Release Please read the Important Notice and Warnings at the end of this document Rev. 2.8 www.infineon.com 2025-07-02 public Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Release About this document Scope and purpose This document is the Security Target for the Infineon security controllers IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 with optional Crypto Suite. Intended audience Composite product developers, Common Criteria evaluators and certifiers. Release 2 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Table of contents public Table of contents Table of contents............................................................................................................................ 2 List of figures ................................................................................................................................. 4 List of tables .................................................................................................................................. 4 1 Introduction (ASE_INT) ........................................................................................................... 6 1.1 ST reference.............................................................................................................................................6 1.2 TOE reference..........................................................................................................................................6 1.3 TOE overview...........................................................................................................................................6 1.3.1 TOE definition and usage...................................................................................................................6 1.3.2 TOE major security features ..............................................................................................................6 1.4 TOE description.......................................................................................................................................7 1.4.1 TOE components................................................................................................................................7 1.4.1.1 TOE hardware................................................................................................................................7 1.4.1.2 Firmware .......................................................................................................................................9 1.4.1.3 Libraries.........................................................................................................................................9 1.4.2 Physical scope....................................................................................................................................9 1.4.3 Logical scope....................................................................................................................................10 1.4.4 TOE delivery .....................................................................................................................................12 1.4.5 Production sites ...............................................................................................................................12 1.4.6 Configurations..................................................................................................................................12 1.4.7 Initialisation with embedded software...........................................................................................12 2 Conformance (ASE_CCL) ........................................................................................................14 2.1 Conformance claims .............................................................................................................................14 2.1.1 PP claims ..........................................................................................................................................14 2.1.2 Package claims.................................................................................................................................14 2.2 Conformance rationale.........................................................................................................................14 3 Security Problem Definition (ASE_SPD) ...................................................................................15 3.1 Threats...................................................................................................................................................15 3.1.1 Threats from PP0084........................................................................................................................15 3.1.2 Threats defined in this ST ................................................................................................................15 3.2 Organizational security policies ...........................................................................................................15 3.2.1 Organizational security policies from PP0084 ................................................................................15 3.2.2 Organizational security policies defined in this ST.........................................................................15 3.3 Assumptions..........................................................................................................................................16 3.3.1 Assumptions defined in [PP0084]....................................................................................................16 3.3.2 Assumptions defined in this ST .......................................................................................................16 4 Security Objectives (ASE_OBJ)................................................................................................17 4.1 Security objectives for the TOE.............................................................................................................17 4.1.1 Security objectives for the TOE defined in PP0084.........................................................................17 4.1.2 Security objectives for the TOE defined in this ST..........................................................................17 4.2 Security objectives for the operational environment (OE)..................................................................18 4.2.1 OEs defined in [PP0084]...................................................................................................................18 4.2.2 OEs defined in this ST ......................................................................................................................18 4.3 Security objectives rationale ................................................................................................................18 5 Extended Components Definition (ASE_ECD)............................................................................19 5.1 Extended components defined in [PP0084].........................................................................................19 5.2 Extended components defined in this ST ............................................................................................19 Release 3 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Table of contents public 6 Security Requirements (ASE_REQ) ..........................................................................................20 6.1 Security functional requirements.........................................................................................................20 6.1.1 Hardware random number generators...........................................................................................20 6.1.2 Cryptographic services implemented in hardware ........................................................................21 6.1.3 Cryptographic algorithms implemented with MISE .......................................................................21 6.1.4 TSF testing........................................................................................................................................22 6.1.5 Malfunctions.....................................................................................................................................23 6.1.6 Abuse of Functionality .....................................................................................................................23 6.1.7 Physical Manipulation and Probing.................................................................................................24 6.1.8 Leakage.............................................................................................................................................24 6.1.9 Application Firewall .........................................................................................................................24 6.1.9.1 Policy definition ..........................................................................................................................25 6.1.9.2 SFRs .............................................................................................................................................27 6.1.10 Authentication of the Security IC.....................................................................................................30 6.1.11 Flash loader......................................................................................................................................30 6.1.11.1 SFRs added in this ST..................................................................................................................32 6.1.12 Crypto Suite......................................................................................................................................33 6.1.12.1 AES...............................................................................................................................................33 6.1.12.4 FFC...............................................................................................................................................36 6.1.12.5 RSA...............................................................................................................................................37 6.1.12.6 ECC...............................................................................................................................................38 6.1.12.7 Hash.............................................................................................................................................40 6.1.12.8 Random .......................................................................................................................................41 6.2 Security assurance requirements.........................................................................................................44 6.2.1 Security Policy Model (SPM) details ................................................................................................45 6.3 Security requirements rationale...........................................................................................................46 6.3.1 Rationale for the Security Functional Requirements .....................................................................46 6.3.1.1 Additional SFRs related to O.Firewall ........................................................................................46 6.3.1.2 Additional SFRs related to O.Ctrl_Auth_Loader ........................................................................47 6.3.1.3 Additional SFRs related to O.Phys-Manipulation ......................................................................47 6.3.1.4 Additional SFRs related to O.AES ...............................................................................................47 6.3.1.5 Additional SFRs related to O.TDES.............................................................................................47 6.3.1.6 Additional SFRs related to O.HMAC............................................................................................47 6.3.1.7 Additional SFRs related to O.FFC ...............................................................................................47 6.3.1.8 Additional SFRs related to O.RSA ...............................................................................................47 6.3.1.9 Additional SFRs related to O.ECC...............................................................................................48 6.3.1.10 Additional SFRs related to O.Hash .............................................................................................48 6.3.1.11 Additional SFRs related to O.RND ..............................................................................................48 6.3.1.12 Additional SFRs related to O.MISE..............................................................................................48 6.3.2 Dependencies of Security Functional Requirements .....................................................................48 6.3.3 Rationale of the Assurance Requirements......................................................................................50 7 TOE Summary Specification (ASE_TSS)....................................................................................51 7.1 SF_DPM: Device Phase Management ...................................................................................................51 7.2 SF_PS: Protection against Snooping....................................................................................................52 7.3 SF_PMA: Protection against Modifying Attacks ...................................................................................52 7.4 SF_PLA: Protection against Logical Attacks.........................................................................................53 7.5 SF_HC: Hardware provided cryptography ...........................................................................................53 7.6 SF_CS: Crypto Suite Services................................................................................................................54 8 Hash values of libraries..........................................................................................................55 Release 4 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 List of figures public 9 Cryptographic Table..............................................................................................................58 Acronyms .....................................................................................................................................60 References....................................................................................................................................60 Revision history.............................................................................................................................62 List of figures Figure 1 TOE hardware......................................................................................................................................7 List of tables Table 1 Hardware/Firmware components......................................................................................................9 Table 2 Libraries...............................................................................................................................................9 Table 3 User guidance documents ................................................................................................................10 Table 4 Forms of delivery...............................................................................................................................12 Table 5 TOE configuration options................................................................................................................12 Table 6 Order Options to initialize the TOE with customer software...........................................................12 Table 7 Threats from [PP0084] ......................................................................................................................15 Table 8 Organisational Security Policies from [PP0084] ..............................................................................15 Table 9 Memory region-based access control...............................................................................................15 Table 10 Assumptions from [PP0084]..............................................................................................................16 Table 11 Security objectives for the TOE from [PP0084] ................................................................................17 Table 12 Security Objectives for the TOE ........................................................................................................17 Table 13 Security objectives for the operational environment from [PP0084] .............................................18 Table 14 Additional Security objectives for the environment........................................................................18 Table 15 FCS_RNG.1/TRNG..............................................................................................................................20 Table 16 FCS_COP.1/AES .................................................................................................................................21 Table 17 