Closed ckc505 closed 2 months ago
In FIPS 186-4, this capability is not defined in the standard. For FIPS 186-5, to match the previous, the values are specified by setting both to 0 in the registration. This is the default value and is assumed if the properties are not present.
The values accepted for those can be found in the 7.5.1. keyGen Registration Table.
Particularly https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.html#name-keygen-registration-table-2 with Note 2 under the table.
Protocol Section section 7.5. Property Registration RSA keyGen FIPS186-5: https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.txt)https://[pages.nist.gov/ACVP/draft-celi-acvp-rsa.txt](https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.txt)
FIPS 186-5 ACVTS testing introduces pMod8 and qMod8 parameters for RSA keyGen. But the documentation does not define what values of these correspond to testing in FIPS 186-4 where these parameters are not available.
Note 2 of section 7.5.1 keyGen Registration Table mentions that when values of both pMod8 and qMod8 are set to 0 no modulus check will be performed on the generated p &q. Does setting pMod8 and qMod8 to 0 replicate the testing done according to FIPS 186-4 provided all the other parameters remain the same? Also, ACVTS generates vectors even if pMod8 & qMod8 parameters are not present in the capabilities file. What values are being assumed for pMod8 & qMod8 in such a case?
Where can I find information about when and what values are to be chosen for pMod8 and qMod8 parameters for FIPS 186-5 RSA keyGen?