographic support class decomposition
For each cryptographic key generation method implemented by the TOE, if any, the PP/ST author should select the FCS_CKM.1 Cryptographic key generation component.
For each cryptographic key distribution method implemented by the TOE, if any, the PP/ST author should select the FCS_CKM.2 Cryptographic key distribution component.
For each cryptographic key access method implemented by the TOE, if any, the PP/ST author should select the FCS_CKM.3 Cryptographic key access component.
For each cryptographic key destruction method implemented by the TOE, if any, the PP/ST author should select the FCS_CKM.4 Cryptographic key destruction component.
For each cryptographic operation (such as digital signature, data encryption, key agreement, secure hash, etc.) performed by the TOE, if any, the PP/ST author should select the FCS_COP.1 Cryptographic operation component.
Cryptographic functionality may be used to meet objectives specified in class FCO, and in families FDP_DAU, FDP_SDI, FDP_UCT, FDP_UIT, FIA_SOS, FIA_UAU, to meet a variety of objectives. In the cases where cryptographic functionality is used to meet objectives for other classes, the individual functional components specify the objectives that cryptographic functionality must satisfy. The objectives in class FCS should be used when cryptographic functionality of the TOE is sought by consumers.
User notes
Cryptographic keys must be managed throughout their lifetime. The typical events in the lifecycle of a cryptographic key include (but are not limited to): generation, distribution, entry, storage, access (e.g. backup, escrow, archive, recovery) and destruction.
As a minimum, cryptographic keys should at least go through the following stages: generation, storage and destruction. The inclusion of other stages is dependent on the key management strategy being implemented, as the TOE need not be involved in all of the key life-cycle (e.g. the TOE may only generate and distribute cryptographic keys).
This family is intended to support the cryptographic key lifecycle and consequently defines requirements for the following activities: cryptographic key generation, cryptographic key distribution, cryptographic key access and cryptographic key destruction. This family should be included whenever there are functional requirements for the management of cryptographic keys.
If FAU_GEN Security Audit Data Generation is included in the PP/ST then, in the context of the events being audited:
a) The object attributes may include the assigned user for the cryptographic key, the user role, the cryptographic operation that the cryptographic key is to be used for, the cryptographic key identifier and the cryptographic key validity period.
b) The object value may include the values of cryptographic key(s) and parameters excluding any sensitive information (such as secret or private cryptographic keys).
Typically, random numbers are used to generate cryptographic keys. If this is the case, then FCS_CKM.1 Cryptographic key generation should be used instead of the component FIA_SOS.2 TSF Generation of secrets. In cases where random number generation is required for purposes other than for the generation of cryptographic keys, the component FIA_SOS.2 TSF Generation of secrets should be used.
FCS_CKM.1 Cryptographic key generation
User application notes
This component requires the cryptographic key sizes and method used to generate cryptographic keys to be specified, this can be in accordance with an assigned standard. It should be used to specify the cryptographic key sizes and the method (e.g. algorithm) used to generate the cryptographic keys. Only one instance of the component is needed for the same method and multiple key sizes. The key size could be common or different for the various entities, and could be either the input to or the output from the method.
Operations
Assignment:
In FCS_CKM.1.1, the PP/ST author should specify the cryptographic key generation algorithm to be used.
In FCS_CKM.1.1, the PP/ST author should specify the cryptographic key sizes to be used. The key sizes specified should be appropriate for the algorithm and its intended use.
In FCS_CKM.1.1, the PP/ST author should specify the assigned standard that documents the method used to generate cryptographic keys. The assigned standard may comprise none, one or more actual standards publications, for example, from international, national, industry or organisational standards.
FCS_CKM.2 Cryptographic key distribution
User application notes
This component requires the method used to distribute cryptographic keys to be specified, this can be in accordance with an assigned standard.
Operations
Assignment:
In FCS_CKM.2.1, the PP/ST author should specify the cryptographic key distribution method to be used.
In FCS_CKM.2.1, the PP/ST author should specify the assigned standard that documents the method used to distribute cryptographic keys. The assigned standard may comprise none, one or more actual standards publications, for example, from international, national, industry or organisational standards.
FCS_CKM.3 Cryptographic key access
User application notes
This component requires the method used to access cryptographic keys be specified, this can be in accordance with an assigned standard.
Operations
Assignment:
In FCS_CKM.3.1, the PP/ST author should specify the type of cryptographic key access being used. Examples of types of cryptographic key access include (but are not limited to) cryptographic key backup, cryptographic key archival, cryptographic key escrow and cryptographic key recovery.
In FCS_CKM.3.1, the PP/ST author should specify the cryptographic key access method to be used.
In FCS_CKM.3.1, the PP/ST author should specify the assigned standard that documents the method used to access cryptographic keys. The assigned standard may comprise none, one or more actual standards publications, for example, from international, national, industry or organisational standards.
FCS_CKM.4 Cryptographic key destruction
User application notes
This component requires the method used to destroy cryptographic keys be specified, this can be in accordance with an assigned standard.
Operations
Assignment:
In FCS_CKM.4.1, the PP/ST author should specify the key destruction method to be used to destroy cryptographic keys.
In FCS_CKM.4.1, the PP/ST author should specify the assigned standard that documents the method used to destroy cryptographic keys. The assigned standard may comprise none, one or more actual standards publications, for example, from international, national, industry or organisational standards.
User notes
A cryptographic operation may have cryptographic mode(s) of operation associated with it. If this is the case, then the cryptographic mode(s) must be specified. Examples of cryptographic modes of operation are cipher block chaining, output feedback mode, electronic code book mode, and cipher feedback mode.
Cryptographic operations may be used to support one or more TOE security services. The FCS_COP component may need to be iterated more than once depending on:
a) the user application for which the security service is being used.
b) the use of different cryptographic algorithms and/or cryptographic key sizes.
c) the type or sensitivity of the data being operated on.
If FAU_GEN Security audit data generation is included in the PP/ST then, in the context of the cryptographic operation events being audited:
a) The types of cryptographic operation may include digital signature generation and/or verification, cryptographic checksum generation for integrity and/or for verification of checksum, secure hash (message digest) computation, data encryption and/or decryption, cryptographic key encryption and/or decryption, cryptographic key agreement and random number generation.
b) The subject attributes may include subject role(s) and user(s) associated with the subject.
c) The object attributes may include the assigned user for the cryptographic key, user role, cryptographic operation the cryptographic key is to be used for, cryptographic key identifier, and the cryptographic key validity period.
FCS_COP.1 Cryptographic operation
User application notes
This component requires the cryptographic algorithm and key size used to perform specified cryptographic operation(s) which can be based on an assigned standard.
Operations
Assignment:
In FCS_COP.1.1, the PP/ST author should specify the cryptographic operations being performed. Typical cryptographic operations include digital signature generation and/or verification, cryptographic checksum generation for integrity and/or for verification of checksum, secure hash (message digest) computation, data encryption and/or decryption, cryptographic key encryption and/or decryption, cryptographic key agreement and random number generation. The cryptographic operation may be performed on user data or TSF data.
In FCS_COP.1.1, the PP/ST author should specify the cryptographic algorithm to be used. Typical cryptographic algorithms include, but are not limited to, DES, RSA and IDEA.
In FCS_COP.1.1, the PP/ST author should specify the cryptographic key sizes to be used. The key sizes specified should be appropriate for the algorithm and its intended use.
In FCS_COP.1.1, the PP/ST author should specify the assigned standard that documents how the identified cryptographic operation(s) are performed. The assigned standard may comprise none, one or more actual standards publications, for example, from international, national, industry or organisational standards.