Standards and Guidelines Tested Under the CAVP
The Computer Security Division at NIST maintains a number of cryptographic standards, and coordinates algorithm validation test suites for many of those standards. The Cryptographic Algorithm Validation Program (CAVP) currently has algorithm validation testing for the following cryptographic algorithms:
- Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard (AES)
FIPS 197 specifies the AES algorithm.
- FIPS 46-3 and FIPS 81, Data Encryption Standard (DES) and DES Modes of Operation
FIPS 46-3 specifies the DES and Triple DES algorithms.
- FIPS 185, Escrowed Encryption Standard (EES)
Which specifies the Skipjack algorithm.
Back to Top
Additional Modes of Operation for Symmetric Algorithms:
- NIST Special Publication (SP) 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Block-Oriented Storage Devices
This SP specifies the XTS_AES mode of operation algorithm. This document approves the XTS-AES mode of the AES algorithm by reference to IEEE Std 1619-2007, subject to one additional requirement, as an option for
protecting the confidentiality of data on block-oriented storage devices. The mode does not provide authentication of the data or its source.
- FIPS 186-2 with Change
Notice 1 (October 5, 2001), Digital Signature Standard (DSS)
Which specifies the DSA, RSA, and ECDSA algorithms.
186-4 (July 19, 2013), Digital Signature Standard (DSS)
All of the changes between FIPS 186-3 and FIPS186-4 had already been incorporated into the CAVP testing tool; the testing of FIPS186-3 implementations is identical to the testing of FIPS 186-4 implementations. There is no need for a transition period in which both FIPS 186-3 and FIPS 186-4 validation would be performed. Previous CAVP validations for FIPS 186-3 will be considered as equivalent to those for FIPS 186-4. Vendors should start using FIPS 186-4 immediately.
Back to Top
180-4 (March 2012), Secure Hash Standard (SHS)
Specifying SHA-1, SHA 224, SHA 256, SHA 384, SHA 512, SHA512/224, and SHA512/256 algorithms.
Random Number Generator Algorithms:
Back to Top
Deterministic Random Bit Generator (DRBG) Algorithms:
- NIST SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators
Specifies four mechanisms mechanisms for the generation of random bits using deterministic methods
There are four mechanisms discussed in this SP. These mechanisms are based on either hash
functions (Hash_DRBG, HMAC_DRBG), block cipher algorithms using Counter mode (CTR_DRBG) or number theoretic (Dual EC_DRBG) problems.
Message Authentication Algorithms:
- NIST SP 800-38B (May 2005), Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
CMAC can be considered a mode of operation of the block cipher because it is based on an approved symmetric key block cipher, such as the Advanced Encryption Standard (AES) algorithm currently specified in FIPS 197. CMAC is also an approved mode of the Triple Data Encryption Algorithm (TDEA).
- SP 800-38C (May 2004), Counter with Cipher Block Chaining - Message Authentication Code (CCM)
CCM is based on an approved symmetric key block cipher algorithm whose block size is 128 bits, such as the Advanced Encryption Standard (AES) algorithm currently specified in FIPS 197 ; thus, CCM cannot be used with the Triple Data Encryption Algorithm , whose block size is 64 bits. Currently the only NIST-Approved 128 bit symmetric key algorithm is AES.
- SP 800-38D (November 2007), Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
GCM is based on an approved symmetric key block cipher algorithm whose block size is 128 bits, such as the Advanced Encryption Standard (AES) algorithm currently specified in FIPS 197 ; thus, GCM cannot be used with the Triple Data Encryption Algorithm , whose block size is 64 bits. Currently the only NIST-Approved 128 bit symmetric key algorithm is AES.
- SP 800-38F (December 2012), Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping describes cryptographic methods that are approved for “key wrapping,” i.e., the protection of the confidentiality and integrity of cryptographic keys. In addition to describing existing methods, this publication specifies two new, deterministic authenticated-encryption modes of operation of the Advanced Encryption Standard (AES) algorithm: the AES Key Wrap (KW) mode and the AES Key Wrap With Padding (KWP) mode. An analogous mode with the Triple Data Encryption Algorithm (TDEA) as the underlying block cipher, called TKW, is also specified, to support legacy applications.
- FIPS 198 (March 6, 2002), Keyed-Hash Message Authentication Code (HMAC)
FIPS 198 specifies the HMAC algorithm.
Back to Top
Key Schemes -
- NIST SP 800-56A (Revised March 2007), Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
This SP specifies key establishment schemes based on standards developed by the Accredited Standards Committee (ASC) X9, Inc.: ANS X9.42 (Agreement of Symmetric Keys Using Discrete Logarithm Cryptography) and ANS X9.63 (Key Agreement and Key Transport Using Elliptic Curve Cryptography).
Key Derivation Functions (KDF) -
- NIST SP 800-108 (Revised October 2009), Recommendation for Key Derivation Using Pseudorandom Functions
This Recommendation specifies techniques for the derivation of additional keying material from a secret key, either established through a key establishment scheme or shared through some other manner, using pseudorandom functions.
- NIST SP 800-135 Revision 1 (December 2011), Recommendation for Existing Application-Specific Key Derivation Functions
Cryptographic keys are vital to the security of internet security applications and protocols. Many widely-used internet security protocols have their own application-specific Key Derivation Functions (KDFs) that are used to generate the cryptographic keys required for their cryptographic functions. This Recommendation provides security requirements for those KDFs.
Retired Validation Testing:
Two other cryptographic standards (MAC; ANSI X9.17 Key Management) no longer have active validation testing, but the standards remain in effect. Cryptographic module (FIPS 140-1 and FIPS 140-2) validation testing by the CMT laboratories may include testing for conformance to FIPS 113 and 171, as appropriate:
- FIPS 113, Computer Data Authentication
Which specifies the generation of a Message Authentication Code (MAC), from ANSI X9.9, and
- FIPS 171, Key Management Using ANSI X9.17 (withdrawn February 08, 2005
Back to Top