Dependencies - commoncriteria/pp-template GitHub Wiki

Updated 9 September 2024

The XML <depends> element is used to indicate to whether the text represented by the next higher level XML element should be included in the Security Target. It is most often used in <f-component> elements to indicate whether an SFR should be included in the ST.

Dependencies for SFRs

Most often this is done through a selection:

	<f-component id="sfr-fau-gen-1" cc-id="fau_gen.1" name="Audit Data Generation" status="sel-based">
		<depends on-sel="sel-rot2-audit"/>

In the above example, FAU_GEN.1 is included in the ST if the ST Author makes the selection with "sel-rot2-audit" elsewhere in the document.

Many different XML elements with an id can be used as a dependency. The id attribute of the following are supported:

  • Selection (selectable): Dependency on the ST Author making a selection.
  • SFR (f-component): Dependency on an SFR being included in the ST.
  • Use Case (usecase): Dependency on the ST Author claiming a defined Use Case.
  • Feature (feature): Dependency on the TOE implementing a defined product feature.
  • Platform (selectable within a choice): Dependency on the ST Author claiming a defined TOE platform/environment.
	<f-component id="sfr-fcs-ckm-1-ak" cc-id="fcs_ckm.1" iteration="AK" 
                     name="Cryptographic Key Generation (Asymmetric Keys)" status="sel-based">
		<depends on-sel="sel-fcs-sto-ext-1e2-ak"/>          <!-- Inclusion based on a selection -->
		<depends on-uc="uc-server-basic"/>		    <!-- Inclusion based on a use case -->
		<depends on-incl="sfr-fcs-ipsec-ext-1"/>  	    <!-- Inclusion based on inclusion of another SFR -->

You can include more than one id in each <depends> tag as long as they are all of the same type. That is, all selections or all SFRs. Also, the attribute for each id must be unique and must not be "id." It's simpler just to have one dependency per <depends> tag.

There are a couple of special cases to indicate that an SFR is optional or objective. This comes up most often when an SFR can be either selection-based or optional. Such SFRs should have status="sel-based" and the dependency is used to indicate that it is also optional.

	<f-component id="sfr-fcs-ckm-1-ak" cc-id="fcs_ckm.1" iteration="AK" 
                     name="Cryptographic Key Generation (Asymmetric Keys)" status="sel-based">
		<depends on-sel="sel-fcs-sto-ext-1e2-ak"/>          <!-- Inclusion based on a selection -->
		<depends><optional/></depends>		            <!-- May also be optionally added -->

For more about proper classification of SFRs, see Optional, Objective, and Implementation‐Dependent SFRs

Dependencies for Package Inclusion

The <depends> construct is also used in most <include-pkg> elements> to define the conditions for inclusion of the Functional Package in the ST.

	<include-pkg id="pkg-tls">
		<git>
		     <url>https://github.com/commoncriteria/tls</url>
		     <branch>release-1.1</branch>
		</git>
		<url>https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&amp;id=439</url>
                <depends on-sel="sel-itc-tls"/>
                <depends on-sel="sel-itc-https"/>
	</include-pkg>

Dependencies for Evaluation Activities

The depends construct can be used pretty much anywhere. In the App PP is it used to include only the Evaluation Activities that apply to the selected Platforms for the particular TOE:

	The following are the per-platform list of acceptable APIs:
	<h:div><depends ref="android"/> 
		The evaluator shall verify that the application uses at least one of <h:code>javax.crypto.KeyGenerator</h:code> 
		class or the <h:code>java.security.SecureRandom</h:code> class or <h:code>/dev/random
	        </h:code> or <h:code>/dev/urandom</h:code>.
	</h:div>
	<h:div><depends ref="ios"/> 
		The evaluator shall verify that the application invokes either
		<h:code>SecRandomCopyBytes</h:code>, <h:code>CCRandomGenerateBytes</h:code>, or <h:code>CCRandomCopyBytes</h:code>, 
                or uses <h:code>/dev/random</h:code> directly to acquire random.
	</h:div>
	<h:div><depends ref="linux"/> 
		The evaluator shall verify that the application collects random from <h:code>/dev/random</h:code>
		or <h:code>/dev/urandom</h:code>.
	</h:div>

You can expect that this construct will be used more in the future to better automate ST generation.

Dependencies on External Documents

Dependencies can point at selections in other documents. For example,

     <depends on="sel-aes-cbc-128">
        <external-doc ref="pkg-tls"/>
     </depends>

would create a dependency on the selection with id="sel-aes-cbc-128" in the TLS package as defined in the <include-pkg> section.

⚠️ **GitHub.com Fallback** ⚠️