Clarification Request Regarding Testing Scope for KAS-FFC-SSC

[msonje]

We are seeking clarification regarding the testing scope for KAS-FFC-SSC in accordance with SP800-56Ar3 guidelines. Specifically, we need to ascertain whether DSA KeyGen and SafePrimes testing should be conducted separately or if they are inherently covered within the KAS FFC SSC framework. According to SP800-56Ar3 section 5.6.1.1.1 in the ACVP HTML specifications document, it is stated that the testing of safe-primes (both KeyGen and KeyVer) is applicable to KAS-FFC. However, we have noted a contrasting provision in SP800-56r3 section 5.6, where Key-pair Generation is explicitly mentioned to be outside the scope of KAS testing. To ensure compliance and thoroughness in our testing procedures, we kindly request clarification on whether DSA KeyGen and SafePrimes testing should be treated as separate entities or if they are encompassed within the testing framework of KAS-FFC-SSC.

https://pages.nist.gov/ACVP/draft-hammett-acvp-safe-primes.html

https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-ssc-ffc.html#section-6.2.2-1.1

[livebe01]

Hi @msonje, DSA KeyGen and SafePrimes should be tested separately from KAS-FFC-SSC. I hope this helps.

[jbrock24]

@msonje Is this issue resolved? Can we close it out?