- section or remove the DES section.
- For each component, make it have its own section In the inf file for automation purposes (separate section for ECDSA SigGenComponent, RSASP1 component, RSADP component, etc.)
- Corrected label in SP800-135 log file
- Corrected truncated screen for SP800-135 IKEv2.
The transition period ends December 18, 2013.
- EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, FIPS 186-2DSA, SHA, RNG, FIPS 186-2 RSA, HMAC, CCM, FIPS 186-2ECDSA, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, SHA 512/224, SHA 512/256, HMAC with SHA 512/224, HMAC with SHA 512/256, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component and/or the RSADP component, the CST lab must use the CAVS 15.1 to validate the IUT.
- For any algorithm validation request where a lab has used CAVS Version 15.0 to create files, please regenerate everything using CAVS 15.1.
- For any algorithm validation request where a lab has used a version of CAVSÂ prior to CAVS 15.1Â (excluding CAVS 15.0)Â to create files and has already sent the sample and request files to the vendor, NIST will accept validations using this tool up through December 18, 2013.
- If there are any validation requests where a lab has used a version of CAVS prior to CAVS 15.1 (excluding CAVS 15.0) to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 15.1.
The CAVP will also review special conditions on a case-by-case basis.
[09-17-13] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS15.0). The following additions, modifications and updates have been made to CAVS Version 15.0:
- Added FIPS 180-4 SHA-512/224 and SHA-512/256 support to FIPS 186-4 DSA (i.e., DSA2), ECDSA (i.e., ECDSA2), and RSA (i.e., RSA2).
- Added SP800-56B RSADP component testing.
- Added prerequisite to ECDSA Signature Generation component. Requires prerequisite of DRBG or RNG because uses secret random number.
- For the NIST SP 800-135 IKEv1 and IKEv2 KDFs, the three fixed well-known group options (Groups 2, 4 and 14) are replaced by three drop-down lists of all valid shared secret lengths (groups), thus increasing the number of groups supported by testing.
- For the NIST SP 800-135 SSH KDF, testing with the TDES-CBC cipher is now optional instead of required. The user shall select all supported block ciphers out of the set of TDES CBC, AES-128 CBC, AES-192 CBC and AES-256 CBC.
- Fixed bug in NIST SP 800-135 SSH KDF tests. CAVS generated shared secret (i.e., K) values that were not valid because they had an unnecessary leading zero-valued byte.
- For NIST SP 800-38E XTS-AES, CAVS now allows testing with the tweak value input in both supported formats, the 128-bit hexadecimal string and the Data Unit Sequence number. Earlier versions of CAVS only tested for one format or the other.
- Fixed parsing bug in HMAC verify routine.
- AES Summary file corrected for AES Ctr mode information.
- Fixed bug in "Edit Input Lengths..." window for Hash_DRBG and HMAC_DRBG.
- Modifications to inf file (For internal use):
- GCM make Selected= first line in GCM section (this will make it consistent with other sections)
- 135-Change name of 800135Selected to Selected
- Have an empty line before the DES section  or remove the DES section.
- For each component, make it have its own section in the inf file for automation purposes (separate section for ECDSA SigGenComponent, RSASP1 component, RSADP component, etc.)
- Remove dash, slash and spaces from truncated hash variable names (and other variables)
The transition period ends December 17, 2013.
As has been the policy in the past:
- EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, FIPS 186-2DSA, SHA, RNG, FIPS 186-2 RSA, HMAC, CCM, FIPS 186-2ECDSA, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, SHA 512/224, SHA 512/256, HMAC with SHA 512/224, HMAC with SHA 512/256, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component and/or the RSADP component, the CST lab must use the CAVS 15.0 to validate the IUT.
- For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 15.0 to create files and has already sent the sample and request files to the vendor, NIST will accept validations using this tool up through December 17, 2013.
- If there are any validation requests where a lab has used a version of CAVS prior to CAVS 15.0 to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 15.0.
The CAVP will also review special conditions on a case-by-case basis.
[09-05-13] - On July 19,2013, NIST announced the approval of Federal Information Processing Standard (FIPS) 186-4, the Digital Signature Standard. All of the changes between FIPS 186-3 and FIPS186-4 had already been incorporated into the CAVP testing tool; the testing of FIPS186-3 implementations is identical to the testing of FIPS 186-4 implementations. There is no need for a transition period in which both FIPS 186-3 and FIPS 186-4 validation would be performed. Previous CAVP validations for FIPS 186-3 will be considered as equivalent to those for FIPS 186-4. Vendors should start using FIPS 186-4 immediately.