ACVP
The Automated Cryptographic Validation Protocol (ACVP) is a protocol to support a new National Voluntary Laboratory Accreditation Program (NVLAP) testing scope at the National Institute of Standards and Technology (NIST). The new testing scope, 17ACVT, is available, and defined in NIST Handbook 150-17. All current information about ACVP protocol may be found within the Github project at https://github.com/usnistgov/ACVP. View the protocol documents at https://pages.nist.gov/ACVP/. For issues regarding the actual ACVP Server implementation, as well as pre-release (demo) and release notes (prod), see the ACVP-Server repository:
Jump to
- ACVP
- Background
- How to use Metanorma
- Objective
- Project Goals
- Status
- Supported Algorithms
- Accessing the Demo Server
- Contribution Guidelines
- Related Projects
- Licensing Terms
Background
The rapid development of cryptographic technology over the last two decades and its adoption in many different technology domains has resulted in a sharp increase in the number and complexity of approved algorithms. The volume of cryptographic algorithm validations has outstripped the available human resources available to test, report, and validate results. The plethora of different algorithms has created a dire need for consistent requesting and reporting of test data and results. We also live in times of unprecedented levels of threats and exploits that require frequent product updates to fix defects and remove security vulnerabilities, which in turn requires much faster turnaround of validation updates than what the existing validation model allows. See the NIST Automated Cryptographic Validation Testing project for broader context and information.
Requirements documents for the existing Cryptographic Algorithm Validation Program (CAVP) and the 17CAV scope can be found on the NVLAP Requirements page. The requirements documents for the 17ACVT scope can be found on the same page.
General information about the CAVP can be found on https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program with the CAVP management manual found at https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/CAVPMM.pdf and the FAQ at https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/CAVPFAQ.pdf.
How to use Metanorma
Using Metanorma is not required to view the documents in the GitHub repository. When changes occur, documents will automatically be built and deployed to https://pages.nist.gov/ACVP.
Metanorma is a library for writing standards. It can compile .adoc
files into multiple common standards formats including the IETF's RFC format.
Use the instructions here to set up Metanorma: https://www.metanorma.org/install/
To compile an individual file, to make sure your gem versions are up to date run
gem install metanorma-cli
From there run
metanorma compile -t ietf -x html file.adoc
You can switch between -x html
and -x txt
for different RFC output formats.
If you make changes to a file that's referenced by a top level spec, run metanorma on the referenced file prior to running it on the top level file. E.g.,
metanorma compile -t ietf -x html symmetric/sections/04-testtypes.adoc
metanorma compile -t ietf -x html draft-celi-acvp-symmetric.adoc
Or you can use the Makefile
which is available.
To build all documents, html and txt
make all
To build a specific file
make specific-file.html
To remove all xml, txt, html, err produces files,
make clean
Objective
The objective of this project is to define a protocol allowing independent implementation by all vendors participating in the NIST cryptographic validation programs (CAVP and CMVP) for accelerated test data generation and requisition, reporting of test results, and validation of NIST-approved cryptographic algorithms (see FIPS140-2 Annex A, Annex C and Annex D). For FIPS140-3, the NIST-approved cryptographic algorithms are defined in the SP800-140 Document Series.
Project Goals
The development of an Automated Cryptographic Validation Protocol (ACVP) that enables the generation and validation of standardized algorithm test evidence to facilitate the modernization of CAVP and CMVP.
Status
The demo server (demo.acvts.nist.gov) supports ACVP version 1.0. All endpoints defined in the protocol specification are available. Some additional endpoints defined in https://www.github.com/usnistgov/ACVP-Server are also available but not considered part of this protocol.
The prod server (acvts.nist.gov) also supports ACVP version 1.0, with the same endpoints defined.
Supported Algorithms
Block Cipher Modes
- AES-CBC - HTML
- AES-CFB1 - HTML
- AES-CFB8 - HTML
- AES-CFB128 - HTML
- AES-CTR - HTML
- AES-ECB - HTML
- AES-GCM - HTML
- AES-GCM-SIV - HTML - DEMO only
- AES-KW - HTML
- AES-KWP - HTML
- AES-OFB - HTML
- AES-XPN - HTML
- AES-XTS 1.0 - HTML - no longer supported by ACVTS
- AES-XTS 2.0 - HTML
- AES-FF1 - HTML
- AES-FF3-1 - HTML - DEMO only
- TDES-CBC - HTML
- TDES-CBCI - HTML
- TDES-CFB1 - HTML
- TDES-CFB8 - HTML
- TDES-CFB64 - HTML
- TDES-CFBP1 - HTML
- TDES-CFBP8 - HTML
- TDES-CFBP64 - HTML
- TDES-CTR - HTML
- TDES-ECB - HTML
- TDES-KW - HTML
- TDES-OFB - HTML
- TDES-OFBI - HTML
Secure Hash
- SHA-1 - HTML
- SHA-224 - HTML
- SHA-256 - HTML
- SHA-384 - HTML
- SHA-512 - HTML
- SHA-512/224 - HTML
- SHA-512/256 - HTML
- SHA3-224 1.0 - HTML - no longer supported by ACVTS
- SHA3-256 1.0 - HTML - no longer supported by ACVTS
- SHA3-384 1.0 - HTML - no longer supported by ACVTS
- SHA3-512 1.0 - HTML - no longer supported by ACVTS
- SHA3-224 2.0 - HTML
- SHA3-256 2.0 - HTML
- SHA3-384 2.0 - HTML
- SHA3-512 2.0 - HTML
XOFs
- SHAKE-128 - HTML
- SHAKE-256 - HTML
- cSHAKE-128 - HTML
- cSHAKE-256 - HTML
- KMAC-128 - HTML
- KMAC-256 - HTML
- ParallelHash-128 - HTML
- ParallelHash-256 - HTML
- TupleHash-128 - HTML
- TupleHash-256 - HTML
Message Authentication
- AES-CCM - HTML
- AES-GMAC - HTML
- CMAC-AES - HTML
- CMAC-TDES - HTML
- HMAC-SHA-1 - HTML
- HMAC-SHA2-224 - HTML
- HMAC-SHA2-256 - HTML
- HMAC-SHA2-384 - HTML
- HMAC-SHA2-512 - HTML
- HMAC-SHA2-512/224 - HTML
- HMAC-SHA2-512/256 - HTML
- HMAC-SHA3-224 - HTML
- HMAC-SHA3-256 - HTML
- HMAC-SHA3-384 - HTML
- HMAC-SHA3-512 - HTML
DRBGs
- ctrDRBG-AES-128 - HTML
- ctrDRBG-AES-192 - HTML
- ctrDRBG-AES-256 - HTML
- ctrDRBG-TDES - HTML
- HASH DRBG - HTML
- HMAC DRBG - HTML
Digital Signature
- RSA mode: keyGen - HTML
- RSA mode: sigGen - HTML
- RSA mode: sigVer - HTML
- RSA mode: signaturePrimitive 1.0 (Component) - HTML
- RSA mode: signaturePrimitive 2.0 (Component) - HTML
- RSA mode: decryptionPrimitive 1.0 (Component) - HTML
- RSA mode: decryptionPrimitive Sp800-56Br2 (Component) - HTML
- RSA mode: legacySigVer - HTML
- ECDSA mode: sigGen Component - HTML
- ECDSA mode: keyGen - HTML
- ECDSA mode: keyVer - HTML
- ECDSA mode: sigGen - HTML
- Deterministic ECDSA mode: sigGen - HTML
- ECDSA mode: sigVer - HTML
- DSA mode: keyGen - HTML
- DSA mode: sigVer - HTML
- DSA mode: sigGen - HTML
- DSA mode: pqgGen - HTML
- DSA mode: pqgVer - HTML
- EDDSA mode: keyGen - HTML
- EDDSA mode: keyVer - HTML
- EDDSA mode: sigGen - HTML
- EDDSA mode: sigVer - HTML
SP 800-56 Series Algorithms
Full KAS and KTS IFC Testing
Tests against shared secret computation (SSC), key derivation functions (KDF) or key derivation algorithms (KDA), and optionally key confirmation (KC). Test vectors issued under this set of tests (with the exception of 1.0 component based tests) are considered "full KAS" testing.
- KAS ECC ephemeralUnified - HTML
- KAS ECC fullMqv - HTML
- KAS ECC fullUnified - HTML
- KAS ECC onePassDh - HTML
- KAS ECC onePassMqv - HTML
- KAS ECC OnePassUnified - HTML
- KAS ECC staticUnified - HTML
- KAS FFC dhHybrid1 - HTML
- KAS FFC mqv2 - HTML
- KAS FFC dhEphem - HTML
- KAS FFC dhHybridOneFlow - HTML
- KAS FFC mqv1 - HTML
- KAS FFC dhOneFlow - HTML
- KAS FFC dhStatic - HTML
- KAS ECC ephemeralUnified Sp800-56Ar3 - HTML
- KAS ECC fullMqv Sp800-56Ar3 - HTML
- KAS ECC fullUnified Sp800-56Ar3 - HTML
- KAS ECC onePassDh Sp800-56Ar3 - HTML
- KAS ECC onePassMqv Sp800-56Ar3 - HTML
- KAS ECC OnePassUnified Sp800-56Ar3 - HTML
- KAS ECC staticUnified Sp800-56Ar3 - HTML
- KAS ECC CDH-Component Sp800-56Ar3 - HTML
- KAS FFC dhHybrid1 Sp800-56Ar3 - HTML
- KAS FFC mqv2 Sp800-56Ar3 - HTML
- KAS FFC dhEphem Sp800-56Ar3 - HTML
- KAS FFC dhHybridOneFlow Sp800-56Ar3 - HTML
- KAS FFC mqv1 Sp800-56Ar3 - HTML
- KAS FFC dhOneFlow Sp800-56Ar3 - HTML
- KAS FFC dhStatic Sp800-56Ar3 - HTML
- KAS IFC KAS1-basic - HTML
- KAS IFC KAS1-Party_V-confirmation - HTML
- KAS IFC KAS2-basic - HTML
- KAS IFC KAS2-bilateral-confirmation - HTML
- KAS IFC KAS2-Party_U-confirmation - HTML
- KAS IFC KAS2-Party_V-confirmation - HTML
- KTS IFC KTS-OAEP-basic - HTML
- KTS IFC KTS-OAEP-Party_V-confirmation - HTML
KAS SSC Testing
Standalone KAS SSC testing from SP800-56A/B. Can be used in conjunction with KDF/KDA testing and optionally key confirmation testing (as opposed to "full KAS" testing) to be considered a valid KAS implementation.