FCS_CKM.4.........................................................................................................................................21 Table 18 FCS_COP.1/SHA2...............................................................................................................................22 Table 19 FCS_COP.1/ASCON............................................................................................................................22 Table 20 TSF testing.........................................................................................................................................22 Table 21 FAU_SAS.1 .........................................................................................................................................23 Table 22 FDP_SDC.1.........................................................................................................................................24 Table 23 FDP_SDI.2 ..........................................................................................................................................24 Table 24 FDP_ACC.2/AF....................................................................................................................................27 Table 25 FDP_ACF.1/AF....................................................................................................................................28 Table 26 FMT_MSA.3/AF...................................................................................................................................28 Table 27 FMT_MSA.1/AF/S ...............................................................................................................................28 Table 28 FMT_MSA.1/AF/NS.............................................................................................................................29 Table 29 FMT_SMF.1/AF...................................................................................................................................29 Table 30 FMT_SMR.1/AF...................................................................................................................................29 Table 31 FIA_API.1............................................................................................................................................30 Table 32 FMT_LIM.1/Loader.............................................................................................................................30 Table 33 FMT_LIM.2/Loader.............................................................................................................................30 Table 34 FTP_ITC.1...........................................................................................................................................31 Table 35 FDP_ACC.1/Loader............................................................................................................................31 Release 5 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 List of tables public Table 36 FDP_ACF.1/Loader ............................................................................................................................31 Table 37 FMT_MTD.1/Loader...........................................................................................................................32 Table 38 FMT_SMR.1/Loader ...........................................................................................................................33 Table 39 FMT_SMF.1/Loader............................................................................................................................33 Table 40 FIA_UID.2/Loader ..............................................................................................................................33 Table 41 FCS_COP.1/CS/AES/ ................................................................................................................34 Table 42 Cryptographic table for FCS_COP.1/CS/AES/.........................................................................34 Table 43 FCS_CKM.4/CS/AES ...........................................................................................................................34 Table 46 FCS_CKM.4/CS/TDES.........................................................................................................................35 Table 49 FCS_COP.1/CS/FFC/.................................................................................................................36 Table 50 Cryptographic table for FCS_COP.1/CS/FFC/ .........................................................................36 Table 51 FCS_COP.1/CS/RSA/ ................................................................................................................37 Table 52 Cryptographic table for FCS_COP.1/CS/RSA/.........................................................................37 Table 53 FCS_CKM.1/CS/RSA/................................................................................................................37 Table 54 Cryptographic table for FCS_CKM.1/CS/RSA/ ........................................................................38 Table 55 FCS_COP.1/CS/ECC/ ................................................................................................................39 Table 56 Cryptographic table for FCS_COP.1/CS/ECC/.........................................................................39 Table 57 Certified elliptic curves .....................................................................................................................39 Table 58 FCS_CKM.1/CS/ECC...........................................................................................................................40 Table 59 FCS_COP.1/CS/Hash/ ..............................................................................................................40 Table 60 Cryptographic table for FCS_COP.1/CS/Hash/.......................................................................40 Table 61 FCS_RNG.1/CS/PTG2.........................................................................................................................41 Table 62 FCS_RNG.1/CS/PTG3.........................................................................................................................42 Table 63 FCS_RNG.1/CS/DRG3.........................................................................................................................43 Table 64 FCS_RNG.1/CS/DRG4.........................................................................................................................43 Table 65 SAR list and refinements...................................................................................................................44 Table 66 SFRs excluded from SPM...................................................................................................................46 Table 67 Rationale for SFRs related to O.Firewall...........................................................................................46 Table 68 Rationale for additional SFRs related to O.Ctrl_Auth_Loader ........................................................47 Table 69 Dependencies of SFRs.......................................................................................................................48 Table 70 TOE Security Features.......................................................................................................................51 Table 71 SHA256 hash values ..........................................................................................................................55 Table 72 Cryptographic table ..........................................................................................................................58 Release 6 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Introduction (ASE_INT) public 1 Introduction (ASE_INT) 1.1 ST reference The ST has the title IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Target, Rev. 2.8 and is dated 2025-07-02. 1.2 TOE reference The full TOE name is: IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 with firmware version 80.505.04.1 or 80.511.00.0, optional HSL version 04.05.0040, optional UMSLC version 02.01.0040, optional Crypto Suite version 05.02.002, optional NRG™ version 06.10.0002 or 06.10.0005, optional Ascon-128 MISE version 1.1.2, optional SHA256 MISE version 1.1.1 and user guidance documents The TOE is identified by the components as described in the physical scope, chapter 1.4.2. • The Hardware version, design step and Firmware version can be read out form the chip by the Generic Chip Identification Mode (GCIM). The procedure how to read that data is described in the Programmers Reference Manual. • The correct library versions can be verified by the corresponding hash values as defined in chapter 8. The correct user guidance documents can be verified by Table 3. 1.3 TOE overview 1.3.1 TOE definition and usage The TOE consists of a smart card IC (Security Controller), firmware and user guidance meeting high requirements in terms of performance and security. The TOE is designed by Infineon Technologies AG and is intended to be used in smart cards for security-relevant applications and as developing platform for smart card operating systems according to the life cycle model from [PP0084]. The TOE is the platform for the Embedded Software but the Embedded Software itself is not part of the TOE. The TOE does not require any non-TOE hardware/software/firmware. 1.3.2 TOE major security features • Dual CPU in lockstep mode to detect integrity errors during processing • Memory integrity protection • Memory encryption • Bus masking for security peripherals • Hardware True RNG • Symmetric coprocessor for AES encryption and decryption • Coprocessor to accelerate long integer and modular arithmetic operations for asymmetric cryptography. It relies on the embedded software to implement securely cryptographic algorithms. • Global alarm system with security life control Release 7 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Introduction (ASE_INT) public • Tearing safe NVM write • Armv8-M compliant MPU and SAU • Robust set of sensors and detectors • Redundant alarm propagation and system deactivation principle • Peripheral access control • Leakage control of data dependent code execution • Device phase management • The optional Crypto Suite provides hardened cryptographic functions for AES, TDES, RSA, ECC, finite field DH, Hash, HMAC functions and deterministic random number generators. • The MISE provides masked and side-channel hardened arithmetical and logical CPU instructions. • Instruction Stream Signature (ISS) coprocessor. The ISS can optionally be used to protect the CPU instruction flow. The hardware-based integrity protection concept of the TOE already provides a very effective program flow protection, such that the ISS is actually not needed. The ISS can nevertheless be used for compatibility reasons or as a very conservative additional countermeasure. 1.4 TOE description 1.4.1 TOE components 1.4.1.1 TOE hardware Figure 1 shows schematically the TOE hardware. Figure 1 TOE hardware Release 8 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Introduction (ASE_INT) public The TOE hardware consists of the following blocks: • Processor − CPU according to Armv8-M mainline architecture. − Armv8-M compatible NVIC controller − Armv8-M compatible Memory Protection Unit (MPU) with 8 regions − Armv8-M compatible Security Attribution Unit (SAU) with 8 regions − Instruction Stream Signature (ISS) coprocessor − Fast Random Source (FRS) nonce generator coprocessor − EDC protected caches for memory access and instruction fetch − MCICE provides encryption and EDC protection for RAM, ROM and NVM • Memories − encrypted and EDC protected ROM − encrypted and EDC protected RAM − encrypted and EDC protected NVM • Peripherals − Timers − Watchdog − Tick counter − CRC accelerator • System peripherals − Clock unit − Interface Management Module (IMM) − Power Management − System Peripheral Access Unit (SPAU) to manage access to peripherals. • Cryptographic peripherals − RNG according to class PTG.2 of [AIS 31] − Crypto2304T coprocessor for long modular integer arithmetic − SCP for secure AES computation − µSM4 accelerator for SM4 cryptographic algorithm. • Security peripherals − UMSLC − Sensors • I/O Interfaces − UART for ISO 7816-3 − I3C slave which can also be used as I2C slave − I2C master − SPI slave − SWP slave − Miller interface − GPIO ports The TOE has a global alarm system that puts the TOE into a secure state after tamper detection. Release 9 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Introduction (ASE_INT) public 1.4.1.2 Firmware The TOE Firmware consists of the Boot software, which provides secure start-up and contains the Flash Loader code. 1.4.1.3 Libraries The TOE can be ordered with the following libraries to support the security coding of embedded software: • UMSLC library to test the chips sensors • HSL library to provide tearing safe write for the NVM The TOE can optionally be ordered with the following certified libraries to support the security coding of embedded software: • Crypto Suite library to provide certified cryptographic functions • Ascon-128 MISE and SHA256 MISE libraries and application notes In addition, the TOE can be ordered with the NRG™ SW library. This is a proprietary cryptographic protocol for transport and ticketing applications. Please note that NRG™ is not part of the TSF. 1.4.2 Physical scope 1.4.2.1 Hardware/Firmware Table 1 Hardware/Firmware components CC Version Design Step Firmware Flash Loader IFX_CCI_000068h IFX_CCI_000080h IFX_CCI_000097h IFX_CCI_000099h G12 80.505.04.1 10.01.0001 IFX_CCI_000093h R11, R12 80.511.00.0 10.01.0001 1.4.2.2 Libraries The following libraries can be optionally ordered. Table 2 Libraries Component Version HSL 04.05.0040 UMSLC 02.01.0040 NRG™ 06.10.0002 06.10.0005 Crypto Suite 5.02.002 Ascon-128 MISE 1.1.2 SHA256 MISE 1.1.1 Note: The user guidance for the UMSLC, NRG™ and HSL libraries is located in the Programmers Reference Manual. The Crypto Suite library comes with dedicated user guidance. Release 10 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Introduction (ASE_INT) public 1.4.2.3 User guidance documents The following table lists the guidance documents belonging to the product variant CCI. Table 3 User guidance documents Component Version Date Comment TEGRION™ SLC21 (32-bit Security Controller – V24) Hardware Reference Manual 7.0 2025-05-14 TEGRION™ SLx2 security controller family Programmer's Reference Manual SLx2_DFP 1.8.0 2025-05-09 SLC21 32-bit Security Controller - V24 Security Guidelines 1.00-3099 2025-06-04 SLC21 (32-bit Security Controller – V24) Production and personalization manual Flash Loader V10 10.01 2023-06-28 Crypto2304T V4, User Manual 3.0 2024-06-21 TEGRION™ SLC21 (32-bit Security Controller – V24) Errata sheet 6.0 2025-05-23 IFX_CCI_000068h/80h/97h/99h G12 only TEGRION™ SLC21 (32-bit Security Controller – V34) Errata sheet 2.0 2025-05-23 IFX_CCI_000093h CS-SLC21V24 Crypto Suite 32-bit Security Controller User interface manual 5.02.002 2025-06-27 Ascon-128 MISE Application Note 1.1.3 2023-09-13 SHA256 MISE Application Note 1.1.2 2023-09-13 1.4.3 Logical scope The logical scope of the TOE consists of the logical security features provided by the TOE. These features are listed in chapter 1.3.2. This chapter explains the features in more detail. The following features of the TOE are part of the TSF: • The Processor has a duplicated CPU running in lockstep mode to detect integrity errors. The CPU registers and the cache RAM are protected by 32-bit ECC codes used as an EDC. • ROM, RAM and NVM content is cryptographically encrypted according to [AIS 46] • ROM, RAM and NVM content is integrity protected by an EDC with at least 28 bits. • A hardware true RNG according to class PTG.2 of [AIS 31]. • A symmetric coprocessor for performing masked AES ECB encryption. • The data buses connecting the CPU and the cryptographic peripherals are encrypted using a bus encryption with dynamic keys which are changed in each transfer. • Peripheral access control can be used to provide individual access control of all peripherals for the different security states of the processor (i.e. secure/non-secure, privilege/non-privilege). • The chip has the following sensors − voltage low and high − temperature low and high − low frequency Release 11 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Introduction (ASE_INT) public − light fault attack detectors If the values are out of range a security alarm is issued. • Security Life control is used to check proper working of sensors and alarm system by runtime triggered tests. • In case the core or a peripheral detects a security violation it performs three countermeasures − goes into local alarm state − propagates the alarm to the other peripherals and core which then go also into alarm state − triggers a security reset. • The HSL detects if NVM has not been correctly written due to a tearing event. The next time an HSL function is called, the embedded software is informed by the HSL that a tearing event has occurred. The HSL provides functions to correct the corrupted data by either roll-back or roll-forward. • The Armv8-M Memory Protection Unit (MPU) and Security Attribution Unit (SAU) with 8 regions each are provided which can be used as a logical firewall for the embedded software. • If the chip is switched to User mode it cannot be switched