kr15tyk
commented
10 months ago @mclearn One of NIAP's comments on and requirements for endorsing the NDcPPv3.0 was to remove EdDSA from FCS_CKM.1.1 and FCS_COP.1.1/SigGen.
Open mclearn opened 10 months ago
kr15tyk
commented
10 months ago @mclearn One of NIAP's comments on and requirements for endorsing the NDcPPv3.0 was to remove EdDSA from FCS_CKM.1.1 and FCS_COP.1.1/SigGen.
mclearn
commented
10 months ago This is at the request of industry. Please consider adding it to v3.1.
Provide the location of the issue cPP FCS_CKM.1 and FCS_COP.1/SigGen
What is the enhancement request for the cPP? Please describe. Ed25519 was added as per #127 but Ed448 was not. Ed448 now has available ACVP testing under FIPS 186-5 and is NIST approved and therefore should be an available selection. This is somewhat more complicated by the fact that Ed448 requires SHAKE as the hashing algorithm. This was described in issue #272 as the primary rationale for not including it at the outset. I'd like this issue to remain open pending addition. Note that this issue will work in tandem with issue #326 to add SHA3/SHAKE hashing algorithms.
Describe the solution you'd like Update FCS_CKM.1.1 to modify "ECC schemes using Ed25519 that meet the following: FIPS PUB 186-5, “Digital Signature Standard (DSS)”, Appendix A.2.3;" to be "ECC schemes using [selection: Ed25519, Ed448] that meet the following: FIPS PUB 186-5, “Digital Signature Standard (DSS)”, Appendix A.2.3;"
Update FCS_COP.1.1/SigGen to modify "For EdDSA: Ed25519" to "For EdDSA: [selection: Ed25519, Ed448]" in the second selection.
Assurance activities to be defined closer to the time that this is being added.