Cryptographic Algorithm Validation Program CAVP

2008 Announcements

[12-24-2008] -- New release of the CAVS algorithm validation testing tool to the CMT Laboratories (CAVS7.0). Version 7.0 of the CAVS tool adds testing for NIST SP 800-56A Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography and NIST SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC.

1. In addition, file formating changes have been made to the CCM Decrypt-Verification Process Test.

The transition period ends March 24, 2009.

As has been the policy in the past:

1. For any algorithm validation request where a lab has used a previous version of CAVS to create files and has already sent the sample and request files to the vendor, NIST will accept validations using this tool up through March 24, 2009. The tool used to generate the files must be used to validate the files. For example, if CAVS6.1 was used to generate test vectors, then CAVS6.1 must be used to verify these values.
2. If there are any validation requests where a lab has used a previous version of CAVS to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS7.0.

Prior to the release of CAVS7.0, the CMVP allowed vendor affirmation for SP800-56A implementations (IG1.12) and vendor affirmation for SP 800-38D implementations (IG.1.13). During the transition period, the vendor has the option of either providing the vendor affirmation in FIPS 140-2 IG1.12 or IG1.13 or going through the validation testing now available in CAVS7.0. The transition period for accepting vendor affirmation for SP 800-56A is being determined but will exceed the 3 months specified above. Please see the CMVP Announcements for further information.

The CAVP will also review special conditions on a case-by-case basis.

[02-06-2008] -- New release of the CAVS algorithm validation testing tool to the CMT Laboratories (CAVS6.1). The CAVS 6.1 tool fixes an error with HMAC_DRBG SP 800-90 DRBG testing. CAVS 6.0 was erroneously using the Hash_DRBG mechanism to generate returned bits for the HMAC_DRBG tests in the .fax files. A second modification made to CAVS6.1 regarding SP 800-90 DRBG testing involved changing the requested number of bits to always be a multiple of the blocksize.

With regards to DSA validation testing, CAVS6.1 DSA screens have been modified to only allow modulus sizes providing at least 80 bits of security as required by SP800-57; i.e., only the 1024 bit modulus size is allowable.

The transition period ends May 6, 2008.

As has been the policy in the past:

1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, DSA, SHA, RNG, DRBG, RSA, ECDSA, HMAC, CCM and/or CMAC, the CMT lab must use the CAVS 6.1 to validate the IUT.
2. For any algorithm validation request where a lab has used a previous version of CAVS to create files and has already sent the sample and request files to the vendor, NIST will accept validations using this tool up through May 6, 2008.
3. The exception to (2.) above is SP 800-90 DRBG testing for the HMAC_DRBG mechanism using any SHA size. CAVS 6.1 must be used for all HMAC_DRBG validation submissions.
4. If there are any validation requests where a lab has used a previous version of CAVS to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 6.1.