back to Test mode. If the Flash Loader is permanently disabled, it cannot be reactivated again. • The Masked Instruction Set Extension (MISE) coprocessor provides an Armv8-M Custom Data path Extension (CDE) with side-channel improved (masked) variants of common 32-bit instructions. The most important instructions are MAND, MBIC, MEOR, MORN, MORR, MADD and MSUB (with and without carries). Application notes will be provided which show the implementation of SHA2-256 and the Ascon authenticated encryption with MISE instructions. • The optional Crypto Suite supporting − RSA key generation, encryption and signature up to 4224 bits − ECDSA and ECDH up to 521 bits − Brainpool curves, NIST curves, W-25519, Koblitz secp256k1, BN P256, ANSII FRP256V1 − AES 128, 192,256 in different chaining modes and CMAC − TDES 112,168 in different chaining modes − HMAC with SHA-1 and SHA-2 − SHA-1 and SHA-2 Hash − RNG functions supporting PTG.2, PTG.3, DRG.3, DRG.4 according to [AIS 20] and [AIS 31] • The processor system comes with several supporting features to assist side-channel protected software implementations. One common software countermeasure is masking. However, the user needs to take special care when processing masked data together with its masks to avoid that they (or parts of them) are unintentionally combined in hardware resulting in a degradation of the desired side-channel security level. Therefore, the processor system has several measures in place to support the software in keeping the masked data and masks separated. • Fast Random Source (FRS) nonce generator coprocessor. This RNG was not evaluated according to [AIS 31] and its output shall therefore not be used for applications requiring a certified RNG. It is used internally to support security features of the security architecture. • Program flow integrity protection: The Instruction Stream Signature (ISS) coprocessor can optionally be used by the IC embedded software to detect illegal program flows and trigger an alarm. • A coprocessor for accelerating long arithmetic operations to support RSA and ECC cryptography. This coprocessor has no dedicated security countermeasures. The embedded software must implement security countermeasures. Appropriate countermeasures are provided by the optional Crypto Suite library. The TOE has memory-mapped registers as interfaces to the peripherals. Release 12 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Introduction (ASE_INT) public The interfaces to the libraries are C language APIs. 1.4.4 TOE delivery The TOE delivery formats and delivery lifecycle according to [PP0084] application note 1 are shown in the following table. Table 4 Forms of delivery Component Format Life cycle Delivery method Hardware bare die (sawn wafer) 3 Customer chooses delivery method. This ST describes under which circumstances transport protection is provided by the TOE. PG-X2QFN-20 4 CSP 4 Firmware binary image 3 or 41 In ROM/NVM of hardware Libraries object files n/A secure download via iShare Documents personalized PDF ASCII readme text2 n/A secure download via iShare Note: The Ascon-128 MISE and SHA256 MISE libraries will also be provided as source code. 1.4.5 Production sites The TOE may be handled at different production sites, but the silicon is produced at TSMC fab 15 in Taiwan only. The production site can be determined by reading out the GCIM. 1.4.6 Configurations This TOE is represented by various configurations called products. The module design, layout and footprint, of all products are identical. The degree of freedom for configuring the TOE is predefined by Infineon Technologies AG. Table 5 shows TOE hardware/firmware configurations. The chip must be ordered with the desired NVM value. The value cannot be changed afterwards. Bill per Use is not supported. Table 5 TOE configuration options Component Values Identification NVM 800, 1024, 1800 kb IFX mailbox 1.4.7 Initialisation with embedded software This TOE is equipped with Flash Loader software (FL) to download user software, i.e. an operating system and applications. Various options can be chosen by the user to store software onto the NVM. Table 6 Order Options to initialize the TOE with customer software Option TOE status The user or/and a subcontractor downloads the software into the NVM. Infineon Technologies does not receive any user software. The Flash Loader can be activated or reactivated by the user or subcontractor to download software into NVM. In case the Flash Loader is active, it may be either in life cycle stage “Pinletter” or “Activated”. When “Activated” a mutual authentication needs 1 depends on hardware delivery format 2 Documentation of MISE libraries will be delivered as ASCII readme files. All other documentation will be delivered in PDF form. Release 13 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Introduction (ASE_INT) public Option TOE status to be performed. In “Pinletter” a valid Pinletter provided by Infineon Technologies AG needs to be presented to enter “Activated” stage. The user provides software to download into NVM to Infineon Technologies AG. The software is loaded into NVM during chip production. There is no Flash Loader present. The user provides software to download into NVM to Infineon Technologies AG. The software is loaded into NVM during chip production. The Flash Loader is blocked by Infineon but can be activated or reactivated by the user or subcontractor to download software into NVM. The user is required to provide a reactivation procedure as part of the software to Infineon Technologies AG. The user provides software to download into NVM to Infineon Technologies AG. The software is loaded into NVM during chip production. The Flash Loader is active. The user can either download software or activate the software already present in NVM. Release 14 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Conformance (ASE_CCL) public 2 Conformance (ASE_CCL) 2.1 Conformance claims This ST and TOE claim conformance to • [CC2] extended • [CC3] conformant 2.1.1 PP claims This ST is strictly conformant to [PP0084]. The assurance level is EAL6 with the augmentation ALC_FLR.1. The Security IC Platform Protection Profile with Augmentation Packages is registered and certified by the Bundesamt für Sicherheit in der Informationstechnik (BSI) under the reference [PP0084]. 2.1.2 Package claims This ST claims conformance to the following additional packages taken from [PP0084]: • Package Authentication of the Security IC, section 7.2, conformant. • Package Loader, Package 1: Loader dedicated for usage in secured environment only, section 7.3.1, conformant. • Package Loader, Package 2: Loader dedicated for usage by authorized users only, section 7.3.2, augmented. • Package TDES; section 7.4.1, augmented. This package is only claimed if the optional Crypto Suite 5.02.002 is available. • Package AES; section 7.4.2, augmented. Note: The Loader Packages are only claimed if the user has ordered the TOE with active Flash Loader The assurance level for the TOE is EAL6 augmented with the component ALC_FLR.1. Therefore, this ST is package-augmented to the packages in [PP0084]. 2.2 Conformance rationale The TOE is a typical security IC as defined in [PP0084]. The security problem definition of [PP0084] is enhanced by adding the Organisational Security Policy P.Firewall due to addition of the Armv8-M Memory Protection Unit and Security Extension. The security target remains conformant to [CC1] due to claim 289 as the possibility to introduce additional restrictions is given. The security target fulfils the strict conformance claim of [PP0084] due to application note 5. Release 15 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Problem Definition (ASE_SPD) public 3 Security Problem Definition (ASE_SPD) 3.1 Threats 3.1.1 Threats from PP0084 The following threats are defined and described in [PP0084] sections 3.2 and 7.2.1. Table 7 Threats from [PP0084] Threat Description T.Phys-Manipulation Physical Manipulation T.Phys-Probing Physical Probing T.Malfunction Malfunction due to Environmental Stress T.Leak-Inherent Inherent Information Leakage T.Leak-Forced Forced Information Leakage T.Abuse-Func Abuse of Functionality T.RND Deficiency of Random Numbers T.Masquerade_TOE Masquerade the TOE 3.1.2 Threats defined in this ST There are no additional threats defined in this ST. 3.2 Organizational security policies 3.2.1 Organizational security policies from PP0084 The organizational policies from [PP0084] sections 3.3, 7.3.1, 7.3.2 and 7.4 are applicable. Table 8 Organisational Security Policies from [PP0084] OSP Description P.Process-TOE Protection during TOE Development and Production P.Crypto-Service Cryptographic services of the TOE P.Lim_Block_Loader Limiting and Blocking the Loader Functionality P.Ctrl_Loader Controlled usage to Loader Functionality 3.2.2 Organizational security policies defined in this ST This ST defines an additional organisational security policy specific to the MPU Extension and Security Extension. Table 9 Memory region-based access control OSP Definition P.Firewall The TOE must enable the IC dedicated software and the end-user embedded software to manage and control access to regions in memory. Release 16 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Problem Definition (ASE_SPD) public 3.3 Assumptions 3.3.1 Assumptions defined in [PP0084] The TOE assumptions about the operational environment are defined and described in [PP0084] section 3.4. Table 10 Assumptions from [PP0084] Assumption Description A.Process-Sec-IC Protection during Packaging, Finishing and Personalization A.Resp-Appl Treatment of User Data 3.3.2 Assumptions defined in this ST There are no additional assumptions defined in this ST. Release 17 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Objectives (ASE_OBJ) public 4 Security Objectives (ASE_OBJ) 4.1 Security objectives for the TOE 4.1.1 Security objectives for the TOE defined in PP0084 Table 11 Security objectives for the TOE from [PP0084] Objective Description O.Phys-Manipulation Protection against Physical Manipulation O.Phys-Probing Protection against Physical Probing O.Malfunction Protection against Malfunctions O.Leak-Inherent Protection against Inherent Information Leakage O.Leak-Forced Protection against Forced Information Leakage O.Abuse-Func Protection against Abuse of Functionality O.Identification TOE Identification O.RND Random Numbers O.Cap_Avail_Loader Capability and availability of the Loader O.Ctrl_Auth_Loader Access control and authenticity for the Loader O.Authentication Authentication to external entities O.AES Cryptographic service AES O.TDES Cryptographic service TDES 4.1.2 Security objectives for the TOE defined in this ST Table 12 Security Objectives for the TOE Objective Definition O.Firewall Firewall based Access Control The TOE must provide the IC dedicated software and the end-user embedded software with the capability to define restricted memory access and code execution to memory addresses. The TOE must enforce the access of software to these memory regions depending on access attributes. O.FFC Finite Field cryptographic services The TOE shall provide the following specific security functionality to the Smartcard Embedded Software: Finite Field cryptographic services O.RSA RSA cryptographic services The TOE shall provide the following specific security functionality to the Smartcard Embedded Software: Rivest-Shamir-Adleman Cryptography (RSA) O.ECC Elliptic Curve cryptographic services The TOE shall provide the following specific security functionality to the Smartcard Embedded Software: Elliptic Curve Cryptography (ECC) O.HMAC HMAC Cryptographic services The TOE provides secure cryptographic services for HMAC calculation. Release 18 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Objectives (ASE_OBJ) public Objective Definition O.Hash Cryptographic service hash The TOE provides secure cryptographic services for SHA-1 and SHA-2 generation. O.MISE Cryptographic services implemented with MISE The TOE provides secure cryptographic services implemented with the MISE instructions. 4.2 Security objectives for the operational environment (OE) 4.2.1 OEs defined in [PP0084] Table 13 Security objectives for the operational environment from [PP0084] Objective Description OE.Resp-Appl Treatment of user data of the Composite TOE OE.Process-Sec-IC Protection during composite product manufacturing OE.Lim_Block_Loader Limitation of capability and blocking the Loader OE.Loader_Usage Secure communication and usage of the Loader OE.TOE_Auth External entities authenticating of the TOE Note: OE.TOE_Auth is available if the Flash Loader is available. 4.2.2 OEs defined in this ST Table 14 Additional Security objectives for the environment Environmental objective Description OE.Secure_Delivery (only applicable if Flash Loader deactivated (i.e. cases 2 and 3 from Table 6) When the TOE is ordered with a disabled Flash Loader, it does not provide transport protection. Therefore, technical and / or organisational security procedures (e.g. a custom mutual authentication mechanism or a security transport) should be put in place by the customer to secure the personalized TOE during delivery as required by the security needs of the loaded IC Embedded Software. 4.3 Security objectives rationale The security objectives rationale of the TOE is defined and described in [PP0084] section 4.4, 7.3.1, 7.3.2 and section 7.4.2. The objectives O.Firewall added in this ST cover the organisational security policy P.Firewall that states that IC dedicated software and end-user embedded software must be able to manage and control access to regions in memory. The objectives O.FFC, O.RSA, O.ECC, O.HMAC, O.Hash and O.MISE cover the policy P.Crypto-Service. This policy intends to allow adding various cryptographic services to the TSF. The objective OE.Secure_Delivery requires the customers to provide transport protection in case the TOE is delivered with flash loader deactivated (i.e. rows 2, 3 from Table 6 ). In that case O.Authentication is not available and needs to be compensated by customer measures. This environmental objective counters T.Masquerade_TOE. Release 19 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Extended Components Definition (ASE_ECD) public 5 Extended Components Definition (ASE_ECD) 5.1 Extended components defined in [PP0084] The [PP0084] defines the following extended components used in this ST: • FMT_LIM.1 • FMT_LIM.2 • FAU_SAS.1 • FDP_SDC.1 • FCS_RNG.1 • FIA_API.1 5.2 Extended components defined in this ST There are no extended components defined in this ST. Release 20 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public 6 Security Requirements (ASE_REQ) 6.1 Security functional requirements For the CC operations the following convention is used: • CC operations which have been already completed in [PP0084] or [AIS 31] are typeset without underline. • CC (nested) iteration operations are started by a slash “/” symbol, followed by an iteration identifier text. Iterations may be recursively nested. • CC operations which are completed in this ST are underlined and the assigned footnote shows the original template text. Iteration operations are typed in normal font (i.e. without underline). 6.1.1 Hardware random number generators Random numbers generation according to Class PTG.2 of [AIS 31]. Table 15 FCS_RNG.1/TRNG FCS_RNG.1/TRNG Random Number Generation Hierarchical to No other components. Dependencies No dependencies. FCS_RNG.1.1/TRNG The TSF shall provide a physical random number generator that implements: (PTG.2.1) A total failure test detects a total failure of entropy source immediately when the RNG has started. When a total failure is detected, no random numbers will be output. (PTG.2.2) If a total failure of the entropy source occurs while the RNG is being operated, the RNG prevents the output of any internal random number that depends on some raw random numbers that have been generated after the total failure of the entropy source1 . (PTG.2.3) The online test shall detect non-tolerable statistical defects of the raw random number sequence (i) immediately when the RNG has started, and (ii) while the RNG is being operated. The TSF must not output any random numbers before the power-up online test has finished successfully or when a defect has been detected. (PTG.2.4) The online test procedure shall be effective to detect non- tolerable weaknesses of the random numbers soon. (PTG.2.5) The online test procedure checks the quality of the raw random number sequence. It is triggered continuously2 . The online test is suitable for detecting non-tolerable statistical defects of the statistical properties of the raw random numbers within an acceptable period of time. FCS_RNG.1.2/TRNG The TSF shall provide 32-bit numbers3 that meet 1 [selection: prevents the output of any internal random number that depends on some raw random numbers that have been generated after the total failure of the entropy source, generates the internal random numbers with a post-processing algorithm of class DRG.2 as long as its internal state entropy guarantees the claimed output entropy] 2 [selection: externally, at regular intervals, continuously, applied upon specified internal events]. 3 [selection: bits, octets of bits, numbers [assignment: format of the numbers]] Release 21 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FCS_RNG.1/TRNG Random Number Generation (PTG.2.6) Test procedure A (None)1 does not distinguish the internal random numbers from output sequences of an ideal RNG. (PTG.2.7) The average Shannon entropy per internal random bit exceeds 0.997. 