The Automated Cryptographic Validation Protocol (ACVP) is a protocol currently under development to support a new National Voluntary Laboratory Accreditation Program (NVLAP) testing scope at the National Institute of Standards and Technology (NIST).
All current information about ACVP may be found within this Github project. View the documents at https://usnistgov.github.io/ACVP/.
- Background
- Objective
- Project Goals
- Status
- Supported Algorithms
- Accessing the demo server
- Contribution guidelines
- Related projects
- Licensing terms
The rapid development of cryptographic technology over the last two decades and its adoption in many different technology domains has resulted in a sharp increase in the number and complexity of approved algorithms. The volume of cryptographic algorithm validations has outstripped the available human resources available to test, report, and validate results. The plethora of different algorithms has created a dire need for consistent requesting and reporting of test data and results. We also live in times of unprecedented levels of threats and exploits that require frequent product updates to fix defects and remove security vulnerabilities, which in turn requires much faster turnaround of validation updates than what the existing validation model allows. See the NIST Automated Cryptographic Validation Testing project for broader context and information.
Requirements documents for the existing Cryptrographic Algorithm Validation Program (CAVP) and the 17CAV scope can be found at https://www.nist.gov/national-voluntary-laboratory-accreditation-program-nvlap/requirements-documents-5. The requirements documents for the ACVP scope will likely be found on the same page once they have been finalized and published.
General information about CAVP can be found at https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program with the CAVP management manual found at https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/CAVPMM.pdf and the FAQ at https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/CAVPFAQ.pdf.
The objective of this project is to define a protocol allowing independent implementation by all vendors participating in the NIST cryptographic validation programs (CAVP and CMVP) for accelerated test data generation and requisition, reporting of test results, and validation of NIST-approved cryptographic algorithms (see FIPS 140-2 Annex A, Annex C and Annex D).
The development of an Automated Cryptographic Validation Protocol (ACVP) that enables the generation and validation of standardized algorithm test evidence to facilitate the modernization of CAVP and CMVP.
The new automated testing scope is available starting on April 8, 2019. This testing scope will eventually replace the existing Cryptographic Algorithm Validation Testing (17CAV) scope. To allow for a smooth transition both scopes will be available for no less than six months, but the legacy 17CAV scope will be retired after no more than one year and may be retired earlier depending on the speed of the transition and scope of testing improvements ACVP implements relative to the legacy 17CAV scope .
The demo server (demo.acvts.nist.gov) supports ACVP version 1.0. All endpoints defined in the protocol specification are available.
