uPartyInfo and vPartyInfo are not required for KTS

[jvdsn]

In the ACVP-Server source code, the validation of the "AssociatedDataPattern" (used in KTS) is separate from the validation of the "FixedInfoPattern" (used in KDA OneStep and TwoStep, also when part of a KAS):

• https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/KAS_IFC/Sp800_56Br2/ParameterValidator.cs#L666
• https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/KDA/Sp800_56Cr2/OneStepNoCounter/ParameterValidator.cs#L158
• https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/KDA/Sp800_56Cr2/OneStep/ParameterValidator.cs#L168
• https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/KDA/Sp800_56Cr2/TwoStep/ParameterValidator.cs#L130

Note that for OneStep and TwoStep, uPartyInfo and vPartyInfo are required:

• https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/KDA/Sp800_56Cr2/OneStepNoCounter/ParameterValidator.cs#L70
• https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/KDA/Sp800_56Cr2/OneStep/ParameterValidator.cs#L82
• https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/KDA/Sp800_56Cr2/TwoStep/ParameterValidator.cs#L30

ValidateAssociatedDataPattern has no such checks.

[livebe01]

Thanks for providing this @jvdsn. I'll take a look.

[livebe01]

https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56br2/sections/05-capabilities.adoc?plain=1#L241 states IUTs *MUST* be capable of specifying how the FixedInfo is constructed for the KAS/KTS negotiation. Note that for the purposes of testing against the ACVP system, both uPartyInfo and vPartyInfo are *REQUIRED* to be registered within the fixed info pattern.

You are correct that the associated data pattern check in the parameter validator does not enforce this. I'd need to look more closely/a bit deeper to be able to say whether it should or should not be enforcing this.

The purpose of the statements in https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56br2/sections/05-capabilities.adoc?plain=1#L252-L257 and https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56br2/sections/05-capabilities.adoc?plain=1#L261-L266 is not to convey that uPartyInfo and vPartyInfo are REQUIRED to be registered in the associatedDataPattern. I added these statements to document and clarify (for myself and others) how uPartyInfo and vPartyInfo are constructed w/in the context of the ACVTS KAS testing. I'm thinking that you are correct in that these statements may not also be true for KTS testing. That would be something to look at and to flush out.