6.1.2 Cryptographic services implemented in hardware This chapter defines cryptographic algorithms which are directly supported by the hardware. Table 16 FCS_COP.1/AES FCS_COP.1/AES Cryptographic operation Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/AES The TSF shall perform decryption and encryption in accordance with a specified cryptographic algorithm AES in ECB mode2 and cryptographic key sizes 128 bit, 192 bit, 256 bit3 that meet the following: [FIPS 197], [SP 800-38A]. Note: The input to the AES algorithm must be provided in two XOR shares. By fixing one share to zero an ECB mode with one input results. Table 17 FCS_CKM.4 FCS_CKM.4 Cryptographic key destruction Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method overwriting or zeroing4 that meets the following: None5 . 6.1.3 Cryptographic algorithms implemented with MISE This chapter defines the SFRs related to the optional libraries Ascon-128 MISE and SHA256 MISE . The library code is also provided as source code. The SFRs from this chapter are only applicable if those libraries are delivered. 1 [assignment: additional standard test suites] 2 [selection: 128 bit, 192 bit, 256 bit] 3 [selection: 128 bit, 192 bit, 256 bit] 4 [assignment: cryptographic key destruction method] 5 [assignment: list of standards] Release 22 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public Table 18 FCS_COP.1/SHA2 FCS_COP.1/SHA2 Cryptographic operation Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/SHA2 The TSF shall perform Hash digest1 in accordance with a specified cryptographic algorithm SHA-2562 and cryptographic key sizes none3 that meet the following: [FIPS 180-4]4 . Table 19 FCS_COP.1/ASCON FCS_COP.1/ASCON Cryptographic operation Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/ASCON The TSF shall perform Authenticated encryption5 in accordance with a specified cryptographic algorithm Ascon-1286 and cryptographic key sizes 128 bit7 that meet the following: [ASCON]8 . 6.1.4 TSF testing An attacker may try to circumvent the alarm system and secure wiring by physical manipulation (e.g. by cutting alarm lines). To counter those threats, the chip provides the User Mode Life Cycle (UMSLC) tests to check the integrity of those security features. Those test functions are provided as a software library and can be triggered on demand of the Embedded Software of the Composite TOE. Table 20 TSF testing FPT_TST.1 TSF testing Hierarchical to No other components. Dependencies No dependencies. FPT_TST.1.1 The TSF shall run a suite of self-tests at the request of the authorized user9 to demonstrate the correct operation of alarm test and security optimized wiring tests10 . 1 [assignment: list of cryptographic operations] 2 [assignment: cryptographic algorithms] 3 [assignment: cryptographic key sizes] 4 [assignment: list of standards] 5 [assignment: list of cryptographic operations] 6 [assignment: cryptographic algorithms] 7 [assignment: cryptographic key sizes] 8 [assignment: list of standards] 9 [selection: during initial start-up, periodically during normal operation, at the request of the authorized user, at the conditions [assignment: conditions under which self-test should occur]] 10 [selection: [assignment: parts of TSF], the TSF] Release 23 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FPT_TST.1 TSF testing FPT_TST.1.2 The TSF shall provide authorized users with the capability to verify the integrity of the boot code1 . FPT_TST.1.3 The TSF shall provide authorized users with the capability to verify the integrity of alarm behavior and security optimized wiring2 . Note: If the integrity of the boot code is violated, a security reset is triggered. The authorized user (i.e. the embedded software) can check if a security reset has been performed by reading the reset status register. 6.1.5 Malfunctions This chapter relates to the section “Malfunctions” in [PP0084] ch. 6.1. The SFRs FRU_FLT.2 and FPT_FLS.1 are specified in [PP0084]. Secure state of the TOE Application note 14 of FPT_FLS.1 requires to define the secure state of the TOE. Definition: A secure state of the TOE is either a correct operation or one of the following exceptional states • security reset • global deactivation of the TOE (a.k.a. alarm state) • fault handler 6.1.6 Abuse of Functionality This chapter relates to the section “Abuse of Functionality” in [PP0084] ch. 6.1. The SFRs FMT_LIM.1 and FMT_LIM.2 are specified in [PP0084]. Table 21 FAU_SAS.1 FAU_SAS.1 Audit Storage Hierarchical to No other components. Dependencies No dependencies. FAU_SAS.1.1 The TSF shall provide the test process before TOE delivery3 with the capability to store the initialization data and/or pre-personalization data and/or supplements of the security IC embedded software4 in the access protected and not changeable areas of the non-volatile memory5 . 1 [selection: [assignment: parts of TSF data], TSF data] 2 [selection: [assignment: parts of TSF], TSF] 3 [assignment: list of subjects] 4 [assignment: list of audit information] 5 [assignment: type of persistent memory] Release 24 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public 6.1.7 Physical Manipulation and Probing This chapter relates to the section “Physical Manipulation and Probing” in [PP0084] ch. 6.1. The SFR FPT_PHP.3 is specified in [PP0084]. Automatic response of the TOE Application note 19 of FPT_PHP.3 requires to define the automatic response of the TOE. Definition: An automatic response of the TOE means entering a secure state of the TOE. Table 22 FDP_SDC.1 FDP_SDC.1 Stored data confidentiality Hierarchical to No other components. Dependencies No dependencies FDP_SDC.1.1 The TSF shall ensure the confidentiality of the information of the user data while it is stored in the RAM, ROM, and NVM1 . Table 23 FDP_SDI.2 FDP_SDI.2 Stored data integrity monitoring and action Hierarchical to FDP_SDI.1 Dependencies No dependencies. FDP_SDI.2.1 The TSF shall monitor user data stored in containers controlled by the TSF for EDC integrity errors2 on all objects, based on the following attributes: the corresponding EDC value with a length of at least 28 bits in the RAM, ROM, and NVM3 . FDP_SDI.2.2 Upon detection of a data integrity error, the TSF shall enter a secure state4 . 6.1.8 Leakage This chapter relates to the section “Leakage” in [PP0084] ch. 6.1. The SFRs FDP_ITT.1, FPT_ITT.1 and FDP_IFC.1 are specified in [PP0084]. 6.1.9 Application Firewall The Application Firewall allows the embedded software to execute in four security levels and to assign access conditions to the address space related to the security levels. The security levels are: • secure privilege • secure non-privilege 1 [assignment: memory area] 2 [assignment: integrity errors] 3 [assignment: user data attributes] 4 [assignment: action to be taken] Release 25 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public • non-secure privilege • non-secure non-privilege The policy allows the embedded software to enforce the following trust relationship • secure doesn’t trust non-secure independent of the privilege level • secure privilege doesn’t trust secure non-privilege • non-secure privilege doesn’t trust non-secure non-privilege 6.1.9.1 Policy definition Subjects: • Processor Objects: • Memory addresses Operations: • FETCH(x): any instruction fetch from address x • READ(x): any read access from address x • WRITE(x): any write access to address x • SG: secure gateway instruction • BNS: any of the branch to non-secure code instructions • FNC_RETURN: return from secure mode to non-secure mode • HANDLER_S: call of any secure handler code. Of specific importance for this policy are the following handlers: − MEMFAULT_S: memory fault handler in secure mode − SECFAULT: security fault handler • HANDLER_NS: call of any non-secure handler code. Of specific importance for this policy is the following handler: − MEMFAULT_NS: memory fault handler in non-secure mode • EXC_RETURN: return from handler code Security attributes for processor: • sec: Boolean attribute designating secure/non-secure with values − true: processor is in secure mode. − false: processor is non-secure mode. • handlermode: Boolean attribute designating handler / thread mode: − true: processor is in handler mode − false: processor is in thread mode Release 26 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public • nPriv_S: Boolean attribute designating privilege mode when sec = true with values. − true: processor runs in non-privilege mode. − false: processor runs in privilege mode. • nPriv_NS: Boolean attribute designating privilege mode when sec = false with values. − true: processor runs in non-privilege mode. − false: processor runs in privilege mode. Security attributes for addresses: • PO(x): Boolean attribute assigned to address x. − true: Only privilege mode has access. − false: Privilege and non-privilege mode have access. • acc(x): {N, R, RW} attribute assigned to address x. − N: no access allowed. − R: write access is declined − RW: read and write access is not declined. • sec(x): {S, NS, NSC} attribute assigned to address x. − S: secure address. − NS: non-secure address. − NSC: secure address which is callable from non-secure address. • XN(x): Boolean variable assigned to address x. − true: instruction fetch is declined. − false: instruction fetch is not declined. Definitions: • privileged := handlermode or (not nPriv_S and sec) or (not nPriv_NS and not sec) Rules: 1. FETCH(x) is declined if (sec = false and sec(x) = S ) or (sec = false and sec(x) = NSC and FETCH(x) ≠ SG) 2. READ(x) is declined if sec = false and sec(x) ≠ NS 3. WRITE(x) is declined if sec = false and sec(x) ≠ NS 4. FETCH(x) is declined if (privileged = false and PO(x) = true) Release 27 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public or (XN(x) = true) or (acc(x) = N) 5. READ(x) is declined if (privileged = false and PO(x) = true) or (acc(x) =N) 6. WRITE(x) is declined if (privileged = false and PO(x) = true) or (acc(x) ≠ RW) 7. If one of rules 1, 2, 3 apply then the SECFAULT handler will be called. 8. If one of rules 4, 5 or 6 apply but none of rules 1, 2, 3 and sec=true then MEMFAULT_S handler will be called. 9. If one of rules 4, 5 or 6 apply but none of rules 1, 2, 3 and sec=false then MEMFAULT_NS handler will be called. 10. Modification of sec to value true is only allowed for SG, FNC_RETURN, EXC_RETURN or HANDLER_S. 11. Modification of sec to value false is only allowed for BNS and EXC_RETURN. 12. Modification of nPriv_S to value false is only allowed when handlermode = true and sec = true. 13. Modification of nPriv_S to value true is only allowed when sec = true. 14. Modification of nPriv_NS to value false is only allowed when handlermode = true or (sec = true and nPriv_S = false). 15. Modification of handlermode to value true is only allowed for HANDLER_S or HANDLER_NS. 16. Modification of handlermode to value false is only allowed for EXC_RETURN. 17. Modification of nPriv_NS to value true is only allowed when privileged = true Roles for management: The parameter x designates any address. • secure AF management: privileged = true and sec = true • non-secure AF management: privileged = true 6.1.9.2 SFRs Table 24 FDP_ACC.2/AF FDP_ACC.2/AF Complete access control Hierarchical to FDP_ACC.1 Dependencies FDP_ACF.1 FDP_ACC.2.1/AF The TSF shall enforce the Application Firewall access control policy1 on subjects, objects and operations defined in 6.1.9.12 and all operations among subjects and objects covered by the SFP. FDP_ACC.2.2/AF The TSF shall ensure that all operations between any subject controlled by the TSF and any object controlled by the TSF are covered by an access control SFP. 1 [assignment: access control SFP] 2 [assignment: list of subjects and objects, and operations among subjects and objects covered by the SFP] Release 28 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public Table 25 FDP_ACF.1/AF FDP_ACF.1/AF Security attribute based access control Hierarchical to No other components. Dependencies FDP_ACC.1 FMT_MSA.3 FDP_ACF.1.1/AF The TSF shall enforce the Application Firewall access control policy1 to objects based on the following: The subjects, objects, operations and associated security attributes defined in 6.1.9.12 . FDP_ACF.1.2/AF The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: Rules defined in 6.1.9.13 . FDP_ACF.1.3/AF The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: None4 . FDP_ACF.1.4/AF The TSF shall explicitly deny access of subjects to objects based on the following additional rules: None5 . Table 26 FMT_MSA.3/AF FMT_MSA.3/AF Static attribute initialisation Hierarchical to No other components. Dependencies FMT_MSA.1 FMT_SMR.1 FMT_MSA.3.1/AF The TSF shall enforce the Application Firewall access control policy6 to provide restrictive7 default values for security attributes that are used to enforce the SFP. FMT_MSA.3.2/AF The TSF shall allow the none8 to specify alternative initial values to override the default values when an object or information is created. Note: Restrictive means that the security attributes for all addresses are sec(x) = S Table 27 FMT_MSA.1/AF/S FMT_MSA.1/AF/S Management of security attributes Hierarchical to No other components. 1 [assignment: access control SFP] 2 [assignment: list of subjects and objects controlled under the indicated SFP, and for each, the SFP-relevant security attributes, or named groups of SFP-relevant security attributes] 3 [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects] 4 [assignment: rules, based on security attributes, that explicitly authorize access of subjects to objects]. 5 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects]. 6 [assignment: access control SFP, information flow control SFP] 7 [selection, choose one of: restrictive, permissive, [assignment: other property]] 8 [assignment: the authorized identified roles] Release 29 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FMT_MSA.1/AF/S Management of security attributes Dependencies [FDP_ACC.1 or FDP_IFC.1] FMT_SMR.1 FMT_SMF.1 FMT_MSA.1.1/AF/S The TSF shall enforce the Application Firewall access control policy1 to restrict the ability to modify2 the security attributes PO(x), acc(x), sec(x), XN(x)3 to secure AF management in case sec(x) = S4 . Table 28 FMT_MSA.1/AF/NS FMT_MSA.1/AF/NS Management of security attributes Hierarchical to No other components. Dependencies [FDP_ACC.1 or FDP_IFC.1] FMT_SMR.1 FMT_SMF.1 FMT_MSA.1.1/AF/NS The TSF shall enforce the Application Firewall access control policy5 to restrict the ability to modify6 the security attributes PO(x), acc(x), XN(x)7 to secure or non-secure AF management in case sec(x) = NS8 . Table 29 FMT_SMF.1/AF FMT_SMF.1/AF Specification of management functions Hierarchical to No other components. Dependencies No dependencies. FMT_SMF.1.1/AF The TSF shall be capable of performing the following management functions: Modification of the security attributes PO(x), acc(x), sec(x), XN(x)9 . Table 30 FMT_SMR.1/AF FMT_SMR.1/AF Security Roles Hierarchical to No other components. Dependencies FIA_UID.1 FMT_SMR.1.1/AF The TSF shall maintain the roles secure AF management and non- secure AF management10 . 1 [assignment: access control SFP(s), information flow control SFP(s)] 2 [selection: change_default, query, modify, delete, [assignment: other operations]] 3 [assignment: list of security attributes] 4 [assignment: the authorized identified roles] 5 [assignment: access control SFP(s), information flow control SFP(s)] 6 [selection: change_default, query, modify, delete, [assignment: other operations]] 7 [assignment: list of security attributes] 8 [assignment: the authorized identified roles] 9 [assignment: list of management functions to be provided by the TSF] 10 [assignment: the authorised identified roles] Release 30 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FMT_SMR.1/AF Security Roles FMT_SMR.1.2/AF The TSF shall be able to associate users with roles. 6.1.10 Authentication of the Security IC The TOE shall implement the Package “Authentication of the Security IC” from [PP0084], ch. 7.2. Table 31 FIA_API.1 FIA_API.1 Authentication Proof of Identity Hierarchical to No other components. Dependencies No dependencies. FIA_API.1.1 The TSF shall provide a authentication mechanism according to [ISO9798_2] section 7.3.3, Mechanism MUT.CR-Three-pass authentication1 to prove the identity of the TOE to an external entity. Note: FIA_API is only available, if the Flash Loader is active. 