keyexhchangeinit record

[jfisherbah]

It is suggested to consider adding verbiage to permit the strict-kex-[c|s]-v00@openssh.com key exchange to bein the TOE's KeyExchangeInit record (e.g. an Application note on FCS_SSH_EXT.1.6 indicating that this is explicitly permissible as it is not changing the key exchange algorithm itself and just defines specific rules for the message counter and permissible next messages). Note: this would also require additional verbiage for the ‘ext-info’ indicator that would also be present.

Suggested test activities for this would be:
o Add a test that the TOE correctly obeys this value depending on the negotiated state.
o This would also be recommended as a clarity item for the test activity sections of FCS_SSH_EXT.1.6

[jfisherbah]

Proposal for SME review:

"Strict-kex" added to SFR as app note, clarifying that it may be present in the initial SSH offerings. Test activity updated to say that the presence of these strict-kex values do not cause the SFR to fail. Additionally, test cases added for configuring the SSH peer to present/omit the extension and verify that both cases can be handled. Context for this is that we have come across SSH server implementations in the past where the connection auto-fails if the strict-kex value is present (which is the default behavior in the newest version of OpenSSH), so the new tests are needed to prevent such a case from passing tests if the evaluator just deliberately uses an outdated client (such that strict-kex is never presented).

[plughy2]

There's a typo in the references to the strict KEX extension made in the Application Note for FCS_SSH_EXT.1.6 and the Tests.

strict-kex-c-v00@openssh.com (typo) should be kex-strict-c-v00@openssh.com (correct)
strict-kex-s-v00@openssh.com (typo) should be kex-strict-s-v00@openssh.com (correct)
strict-kex (typo) should be kex-strict (correct)