- KAS ECC ephemeralUnified - HTML
- KAS ECC fullMqv - HTML
- KAS ECC fullUnified - HTML
- KAS ECC onePassDh - HTML
- KAS ECC onePassMqv - HTML
- KAS ECC OnePassUnified - HTML
- KAS ECC staticUnified - HTML
- KAS ECC CDH-Component - HTML
- KAS FFC dhHybrid1 - HTML
- KAS FFC mqv2 - HTML
- KAS FFC dhEphem - HTML
- KAS FFC dhHybridOneFlow - HTML
- KAS FFC mqv1 - HTML
- KAS FFC dhOneFlow - HTML
- KAS FFC dhStatic - HTML
- KAS ECC SSC ephemeralUnified Sp800-56Ar3 - HTML
- KAS ECC SSC fullMqv Sp800-56Ar3 - HTML
- KAS ECC SSC fullUnified Sp800-56Ar3 - HTML
- KAS ECC SSC onePassDh Sp800-56Ar3 - HTML
- KAS ECC SSC onePassMqv Sp800-56Ar3 - HTML
- KAS ECC SSC OnePassUnified Sp800-56Ar3 - HTML
- KAS ECC SSC staticUnified Sp800-56Ar3 - HTML
- KAS FFC SSC dhHybrid1 Sp800-56Ar3 - HTML
- KAS FFC SSC mqv2 Sp800-56Ar3 - HTML
- KAS FFC SSC dhEphem Sp800-56Ar3 - HTML
- KAS FFC SSC dhHybridOneFlow Sp800-56Ar3 - HTML
- KAS FFC SSC mqv1 Sp800-56Ar3 - HTML
- KAS FFC SSC dhOneFlow Sp800-56Ar3 - HTML
- KAS FFC SSC dhStatic Sp800-56Ar3 - HTML
- KAS IFC SSC KAS1 Sp800-56Br2 - HTML
- KAS IFC SSC KAS2 Sp800-56Br2 - HTML
KDA Testing SP800-56Cr1/r2
Standalone KDA testing from SP800-56Cr1 or SP800-56Cr2. Can be used in conjunction with SSC testing and optionally key confirmation testing (as opposed to "full KAS" testing) to be considered a valid KAS implementation.
- KDA HKDF Sp800-56Cr1 - HTML
- KDA OneStep Sp800-56Cr1 - HTML
- KDA TwoStep Sp800-56Cr1 - HTML
- KDA HKDF Sp800-56Cr2 - HTML
- KDA OneStep Sp800-56Cr2 - HTML
- KDA OneStepNoCounter Sp800-56Cr2 - HTML
- KDA TwoStep Sp800-56Cr2 - HTML
KAS KC Testing SP800-56
Standalone KAS Key Confirmation testing from SP800-56Ar3 and/or SP800-56Br2. Can be as a KC primitive validation as a part of a KAS validation.
KDFs
- Counter KDF - HTML
- Feedback KDF - HTML
- Double Pipeline Iterator KDF - HTML
- KMAC KDF - HTML
- IKEv1 (Component) - HTML
- IKEv2 (Component) - HTML
- SNMP (Component) - HTML
- SRTP (Component) - HTML
- SSH (Component) - HTML
- TLS v1.0/v1.1 (Component) - HTML
- TLS v1.2 (Component) - HTML
- TLS v1.3 (Component) - HTML
- TPM (Component) - HTML
- ANSX9.63 (Component) - HTML
- ANSX9.42 (Component) - HTML
- PBKDF - HTML
Safe Primes
Conditioning Components
- ConditioningComponent AES-CBC-MAC - HTML
- ConditioningComponent BlockCipher_DF - HTML
- ConditioningComponent Hash_DF - HTML
Stateful Hash-Based Signatures
- LMS keyGen - HTML
- LMS sigGen - HTML
- LMS sigVer - HTML
Stateless Hash-Based Signatures
Module-Lattice Algorithms
- ML-DSA keyGen - HTML
- ML-DSA sigGen - HTML
- ML-DSA sigVer - HTML
- ML-KEM keyGen - HTML
- ML-KEM encapsulation and decapsulation - HTML
See the algorithm endpoint to learn which algorithms are available on a given ACVP server.
Accessing the Demo Server
To access the demo server one needs a TLS credential and a one-time password (OTP). The protocol specification and other development information are available in this repository. You may want to use the companion ACVP client to jump-start your work.
To set expectations, since this is a demo system, it will be in a state of flux and any all data on the system is considered temporary and may be reset to accommodate development of the Automated Cryptographic Validation Protocol (ACVP) service. We will try to keep the demo service relatively stable, but we plan to update it as we continue to add new algorithms and capabilities.
To access the prod server, first you must demonstrate compentency on the demo server. Then follow the instructions available at https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/how-to-access-acvts.
