woodbe
commented
1 year ago @jfisherbah can you take a look at this one?
Closed woodbe closed 1 year ago
woodbe
commented
1 year ago @jfisherbah can you take a look at this one?
jfisherbah
commented
1 year ago It doesn't explicitly test the key pair generation. My assumption is that this should be tested in FCS_CKM.1/AK since ECDSA key pair generation should be claimed there if supported. But I don't think we say anywhere that this is a dependency.
Note that I believe the testing for this was derived from previous PPs that had the same SFR (e.g. NDcPP) and other PPs do not explicitly cover the ephemeral key generation as part of testing for the signature generation/verification requirement.
woodbe
commented
1 year ago I agree on the key generation being covered by FCS_CKM.1/AK. I am not sure what to do about the ephemeral key. The PP_MD_V3.3 has some notes that the testing should cover it regardless of whether it is ephemeral or not, but again that would seem to be part of FCS_CKM.1/AK. Maybe we should look at updating that SFR to ensure it covered ephemeral keys as well?
woodbe
commented
1 year ago Generation of the key pair is handled by FCS_CKM.1/AK, and that requirement does not make any distinction between ephemeral or static keys.
Para 123, 124
Comment:
How does this test cover the proper generation of the ephemeral key involved in the generation of an ECDSA signature?
Proposal:
Priority: 1