-
Notifications
You must be signed in to change notification settings - Fork 3
BSL SSF Requirements
ckrup edited this page Jan 16, 2025
·
3 revisions
| Rqmt ID | Title | Description | Rationale | Verfication |
|---|---|---|---|---|
| BSL-SSF-1-0 | Generation of Cryptographic Material | The BSL shall generate cryptographic materials based on bundle information and local policy. | The BSL produces cryptographic results when adding, verifying, or otherwise processing bundle security services. Cryptographic materials may be generated with the assistance of various host interfaces. | Test |
| BSL-SSF-1-1 | Cryptographic Function Status | The BSL shall determine the success or failure of any attempted cryptographic function. | The BSL identifies if a particular cryptographic function has succeeded or not in order to determine if the overall application of security policy has been successful. | Test |
| BSL-SSF-2-0 | Block Augmentation with Cryptographic Material | The BSL shall alter the contents of non-security blocks to incorporate cryptographic outputs in accordance with RFC 9173. | To apply security services to a bundle, the BSL may produce cryptographic results that must be represented in security and/or other blocks in that bundle. The altered contents will be provided back into the bundle by the BPA. The actual alteration of the block is dependent upon the RFC9173 security context being applied. | Test |
| BSL-SSF-2-1 | Encoding Cryptographic Material | The BSL shall place cryptographic material in security block security result fields in accordance with RFC 9172 and RFC 9173. | Cryptographic results are encoded in order to be represented in a bundle. | Test |
| BSL-SSF-3-0 | Assembly of Security Context Inputs | The BSL shall extract the set of bundle and block data needed to assemble security context inputs. | The BSL assembles the data needed by a security context to generate security results. | Test |
| BSL-SSF-3-1 | Assembly of Key Material as Security Context Input | The BSL shall retrieve key-related parameters required by key-based security contexts. | The BSL assembles the data needed by a security context to generate security results. Key related parameters may include the key itself, or descriptions/names of keys that are provided to a host interface. | Test |
| BSL-SSF-4-0 | Security Context Support. | The BSL shall support the security contexts identified in RFC 9173. | The BSL uses security contexts to generate security results. | Test |
| BSL-SSF-4-1 | Support of BCB-AES-GCM Default Security Context | The BSL shall support the use of the BCB-AES-GCM default security context [RFC 9173] for BCB-confidentiality security operations. | The BSL needs a BCB context in order to be testable. | Test |
| BSL-SSF-4-2 | Support of BIB-HMAC-SHA Default Security Context | The BSL shall support the use of the BIB-HMAC-SHA default security context [RFC 9173] for bib-integrity security operations. | The BSL needs a BIB context in order to be testable. | Test |