Archived
TD0813: GCM Nonce Reuse Test for MOD_VPNGW
Publication Date
2024.01.17
Protection Profiles
MOD_VPNGW_v1.3
Other References
Section 2.1.1.1
Issue Description
A test needs to be added to provide verification against nonce reuse. In other PPs there are such requirements, such as FCS_SNI_EXT.1 in FDE EE. Specifically need a test in IKE to ensure reuse does not occur. Resolution
The following modification is made to the Tests Evaluation Activity for FCS_IPSEC_EXT.1 in Section 2.1.1.1 of the MOD_VPNGW_V1.3 SD: Tests The following conditional test is added for FCS_IPSEC_EXT.1.6, with red highlighted strikethroughs denoting deletion and green highlights denoting additions: FCS_IPSEC_EXT.1.6 [conditional]: If AES-GCM-256 (specified in RFC 5282) is chosen in FCS_IPSEC_EXT.1.6, the evaluator shall perform the following steps: a. Initiate VPN connection. b. Capture packets of IKE SA negotiation and Child SA negotiation. c. Note the nonce values used in Child SA establishment. d. Leave connection open long enough for Child SA rekey to occur. e. Note nonce values used during the rekey. f. Confirm the nonce values are different. There are no additional testing activities.
Justification
See issue description. |