Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Algorithm Validation Program CAVP

2016 Announcements

[07-06-16]--Updated Triple DES sample files to remove encrypytion with keying option 2 and to correct the values for OFB-I Monte Carlo.

[07-06-16]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS20.2). The following modifications have been made:

  1. Corrected bug in TDES OFB-I Monte Carlo test.
  2. KAS ECC values were reported for keys shorter than expected. Corrected.
  3. KAS FFC Header [HMAC SHAs supported was missing ending]. Corrected.
  4. KAS ECC Header when EE parameter set selected [SHA(s) supported (Used in the KDF function): was missing ending ]. Corrected.

The transition period ends October 6, 2016. This means CAVS20.1 can be use up until October 6, 2016. After that, CAVS20.2 must be used.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, SHA, HMAC, CCM, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D (including GMAC and XPN), FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component, the RSADP component, the SP 800-38F Key Wrapping and/or SHA-3 or SHAKE, the CST lab must use the CAVS20.2 to validate the IUT.
  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 20.2 to create files and has already sent the sample and request files to the vendor, NIST will accept validations of acceptable algorithms using this tool up through October 6, 2016.
  3. If there are any validation requests where a lab has used a version of CAVSthat has not expired to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 20.2.

The CAVP will also review special conditions on a case-by-case basis.

[06-16-16]--Updated GCMVS document to include testing for XPN.

[06-16-16]--Updated XPN test vectors.

[06-15-16]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS20.1). The following modifications have been made:

  1. Modified testing for GCM-AES-XPN. The categorization of the salt has been modified. Salt will be treated like the IV are salts generated internally or not.
  2. KASECC extraneous byte of zeros on front of P curve sizes < 521. This has been removed. (Was causing error in the validity test.)
  3. HMAC summary file was reporting fail when everything passes. This has been corrected
  4. TDES encrypt only was including KO2 test files. Since KO2 allowed for decrypt only, if encrypt only tested, shouldn't have KO2 files. This has been corrected.
  5. Corrected minor errors

The transition period ends September 15, 2016. This means CAVS20.0 can be use up until September 15, 2016. After that, CAVS20.1 must be used.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, SHA, HMAC, CCM, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D (including GMAC and XPN), FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component, the RSADP component, the SP 800-38F Key Wrapping and/or SHA-3 or SHAKE, the CST lab must use the CAVS20.1 to validate the IUT.

  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 20.1 to create files and has already sent the sample and request files to the vendor, NIST will accept validations of acceptable algorithms using this tool up through September 15, 2016.

  3. If there are any validation requests where a lab has used a version of CAVS that has not expired to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 20.1.

The CAVP will also review special conditions on a case-by-case basis.

[05-06-16]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS20.0). The following modifications have been made:

  1. Added GCM-AES-XPN testing
  2. Added SHA-3 to HMAC

The transition period ends August 6, 2016. This means CAVS19.4 can be use up until August 6, 2016. After that, CAVS20.0 must be used.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, SHA, HMAC, CCM, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D (including GMAC and XPN), FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component, the RSADP component, the SP 800-38F Key Wrapping and/or SHA-3 or SHAKE, the CST lab must use the CAVS20.0 to validate the IUT.

  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 20.0 to create files and has already sent the sample and request files to the vendor, NIST will accept validations of acceptable algorithms using this tool up through August 6, 2016.

  3. If there are any validation requests where a lab has used a version of CAVS that has not expired to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 20.0.

The CAVP will also review special conditions on a case-by-case basis.

[04-12-16] -- Updated Components webpage to indicate that the RSASP1 component test for PKCS1.5 and PKCS PSS is identical. This was modified in January 2014, updated in the RSASP1VS document but not updated on the webpage.

[03-24-16] -- New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS19.4). The following modifications have been made:

  1. Bug in KAS resulting in tool crash fixed.

The transition period ends June 24, 2016.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, SHA, HMAC, CCM, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component, the RSADP component, the SP 800-38F Key Wrapping and/or SHA-3 or SHAKE, the CST lab must use the CAVS19.4 to validate the IUT.
  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 19.4 to create files and has already sent the sample and request files to the vendor, NIST will accept validations of acceptable algorithms using this tool up through June 24, 2016.
  3. For any algorithm validation request where a lab had tried to generate KAS values and couldn't (because program would crash) with CAVS 19.3, please generate test files with CAVS 19.4. If other algorithms were be tested for this IUT and test files have been created for those other algorithms with CAVS 19.3, regardless of if they had already been sent to the vendor or not, NIST will accept validations of these other algorithms using this tool up through June 24, 2016. In summary, you can use values generated for CAVS 19.3 for all algorithms except KAS. For KAS implementations, please use CAVS19.4.
  4. If there are any validation requests where a lab has used a version of CAVS that has not expired to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 19.4.

The CAVP will also review special conditions on a case-by-case basis.

