Closed ckc505 closed 2 months ago
celic
commented
2 months ago In FIPS 186-4, this capability is not defined in the standard. For FIPS 186-5, to match the previous, the values are specified by setting both to 0 in the registration. This is the default value and is assumed if the properties are not present.
jbrock24
commented
2 months ago The values accepted for those can be found in the 7.5.1. keyGen Registration Table.
celic
commented
2 months ago Particularly https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.html#name-keygen-registration-table-2 with Note 2 under the table.
Protocol Section section 7.5. Property Registration RSA keyGen FIPS186-5: https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.txt)https://[pages.nist.gov/ACVP/draft-celi-acvp-rsa.txt](https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.txt)
FIPS 186-5 ACVTS testing introduces pMod8 and qMod8 parameters for RSA keyGen. But the documentation does not define what values of these correspond to testing in FIPS 186-4 where these parameters are not available.
Note 2 of section 7.5.1 keyGen Registration Table mentions that when values of both pMod8 and qMod8 are set to 0 no modulus check will be performed on the generated p &q. Does setting pMod8 and qMod8 to 0 replicate the testing done according to FIPS 186-4 provided all the other parameters remain the same? Also, ACVTS generates vectors even if pMod8 & qMod8 parameters are not present in the capabilities file. What values are being assumed for pMod8 & qMod8 in such a case?
Where can I find information about when and what values are to be chosen for pMod8 and qMod8 parameters for FIPS 186-5 RSA keyGen?