Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

Cryptographic Algorithm Validation Program

2010 Announcements

[06-07-10] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS10.1). This version of the CAVS tool addresses a correction to the Key Agreement Schemes ECC with No Key Confirmation (KAS ECC No KC) screen. (When parameter set EA was selected, the radio button for the curve size would only allow P-192 to be selected.) This has been corrected.

The transition period ends September 7, 2010.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, 186-2 DSA, SHA, RNG, RSA, HMAC, CCM, 186-2 ECDSA, CMAC, DRBG 800-90, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, 186-3 DSA, 186-3 ECDSA and/or XTS, the CST lab must use the CAVS 10.1 to validate the IUT.
  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 10.1 to create files and has already sent the sample and request files to the vendor, NIST will accept validations using this tool up through September 7, 2010.
  3. If there are any validation requests where a lab has used a version of CAVS prior to CAVS 10.1 to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 10.1.

The CAVP will also review special conditions on a case-by-case basis.


[05-27-10] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS10.0). This version of the CAVS tool addresses

  1. Validation testing for FIPS 186-3 ECDSA
  2. Addition of prerequisites for KAS
  3. Addition of error checking on the values entered for KAS, CCM, and CMAC to assure they are valid values
  4. Fixed a bug in KAS ECC when EE parameter set was used
  5. Removed some extraneous information in the cover letter
  6. XTS restriction on Data Unit Length – enforcing the minimum to be block size
  7. Modified format of Summary files to aid us in the automation of NIST’s internal database. This should be transparent to the testing laboratories and the processing of the CAVS tool. Included adding additional fields to coincide with the importing of information on the validation lists.

The transition period ends August 27, 2010.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, 186-2 DSA, SHA, RNG, RSA, HMAC, CCM, 186-2 ECDSA, CMAC, DRBG 800-90, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, 186-3 DSA, 186-3 ECDSA and/or XTS, the CST lab must use the CAVS 10.0 to validate the IUT.
  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 10.0 to create files and has already sent the sample and request files to the vendor, NIST will accept validations using this tool up through August 27, 2010.
  3. If there are any validation requests where a lab has used a version of CAVS prior to CAVS 10.0 to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 10.0.

The CAVP will also review special conditions on a case-by-case basis.


[03-31-10] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS9.0). This version of the CAVS tool addresses

  1. Addition of validation test for NIST SP 800-38E: XTS-AES Mode for Confidentiality on Storage Devices
  2. Addtion of tests for FIPS 186-3 Section A.1.2, "Construction and Validation of the Provable Primes p and q," FIPS 186-3 Section A.2.3, "Verifiable Canonical Generation of the Generator G,", and FIPS 186-3 Section A.2.4, "Validation Routine when the Canonical Generation of the Generator G was Used."
  3. Modification of GCM Tab to allow zero-length AAD (min and max length of AAD can now be equal to zero)
  4. Modification of GCM Tab to allow selection of both methods for IV generation 8.2.1 and 8.2.2 instead of only one.
  5. In response to Implementation Guidance D.2 Acceptable Key Establishment Protocols, which states that an implementation of SP800-56A can use additional key derivation functions (KDFs) specified in D.2 that are not included in SP800-56A, addition of validation tests that test the processing of all functions up to and including the calculation of the shared secret value (Z) in SP800-56A. This testing is required for implementations adhering to D.2 to assure that the other processing that adheres to the specifications in SP800-56A is correct. These implementations will not receive a KAS Validation. But they will be acknowledged for going through the testing.
  6. Additional information is being requested on the screens for SP800-56A to satisfy the CAVS-addressable requirements in the special publication.
  7. Addition of the entry of prerequisites for most algorithms. This enforces that the laboratory has supplied the source of the prerequisite algorithms.
  8. Correction of a minor bug and pointer problem in ECDSA
  9. Modified format of summary files to aid the CAVP in the automation of the CAVP's internal database.

The transition period ends June 30, 2010.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, DSA, SHA, RNG, RSA, HMAC, CCM, ECDSA, CMAC, DRBG 800-90, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, FIPS186-3 DSA2 and/or XTS, the CST lab must use the CAVS 9.0 to validate the IUT.
  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 9.0 to create files and has already sent the sample and request files to the vendor, NIST will accept validations using this tool up through June 30, 2010.
  3. If there are any validation requests where a lab has used a version of CAVS prior to CAVS 9.0 to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 9.0.

The CAVP will also review special conditions on a case-by-case basis.

 

Created October 05, 2016, Updated September 13, 2019