Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

uPartyInfo and vPartyInfo are not required for KTS #1527

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

jvdsn
Copy link
Contributor

@jvdsn jvdsn commented Aug 9, 2024

In the ACVP-Server source code, the validation of the "AssociatedDataPattern" (used in KTS) is separate from the validation of the "FixedInfoPattern" (used in KDA OneStep and TwoStep, also when part of a KAS):

Note that for OneStep and TwoStep, uPartyInfo and vPartyInfo are required:

ValidateAssociatedDataPattern has no such checks.

@livebe01
Copy link
Collaborator

Thanks for providing this @jvdsn. I'll take a look.

@livebe01
Copy link
Collaborator

livebe01 commented Oct 9, 2024

/~https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56br2/sections/05-capabilities.adoc?plain=1#L241 states IUTs *MUST* be capable of specifying how the FixedInfo is constructed for the KAS/KTS negotiation. Note that for the purposes of testing against the ACVP system, both uPartyInfo and vPartyInfo are *REQUIRED* to be registered within the fixed info pattern.

You are correct that the associated data pattern check in the parameter validator does not enforce this. I'd need to look more closely/a bit deeper to be able to say whether it should or should not be enforcing this.

The purpose of the statements in /~https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56br2/sections/05-capabilities.adoc?plain=1#L252-L257 and /~https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56br2/sections/05-capabilities.adoc?plain=1#L261-L266 is not to convey that uPartyInfo and vPartyInfo are REQUIRED to be registered in the associatedDataPattern. I added these statements to document and clarify (for myself and others) how uPartyInfo and vPartyInfo are constructed w/in the context of the ACVTS KAS testing. I'm thinking that you are correct in that these statements may not also be true for KTS testing. That would be something to look at and to flush out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants