Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Algorithm Validation Program CAVP

Algorithm Prerequisite Testing

More complex cryptographic functions use other cryptographic primitives as building blocks to securely perform the desired operations. The Automated Cryptographic Validation Test System (ACVTS) testing of higher level cryptographic functions focuses on the algorithm itself and not the other algorithms that may also be used. This means it is required that prerequisite algorithms are tested separately in order to receive a cryptographic algorithm validation. The following tables outline the prerequisite requirements for ACVTS.

 

Symmetric Key

Algorithm

Mode

Revision

Prerequisites

​ACVP-AES-CBC

 

1.0

 

ACVP-AES-CBC-CS1

 

1.0

 

ACVP-AES-CBC-CS2

 

1.0

 

ACVP-AES-CBC-CS3

 

1.0

 

​ACVP-AES-CCM

 

1.0

Any AES mode using the forward cipher function

​ACVP-AES-CFB1

 

1.0

 

​ACVP-AES-CFB128

 

1.0

 

​ACVP-AES-CFB8

 

1.0

 

​ACVP-AES-CTR

 

1.0

 

​ACVP-AES-ECB

 

1.0

 

ACVP-AES-FF1

 

1.0

Any AES mode using the forward cipher function

ACVP-AES-GCM

 

1.0

Any AES mode using the forward cipher function

ACVP-AES-GMAC

 

1.0

Any AES mode using the forward cipher function

ACVP-AES-KW

 

1.0

Any AES mode using the forward cipher function and/or any AES mode using the inverse cipher function

ACVP-AES-KWP

 

1.0

Any AES mode using the forward cipher function and/or any AES mode using the inverse cipher function

​ACVP-AES-OFB

 

1.0

 

ACVP-AES-XPN

 

1.0

Any AES mode using the forward cipher function

ACVP-AES-XTS

 

2.0

Any AES mode using the forward cipher function and/or any AES mode using the inverse cipher function

​ACVP-TDES-CBC

 

1.0

 

​ACVP-TDES-CBCI

 

1.0

 

​ACVP-TDES-CFB1

 

1.0

 

​ACVP-TDES-CFB64

 

1.0

 

​ACVP-TDES-CFB8

 

1.0

 

​ACVP-TDES-CFBP1

 

1.0

 

​ACVP-TDES-CFBP64

 

1.0

 

​ACVP-TDES-CFBP8

 

1.0

 

​ACVP-TDES-CTR

 

1.0

 

​ACVP-TDES-ECB

 

1.0

 

​ACVP-TDES-KW

 

1.0

Any TDES mode using the forward cipher function and/or and TDES mode using the inverse cipher function

​ACVP-TDES-OFB

 

1.0

 

​ACVP-TDES-OFBI

 

1.0

 

Hash Functions

Algorithm

Mode

Revision

Prerequisites

​SHA-1

 

1.0

 

​SHA2-224

 

1.0

 

​SHA2-256

 

1.0

 

​SHA2-384

 

1.0

 

​SHA2-512

 

1.0

 

​SHA2-512/224

 

1.0

 

​SHA2-512/256

 

1.0

 

SHA3-224

 

2.0

 

SHA3-256

 

2.0

 

SHA3-384

 

2.0

 

SHA3-512

 

2.0

 

Message Authentication Codes (MACs)

Algorithm

Mode

Revision

Prerequisites

​CMAC-AES

 

1.0

AES-CBC preferred, otherwise any AES mode that utilizes the forward cipher function

​CMAC-TDES

 

1.0

TDES-CBC preferred, otherwise any TDES mode that utilizes the forward cipher function

​HMAC-SHA-1

 

1.0

SHA-1

​HMAC-SHA2-224

 

1.0

SHA2-224

​HMAC-SHA2-256

 

1.0

SHA2-256

​HMAC-SHA2-384

 

1.0

SHA2-384

​HMAC-SHA2-512

 

1.0

SHA2-512

​HMAC-SHA2-512/224

 

1.0

SHA2-512/224

​HMAC-SHA2-512/256

 

1.0

SHA2-512/256

​HMAC-SHA3-224

 

1.0

SHA3-224

​HMAC-SHA3-256

 

1.0

SHA3-256

​HMAC-SHA3-384

 

1.0

SHA3-384

​HMAC-SHA3-512

 

1.0

SHA3-512

Digital Signature Algorithms

Algorithm

Mode

Revision

Prerequisites

DetECDSA

sigGen

FIPS186-5

All hash functions and XOFs used for the signature; all hmacDRBGs and all HMACs used in the per-message secret number generation.