6.1.11 Flash loader The TOE provides a Flash Loader to download user data into the NVM, either during production of the TOE or at customer site. This TOE shall support both Loader packages from [PP0084] section 7.3. • Package 1: Loader dedicated for usage in secured environment only • Package 2: Loader dedicated for usage by authorized users only The SFRs FDP_UCT.1 and FDP_UIT.1 are specified in [PP0084]. Table 32 FMT_LIM.1/Loader FMT_LIM.1/Loader Limited Capabilities - Loader Hierarchical to No other components. Dependencies FMT_LIM.2 FMT_LIM.1.1/Loader The TSF shall be designed and implemented in a manner that limits its capabilities so that in conjunction with “Limited availability (FMT_LIM.2)” the following policy is enforced: Deploying Loader functionality after permanent deactivation2 does not allow stored user data to be disclosed or manipulated by unauthorized user. Table 33 FMT_LIM.2/Loader FMT_LIM.2/Loader Limited availability - Loader Hierarchical to No other components. Dependencies FMT_LIM.1 FMT_LIM.2.1/Loader The TSF shall be designed in a manner that limits its availability so that in conjunction with “Limited capabilities (FMT_LIM.1)” the following 1 [assignment: authentication mechanism] 2 [assignment: action] Release 31 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FMT_LIM.2/Loader Limited availability - Loader policy is enforced: The TSF prevents deploying the Loader functionality after permanent deactivation1 . Note: The User Guidance for this TOE requires the Flash Loader to be permanently deactivated prior delivery to the end user (Phase 7). Table 34 FTP_ITC.1 FTP_ITC.1 Inter-TSF trusted channel Hierarchical to No other components. Dependencies No dependencies. FTP_ITC.1.1 The TSF shall provide a communication channel between itself and Administrator User or Download Operator User and Image Provider2 that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from modification or disclosure. FTP_ITC.1.2 The TSF shall permit another trusted IT product to initiate communication via the trusted channel. FTP_ITC.1.3 The TSF shall initiate communication via the trusted channel for deploying Loader for downloading User Data and modification of authentication keys3 . Note: The download operation is authenticated by the Administrator User or the Download Operator User but the download image may be encrypted and authenticated by a different role. This role is called the “Image Provider”. Thus, the download operation provides in effect a trusted channel between the Image Provider and the Flash Loader. Table 35 FDP_ACC.1/Loader FDP_ACC.1/Loader Subset access control - Loader Hierarchical to No other components. Dependencies FDP_ACF.1 FDP_ACC.1.1/Loader The TSF shall enforce the Loader SFP on (1) the subjects Administrator User, Download Operator User and Image Provider4 , (2) the objects user data in NVM5 , (3) the operation deployment of Loader. Table 36 FDP_ACF.1/Loader FDP_ACF.1/Loader Security attribute based access control - Loader Hierarchical to No other components. Dependencies FMT_MSA.3 1 [assignment: action] 2 [assignment: users authorized for using the Loader] 3 [assignment: rules] 4 [assignment: authorized roles for using Loader] 5 [assignment: memory areas] Release 32 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FDP_ACF.1/Loader Security attribute based access control - Loader FDP_ACF.1.1/Loader The TSF shall enforce the Loader SFP to objects based on the following: (1) the subjects Administrator User, Download Operator User and Image Provider1 with security attributes None2 . (2) the objects user data in NVM3 with security attributes None4 . FDP_ACF.1.2/Loader The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: The authenticated Administrator User or authenticated Download Operator User can replace the user data by new user data when the new user data is authorized by the Image Provider5 . FDP_ACF.1.3/Loader The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: None6 . FDP_ACF.1.4/Loader The TSF shall explicitly deny access of subjects to objects based on the following additional rules: None7 . Note: The Image provider authenticates with the flash loader implicitly by providing a correctly signed and encrypted download image. An Image provider authentication must always be preceded by an Administrator User or Download Operator User authentication. 6.1.11.1 SFRs added in this ST The following SFRs have been added to the SFRs from Flash Loader package 2 of [PP0084] in order to describe the management of the various Flash Loader authentication keys. Table 37 FMT_MTD.1/Loader FMT_MTD.1/Loader Management of TSF data Hierarchical to No other components. Dependencies FMT_SMR.1 FMT_SMF.1 FMT_MTD.1.1/Loader The TSF shall restrict the ability to modify, delete8 the Authentication keys for Administrator User, Download Operator User and Image Provider9 to Administrator User, Download Operator User10 . Note: The Administrator User can manage the keys for Administration User, Download Operator User and Image Provider. The Download Operator User can delete the key for Image Provider and Download Operator and modify keys for the Download Operator User only. 1 [assignment: authorized roles for using Loader] 2 [assignment: SFP relevant security attributes, or named groups of SFP relevant security attributes] 3 [assignment: memory areas] 4 [assignment: SFP-relevant security attributes, or named groups of SFP-relevant security attributes] 5 [assignment: rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects] 6 [assignment: rules, based on security attributes, that explicitly authorise access of subjects to objects]. 7 [assignment: rules, based on security attributes, that explicitly deny access of subjects to objects] 8 [selection: change_default, query,modify, delete, clear, [assignment: other operations]] 9 [assignment: list of TSF data] 10 [assignment: the authorised identified roles] Release 33 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public The image provider cannot modify any keys or perform authentication with the Flash Loader. It can only build encrypted and authenticated loadable images. Table 38 FMT_SMR.1/Loader FMT_SMR.1/Loader Security roles Hierarchical to No other components. Dependencies FIA_UID.1 FMT_SMR.1.1/Loader The TSF shall maintain the roles Administrator User, Download Operator User, Image Provider1 . FMT_SMR.1.2/Loader The TSF shall be able to associate users with roles. Note: Image provider is the role who maintains the key which is used to encrypt and integrity protect the download image. Table 39 FMT_SMF.1/Loader FMT_SMF.1/Loader Specification of Management Functions Hierarchical to No other components. Dependencies No dependencies. FMT_SMF.1.1/Loader The TSF shall be capable of performing the following management functions: Change Key, Invalidate Key2 . Note: “Change Key” of this SFR means the “modify” operations from SFR FMT_MTD.1/Loader, “Invalidate Key” of this SFR means the “delete” operation from SFR FMT_MTD.1/Loader. Table 40 FIA_UID.2/Loader FIA_UID.2/Loader User identification before any action Hierarchical to FIA_UID.1 Dependencies No dependencies. FIA_UID.2.1/Loader The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. 6.1.12 Crypto Suite This chapter defines the SFRs related to the optional Crypto Suite. Please note that the SFRs from this chapter are only applicable if the optional Crypto Suite is delivered. 6.1.12.1 AES This section describes AES ciphers provided by the Crypto Suite. 1 [assignment: the authorised identified roles] 2 [assignment: list of management functions to be provided by the TSF] Release 34 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public Table 41 FCS_COP.1/CS/AES/ FCS_COP.1/CS/AES/ Cryptographic operation Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/CS/AES/ The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithms] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The operations performed in this SFR are defined in the following table. Please note that is a placeholder for different SFR iterations defined in the first column. Table 42 Cryptographic table for FCS_COP.1/CS/AES/ [assignment: list of cryptographic operations] [assignment: cryptographic algorithms] [assignment: cryptographic key sizes] [assignment: list of standards] ENC encryption and decryption AES in ECB, CBC, CTR, CFB mode 128,192,256 bits [FIPS 197] [SP 800-38A] CMAC MAC generation AES CMAC mode 128,192,256 bits [FIPS 197] [SP 800-38B] CBC-MAC MAC generation AES CBC MAC mode 128,192,256 bits [FIPS 197] [ISO 9797-1] padding method 2 CCM Authenticated encryption AES CCM Mode 128,192,256 bits [FIPS 197] [SP 800-38C] GCM Authenticated encryption AES GCM Mode 128,192,256 bits [FIPS 197] [SP 800-38D] Table 43 FCS_CKM.4/CS/AES FCS_CKM.4/CS/AES Cryptographic key destruction Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4.1/CS/AES The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method overwriting or zeroing1 that meets the following: None2 . 6.1.12.2 TDES This section describes DES ciphers provided by the Crypto Suite. 1 [assignment: cryptographic key destruction method] 2 [assignment: list of standards] Release 35 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public Table 44 FCS_COP.1/CS/TDES/ FCS_COP.1/CS/TDES/ Cryptographic operation Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/CS/TDES/ The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithms] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The operations performed in this SFR are defined in the following table. Please note that is a placeholder for different SFR iterations defined in the first column. Table 45 Cryptographic table for FCS_COP.1/CS/TDES/ [assignment: list of cryptographic operations] [assignment: cryptographic algorithms] [assignment: cryptographic key sizes] [assignment: list of standards] ENC encryption and decryption TDES ECB, CBC, CTR mode 112, 168 bits [SP 800-67] [SP 800-38A] R-MAC MAC calculation TDES Retail MAC 112 bits [SP 800-67] [ISO 9797-1] CBC-MAC MAC calculation TDES CBC MAC 112, 168 bits [SP 800-67] [ISO 9797-1] padding method 2 Table 46 FCS_CKM.4/CS/TDES FCS_CKM.4/CS/TDES Cryptographic key destruction Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4.1/CS/TDES The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method overwriting or zeroing1 that meets the following: None2 . 6.1.12.3 HMAC This section describes HMAC algorithms provided by the Crypto Suite. Table 47 FCS_COP.1/CS/HMAC/ FCS_COP.1/CS/HMAC/ Cryptographic operation Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 1 [assignment: cryptographic key destruction method] 2 [assignment: list of standards] Release 36 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FCS_COP.1/CS/HMAC/ Cryptographic operation FCS_COP.1.1/CS/HMAC/ The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithms] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The operations performed in this SFR are defined in the following table. Please note that is a placeholder for different SFR iterations defined in the first column. Table 48 Cryptographic table for FCS_COP.1/CS/HMAC/ [assignment: list of cryptographic operations] [assignment: cryptographic algorithms] [assignment: cryptographic key sizes] [assignment: list of standards] SHA HMAC calculation HMAC with SHA-1, SHA256, SHA384, SHA512 160, 256, 384, 512 bits [FIPS 180-4] [FIPS 198-1] 6.1.12.4 FFC This section describes Finite Field algorithms provided by the Crypto Suite. Table 49 FCS_COP.1/CS/FFC/ FCS_COP.1/CS/FFC/ Cryptographic operation Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/CS/FFC/ The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithms] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The operations performed in this SFR are defined in the following table. Please note that is a placeholder for different SFR iterations defined in the first column. Table 50 Cryptographic table for FCS_COP.1/CS/FFC/ [assignment: list of cryptographic operations] [assignment: cryptographic algorithms] [assignment: cryptographic key sizes] [assignment: list of standards] DH key agreement Finite field Diffie- Hellman 1024-2048 bits [PKCS#3], ch 7.2 Release 37 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public 6.1.12.5 RSA This section describes RSA related algorithms provided by the Crypto Suite. Table 51 FCS_COP.1/CS/RSA/ FCS_COP.1/CS/RSA/ Cryptographic operation Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/CS/RSA/ The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithms] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The operations performed in this SFR are defined in the following table. Please note that is a placeholder for different SFR iterations defined in the first column. Table 52 Cryptographic table for FCS_COP.1/CS/RSA/ [assignment: list of cryptographic operations] [assignment: cryptographic algorithms] [assignment: cryptographic key sizes] [assignment: list of standards] ENC encryption RSAEP 1024-4224 bits [PKCS#1], ch. 5.1.1 DEC decryption RSADP 1024-2112 bits [PKCS#1], ch. 5.1.2, 2a DEC_CRT decryption RSADP(CRT) 1024-4224 bits [PKCS#1], ch. 5.1.2, 2b SIG signature generation RSASP1 1024-2112 bits [PKCS#1], ch. 5.2.1, 2a SIG_CRT signature generation RSASP1(CRT) 1024-4224 bits [PKCS#1], ch. 5.2.1, 2b VER signature verification RSAVP1 1024-4224 bits [PKCS#1], ch. 5.2.2 Note: SIG, SIG_CRT and VER do not include padding of the input message. Table 53 FCS_CKM.1/CS/RSA/ FCS_CKM.1/CS/RSA/ Cryptographic key generation Hierarchical to No other components. Dependencies [FCS_CKM.2 or FCS_COP.1] FCS_CKM.4 FCS_CKM.1.1/CS/RSA/ The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm [assignment: cryptographic key generation algorithm] and specified cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. Release 38 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public The operations performed in this SFR are defined in the following table. Please note that is a placeholder for different SFR iterations defined in the first column. Table 54 Cryptographic table for FCS_CKM.1/CS/RSA/ [assignment: cryptographic key generation algorithm] [assignment: cryptographic key sizes] [assignment: list of standards] PRIMES generate probably random primes p and q 512-2064 bits [FIPS 186-4], B.3.3 w/o Step 1 [FIPS 186-5], A.1.3 w/o Step 1 EXP generate RSA (N, d) parameters from p, q 1024-2112 bits [FIPS 186-4], B.3.1 [PKCS#1], 3.1, 3.2(1) [FIPS 186-5], A.1.1 CRT generate RSA CRT parameters from p, q 1024-4224 bits [FIPS 186-4], B.3.1 [FIPS 186-5], A.1.1 [PKCS#1], 3.1, 3.2(2) MR Miller-Rabin primality test 512-2064 bits [FIPS 186-4], ch. C.3.1 [FIPS 186-5], B.3.1 EMR Enhanced Miller–Rabin primality test 512-2064 bits [FIPS 186-4], ch. C.3.2 [FIPS 186-5], ch. B.3.2 Note: The key size in PRIMES, MR and EMR are related to each individual prime of the resulting RSA key. This means, the resulting RSA key n = p*q can have key size between 1024 and 4128 bits. Note: PRIMES is only conformant to [FIPS 186-4], B.3.3 for prime Bitlength >= 1024; in case prime Bitlength < 1024 identical algorithm is used, but considered proprietary) Note: PRIMES is only conformant to [FIPS 186-5], A.1.3 for prime Bitlength >= 2048; in case prime Bitlength < 2048 identical algorithm is used but considered proprietary. Note: EXP generates N and d by two different API calls. The primes p, q must be calculated with the PRIMES algorithm. Note: CRT does not explicitly generate d as described in [FIPS 186-4], B.3.1, but instead generates the CRT representation of d as described in [PKCS#1], 3.2(2). The primes p, q must be calculated with the PRIMES algorithm Note: CRT does not explicitly generate d as described in [FIPS 186-5], A.1.1, but instead generates the CRT representation of d as described in [PKCS#1], 3.2(2). The primes p, q must be calculated with the PRIMES algorithm. Note: The listed algorithms are cryptographic primitives which can be used by the composite TOE to generate RSA keys. The embedded application must implement the complete RSA key generation. 6.1.12.6 ECC This section describes ECC related algorithms provided by the Crypto Suite. Release 39 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public Table 55 FCS_COP.1/CS/ECC/ FCS_COP.1/CS/ECC/ Cryptographic operation Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/CS/ECC/ The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithms] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The operations performed in this SFR are defined in the following table. Please note that is a placeholder for different SFR iterations defined in the first column. Table 56 Cryptographic table for FCS_COP.1/CS/ECC/ [assignment: list of cryptographic operations] [assignment: cryptographic algorithms] [assignment: cryptographic key sizes] [assignment: list of standards] ECDSA_SIG EC signature generation ECDSA 160-521 bits [FIPS 186-4], ch. 6.4 [FIPS 186-5], ch. 6.4.1 ECDSA_VER EC signature verification ECDSA 160-521 bits [FIPS 186-4], ch. 6.4 [FIPS 186-5], ch. 6.4.2 ECDH key agreement ECDH 160-521 bits [SP 800-56A], ch. 5.7.1.2 without cofactor multiplication PACE_IM PACE integrated mapping PACE integrated mapping 160-521 bits [ICAO], Appendix B.2 Note: The ECDSA_SIG and ECDSA_VER operations will not perform a hash calculation of the input message. Note: The ECDH operation returns the y-coordinate in addition to the x-coordinate. Note: The ECDH operation does not perform cofactor multiplication. In case of curves with cofactor > 1, the embedded software must provide appropriate means to prevent the small subgroup attacks. The following table lists the certified elliptic curves. Please note that the Crypto Suite supports any curve in short Weierstrass form up to 521 bits. Table 57 Certified elliptic curves Curve Reference NIST curves over prime fields [FIPS 186-5] Brainpool curves [RFC 5639] Koblitz secp256k1 [SEC2] ANSII FRP256V1 [ANSSI] Release 40 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public Curve Reference BN P256 [ISO15946], clause 7.3 W-25519 [SP 800-186] Table 58 FCS_CKM.1/CS/ECC FCS_CKM.1/CS/ECC Cryptographic key generation Hierarchical to No other components. Dependencies FCS_CKM.2 or FCS_COP.1] FCS_CKM.4 FCS_CKM.1.1/CS/ECC The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm EC key generation1 and specified cryptographic key sizes of 160-521 bits2 that meet the following: [FIPS 186-4], B.4.1 or [FIPS 186-5], A.2.1 3 . 