Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)
CAVP Testing: Block Cipher Modes
Algorithm Specifications
Algorithm specifications for current FIPS-approved and NIST-recommended block cipher modes are available from the Cryptographic Toolkit.
Current testing includes the following block cipher modes:
|
CMAC (SP 800-38B) CCM (SP 800-38C) GCM / GMAC / XPN (SP 800-38D and CMVP Annex A) |
XTS-AES (SP 800-38E) KW / KWP / TKW (SP 800-38F) |
For testing of ECB (Electronic Codebook), CBC (Cipher Block Chaining), OFB (Output Feedback), CFB (Cipher Feedback) and CTR (Counter) modes from SP 800-38A, see the CAVP block ciphers page.
Algorithm Validation Testing Requirements
CMAC: Block Cipher-based Message Authentication Code
The CMAC Validation System (CMACVS) specifies validation testing requirements for the CMAC mode in SP 800-38B.
Testing Notes
- Prerequisites for CMAC testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.
-
As of 1-1-2016, TDES KO2 encrypt is no longer compliant. TDES KO2 decrypt is allowed for legacy use only. (See SP800-131A Revision 1.)
CCM: Counter with Cipher Block Chaining Message Authentication Code
The CCM Validation System (CCMVS) specifies validation testing requirements for the CCM mode in SP 800-38C.
Testing Notes
- Prerequisites for CCM testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.
-
As of 1-1-2016, TDES KO2 encrypt is no longer compliant. TDES KO2 decrypt is allowed for legacy use only. (See SP800-131A Revision 1.)
GCM, GMAC, XPN: Galois/Counter Mode, GCM Message Authentication Code, and GCM-AES-XPN mode
The GCM, GMAC and XPN Validation System (GCMVS) specifies validation testing requirements for the GCM and GMAC modes in SP 800-38D and GCM-AES-XPN mode from IEEE Std 802.1AEbw-2013 (See CMVP Annex A).
Testing Notes
-
Prerequisites for GCM, GMAC, and XPN testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.
XTS-AES
The XTS-AES Validation System (XTSVS) specifies validation testing requirements for the XTS-AES mode in SP 800-38E.
Testing Notes
- Prerequisites for XTS-AES testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.
KW, KWP and TKW: Key Wrapping and Authenticated Encryption and Decryption
The Key Wrap Validation System (KWVS) specifies validation testing requirements for the AES Key Wrap (KW), AES Key Wrap with Padding (KWP) and Triple DEA Key Wrap (TKW) modes in SP 800-38F.
Testing Notes
- Prerequisites for KW, KWP, and TKW testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.
Validation Lists
Block cipher mode implementations validated by NIST are found in the AES and Triple DES validation lists as follows:
- AES Validation List (CMAC; CCM*; GCM / GMAC / XPN; XTS-AES; KW; KWP)
- Triple DES Validation List (CMAC; TKW)
* A separate CCM Validation List, available for historical purposes, is no longer maintained. Its information is duplicated in the AES Validation List.
Test Vectors
Use of these test vectors does not replace validation obtained through the CAVP.
The test vectors linked below can be used to informally verify the correctness of the block cipher modes listed above.
|
CMAC Test Vectors (SP 800-38B) CCM Test Vectors (SP 800-38C) GCM Test Vectors (SP 800-38D) XPN Test Vectors (IEEE Std 802.1AEbw-2013 (See CMVP Annex A)) |
XTS-AES Test Vectors (SP 800-38E) Key Wrap Test Vectors (SP 800-38F) |