DSA

keyGen

1.0

 

DSA

pqgGen

1.0

All hash functions used.

DSA

pqgVer

1.0

All hash functions used.

DSA

sigVer

1.0

All hash functions used.

DSA

sigGen

1.0

All hash functions used.

​ECDSA

keyGen

1.0

 

​ECDSA

keyGen

FIPS186-5

 

​ECDSA

keyVer

1.0

 

​ECDSA

keyVer

FIPS186-5

 

​ECDSA

sigGen

1.0

All hash functions and XOFs used.

​ECDSA

sigGen

FIPS186-5

All hash functions and XOFs used.

​ECDSA

sigVer

1.0

All hash functions used.

​ECDSA

sigVer

FIPS186-5

All hash functions and XOFs used.

EDDSA

keyGen

1.0

SHA2-512 for the Ed25519 curve and SHAKE256 for the Ed448 curve

EDDSA

keyVer

1.0

 

EDDSA

sigGen

1.0

SHA2-512 for the Ed25519 curve and SHAKE256 for the Ed448 curve

EDDSA

sigVer

1.0

SHA2-512 for the Ed25519 curve and SHAKE256 for the Ed448 curve

RSA

decryptionPrimitive

1.0

 

RSA

decryptionPrimitive

Sp800-56Br2

 

RSA

keyGen

FIPS186-4

All hash functions used.

RSA

keyGen

FIPS186-5

All hash functions used.

RSA

sigGen

FIPS186-4

All hash functions used.

RSA

sigGen

FIPS186-5

All hash functions used for the signature; all XOFs used for PSS if used as a mask generation function

RSA

signaturePrimitive

1.0

 

RSA

signaturePrimitive

2.0

 

RSA

sigVer

FIPS186-2

All hash functions used.

RSA

sigVer

FIPS186-4

All hash functions used.

RSA

sigVer

FIPS186-5

All hash functions used for the signature; all XOFs used for PSS if used as a mask generation function

LMS

keyGen

1.0

All hash functions and XOFs used.

LMS

sigGen

1.0

All hash functions and XOFs used.

LMS

sigVer

1.0

All hash functions and XOFs used.

ML-DSA

keyGen

FIPS204

SHAKE128 and SHAKE256

ML-DSA

sigGen

FIPS204

SHAKE128 and SHAKE256

ML-DSA

sigVer

FIPS204

SHAKE128 and SHAKE256

SLH-DSA keyGen FIPS205 SHAKE256 for the SHAKE parameter sets, e.g., SLH-DSA-SHAKE-128s. SHA2-256 for SLH-DSA-SHA2-128s and SLH-DSA-SHA2-128f. SHA2-256 and SHA2-512 for SLH-DSA-SHA2-192s, SLH-DSA-SHA2-192f, SLH-DSA-SHA2-256s, and SLH-DSA-SHA2-256f.
SLH-DSA sigGen FIPS205 SHAKE256 for the SHAKE parameter sets, e.g., SLH-DSA-SHAKE-128s. SHA2-256 and HMAC-SHA-256 for SLH-DSA-SHA2-128s and SLH-DSA-SHA2-128f. SHA2-256, SHA2-512 and HMAC-SHA-512 for SLH-DSA-SHA2-192s, SLH-DSA-SHA2-192f, SLH-DSA-SHA2-256s, and SLH-DSA-SHA2-256f.
SLH-DSA sigVer FIPS205 SHAKE256 for the SHAKE parameter sets, e.g., SLH-DSA-SHAKE-128s. SHA2-256 for SLH-DSA-SHA2-128s and SLH-DSA-SHA2-128f. SHA2-256 and SHA2-512 for SLH-DSA-SHA2-192s, SLH-DSA-SHA2-192f, SLH-DSA-SHA2-256s, and SLH-DSA-SHA2-256f.

Deterministic Random Bit Generators (DRBGs)

Algorithm

Mode

Revision

Prerequisites

ConditioningComponent

AES-CBC-MAC

SP800-90B

Any AES mode using the forward cipher function

ConditioningComponent

BlockCipher_DF

SP800-90B

Any AES mode using the forward cipher function

ConditioningComponent

Hash_DF

SP800-90B

All hash functions used.

ctrDRBG

 

1.0

Any AES mode using the forward cipher function

hashDRBG

 

1.0

All hash functions used.

hmacDRBG

 

1.0

All HMAC used.

