Standards and Guidelines Tested Under the CAVP

The Computer Security Division at NIST maintains a number of cryptographic standards, and coordinates algorithm validation test suites for many of those standards. The Cryptographic Algorithm Validation Program (CAVP) currently has algorithm validation testing for the following cryptographic algorithms:

Symmetric Algorithms:

• Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard (AES) - FIPS 197 specifies the AES algorithm.

• FIPS 46-3 and FIPS 81, Data Encryption Standard (DES) and DES Modes of Operation - FIPS 46-3 specifies the DES and Triple DES algorithms.

• FIPS 185, Escrowed Encryption Standard (EES) - FIPS 185 specifies the Skipjack algorithm.

Back to Top

Additional Modes Of Operation For Symmetric Algorithms:

• NIST Special Publication (SP) 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Block-Oriented Storage Devices   This SP specifies the XTS_AES mode of operation algorithm. This document approves the XTS-AES mode of the AES algorithm by reference to IEEE Std 1619-2007, subject to one additional requirement, as an option for protecting the confidentiality of data on block-oriented storage devices. The mode does not provide authentication of the data or its source.

Asymmetric Algorithms:

• FIPS 186-2 with Change Notice 1 (October 5, 2001), Digital Signature Standard (DSS)   Which specifies the DSA, RSA, and ECDSA algorithms.

• FIPS 186-4 (July 19, 2013), Digital Signature Standard (DSS) All of the changes between FIPS 186-3 and FIPS186-4 had already been incorporated into the CAVP testing tool; the testing of FIPS186-3 implementations is identical to the testing of FIPS 186-4 implementations. There is no need for a transition period in which both FIPS 186-3 and FIPS 186-4 validation would be performed. Previous CAVP validations for FIPS 186-3 will be considered as equivalent to those for FIPS 186-4. Vendors should start using FIPS 186-4 immediately.

Back to Top

Hash Algorithms:

• FIPS 180-4 (March 2012), Secure Hash Standard (SHS)    Specifying SHA-1, SHA 224, SHA 256, SHA 384, SHA 512, SHA512/224, and SHA512/256 algorithms.

Random Number Generator Algorithms:

• FIPS 186-2 with Change Notice 1 (October 5, 2001), (Appendix 3.1 and 3.2) - Specifies the Random Number Generation for the DSA algorithm.

• ANSI X9.31 (Appendix A.2.4) - Using 2-Key Triple DES - Specifies the Random Number Generation for the RSA algorithm.

• NIST Recommended Random Number Generator based on ANSI X9.31 Appendix A.2.4 using the 3-Key Triple DES and AES Algorithms - Specifies the Random Number Generation for the RSA algorithm.

• ANSI X9.62 (Appendix A.4) - Specifies the RNG for the ECDSA algorithm.

Back to Top

Deterministic Random Bit Generator (DRBG) Algorithms:

• NIST SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators - Specifies four mechanisms mechanisms for the generation of random bits using deterministic methods There are four mechanisms discussed in this SP. These mechanisms are based on either hash functions (Hash_DRBG, HMAC_DRBG), block cipher algorithms using Counter mode (CTR_DRBG) or number theoretic (Dual EC_DRBG) problems.

Message Authentication Algorithms:

• NIST SP 800-38B (May 2005), Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication - CMAC can be considered a mode of operation of the block cipher because it is based on an approved symmetric key block cipher, such as the Advanced Encryption Standard (AES) algorithm currently specified in FIPS 197. CMAC is also an approved mode of the Triple Data Encryption Algorithm (TDEA).

• SP 800-38C (May 2004), Counter with Cipher Block Chaining - Message Authentication Code (CCM) - CCM is based on an approved symmetric key block cipher algorithm whose block size is 128 bits, such as the Advanced Encryption Standard (AES) algorithm currently specified in FIPS 197 [2]; thus, CCM cannot be used with the Triple Data Encryption Algorithm [3], whose block size is 64 bits. Currently the only NIST-Approved 128 bit symmetric key algorithm is AES.

• SP 800-38D (November 2007), Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC - GCM is based on an approved symmetric key block cipher algorithm whose block size is 128 bits, such as the Advanced Encryption Standard (AES) algorithm currently specified in FIPS 197 [2]; thus, GCM cannot be used with the Triple Data Encryption Algorithm [3], whose block size is 64 bits. Currently the only NIST-Approved 128 bit symmetric key algorithm is AES.

• SP 800-38F (December 2012), Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping describes cryptographic methods that are approved for “key wrapping,” i.e., the protection of the confidentiality and integrity of cryptographic keys. In addition to describing existing methods, this publication specifies two new, deterministic authenticated-encryption modes of operation of the Advanced Encryption Standard (AES) algorithm: the AES Key Wrap (KW) mode and the AES Key Wrap With Padding (KWP) mode. An analogous mode with the Triple Data Encryption Algorithm (TDEA) as the underlying block cipher, called TKW, is also specified, to support legacy applications.

• FIPS 198 (March 6, 2002), Keyed-Hash Message Authentication Code (HMAC) - FIPS 198 specifies the HMAC algorithm.

Back to Top

Key Management:

Key Schemes -

• NIST SP 800-56A (Revised March 2007), Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography - This SP specifies key establishment schemes based on standards developed by the Accredited Standards Committee (ASC) X9, Inc.: ANS X9.42 (Agreement of Symmetric Keys Using Discrete Logarithm Cryptography) and ANS X9.63 (Key Agreement and Key Transport Using Elliptic Curve Cryptography).

Key Derivation Functions (KDF) -

• NIST SP 800-108 (Revised October 2009), Recommendation for Key Derivation Using Pseudorandom Functions - This Recommendation specifies techniques for the derivation of additional keying material from a secret key, either established through a key establishment scheme or shared through some other manner, using pseudorandom functions.

• NIST SP 800-135 Revision 1 (December 2011), Recommendation for Existing Application-Specific Key Derivation Functions - Cryptographic keys are vital to the security of internet security applications and protocols. Many widely-used internet security protocols have their own application-specific Key Derivation Functions (KDFs) that are used to generate the cryptographic keys required for their cryptographic functions. This Recommendation provides security requirements for those KDFs.

Retired Validation Testing:

Two other cryptographic standards (MAC; ANSI X9.17 Key Management) no longer have active validation testing, but the standards remain in effect. Cryptographic module (FIPS 140-1 and FIPS 140-2) validation testing by the CMT laboratories may include testing for conformance to FIPS 113 and 171, as appropriate:

• FIPS 113, Computer Data Authentication - Which specifies the generation of a Message Authentication Code (MAC), from ANSI X9.9, and

• FIPS 171, Key Management Using ANSI X9.17 (withdrawn February 08, 2005).

Back to Top