FCS_OTV_EXT.1

input/crypto-catalog.xml

@@ -2780,9 +2780,152 @@
 					</f-element>
 					<audit-event/>
 				</f-component>
-
 
 			</section>   <!-- FCS_COP.1 -->
+
+			<section id="sec-fcs-otv" title="One-Time Value Generation">
+
+				<!-- FCS_OTV_EXT.1 One-Time Value  -->
+				<f-component id="sfr-fcs-otv-ext-1" cc-id="fcs_otv_ext.1" name="One-Time Value">
+					<f-element id="fcs-otv-ext-1e1">
+						<title>
+							The TSF shall perform cryptographic one-time value generation for   
+							<selectables>
+								<tabularize id="fcs-otv-ext-sels" title="Recommended choices and guidance for FCS_OTV_EXT.1">
+									<selectcol>Algorithm or mode</selectcol>
+									<reqtext>using the output of a 
+										<selectables>
+											<selectable>random bit generator as defined in FCS_RBG.1</selectable>
+											<selectable>deterministic OTV construction</selectable>
+											<selectable><assignable>OTV construction method</assignable></selectable>
+										</selectables> and sizes of length that meet the following:
+									</reqtext>
+									<selectcol>List of standards</selectcol>
+									<textcol>Notes</textcol>
+									<reqtext><h:p/><h:p/>The following table provides the recommended choices for
+										completion of the selection operations of FCS_COP.1/XOF.</reqtext>
+								</tabularize>
+
+								<selectable id="sel-fcs-otv-hmac">
+									<col>HMAC</col>
+									<col>FIPS PUB 198-1, NIST SP 800-56C Revision  2</col>
+									<col>Depending on the use case, salts can be secret or known, randomly generated or all 
+										zero. Secret IVs may be required, e.g., for key derivation.  Refer to the relevant
+										standards for your use case.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-kmac">
+									<col>KMAC</col>
+									<col>NIST SP 800-185<h:br/>
+										 NIST SP 800-56C Revision  2
+									</col>
+									<col>Depending on the use case, salts can be secret or known, randomly generated or all zero.
+										Secret IVs may be required, e.g., for key derivation.  Refer to the relevant
+										standards for your use case.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-kdf">
+									<col>KDF</col>
+									<col>NIST SP 800-108 Revision 1<h:br/>
+										 NIST SP 800-135 Revision 1<h:br/>
+										 ISO/IEC 11770-6:2016 (Subclause 7.3.2)							 
+									</col>
+									<col>Salts and IVs are generated as directed for HMAC, AES, and CAM cryptographic
+										algorithms.  Refer to the relevant standards.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-pbkdf">
+									<col>PBKDF</col>
+									<col>NIST SP 800-132</col>
+									<col>Salts are generated and used as directed in PBKDFs.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-ctr">
+									<col>CTR</col>
+									<col>NIST SP 800-38A</col>
+									<col>"Initial Counter" (nonce) shall be non-repeating. No counter value shall be 
+										repeated across multiple messages with the same secret key.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-cbc">
+									<col>CBC</col>
+									<col>NIST SP 800-38A Appendix C</col>
+									<col>Depending on the use case, IVs shall be unpredictable. Repeating IVs leak 
+										information about whether the first one or more blocks are shared between two
+										messages, so IVs should be non-repeating in such situations. Refer to the relevant 
+										standards for your use case.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-ofb">
+									<col>OFB</col>
+									<col>NIST SP 800-38A</col>
+									<col>IVs shall be non-repeating and shall not be generated by invoking the cipher 
+										on another IV.  OFB may require the IV to be a nonce.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-cfb">
+									<col>CFB</col>
+									<col>NIST SP 800-38A</col>
+									<col>IVs should be non-repeating as repeating IVs leak information about the first
+										plaintext block and about common shared prefixes in messages</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-xts">
+									<col>XTS</col>
+									<col>NIST SP 800-38E<h:br/>
+										IEEE Std 1619-2018</col>
+									<col>Tweak values shall be non-negative integers, assigned consecutively, and starting
+										at an arbitrary non-negative integer (i.e., sequential nonces).</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-cmac">
+									<col>CMAC</col>
+									<col>NIST SP 800-38B</col>
+									<col>IV is all zeroes</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-kw">
+									<col>KW, KWP</col>
+									<col>NIST SP 800-38F</col>
+									<col>Depending on the use case, nonces may be required.  Please reference the relevant 
+										standards for your use case.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-ccm">
+									<col>CCM</col>
+									<col>NIST SP 800-38C</col>
+									<col>Nonces shall be non-repeating.</col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-gcm">
+									<col>GCM</col>
+									<col>NIST SP 800-38D</col>
+									<col>For RBG-based IV construction (section 8.2.2) the number of invocations of GCM 
+										shall not exceed 2^32 for a given secret key. </col>
+								</selectable>
+
+								<selectable id="sel-fcs-otv-oaep">
+									<col>RSA-OAEP</col>
+									<col>NIST SP 800-56B Revision 2</col>
+									<col>Mask for padding shall be randomly generated</col>
+								</selectable>
+							</selectables>
+						</title>
+						<note role="application">
+							See the algorithm- or mode-specific Notes above for guidance on completing the second selection.
+						</note>
+						<aactivity>
+							<no-tests>TBD</no-tests>
+						</aactivity>
+					</f-element>
+					<audit-event/>
+				</f-component>
+
+
+
+			</section>  <!-- FCS_OTV -->
+
+
 		</section>  <!-- FCS -->
 	</section>  <!-- SFRs -->