6.1.12.7 Hash This section describes hash related algorithms provided by the Crypto Suite. Table 59 FCS_COP.1/CS/Hash/ FCS_COP.1/CS/Hash/ Cryptographic operation Hierarchical to No other components. Dependencies [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] FCS_CKM.4 FCS_COP.1.1/CS/Hash/ The TSF shall perform [assignment: list of cryptographic operations] in accordance with a specified cryptographic algorithm [assignment: cryptographic algorithms] and cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards]. The operations performed in this SFR are defined in the following table. Please note that is a placeholder for different SFR iterations defined in the first column. Table 60 Cryptographic table for FCS_COP.1/CS/Hash/ [assignment: list of cryptographic operations] [assignment: cryptographic algorithms] [assignment: cryptographic key sizes] [assignment: list of standards] SHA1 Hash digest SHA-1 none [FIPS 180-4] 1 [assignment: cryptographic key generation algorithm] 2 [assignment: cryptographic key sizes] 3 [assignment: list of standards] Release 41 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public [assignment: list of cryptographic operations] [assignment: cryptographic algorithms] [assignment: cryptographic key sizes] [assignment: list of standards] SHA2 Hash digest SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256 none [FIPS 180-4] 6.1.12.8 Random This section describes random number generation provided by the Crypto Suite. Table 61 FCS_RNG.1/CS/PTG2 FCS_RNG.1/CS/PTG2 Random Number Generation Hierarchical to No other components. Dependencies No dependencies. FCS_RNG.1.1/CS/PTG2 The TSF shall provide a physical random number generator that implements: (PTG.2.1) A total failure test detects a total failure of entropy source immediately when the RNG has started. When a total failure is detected, no random numbers will be output. (PTG.2.2) If a total failure of the entropy source occurs while the RNG is being operated, the RNG prevents the output of any internal random number that depends on some raw random numbers that have been generated after the total failure of the entropy source1 . (PTG.2.3) The online test shall detect non-tolerable statistical defects of the raw random number sequence (i) immediately when the RNG has started, and (ii) while the RNG is being operated. The TSF must not output any random numbers before the power-up online test has finished successfully or when a defect has been detected. (PTG.2.4) The online test procedure shall be effective to detect non- tolerable weaknesses of the random numbers soon. (PTG.2.5) The online test procedure checks the quality of the raw random number sequence. It is triggered continuously2 . The online test is suitable for detecting non-tolerable statistical defects of the statistical properties of the raw random numbers within an acceptable period of time. FCS_RNG.1.2/CS/PTG2 The TSF shall provide 32-bit numbers3 that meet (PTG.2.6) Test procedure A (None)4 does not distinguish the internal random numbers from output sequences of an ideal RNG. 1 [selection: prevents the output of any internal random number that depends on some raw random numbers that have been generated after the total failure of the entropy source, generates the internal random numbers with a post-processing algorithm of class DRG.2 as long as its internal state entropy guarantees the claimed output entropy] 2 [selection: externally, at regular intervals, continuously, applied upon specified internal events] 3 [selection: bits, octets of bits, numbers [assignment: format of the numbers]] 4 [assignment: additional standard test suites] Release 42 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FCS_RNG.1/CS/PTG2 Random Number Generation (PTG.2.7) The average Shannon entropy per internal random bit exceeds 0.997. Note: The PTG.2 API provided by the Crypto Suite is only a wrapper to the hardware-provided PTG.2 defined in section 6.1.1. Table 62 FCS_RNG.1/CS/PTG3 FCS_RNG.1/CS/PTG3 Random number generation Hierarchical to No other components. Dependencies No dependencies. FCS_RNG.1.1/CS/PTG3 The TSF shall provide a hybrid physical random number generator that implements: (PTG.3.1) A total failure test detects a total failure of entropy source immediately when the RNG has started. When a total failure is detected, no random numbers will be output. (PTG.3.2) If a total failure of the entropy source occurs while the RNG is being operated, the RNG prevents the output of any internal random number that depends on some raw random numbers that have been generated after the total failure of the entropy source1 . (PTG.3.3) The online test shall detect non-tolerable statistical defects of the raw random number sequence (i) immediately when the RNG has started, and (ii) while the RNG is being operated. The TSF must not output any random numbers before the power-up online test and the seeding of the DRG.3 post-processing algorithm have been finished successfully or when a defect has been detected. (PTG.3.4) The online test procedure shall be effective to detect non- tolerable weaknesses of the random numbers soon. (PTG.3.5) The online test procedure checks the raw random number sequence. It is triggered continuously2 . The online test is suitable for detecting non-tolerable statistical defects of the statistical properties of the raw random numbers within an acceptable period of time. (PTG.3.6) The algorithmic post-processing algorithm belongs to Class DRG.3 with cryptographic state transition function and cryptographic output function, and the output data rate of the post-processing algorithm shall not exceed its input data rate. FCS_RNG.1.2/CS/PTG3 The TSF shall provide numbers in 32-bit packets3 that meet: (PTG.3.7) Statistical test suites cannot practically distinguish the internal random numbers from output sequences of an ideal RNG. The internal random numbers must pass test procedure A (none)4 . 1 [selection: prevents the output of any internal random number that depends on some raw random numbers that have been generated after the total failure of the entropy source, generates the internal random numbers with a post-processing algorithm of class DRG.2 as long as its internal state entropy guarantees the claimed output entropy] 2 [selection: externally, at regular intervals, continuously, upon specified internal events] 3 [selection: bits, octets of bits, numbers [assignment: format of the numbers]] 4 [assignment: additional test suites] Release 43 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FCS_RNG.1/CS/PTG3 Random number generation (PTG.3.8) The internal random numbers shall use PTRNG of class PTG.2 as random source for the post processing1 . Table 63 FCS_RNG.1/CS/DRG3 FCS_RNG.1/CS/DRG3 Random number generation Hierarchical to No other components. Dependencies No dependencies. FCS_RNG.1.1/CS/DRG3 The TSF shall provide a deterministic random number generator that implements: (DRG.3.1) If initialized with a random seed using a PTRNG of class PTG.2 as random source2 , the internal state of the RNG shall have at least 100 bit of entropy3 . (DRG.3.2) The RNG provides forward secrecy. (DRG.3.3) The RNG provides backward secrecy even if the current internal state is known. FCS_RNG.1.2/CS/DRG3 The TSF shall provide numbers that meet: (DRG.3.4) The RNG, initialized with a random seed, where the seed has at least 100 bit of entropy and is derived by a PTG.2 certified PTRNG4 generates output for which 2^485 strings of bit length 128 are mutually different with probability that is greater than 1 – 2^(-24)6 (DRG.3.5) Statistical test suites cannot practically distinguish the random numbers from the output sequences of an ideal RNG. The random numbers must pass test procedure A and the U.S. National Institute of Standards and Technology (NIST) test suite for RNGs used for cryptographic purposes [SP 800-22]7 . Table 64 FCS_RNG.1/CS/DRG4 FCS_RNG.1/CS/DRG4 Random number generation Hierarchical to No other components. Dependencies No dependencies. FCS_RNG.1.1/CS/DRG4 The TSF shall provide a hybrid deterministic random number generator that implements: 1 [selection: use PTRNG of class PTG.2 as random source for the post-processing, have [assignment: work factor], require [assignment: guess work]] 2 [selection: using a PTRNG of class PTG.2 as random source, using a PTRNG of class PTG.3 as random source, using an NPTRNG of class NTG.1 [assignment: other requirements for seeding]] 3 [selection: have [assignment: amount of entropy], have [assignment: work factor], require [assignment: guess work]] 4 [assignment: requirements for seeding] 5 [assignment: number of strings] 6 [assignment: probability] 7 [assignment: probability] Release 44 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public FCS_RNG.1/CS/DRG4 Random number generation (DRG.4.1) The internal state of the RNG shall use PTRNG of class PTG.2 as random source1 . (DRG.4.2) The RNG provides forward secrecy. (DRG.4.3) The RNG provides backward secrecy even if the current internal state is known. (DRG.4.4) The RNG provides enhanced forward secrecy on demand2 . (DRG.4.5) The internal state of the RNG is seeded by an PTRNG of class PTG.23 . FCS_RNG.1.2/CS/DRG4 The TSF shall provide numbers that meet: (DRG.4.6) The RNG generates output for which 2^484 strings of bit length 128 are mutually different with probability that is greater than 1 – 2^(-24)5 . (DRG.4.7) Statistical test suites cannot practically distinguish the random numbers from the output sequences of an ideal RNG. The random numbers must pass test procedure A and the U.S. National Institute of Standards and Technology (NIST) test suite for RNGs used for cryptographic purposes [SP 800-22]6 . 6.2 Security assurance requirements In the following Table 65, the security assurance requirements and compliance rationale for augmented refinements are given. Table 65 SAR list and refinements SAR Refinement ADV_ARC.1 Refined in [PP0084] ADV_FSP.5 The refinement of ADV_FSP.4 from [PP0084] can also be applied to the assurance level EAL 6 comprising ADV_FSP.5. The assurance component ADV_FSP.4 is extended to ADV_FSP.5 with aspects regarding the level of description. ADV_FSP.5 requires a semi-formal description in addition. The refinement is still valid. ADV_IMP.2 The refinement of ADV_IMP.1 in [PP0084] requires the evaluator to check for completeness. In case of ADV_IMP.2 the entire implementation representation has to be provided anyhow. A check for completeness is also applicable in case the entire implementation representation is provided. ADV_INT.3 No refinement ADV_TDS.5 No refinement ADV_SPM.1 No refinement AGD_OPE.1 Refined in [PP0084] 1 [selection: use PTRNG of class PTG.2 as random source, have [assignment: work factor], require [assignment: guess work]] 2 [selection: on demand, on condition [assignment: condition], after [assignment: time]] 3 [selection: internal entropy source, PTRNG of class PTG.2, PTRNG of class PTG.3, [other selection]] 4 [selection: internal entropy source, PTRNG of class PTG.2, PTRNG of class PTG.3, [other selection]] 5 [assignment: probability] 6 [assignment: additional test suites] Release 45 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public SAR Refinement AGD_PRE.1 Refined in [PP0084] ALC_CMC.5 The refinement of ALC_CMC.4 from [PP0084] details how configuration management has to be also applied to production. This is also applicable for ALC_CMC.5. ALC_CMC.5 is not specifically focused on production. ALC_CMS.5 The refinement of ALC_CMS.4 from [PP0084] can also be applied to the assurance level EAL 6 comprising ALC_CMS.5. The assurance package ALC_CMS.4 is extended to ALC_CMS.5 with aspects regarding the configuration control system for the TOE. The refinement is still valid. ALC_DEL.1 Refined in [PP0084] ALC_DVS.2 Refined in [PP0084] ALC_FLR.1 No refinement ALC_LCD.1 No refinement ALC_TAT.3 No refinement ASE_CCL.1 No refinement ASE_ECD.1 No refinement ASE_INT.1 No refinement ASE_OBJ.2 No refinement ASE_REQ.2 No refinement ASE_SPD.1 No refinement ASE_TSS.1 No refinement ATE_COV.3 The refinement of ATE_COV.2 in [PP0084] clarifies how to deal with testing of security mechanisms for physical protection. It further requests the TOE to be tested under different operating conditions. These refinements are also applicable for ATE_COV.3, which requires complete TSFI coverage. ATE_DPT.3 No refinement ATE_FUN.2 No refinement ATE_IND.2 No refinement AVA_VAN.5 Refined in [PP0084] 6.2.1 Security Policy Model (SPM) details [CC3] requires in ADV_SPM.1.1D to define the not modelled SFRs. The rational for the excluded SFRs are as follows: • SFRs for cryptographic services are not modelled by convention • SFRs for physical functions cannot be logically modelled • SFRs for internal functions have no visible logical interface The developer shall provide a formal security policy model for the SFRs of this ST with the exception of the SFRs from the following table1 . 1 [assignment: list of policies that are formally modelled] Release 46 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public Table 66 SFRs excluded from SPM SFR Reason for exclusion FCS_RNG.1/* cryptographic services FCS_COP.1/* cryptographic services FCS_CKM.1/* cryptographic services FCS_CKM.4/* cryptographic services FPT_TST.1 physical function FRU_FLT.2 physical function FPT_FLS.1 physical function FPT_PHP.3 physical function FDP_SDC.1 physical function FDP_ITT.1 internal function FPT_ITT.1 Internal function FDP_IFC.1 Internal function Note: A star “*” means all iterations of that SFR 6.3 Security requirements rationale 6.3.1 Rationale for the Security Functional Requirements The security requirements rationale identifies the modifications and additions made to the rationale presented in [PP0084]. 6.3.1.1 Additional SFRs related to O.Firewall Table 67 Rationale for SFRs related to O.Firewall SFR Rationale FDP_ACC.2/AF The SFR with the respective SFP require the implementation of an area- based memory access control. FDP_ACF.1/AF The SFR allows the TSF to enforce access to objects within the respective SFP based on security attributes and defines these attributes and defines the rules based on these attributes that enable explicit decisions. FMT_MSA.3/AF The SFR requires that the TOE provides default values for the security attributes used in the SFP. Because the TOE is a hardware platform, these default values are generated by the reset procedure. FMT_MSA.1/AF/S The SFR requires that authorized users can manage TSF attributes. It ensures that the access control attributes associated to secure addresses can be managed only by code running in secure and privilege mode. FMT_MSA.1/AF/NS The SFR requires that authorized users can manage TSF attributes. It ensures that the access control attributes associated to non-secure addresses can be managed by code running in secure or non-secure privilege mode. Release 47 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public SFR Rationale FMT_SMF.1/AF The SFR is used for the specification of the management functions to be provided by the TOE. Being a hardware platform, the TOE allows the management of the security attributes by making the hardware registers accessible to software to enable modification. FMT_SMR.1/AF This SFR defines the roles used for management of the security attributes. The roles are defined by the security attribute of the fetch address of the CPU instruction. 6.3.1.2 Additional SFRs related to O.Ctrl_Auth_Loader Table 68 Rationale for additional SFRs related to O.Ctrl_Auth_Loader SFR Rationale FMT_MTD.1/Loader This SFR requires that the TOE provides management functions for modification and deletion of authentication keys. FMT_SMR.1/Loader This SFR requires that the roles to management keys are defined FMT_SMF.1/Loader This SFR requires that the key management functions are defined FIA_UID.2/Loader This SFR requires that management functions can only be executed by authorized roles. 6.3.1.3 Additional SFRs related to O.Phys-Manipulation The FPT_TST.1 component allows that particular parts of the security mechanisms and functions provided by the TOE can be tested after TOE delivery. This feature is important to detect direct physical manipulations by a FIB device in order to disable the alarm system of the chip. 6.3.1.4 Additional SFRs related to O.AES The optional Crypto Suite provides the AES chaining modes ECB, CTR, CBC, CFB, CMAC, CBC-MAC, CCM and GCM modes. The associated SFRs are defined in chapter 6.1.12.1. 6.3.1.5 Additional SFRs related to O.TDES The optional Crypto Suite provides the DES/TDES chaining modes ECB, CTR, CBC, CBC-MAC and Retail-MAC. The associated SFRs are defined in chapter 6.1.12.2. 6.3.1.6 Additional SFRs related to O.HMAC The optional Crypto Suite provides the HMAC calculation. The associated SFR are defined in chapter 6.1.12.3 6.3.1.7 Additional SFRs related to O.FFC The optional Crypto Suite provides Finite Field cryptographic services. The associated SFRs are defined in chapter 6.1.12.4. 6.3.1.8 Additional SFRs related to O.RSA The optional Crypto Suite provides RSA functions. The associated SFRs are defined in chapter 6.1.12.5. Release 48 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public 6.3.1.9 Additional SFRs related to O.ECC The optional Crypto Suite provides ECC functions. The associated SFRs are defined in chapter 6.1.12.6. 6.3.1.10 Additional SFRs related to O.Hash The optional Crypto Suite provides Hash functions. The associated SFRs are defined in chapter 6.1.12.7. 