plughy2
commented
2 years ago There are three IEEE section/chapter references in the App Note for FCS_CKM.1/WPA that need updating. The App note should read:
"The cryptographic key derivation algorithm required by IEEE 802.11-2020 (Section 12.7.1.2) and verified in WPA2 certification is PRF-384, which uses the HMAC-SHA-1 function and outputs 384 bits. The use of GCMP is defined in IEEE 802.11ax-2021 (Section 12.5.5) and requires a KDF based on HMAC-SHA-256 (for 128-bit symmetric keys) or HMAC-SHA-384 (for 256-bit symmetric keys). This KDF outputs 704 bits. This requirement applies only to the keys that are generated or derived for the communications between the AP and the client once the client has been authenticated. It refers to the derivation of the GTK (through the RBG specified in this PP-Module) as well as the derivation of the PTK from the PMK, which is done using a random value generated by the RBG specified in this PP-Module, the HMAC function as specified in this PP-Module, as well as other information. This is specified in IEEE 802.11-2020 primarily in chapter 12. FCS_RBG_EXT.1 is defined in the NDcPP."
kgal
https://github.com/commoncriteria/wlanaccesssystem/blob/1d03c2895184abede504b98228fb4aebe5aba2bb/input/wlanaccesssystem.xml#L835
The reason why the current/old WLAN EP referenced two standards (IEEE 802.11-2012 and 802.11ac-2013) is the latter added PRF-704. Subsequent versions of the 802.11 standard included PRF-704. This PP module update can reference only IEEE 802.11-2020. All PRFs are specified in section 12.7.1.2.