Crypto v1 update

[woodbe]

This is the update to incorporate the updated changes from the Crypto WG.

Consider if FCS_CKM_EXT.9 should be included as this is new. It seems like it could be relevant, but it isn't something that is included at the moment, and it isn't clear this is necessary at this time (it could just be added as an optional requirement).

The FCS_COP.1/KeyWrap added CCM & GCM, but there is also a new SFR for FCS_COP.1/AEAD. Instead of including those in the keywrap and duplicating the requirements, I modified the SFRs that we were adding them to the KW for to also point to the AEAD as an option that would meet the requirement.

This is a large set of changes but all are related to integrating the changes from the latest draft.

I put a few questions in #307 that are minor edits.

One big thing here is that I removed a lot of underlining and bolding on selection/assignment operations and made an edit to the conventions. Basically what I did was say that inside the tables I will just follow the normal conventions for selections/assignments, no bolding/underlining, etc, and leave that to the SFR itself to be properly formatted for refinements, etc. I think this makes things a bit cleaner.

Also, since our convention has bold text in the SFR as being a refinement, all the bold to highlight the selection/assignment markers actually makes it confusing as to whether we are refining things (sometimes we are, sometimes not).

We will need to review this and probably take a lot out as I think I ended up doing this through a lot of non-crypto SFRs as well.

[jvdsn]

Could you also post FCS_CKM_EXT.9 here or link to the new Crypto Catalogue? I'd like to know what's in it.

[woodbe]

I posted the catalog here: https://www.ccusersforum.org/forums/dsc-itc/updated-crypto-requirements/#post-154

[woodbe]

I have edited what I can, the rest I have asked for review.

[woodbe]

Sorry for the delay, but here are the cPP versions in PDF based on the last commit where I have made updates. cPP_DSC.pdf

[jvdsn]

I posted the catalog here: https://www.ccusersforum.org/forums/dsc-itc/updated-crypto-requirements/#post-154

I can't see that post, perhaps I'm not part of the DSC iTC forum?

[jvdsn]

Consider if FCS_CKM_EXT.9 should be included as this is new. It seems like it could be relevant, but it isn't something that is included at the moment, and it isn't clear this is necessary at this time (it could just be added as an optional requirement).

The DSC currently does mention chaining of keys in passing, but I think it doesn't have to be included for v2.0 right now.

[jvdsn]

My latest commits adds AEAD in almost all places where SKC is referenced. This is because our AEAD algorithms are strictly stronger than SKC algorithms, so there's no reason why they couldn't be used in place of SKC.

The only reference that was not updated was FTP_ITE_EXT.1, because AEAD is selection-based. I'm not sure how AEAD could best be referenced there, but I think it's important that FTP_ITE_EXT.1 will be updated to allow AEADs before publication.

[woodbe]

There are only 4 remaining comments to resolve at this point for these changes.

[woodbe]

@jvdsn you have an open change request on this to add more options to the algorithms. Is this something we can take up separately (since this pull request was about getting the catalog updates incorporated) and we can discuss the modifications in hopefully smaller pull requests?

[jvdsn]

The only conflict seems to be due to the addition of the FCS_COP.1/AEAD (selection-based) to the SFR rationale. Since that's part of my commit, I can fix that conflict

[jvdsn]

Should be good to merge now.

[woodbe]

@jvdsn thank you for the conflict resolution, I hadn't been able to get to it yet.