6.3.1.11 Additional SFRs related to O.RND The optional Crypto Suite provides random functions. The associated SFRs are defined in chapter 6.1.12.8. 6.3.1.12 Additional SFRs related to O.MISE Appnotes show how to efficiently implement cryptographic functions with the MISE instructions. The associated SFRs are defined in chapter 6.1.3. 6.3.2 Dependencies of Security Functional Requirements The dependencies of the SFRs which are defined in [PP0084] are resolved in [PP0084], ch. 6.3.2. The following table lists the dependencies of the additional SFRs which are defined in this ST. Table 69 Dependencies of SFRs SFR Dependencies Rationale FDP_ACC.2/AF FDP_ACF.1 Fulfilled by FDP_ACF.1/AF FDP_ACF.1/AF FDP_ACC.1 Fulfilled by FDP_ACC.2/AF, which is hierarchically higher FMT_MSA.3/AF FMT_MSA.1 Fulfilled by FMT_MSA.1/AF/S and FMT_MSA.1/AF/NS FMT_SMR.1 Fulfilled by FMT_SMF.1/AF FMT_MSA.1/AF/S FMT_MSA.1/AF/NS FDP_ACC.1 or FDP_IFC.1 Fulfilled by FDP_ACC.2/AF, which is hierarchically higher FMT_SMR.1 Fulfilled by FMT_SMF.1/AF FMT_SMF.1 Fulfilled by FMT_SMF.1/AF FMT_SMR.1 Fulfilled by FMT_SMF.1/AF FMT_SMF.1 Fulfilled by FMT_SMF.1/AF FMT_SMR.1/AF FIA_UID.1 The dependency is satisfied, because the role is identified by the execution context of the processor. FMT_SMF.1/AF None No dependency FDP_ACC.1/Loader FDP_ACF.1 Fulfilled by FDP_ACF.1/Loader FDP_ACF.1/Loader FMT_MSA.3 Not applicable, because there are no security attributes defined FMT_MTD.1/Loader FMT_SMR.1 Fulfilled by FMT_SMR.1/Loader FMT_SMF.1 Fulfilled by FMT_SMF.1/Loader FMT_SMR.1/Loader FIA_UID.1 Fulfilled by FIA_UID.2/Loader FMT_SMF.1/Loader None No dependency FIA_UID.2/Loader None No dependency FPT_TST.1 None No dependency FCS_COP.1/AES FCS_CKM.4 Fulfilled by FCS_CKM.4 Release 49 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public SFR Dependencies Rationale [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate symmetric keys. This will be done by the embedded software for the composite TOE. FCS_CKM.4 [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate or import symmetric keys. This will be done by the embedded software for the composite TOE. FCS_COP.1/SHA2 FCS_CKM.4 n/A, as a hash function does not use keys. [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] n/A, as a hash function does not use keys. FCS_COP.1/ASCON FCS_CKM.4 The TOE does not provide services to destroy symmetric ASCON keys. This will be done by the embedded software for the composite TOE. [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate symmetric keys. This will be done by the embedded software for the composite TOE. FCS_COP.1/CS/AES/ FCS_CKM.4 Fulfilled by FCS_CKM.4/CS/AES [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate or import symmetric keys. This will be done by the embedded software for the composite TOE. FCS_CKM.4/CS/AES [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate or import symmetric keys. This will be done by the embedded software for the composite TOE. FCS_COP.1/CS/TDES/ FCS_CKM.4 Fulfilled by FCS_CKM.4/CS/TDES [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate or import symmetric keys. This will be done by the embedded software for the composite TOE. FCS_CKM.4/CS/TDES [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate or import symmetric keys. This will be done by the embedded software for the composite TOE. FCS_COP.1/CS/FFC/ FCS_CKM.4 The TOE does not provide services to destroy FFC keys. This will be done by the embedded software for the composite TOE. [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate or import FFC keys. This will be done by the embedded software for the composite TOE. FCS_COP.1/CS/RSA/ FCS_CKM.4 The TOE does not provide services to destroy RSA keys. This will be done by the embedded software for the composite TOE. [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] Fulfilled by FCS_CKM.1/CS/RSA/ FCS_CKM.1/CS/RSA/ FCS_CKM.2 or FCS_COP.1] Fulfilled by FCS_COP.1/CS/RSA/ Release 50 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Security Requirements (ASE_REQ) public SFR Dependencies Rationale FCS_CKM.4 The TOE does not provide services to destroy RSA keys. This will be done by the embedded software for the composite TOE. FCS_COP.1/CS/ECC/ FCS_CKM.4 The TOE does not provide services to destroy ECC keys. This will be done by the embedded software for the composite TOE. [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] Fulfilled by FCS_CKM.1/CS/ECC/ FCS_CKM.1/CS/ECC/ FCS_CKM.2 or FCS_COP.1] Fulfilled by FCS_COP.1/CS/ECC/ FCS_CKM.4 The TOE does not provide services to destroy ECC keys. This will be done by the embedded software for the composite TOE FCS_COP.1/CS/Hash/ FCS_CKM.4 n/A, as a hash function does not use keys. [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] n/A, as a hash function does not use keys. FCS_COP.1/CS/HMAC/ FCS_CKM.4 The TOE does not provide services to destroy HMAC keys. This will be done by the embedded software for the composite TOE. [FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1] The TOE does not provide services to generate or import HMAC keys. This will be done by the embedded software for the composite TOE. FCS_RNG.1/CS/PTG2 None No dependency FCS_RNG.1/CS/PTG3 None No dependency FCS_RNG.1/CS/DRG3 None No dependency FCS_RNG.1/CS/DRG4 None No dependency 6.3.3 Rationale of the Assurance Requirements The TOE is a typical security IC as defined in [PP0084]. The rationale for EAL level and augmentation is as follows. An assurance level EAL6 with the augmentations ALC_FLR.1 is required for this type of TOE since it is intended to defend against highly sophisticated attacks without a protective environment. This evaluation assurance package was selected to permit a developer to gain maximum assurance from positive security engineering based on good commercial practices. In order to provide a meaningful level of assurance that the TOE provides an adequate level of defence against such attacks, the evaluators should have access to all information regarding the TOE including the TSF internals, the low level design and source code including the testing of the modular design. Additionally the mandatory technical document [JIL] shall be taken as a basis for the vulnerability analysis of the TOE. Release 51 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 TOE Summary Specification (ASE_TSS) public 7 TOE Summary Specification (ASE_TSS) The product overview is given in section 1.3.1. The Security Features are described below and the relation to the security functional requirements is shown. The TOE is equipped with the following security features to meet the security functional requirements: Table 70 TOE Security Features Security Feature Description SF_DPM Device Phase Management SF_PS Protection against Snooping SF_PMA Protection against Modification Attacks SF_PLA Protection against Logical Attacks SF_HC Hardware provided Cryptography SF_CS Crypto Suite Services 7.1 SF_DPM: Device Phase Management The life cycle of the TOE is split up into several phases (see [PP0084], ch. 1.2.3). Chip development and production (phase 2, 3, 4) and final use (phases 4-7) is a rough split-up from the TOE point of view. These phases are implemented in the TOE as test mode (phase 3) and user mode (phases 4-7). In addition a chip identification mode exists which is active in all phases. The chip identification data (O.Identification) is stored in a non-modifiable configuration page area of the non-volatile memory. Further TOE configuration data is stored in the same area. In addition, user initialization data can be stored in the NVM during the production phase as well. During this first data programming, the TOE is still in the secured environment and in test mode. The covered security functional requirement is FAU_SAS.1 “Audit storage”. During start-up of the TOE the decision for one of the various operation modes is taken dependent on phase identifiers. The decision of accessing a certain mode is defined as phase entry protection. The phases follow also a defined and protected sequence. The sequence of the phases is protected by means of authentication. The covered security functional requirements are FMT_LIM.1 and FMT_LIM.2. During the production phase (phase 3 and 4) or after the delivery to the customer (phase 5 or phase 6), the TOE provides the possibility to download a user specific encryption key and user code and data into the empty (erased) NVM area as specified by the associated control information of the Flash Loader software. Alternatively in case the user has ordered TOE derivatives without Flash Loader, software download by the user (phase 5 or phase 6) is disabled and all user data of the embedded software is stored on the TOE at Infineon premises. In case the user has ordered the TOE derivatives with Flash Loader enabled, the Flash Loader may either be received in a way, which requires an authentic Pinletter and authentication afterwards, or it may be received in a state, which immediately requires successful mutual authentication. The Pinletter process can exchange the default authentication key. Successful authentication is required before being able to use the download functionality of the Flash Loader. Once authenticated, the functionality to exchange the Flash Loader keys depending on the user’s identity is enabled. One of the keys, which can be exchanged is the Image Provider key. This key is used to decrypt and verify the integrity protected and encrypted download image. The authenticated user may also invalidate authentication keys depending on the user’s identity. After finishing the download operation, the Flash Loader has to be permanently deactivated prior delivery to the end user, so that no further load operation with the Flash Loader is possible. The Flash Loader uses AES CCM mode [SP 800-38C] for encryption and integrity protection of payload and for authentication. For key usage diversification, the Flash Loader uses key derivation according to [SP 800-108]. Release 52 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 TOE Summary Specification (ASE_TSS) public The covered security functional requirements are FMT_LIM.1/Loader, FMT_LIM.2/Loader, FTP_ITC.1, FDP_UCT.1, FDP_UIT.1, FDP_ACC.1/Loader, FDP_ACF.1/Loader, FMT_MTD.1/Loader, FMT_SMR.1/Loader, FMT_SMF.1/Loader, FIA_UID.2/Loader and FIA_API.1. Note that the SFRs FTP_ITC.1, FDP_UCT.1, FDP_UIT.1, FDP_ACC.1/Loader, FDP_ACF.1/Loader, FMT_MTD.1/Loader, FMT_SMR.1/Loader, FMT_SMF.1/Loader, FIA_UID.2/Loader and FIA_API.1 are only part of the TOE if the flash loader is active. Each operation phase is protected by means of authentication and encryption. The covered security functional requirements are FDP_ITT.1 and FPT_ITT.1. 7.2 SF_PS: Protection against Snooping All contents of the memories RAM, ROM and NVM of the TOE are encrypted on chip to protect them against data analysis. The encryption of the memory content is done by the MCICE using a proprietary cryptographic algorithm. A complex key management and address scrambling provides protection against cryptographic analysis attacks. All security relevant transfers via the peripheral bus are dynamically masked and thus protected against readout and analysis. Leakage of data dependent code execution can be reduced by employing specific hardware features. In addition, the Masked Instruction Set Extension (MISE) coprocessor provides an Armv8-M Custom Data path Extension (CDE) with side-channel improved (masked) variants of common 32-bit instructions. This will provide additional means for the embedded software to minimize side channel leakage. The covered security functional requirements are FDP_SDC.1, FDP_IFC.1, FPT_PHP.3, FPT_ITT.1, FPT_FLS.1 and FDP_ITT.1. Most components of the design are synthesized to disguise allocation of elements to certain modules of the IC. Physical regularity of the logic functions is thereby removed. The covered security functional requirement is FPT_PHP.3. A further protective design method used is security optimized wiring. Certain security-critical wires have been identified and protected by special routing measures against probing. Additionally specific signal lines, required to operate the device, are embedded into shield lines of the chip to prevent successful probing. The covered security functional requirements are FPT_PHP.3, FPT_ITT.1, FDP_ITT.1 and FDP_IFC.1. A low system frequency sensor FSE is implemented to prevent the TOE from single stepping. The sensor is tested by the User Mode Security Life Control UMSLC. The UMSLC library provides some wrapper functionality around the UMSLC hardware part containing measures against fault attacks. The covered security functional requirements are FPT_PHP.3 and FPT_FLS.1. 7.3 SF_PMA: Protection against Modifying Attacks The TOE has implemented a dual CPU running in lockstep mode and registers protected with 32 bit EDC. This mechanism reliably detects attacks on the code flow and data processed by the CPU. In the case of a detected attack, the TOE enters the secure state. The TOE is equipped with a 28 bit EDC in RAM, a 28 bit EDC in NVM and a 32 bit EDC in ROM, which is realized in the MCICE peripheral. The EDC detects detect single- and multi-bit errors. In the case of an EDC error, the TOE enters the secure state. The covered security functional requirements are FRU_FLT.2, FPT_PHP.3 and FDP_SDI.2. A life test on internal security features is provided – it is called User Mode Security Life Control (UMSLC), which checks alarm lines for correct operation. This test can be triggered by user software during normal operation or via the UMSLC lib. If physical manipulation or a physical probing attack is detected, the TOE enters the secure Release 53 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 TOE Summary Specification (ASE_TSS) public state (as defined in chapter 6.1.5). To further decrease the risk of manipulation and tampering of the detection system a redundant alarm propagation and system deactivation is provided. The covered security functional requirements are FPT_FLS.1, FPT_PHP.3 and FPT_TST.1 The Instruction Stream Signature Checking (ISS) calculates a hash over all executed instructions and automatically checks the correctness of this hash value. If the code execution follows an illegal path an alarm is triggered. This feature can optionally be used for program flow integrity protection but it is not needed as the dual CPU and memory EDC mechanisms are far better suited to detect such attacks. The Online Configuration Check (OCC) function controls the modification of relevant system settings. It is also useful as a measure against fault attacks and accidental changes. The content of the protected registers is permanently hashed and checked against a reference value. A violation generates an alarm event and leads to the secure state. The TOE supports dynamical locking of dedicated peripherals. This way data flow between CPU and peripherals can be controlled. Manipulations utilizing access to specific peripherals can be prevented with this locking mechanism. As physical effects or manipulative attacks may also target the program flow of the user software, a watchdog timer and a check point register are implemented. These features allow the user to check the correct processing time and the integrity of the program flow of the user software. The covered security functional requirements are FPT_FLS.1, FDP_IFC.1, FPT_ITT.1, FDP_ITT.1 and FPT_PHP.3. The HSL provides tearing safe write operations which can be utilized by the embedded software. The covered security functional requirement is FPT_PHP.3. The correct function of the TOE is only given in the specified range of environmental operating parameters. To prevent an attack exploiting that circumstance the TOE is equipped with a temperature sensor, glitch sensor and voltage sensor as well as backside light detection. The TOE falls into the defined secure state in case of a specified range violation. The defined secure state causes the chip internal reset process. The covered security functional requirements are FRU_FLT.2 “Limited fault tolerance” and FPT_FLS.1 “Failure with preservation of secure state “. 7.4 SF_PLA: Protection against Logical Attacks The TOE implements the Armv8-M Memory Protection Unit (MPU) with 8 regions and the Security Attribution Unit (SAU) with 8 regions according to [Armv8-M], ch. B10. The SAU contains an Implementation Defined Attribution Unit (IDAU). The IDAU exempts the address ranges 4000 0000H - 5FFF FFFFH and A000 0000H - FFFF FFFFH from Security attribution. During each start-up of the TOE the address ranges and MPU access rights are initialized by the Boot Software (BOS) with predefined values. The BOS maps a small region containing the start-up code for access of privilege software. The SAU is disabled, and all addresses are marked secure and non-secure not callable. The covered security functional requirements are FDP_ACC.2/AF, FDP_ACF.1/AF, FMT_MSA.1/AF/S, FMT_MSA.1/AF/NS, FMT_MSA.3/AF, FMT_SMF.1/AF and FMT_SMR.1/AF. 7.5 SF_HC: Hardware provided cryptography The TOE is equipped with a random number generator as defined in the SFRs FCS_RNG.1/TRNG in chapter 6.1.1. Release 54 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 TOE Summary Specification (ASE_TSS) public The covered security functional requirement is FCS_RNG.1/TRNG. The TOE supports the encryption and decryption in accordance with the Advanced Encryption Standard (AES) and cryptographic key sizes of 128 bits or 192 bits or 256 bits that meet the standards as defined in chapter 6.1.2. The covered security functional requirement are FCS_COP.1/AES and FCS_CKM.4. An SHA-256 algorithm and the Ascon [ASCON] lightweight cipher are implemented as app notes using MISE instructions in leakage sensitive parts of the code. The covered security functional requirement are FCS_COP.1/SHA2 and FCS_COP.1/ASCON. 