HCD0013 - Remove FCS_CKM.1/SKG dependency of FCS_COP.1/CMAC when used in Secure Boot

CPP:

HCD cPP v1.0e includes FCS_CKM.1/SKG (symmetric key generation) as a dependency of FCS_COP.1/CMAC. When the CMAC’s symmetric key is implemented in the Root of Trust statically it is unnecessary to claim FCS_CKM.1/SKG.

ASE_REQ.1-9 mentions as follows:

A justification that a dependency is not met should address either:

By modifying cPP, eliminate FCS_CKM.1/SKG from the FCS_COP.1/CMAC dependency under certain conditions.

FCS_COP.1/CMAC

Application Note:

If one or more HMAC algorithms are selected, the ST author selects “HMAC” in the second selection and “ISO/IEC 9797-2:2011, Section 7 ‘MAC Algorithm 2’”in the third selection. For the assignment, the key size [k] falls into a range between L1 and L2 (defined in ISO/IEC 10118 for the appropriate hash function). For example, for SHA-256, L1 = 512 and L2 = 256 where L2 ≤ k ≤ L1 for HMAC, and the size is either 128, 192, or 256 bits for CMAC.

For the assignment, the key size will fall into a range between 128 and 256.

When CMAC is used in FPT_SBT_EXT.1, the dependency on FCS_CKM.1/SKG, FCS_CKM_EXT.4 can be removed for the symmetric key used for message authentication. This is because in other standards (*) that specify security requirements for cryptographic modules, public verification key or keyed message authentication key is allowed to be placed in the module code and is not CSP. Such a key can be considered as not needing to rely on the requirements for key generation and key destruction.

(*) ISO/IEC 19790 "Security requirements for cryptographic modules" 7.5 Software Firmware Security

Issue #27