Obtaining TLS credentials
To access the demo environment you will need to send your CSR to us. Please use a 2048-bit RSA key pair and sign using at least a SHA-256 hash. Please send a request to acvts-demo@nist.gov with 'CSR REQUEST FOR ACCESS TO DEMO' in the subject line. You will receive instructions for how to upload your CSR.
You are expected to protect the key pair from unauthorized use and to notify NIST in the event the keypair becomes compromised. Also, since we do not have a formal login page the following notice applies when accessing the ACVP system:
***WARNING***WARNING***WARNING You are accessing a U.S. Government information system, which includes: 1) this computer, 2) this computer network, 3) all computers connected to this network, and 4) all devices and storage media attached to this network or to a computer on this network. You understand and consent to the following: you may access this information system for authorized use only; you have no reasonable expectation of privacy regarding any communication of data transiting or stored on this information system; at any time and for any lawful Government purpose, the Government may monitor, intercept, and search and seize any communication or data transiting or stored on this information system; and any communications or data transiting or stored on this information system may be disclosed or used for any lawful Government purpose. ***WARNING***WARNING***WARNING
Configuring and using One-Time-Passwords (OTP)
TOTP has been configured on all servers. See details on the GitHub Wiki here.
Renewing TLS credentials
Credentials are valid for a period of two years and will then expire. To renew your credentials, please send an email to acvts-demo@nist.gov with the subject 'ACVTS DEMO CREDENTIAL RENEWAL REQUEST' in the subject line. You will receive further instructions via email regarding the renewal process.
Contribution Guidelines
If you want to contribute, please follow the simple rules below and send us pull requests.
- See Metanorma for installation instructions
- Documents are templated out and organized into folders, find and edit the appropriate document and build the HTML or TXT file to ensure the changes are correct
- Create a Pull Request with the updated ADOC files. GitHub Actions will verify the files can compile.
- Once approved by a NIST member, GitHub Actions will rebuild the
nist-pages
branch to be reflected on https://pages.nist.gov/ACVP
If you would like to talk to our developers, you may want to send email to our mailing list cavp (at) nist.gov. You may also report bugs or request new tests.
Related Projects
- ACVP Server (Release/Issue tracking for NIST's implementation of the ACVP protocol)
- Automated Cryptographic Validation Testing
- Cisco libacvp
- Google Project Wycheproof
- HACL*, a formally verified cryptographic library written in F*
- Automated Module Validation Protocol
- ACVP Proxy
- ACVP Parser
Licensing Terms
This data was developed by employees of the National Institute of Standards and Technology (NIST), an agency of the Federal Government, in collaboration with third-party contributors. Pursuant to title 17 United States Code Section 105, works of NIST employees are not subject to copyright protection in the United States and are considered to be in the public domain. The data is provided by NIST as a public service and is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST does not warrant or make any representations regarding the use of the data or the results thereof, including but not limited to the correctness, accuracy, reliability or usefulness of the data. NIST SHALL NOT BE LIABLE AND YOU HEREBY RELEASE NIST FROM LIABILITY FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, OR INCIDENTAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, AND THE LIKE), WHETHER ARISING IN TORT, CONTRACT, OR OTHERWISE, ARISING FROM OR RELATING TO THE DATA (OR THE USE OF OR INABILITY TO USE THIS DATA), EVEN IF NIST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
To the extent that NIST may hold copyright in countries other than the United States, you are hereby granted the non-exclusive irrevocable and unconditional right to print, publish, prepare derivative works and distribute the NIST data, in any medium, or authorize others to do so on your behalf, on a royalty-free basis throughout the world.
You may improve, modify, and create derivative works of the data or any portion of the data, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the data and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the data: Data citation recommendations are provided below. Permission to use this data is contingent upon your acceptance of the terms of this agreement and upon your providing appropriate acknowledgments of NIST's creation of the data.
Citation Format
Author/editor (Publication Year), Title, Publisher, Persistent Identifier (PID) or URL (Access date).