Key Derivation Functions (KDFs)

Algorithm

Mode

Revision

Prerequisites

KDF (SP 800-108)

   

All MACs used for the PRF.

KDF

KMAC

Sp800-108r1

All KMAC functions used.

kdf-components

ansix9.42

1.0

All hash functions used.

kdf-components

ansix9.63

1.0

All hash functions used.

kdf-components

ikev1

1.0

All HMACs used.

kdf-components

ikev2

1.0

All HMACs used.

kdf-components

snmp

1.0

SHA-1

kdf-components

srtp

1.0

Any forward AES cipher.

kdf-components

ssh

1.0

All hash functions used.

kdf-components

tls

1.0

HMAC-SHA-1 for TLS 1.0/1.1; one or more of HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512 for TLS 1.2

kdf-components

tpm

1.0

HMAC SHA-1

PBKDF

 

1.0

All HMACs used.

TLS-v1.2

KDF

RFC7627

All HMACs used.

TLS-v1.3

KDF

RFC8446

All HMACs used.

Extendable Output Functions (XOFs)

Algorithm

Mode

Revision

Prerequisites

​SHAKE-128

 

1.0

 

​SHAKE-256

 

1.0

 

cSHAKE-128

 

1.0

SHAKE-128

cSHAKE-256

 

1.0

SHAKE-256

KMAC-128

 

1.0

cSHAKE-128

KMAC-256

 

1.0

cSHAKE-256

ParallelHash-128

 

1.0

cSHAKE-128

ParallelHash-256

 

1.0

cSHAKE-256

TupleHash-128

 

1.0

cSHAKE-128

TupleHash-256

 

1.0

cSHAKE-256

Key Agreement Schemes

Algorithm

Mode

Revision

Prerequisites

KAS-ECC

CDH-Component

1.0

 

KAS-ECC

CDH-Component

Sp800-56Ar3

 

KAS-ECC

 

1.0

All MACs used in Key Confirmation; all hash functions used in the KDFs.

KAS-ECC

 

Sp800-56Ar3

All MACs used in Key Confirmation; all hash functions and MACs used in the KDFs.

KAS-ECC-SSC

 

Sp800-56Ar3

 

KAS-FFC

Component

1.0

 

​KAS-FFC

 

1.0

All MACs used in Key Confirmation; all hash functions used in the KDFs.

KAS-FFC

 

Sp800-56Ar3

All MACs used in Key Confirmation; all hash functions and MACs used in the KDFs.

KAS-FFC-SSC

 

Sp800-56Ar3

 

KAS-IFC

 

Sp800-56Br2

All MACs used in Key Confirmation; all hash functions and MACs used in the KDFs.

KAS-IFC-SSC

 

Sp800-56Br2

 

KAS-KC

 

Sp800-56

All MACs used.

KDA

HKDF

Sp800-56Cr1

All HMACs used.

KDA

HKDF

Sp800-56Cr2

All HMACs used.

KDA

OneStep

Sp800-56Cr1

All hash functions and MACs used.

KDA

OneStep

Sp800-56Cr2

All hash functions and MACs used.

KDA

OneStepNoCounter

Sp800-56Cr2

All hash functions and MACs used

KDA

TwoStep

Sp800-56Cr1

All MACs used.

KDA

TwoStep

Sp800-56Cr2

All MACs used.

KTS-IFC

 

Sp800-56Br2

Hash functions used by the RSA-OAEP mask-generation function; any MACs used in Key Confirmation.

safePrimes

keyGen

1.0

 

safePrimes

keyVer

1.0

 

Key Encapsulation Mechanisms (KEMs)

Algorithm

Mode

Revision

Prerequisites

ML-KEM

keyGen

FIPS203

SHA3-256, SHA3-512, SHAKE128, and SHAKE256

ML-KEM

encapDecap

FIPS203

SHA3-256, SHA3-512, SHAKE128, and SHAKE256 if using encapsulation, SHA3-512, SHAKE128, and SHAKE256 if using decapsulation.

Created October 05, 2016, Updated July 03, 2024