7.6 SF_CS: Crypto Suite Services The optional Crypto Suite utilizes the symmetric coprocessor and the asymmetric coprocessor of the hardware to implement standard cryptographic algorithms. For details, see the confidential ST. Release 55 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Hash values of libraries public 8 Hash values of libraries This chapter list the SHA256 hashes of the libraries from section 1.4.2.2. Table 71 SHA256 hash values Lib SHA256 NRG™ 06.10.0002 3aec48b0449bc49e1f4e9c72390730108711ed450498bf9dffbbed1d342e06d0 NRG™ 06.10.0005 a46f8d1e32fd64c9cecf2c0a4fb53ae525960b05d2b6a9d0afaf6886a090d808 UMSLC 74091c50254bc348a48a2e261a125735dca41f2419cd9541c3e6fbfdff63b529 HSL 5357585cff662d4dd45766bd682303ee31f66ebc41998a489b0124cef9b87e55 Crypto Suite 5.02.002 CS-SLC21V24-sym-ae.lib: SHA256=104e72c584392ae65261f14d704e82c9c0a6c97d766c4ff413440edf63a9a47f CS-SLC21V24-sym-cipher-aes.lib: SHA256=40dd2b0dd591507c4456e3235cdc0858dd5ffd45a21602b992af71727d2973a6 CS-SLC21V24-asym.lib: SHA256=ea54990a2fc5c82d53236511656a77bf194ee2b684f617060b30c0cdbfbc2fbb CS-SLC21V24-asym-base.lib: SHA256=2020ffd0baacd58a6c756009284342eaad3ee05fae674a27cf2448a4802226be CS-SLC21V24-sym-mac-ciphermac-cbcmac.lib: SHA256=c031c8411fe34228fcb55cb454f25ab8c8ff4628b44531035933c4b7aa3b8e10 CS-SLC21V24-sym-ae-ccm.lib: SHA256=f1dc638b0147b3e8ac63f3e90e8b5b473ea20ce52a02e7d114ed197039644e65 CS-SLC21V24-sym-cipher.lib: SHA256=bb4b1fc711902ce5660a016ac25fd888add8cf0a1c2e247a57a7220a1ab8126b CS-SLC21V24-sym-mac-ciphermac.lib: SHA256=01608f31e3fb56c8de2161729722c0356b66c3446c0477436e0bbd66841f92c2 CS-SLC21V24-sym-mac-ciphermac-cmac.lib: SHA256=c5f37fe31d4e0ff0fce2e789efc167626feb9c15e963c1d3b286216d7859a93b CS-SLC21V24-core.lib: SHA256=f90ea21bb4134e1a87c66b621d43eb61fc8127bd9b3ce24035da0e5bac85d9c0 CS-SLC21V24-asym-ecc-curve.lib: SHA256=dbf473d4a8b02d74d5fc2a70c8dc1bb1dbf562eeadad1efd80e20d145931e1c9 CS-SLC21V24-sym-cipher-des.lib: SHA256=3e777390b3a639f91ffb963d0ed2e98ac6cd4b7403e0c06983de29ea5b546d0f CS-SLC21V24-rng-drbg.lib: SHA256=2f03a566eed5d83e3dfd67b410b1fac421863429a1eaf1c11978de52d54f7b74 CS-SLC21V24-asym-ecc.lib: SHA256=a13268e34ec97de75681a4f7a6188498f0b733c6136092c3e990795191324af3 CS-SLC21V24-asym-ecc-ecdsa.lib: SHA256=df42513487562257854bb8382b9eae057fd6a8ddcab427f37e77b4abd304736c CS-SLC21V24-asym-ecc-ecsdsa.lib: SHA256=deccc9bc70b2c19408ad1091c0e869723932ae94866cfaf5fdf01d1e1a5c5f96 CS-SLC21V24-asym-ecc-eddsa.lib: Release 56 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Hash values of libraries public Lib SHA256 SHA256=73e9cf9a72130d279d05ce6afc273cc02210800fa7c7107c1625e87a4a3b6bb3 CS-SLC21V24-asym-ffc.lib: SHA256=11f3a9cb4fc5701a59465fd3771ae55ae781f19a6700aaf35240fc2e71c654c4 CS-SLC21V24-sym-ae-gcm.lib: SHA256=7896d6bfde106d4092a0c6bc4aec8b56389a919b0918ce97f035037b6a03968e CS-SLC21V24-sym-hash.lib: SHA256=137ade83d5c01a3a8dca07e90ff53155c3c609c1333c351368572af32caaf123 CS-SLC21V24-sym-mac-hashmac.lib: SHA256=cf40dbfdf4710ead81dbcacc82e2012aba84c3cbbabed398efa95e16c0257dc9 CS-SLC21V24-sym-mac-hashmac-hmac.lib: SHA256=109d0ee82ccb08a3be74dec020ece4efb2a6eb28435283807090c74fc24787bc CS-SLC21V24-rng-hwrng.lib: SHA256=06cc972bc72f6a16fc84d0101892cb3a8b0b2b63b92f500fcfc792e7624c82dc CS-SLC21V24-pqc-lattice.lib: MD5=6acce72493f5a50f5558249c0387d136 SHA1=ce1495f7e9cead268d862f7967cd184b6949af57 SHA256=e4bb575840ebb1135a74a04dd527d821d1f7443805684594f72cb74149040811 CS-SLC21V24-sym-mac.lib: SHA256=a9b67aace62bb8667d17ea7066962b6341a2227b49843b274dd1876f64265644 CS-SLC21V24-pqc-lattice-mldsa.lib: SHA256=a1198b79ac060a995459ce481ff2fc219f9a397369cdedb1c1fe444658c9ae99 CS-SLC21V24-pqc-lattice-mlkem.lib: SHA256=d5a93f0661292f262a2aa0024069c69c2a3703e7de79b037a339348511879dfd CS-SLC21V24-asym-ecc-curve-montgomerygfp.lib: SHA256=ce0be621ccb6b4a02202d98dd9facd926d169379f114e9c4952f07580931fb89 CS-SLC21V24-asym-ecc-pace.lib: SHA256=1dfff360e127092c905b2ebca1c6d64109460e6ddaa653342f1fef0bce45901f CS-SLC21V24-pqc.lib: SHA256=ecb0e3825d66974a884f6ef4c90fd0ffbdb41169daea0feb80e83967e24f0a92 CS-SLC21V24-sym-mac-ciphermac-retailmac.lib: SHA256=3636f722810c9317119dd4b7d772836e4541c00e7f03f7abf0776b6cd222bdf8 CS-SLC21V24-rng.lib: SHA256=898e367d0bdb2d7d11206540227f9dbf4dcd3c67f9638d845ec3342dc19b4287 CS-SLC21V24-asym-rsa.lib: SHA256=35eb06850d3c98e594d65e6e3299a34cf2163b416cf92349a31f63c54fdf28c2 CS-SLC21V24-sym-hash-sha1.lib: SHA256=98c29e7d6f56acfd19d97ead7b28970e1ba1daf4c48d7f6131d7d257c68dba2e CS-SLC21V24-sym-hash-sha2.lib: SHA256=a0c2eeb17ea8c72d0979643723a703d4c53183f396421cc9a6c0b8e6f5bb6290 CS-SLC21V24-sym-hash-sha3.lib: SHA256=c9a16b6da2f877bd48da45abb2ec70eacc8f1e31155bfcead4e76dd8641fe448 CS-SLC21V24-sym-hash-sha3-shake.lib: SHA256=d01780d3fb56272ea8d5dd91ff05da0d887ce32e3691dba3386343df3b29fd88 CS-SLC21V24-sym.lib: Release 57 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Hash values of libraries public Lib SHA256 SHA256=6327fcbed83d22b5bfc88e4a43315f853d573ac34cbf987a0aae5aa356a86f25 CS-SLC21V24-asym-tlbx.lib: SHA256=eae5d15c08c349fd5a703915205d4a2bcfa82069de720bb70ad3146a37125ec3 CS-SLC21V24-asym-ecc-curve-twistededwardsgfp.lib: SHA256=d9bbb7f132b13f00af82d058dc2ec7efa8f529c5bab0de2dcc973170234799a1 CS-SLC21V24-asym-ecc-curve-weierstrassgf2n.lib: SHA256=61bfd06f4507a0e5c370dd6dfec4e75bf4203cf0aeaabad97fcf6c61d40293ff CS-SLC21V24-asym-ecc-curve-weierstrassgfp.lib: SHA256=8d5a82dd7db6ee5dd9d3b4edd64314d6045d47f727964c817770e2eaba09549e SHA256 MISE bf2bf8e7aec2d36217e2c7a1887dbdfceb0410f3ab219ebd1558f1e5c2029f66 Ascon-128 MISE f2903982709f2eb0025336c5d7c3938a2f58b03e3d26dc2b2a8302558c446667 Release 58 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Cryptographic Table public 9 Cryptographic Table Table 72 Cryptographic table Purpose Cryptographic operation Implement. Key size in bits Standards Confidentiality AES in ECB mode provided by hardware Hardware 128, 192, 256 [FIPS 197] [SP 800-38A] Confidentiality AES encryption and decryption in ECB, CBC, CTR, CFB mode Crypto Suite 128, 192, 256 [FIPS 197] [SP 800-38A] Integrity AES CMAC mode Crypto Suite 128, 192, 256 [FIPS 197] [SP 800-38B] Authenticated encryption AES CCM Crypto Suite 128 [FIPS 197] [SP 800-38C] Authenticated encryption AES GCM Crypto Suite 128 [FIPS 197] [SP 800-38D] Confidentiality DES encryption and decryption in ECB, CBC, CTR mode Crypto Suite 112, 168 [SP 800-67] [SP 800-38A] Integrity TDES Retail MAC Crypto Suite 112 [SP 800-67] [ISO 9797-1] Integrity TDES CBC-MAC Crypto Suite 112, 168 [SP 800-67] [ISO 9797-1] padding method 2 Integrity HMAC with SHA-1, SHA256, SHA384, SHA512 Crypto Suite 160, 256, 384, 512 [FIPS 180-4] [FIPS 198-1] Confidentiality RSAEP RSA encryption Crypto Suite 1024- 4224 [PKCS#1], 5.1.1 Confidentiality RSADP RSA decryption with exponential representation Crypto Suite 1024- 2112 [PKCS#1], 5.1.2, 2a Confidentiality RSADP RSA decryption with CRT representation Crypto Suite 1024- 4224 [PKCS#1], 5.1.2, 2b Integrity RSA signature generation RSASP1 Crypto Suite 1024- 4224 [PKCS#1], 5.2.1, 2b Integrity RSA signature verification RSAVP1 Crypto Suite 1024- 4224 [PKCS#1], 5.2.2 Key generation generate probably random primes p and q for RSA keys Crypto Suite 512- 20641 [FIPS 186-4], B.3.3 w/o step 12 [FIPS 186-5], ch. A.1.3 w/o Step 13 1 Size for each prime used in the RSA key. This means, the resulting RSA key can have size 1024 - 4128 bits. 2 Prime generation is only conformant to [FIPS 186-4], B.3.3 for prime Bitlength >= 1024; in case prime Bitlength < 1024 identical algorithm is used, but considered proprietary 3 Prime generation is only conformant to [FIPS 186-5], A.1.3 for prime Bitlength >= 2048; in case prime Bitlength < 2048 identical algorithm is used, but considered proprietary Release 59 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Cryptographic Table public Purpose Cryptographic operation Implement. Key size in bits Standards Key generation generate RSA (N, d) parameters from p, q Crypto Suite 1024- 2112 [FIPS 186-4], B.3.1 [FIPS 186-5], A.1.1 [PKCS#1], 3.1, 3.2(1) Key generation generate RSA CRT parameters from p, q Crypto Suite 1024- 4224 [FIPS 186-4], B.3.1 [FIPS 186-5], A.1.1 [PKCS#1], 3.1, 3.2(2) Primality test Miller-Rabin primality test Crypto Suite 512- 20641 [FIPS 186-4], C.3.1 [FIPS 186-5], B.3.1 Primality test Enhanced Miller-Rabin primality test Crypto Suite 512- 20641 [FIPS 186-4], C.3.2 [FIPS 186-5], B.3.2 Integrity ECDSA signature generation Crypto Suite 160-521 [FIPS 186-4], 6.4 [FIPS 186-5], 6.4.1 Integrity ECDSA signature verifications Crypto Suite 160-521 [FIPS 186-4], 6.4 [FIPS 186-5], 6.4.2 Key agreement ECDH key agreement Crypto Suite 160-521 [SP 800-56A], 5.7.1.2 Key generation ECC key generation Crypto Suite 160-521 [FIPS 186-4], B.4.1 [FIPS 186-5], A.2.1 Authenticated encryption AES CCM Flash Loader 128 [SP 800-38C] Key agreement Finite Field Diffie-Hellman Crypto Suite 1024- 2048 [PKCS#3], ch. 7.2 Key derivation KDF in counter mode with AES CMAC as PRF Flash Loader 128 [SP 800-108], ch. 4.1 [SP 800-38B], ch. 6.2 Integrity AES CMAC mode Flash Loader 128 [FIPS 197] [SP 800-38B] Hash SHA-1 Hash digest Crypto Suite N/A [FIPS 180-4] Hash SHA-2 Hash digest 224, 256, 384, 512, 512/224, 512/256 bits Crypto Suite N/A [FIPS 180-4] Authenticated encryption Ascon authenticated encryption Crypto Suite 128 [ASCON] Random Physical RNG PTG.2 Hardware N/A [AIS 31] Random Hybrid Physical RNG PTG.3 Crypto Suite N/A [AIS 31] [SP 800-90A] Random Deterministic RNG DRG.3 Crypto Suite N/A [AIS 20], [SP 800-90A] Random Hybrid Deterministic RNG DRG.4 Crypto Suite N/A [AIS 31] [SP 800-90A] Release 60 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Acronyms public Acronyms Acronym Description AES Advanced Encryption Standard CSP Chip Scale Package ECC Elliptic Curve Cryptography or Error Correction Code EDC Error Detection Code FFC Finite Field Cryptography ISS Instruction Stream Signature MISE Masked Instruction Set Extension MCICE Memory Cache Confidentiality Integrity Engine MPU Memory Protection Unit NVIC Nested Vectored Interrupt Controller NVM Non-Volatile Memory OCC Online Configuration Check RAM Random Access Memory RNG Random Number Generator ROM Read Only Memory RSA Rivest Shamir Adleman SAU Security Attribution Unit SE Security Extension SPI Serial Peripheral Interface SPM Security Policy Model SWP Single Wire Protocol TOE Target Of Evaluation UMSLC User Mode Security Life Control References [AIS 20] Anwendungshinweise und Interpretationen zum Schema AIS 20, Version 3, 15.05.2013 Bundesamt für Sicherheit in der Informationstechnik [AIS 31] Anwendungshinweise und Interpretationen zum Schema AIS 31, Version 3, 15.05.2013 Bundesamt für Sicherheit in der Informationstechnik [AIS 46] Anwendungshinweise und Interpretationen zum Schema AIS 46, Version 3, 2013-12-04 Bundesamt für Sicherheit in der Informationstechnik Release 61 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Acronyms public [ANSSI] ANSSI: "Avis relatif aux paramètres de courbes elliptiques définis par l'Etat français" in: Journal Officiel de la République Française (JORF) [Armv8-M] Arm® v8-M Architecture Reference Manual DDI0553A.m [ASCON] Ascon v1.2 Submission to NIST, 2021-05-31 [CC1] Common Criteria for Information Technology Security Evaluation Part12: Security Functional Requirements; Version 3.1 Revision 5 April 2017, CCMB-2017-04-001 [CC2] Common Criteria for Information Technology Security Evaluation Part 2: Security Functional Requirements; Version 3.1 Revision 5 April 2017, CCMB-2017-04-002 [CC3] Common Criteria for Information Technology Security Evaluation Part 3: Security Assurance Requirements; Version 3.1 Revision 5 April 2017, CCMB-2017-04-003 [FIPS 180-4] NIST: FIPS publication 180-4: Secure Hash Standard (SHS), August 2015 [FIPS 186-4] NIST: FIPS publication 186-4: Digital Signature Standard (DSS), July 2013 [FIPS 186-5] NIST: FIPS publication 186-5: Digital Signature Standard (DSS), February 3, 2023 [FIPS 197] Federal Information Processing Standards Publication, U.S. Department of Commerce, National Institute of Standards and Technology, Information Technology Laboratory (ITL), Advanced Encryption Standard (AES), FIPS PUB 197, as of 05/09/23 [FIPS 198-1] Federal Information Processing Standards Publication, FIPS PUB 198-1, July 2008 [ICAO] ICAO Doc 9303, Machine Readable Travel Document, 8th edition, 2021, Part 11: Security Mechanisms for MRTDs [ISO15946] ISO/IEC 15946-5:2022 [ISO9798_2] ISO/IEC 9798-2: 2008 - Information Technology - Security techniques - Entity authentication - Part 2: Mechanisms using authenticated encryption. Fourth edition 2019-06 [JIL] Joint Interpretation Library, Application of Attack Potential to Smartcards, Version 3.2.1, February 2024 [PKCS#1] PKCS #1: RSA Cryptography Standard, v2.2, October 27, 2012, RSA Laboratories [PKCS#3] Diffie-Hellman Key-Agreement Standard An RSA Laboratories Technical Note Version 1.4 Revised November 1, 1993 [PP0084] Security IC Platform Protection Profile with Augmentation Packages, Version 1.0, 13.01.2014, BSI-CC-PP-0084-2014 [RFC 5639] IETF: RFC 5639, Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation, March 2010, http://www.ietf.org/rfc/rfc5639.txt [RFC 7748] Internet Research Task Force (IRTF), Request for Comments: 7748, January 2016 [SEC2] SEC 2: Recommended Elliptic Curve Domain Parameters Certicom Research, January 27, 2010, Version 2.0 Release 62 Rev. 2.8 2025-07-02 Security Target Lite IFX_CCI_000068h/80h/97h/99h G12 and IFX_CCI_000093h R11/R12 Acronyms public [SP 800-108] National Institute of Standards and Technology (NIST), Recommendation for Key Derivation Using Pseudorandom Functions, NIST SP 800-108r1, August 2022 [SP 800-186] NIST SP 800-186 Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters, February 2023 [SP 800-22] National Institute of Standards and Technology(NIST), Technology Administration, US Department of Commerce, Special Publication 800- 22, A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications, in the revision 1a as of April 2010 [SP 800-38A] National Institute of Standards and Technology (NIST), Technology Administration, U.S. Department of Data Encryption Standard, NIST Special Publication 800-38A, Edition 2001 [SP 800-38B] National Institute of Standards and Technology (NIST), Special Publication 800-38B, May 2005 [SP 800-38C] NIST SP 800-38C: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, 2004-05 (up-dated: 2007-07-20) [SP 800-38D] NIST SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007 [SP 800-56A] National Institute of Standards and Technology (NIST), Special Publication 800-56A, Revision 3, April 2018 [SP 800-67] NIST SP 800-67 Rev. 2, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher [SP 800-90A] NIST Special Publication 800-90A Revision 1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators, June 2015 [ISO 9797-1] ISO/IEC 9797-1: 2011 - Information Technology - Security techniques - Message Authentication Codes - Part 1: Mechanisms using block cipher Revision history Version Date Description Rev. 2.8 2025-07-02 Release Edition 2025-07-02 Published by Infineon Technologies AG 81726 Munich, Germany © 2025 Infineon Technologies AG. All Rights Reserved. Do you have a question about this document? Email: dsscustomerservice@infineon.com IMPORTANT NOTICE The information given in this document shall in no event be regarded as a guarantee of conditions or characteristics (“Beschaffenheitsgarantie”). With respect to any examples, hints or any typical values stated herein and/or any information regarding the application of the product, Infineon Technologies hereby disclaims any and all warranties and liabilities of any kind, including without limitation warrantiesof non-infringement of intellectual property rights of any third party. In addition, any information given in this document is subject to customer’s compliance with its obligations stated in this document and any applicable legal requirements, norms and standards concerning customer’s products and any use of the product of Infineon Technologies in customer’s applications. The data contained in this document is exclusively intended for technically trained staff. It is the responsibility of customer’s technical departments to evaluate the suitability of the product for the intended application and the completeness of the product information given in this document with respect to such application. For further information on the product, technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies office (www.infineon.com). WARNINGS Duetotechnicalrequirementsproductsmaycontain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies office. Except as otherwise explicitly approved by Infineon Technologies in a written document signed by authorized representatives of Infineon Technologies, Infineon Technologies’ products may not be used in any applications where a failure of the product or any consequences of the use thereof can reasonably be expected to result in personal injury. Trademarks All referenced product or service names and trademarks are the property of their respective owners.