[03-18-16]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS19.3). The following modifications have been made:

  1. Changes to generation of ECC keys to handle short keys for ECC correctly.
  2. Remove check box for don't post. This isn't allowed.
  3. In RSA SigGenSig files, one of the header lines was missing a #. This has been added. It didn't affect the testing. Only affected applications that expected all header lines to have #.

The transition period ends June 18, 2016.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, SHA, HMAC, CCM, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component, the RSADP component, the SP 800-38F Key Wrapping and/or SHA-3 or SHAKE, the CST lab must use the CAVS19.3 to validate the IUT.
  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 19.3 to create files and has already sent the sample and request files to the vendor, NIST will accept validations of acceptable algorithms using this tool up through June 18, 2016.
  3. If there are any validation requests where a lab has used a version of CAVS that has not expired to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 19.3.

The CAVP will also review special conditions on a case-by-case basis.

[03-04-16]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS19.2). The following modifications have been made:

  1. Fixed a bug in the SHA-3 verify when null value not supported. This has been corrected.

The transition period ends June 4, 2016.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, SHA, HMAC, CCM, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component, the RSADP component, the SP 800-38F Key Wrapping and/or SHA-3 or SHAKE, the CST lab must use the CAVS19.2 to validate the IUT.
  2. For any SHA-3 algorithm validation request (includes SHA-3 and SHAKE algorithms) where a lab has used CAVS19.0 or CAVS19.1 to create files, use CAVS19.2 to verify the results.
  3. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 19.1 to create files and has already sent the sample and request files to the vendor, NIST will accept validations of acceptable algorithms using this tool up through June 4, 2016 with the exception of SHA-3 testing. (See 2 above.)
  4. If there are any validation requests where a lab has used a version of CAVS that has not expired to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 19.2.

The CAVP will also review special conditions on a case-by-case basis.

[02-23-16]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS19.1). The following modifications have been made:

  1. Fixed a bug in the SHAKE3 Variable Output Test Verification Function. It was calculating the last tested length incorrectly and therefore was unable to check its correctness. This has been corrected.

The transition period ends May 23, 2016.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, SHA, HMAC, CCM, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component, the RSADP component, the SP 800-38F Key Wrapping and/or SHA-3 or SHAKE, the CST lab must use the CAVS19.1 to validate the IUT.
  2. For any SHA-3 algorithm validation request (includes SHA-3 and SHAKE algorithms) where a lab has used CAVS19.0 to create files, use CAVS19.1 to verify the results.
  3. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 19.0 to create files and has already sent the sample and request files to the vendor, NIST will accept validations of acceptable algorithms using this tool up through May 23, 2016 with the exception of SHA-3 testing. (See 2 above.)
  4. If there are any validation requests where a lab has used a version of CAVS that has not expired to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 19.1.

The CAVP will also review special conditions on a case-by-case basis.

[02-19-16]--CAVP Guidance on Adding Unique Identifier To Nfile Email

[02-17-16]--CAVP and CMVP Guidance on Enforcing Algorithm Testing Information

[01-29-16]--New release of the CAVS algorithm validation testing tool to the CST Laboratories (CAVS19.0). The following modifications have been made:

  1. Added validation testing for SHA-3 and SHAKE algorithms as specified in FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions dated August 2015.
  2. CMAC Verify Add 2-Key TDES back. It was removed by accident.
  3. DSA2 Note regarding Sig Ver and checkbox for PQG Ver appears on all tabs. Have them only appear in their respective screens.
  4. SP800-108KDF Remove RNG standards listed under Indicate SPs used to generate K.
  5. CMAC Block size (Full and/or Partial) of messages is determined by all six values entered for each key size. All six values weren’t considered previously.

The transition period ends April 29, 2016.

As has been the policy in the past:

  1. EFFECTIVE IMMEDIATELY on any new validation requests for implementations of TDES, AES, SHA, HMAC, CCM, CMAC, DRBG 800-90A, Key Agreement Scheme (KAS) FFC, KAS ECC, GCM 800-38D, FIPS186-4 DSA, FIPS186-4 ECDSA, FIPS186-4 RSA, XTS, the ECC DLC Primitive Component, SP800-108 KDF, the KDFs in SP800-135, RSA Signature Generation Component testing for PKCS1.5 and/or PKCS PSS, the ECDSA2 Signature Generation Component, the RSADP component, the SP 800-38F Key Wrapping and/or SHA-3 or SHAKE, the CST lab must use the CAVS19.0 to validate the IUT.
  2. For any algorithm validation request where a lab has used a version of CAVS prior to CAVS 19.0 to create files and has already sent the sample and request files to the vendor, NIST will accept validations of acceptable algorithms using this tool up through April 29, 2016.
  3. If there are any validation requests where a lab has used a version of CAVS that has not expired to create files and has not yet sent the appropriate files to the vendor, please regenerate everything using CAVS 19.0.

The CAVP will also review special conditions on a case-by-case basis.

[01-04-16]--Updated webpages to reflect 2016 Transitions (see SP800-131A Revision 1).

[01-04-16]--Updated CAVP FAQ.

 

Created October 05, 2016, Updated March 16, 2023