search

ND-iTC / Documents

ND iTC Document repository (NDcPP, ND SD, and all related files)
MIT License
6 stars 1 forks source link

[SD Correction] FCS_TLSS_EXT.2.4 and FCS_DTLSS_EXT.2.4 #318

Closed plughy2 closed 10 months ago

plughy2 commented 11 months ago

Provide the location of the issue FCS_TLSS_EXT.2.4 and FCS_DTLSS_EXT.2.4

What is the correction request for the cPP? Please describe. Test 2 says: the evaluator shall perform the following tests if “present the signature_algorithms_cert extension” is selected. This issue is, there's no selection operation in FCS_TLSS_EXT.2.4 and FCS_DTLSS_EXT.2.4 for “present the signature_algorithms_cert extension”

Describe the solution you'd like Test 1 and 2 in FCS_[D]TLSS_EXT.2.4 should be combined and "present the signature_algorithms_cert extension” removed. For TLS 1.3 there should be notes explaining the messages need to be decrypted in order to view the Certificate Request message.

Describe alternatives you've considered Going with the requirements as defined in the TLS Functional Package.

kr15tyk commented 10 months ago

@plughy2 Can you please provide your suggested changes for the SD? Something I can cut and paste would be ideal. I'd like to incorporate this into NDcPPv3.0e by 30 NOV 2023 if possible.

plughy2 commented 10 months ago

Suggested SD changes are below. Change Test 1 to: The evaluator shall initiate a TLS session from a test TLS client and examine the Certificate Request message sent by the TSF. The evaluator shall verify the Certificate Request message contains the signature_algorithms or signature_algorithm_cert extension. To view the Certificate Request message in TLS 1.3, the message will need to be decrypted.

For TLS 1.2, the evaluator shall verify the SignatureAndHashAlgorithms values match the selections specified in the requirement.

For TLS 1.3, the evaluator shall verify the SignatureSchemes values match the selections specified in the requirement.

Remove Test 2.

Suggested change to NDCPP v3.0. Change last paragraph of App Note 54 to:

The TLS 1.3 Certificate Request message includes the algorithms as a list of SignatureSchemes in the signature_algorithms or signature_algorithm_cert extension.

Change last paragraph of App Note 49 to:

The DTLS 1.3 Certificate Request message includes the algorithms as a list of SignatureSchemes in the signature_algorithms or signature_algorithm_cert extension.

plughy2 commented 10 months ago

Does anyone know why Test 1a required the evaluator to verify the SignatureSchemes for TLS 1.3? Having decrypted a TLS 1.3 handshake, the Certificate Request Message sent by a server (in this case OpenSSL 3.1.0) shows the signature algorithms are in the "Signature Hash Algorithms" list. This is the same as TLS 1.2.

image

mclearn commented 10 months ago

I think the wording is just an artifact of RFC 8446? From section 4.2.3: “Note: This enum is named "SignatureScheme" because there is already a "SignatureAlgorithm" type in TLS 1.2, which this replaces. We use the term "signature algorithm" throughout the text.”