The demo server allows validation of the following algorithms (a superset of the algorithms available through the CAVS tool). NOT ALL OF THE ALGORITHMS AVAILABLE ON THE DEMO SERVER ARE NIST-APPROVED ALGORITHMS. The prod server supports a subset of the listed algorithms.
- AES-CBC - HTML
- AES-CFB1 - HTML
- AES-CFB8 - HTML
- AES-CFB128 - HTML
- AES-CTR - HTML
- AES-ECB - HTML
- AES-GCM - HTML
- AES-GCM-SIV - HTML - DEMO only
- AES-KW - HTML
- AES-KWP - HTML
- AES-OFB - HTML
- AES-XPN - HTML
- AES-XTS - HTML
- AES-FF1 - HTML
- AES-FF3-1 - HTML - DEMO only
- TDES-CBC - HTML
- TDES-CBCI - HTML
- TDES-CFBP1 - HTML
- TDES-CFBP8 - HTML
- TDES-CFBP64 - HTML
- TDES-CTR - HTML
- TDES-ECB - HTML
- TDES-KW - HTML
- TDES-OFB - HTML
- TDES-OFBI - HTML
- SHA-1 - HTML
- SHA-224 - HTML
- SHA-256 - HTML
- SHA-384 - HTML
- SHA-512 - HTML
- SHA-512/224 - HTML
- SHA-512/256 - HTML
- SHA3-224 - HTML
- SHA3-256 - HTML
- SHA3-384 - HTML
- SHA3-512 - HTML
- SHAKE-128 - HTML
- SHAKE-256 - HTML
- cSHAKE-128 - HTML
- cSHAKE-256 - HTML
- KMAC-128 - HTML
- KMAC-256 - HTML
- ParallelHash-128 - HTML
- ParallelHash-256 - HTML
- TupleHash-128 - HTML
- TupleHash-256 - HTML
- AES-GMAC - HTML
- AES-CCM - HTML
- CMAC-AES - HTML
- CMAC-TDES - HTML
- HMAC-SHA-1 - HTML
- HMAC-SHA2-224 - HTML
- HMAC-SHA2-256 - HTML
- HMAC-SHA2-384 - HTML
- HMAC-SHA2-512 - HTML
- HMAC-SHA2-512/224 - HTML
- HMAC-SHA2-512/256 - HTML
- HMAC-SHA3-224 - HTML
- HMAC-SHA3-256 - HTML
- HMAC-SHA3-384 - HTML
- HMAC-SHA3-512 - HTML
- ctrDRBG-AES-128 - HTML
- ctrDRBG-AES-192 - HTML
- ctrDRBG-AES-256 - HTML
- ctrDRBG-TDES - HTML
- HASH DRBG - HTML
- HMAC DRBG - HTML
- RSA mode: keyGen - HTML
- RSA mode: sigGen - HTML
- RSA mode: sigVer - HTML
- RSA mode: signatureComponent - HTML
- RSA mode: decryptionComponent - HTML
- RSA mode: legacySigVer - HTML
- ECDSA mode: sigGenComponent - HTML
- ECDSA mode: keyGen - HTML
- ECDSA mode: keyVer - HTML
- ECDSA mode: sigGen - HTML
- ECDSA mode: sigVer - HTML
- DSA mode: keyGen - HTML
- DSA mode: sigVer - HTML
- DSA mode: sigGen - HTML
- DSA mode: pqgGen - HTML
- DSA mode: pqgVer - HTML
- EDDSA mode: keyGen - HTML - DEMO only
- EDDSA mode: keyVer - HTML - DEMO only
- EDDSA mode: sigGen - HTML - DEMO only
- EDDSA mode: sigVer - HTML - DEMO only
- KAS ECC ephemeralUnified - HTML
- KAS ECC fullMqv - HTML
- KAS ECC fullUnified - HTML
- KAS ECC onePassDh - HTML
- KAS ECC onePassMqv - HTML
- KAS ECC OnePassUnified - HTML
- KAS ECC staticUnified - HTML
- KAS ECC CDH-Component - HTML
- KAS FFC dhHybrid1 - HTML
- KAS FFC mqv2 - HTML
- KAS FFC dhEphem - HTML
- KAS FFC dhHybridOneFlow - HTML
- KAS FFC mqv1 - HTML
- KAS FFC dhOneFlow - HTML
- KAS FFC dhStatic - HTML
- KAS ECC ephemeralUnified Sp800-56Ar3 - HTML - DEMO only
- KAS ECC fullMqv Sp800-56Ar3 - HTML - DEMO only
- KAS ECC fullUnified Sp800-56Ar3 - HTML - DEMO only
- KAS ECC onePassDh Sp800-56Ar3 - HTML - DEMO only
- KAS ECC onePassMqv Sp800-56Ar3 - HTML - DEMO only
- KAS ECC OnePassUnified Sp800-56Ar3 - HTML - DEMO only
- KAS ECC staticUnified Sp800-56Ar3 - HTML - DEMO only
- KAS FFC dhHybrid1 Sp800-56Ar3 - HTML - DEMO only
- KAS FFC mqv2 Sp800-56Ar3 - HTML - DEMO only
- KAS FFC dhEphem Sp800-56Ar3 - HTML - DEMO only
- KAS FFC dhHybridOneFlow Sp800-56Ar3 - HTML - DEMO only
- KAS FFC mqv1 Sp800-56Ar3 - HTML - DEMO only
- KAS FFC dhOneFlow Sp800-56Ar3 - HTML - DEMO only
- KAS FFC dhStatic Sp800-56Ar3 - HTML - DEMO only
- KAS IFC KAS1-basic - HTML - DEMO only
- KAS IFC KAS1-Party_V-confirmation - HTML - DEMO only
- KAS IFC KAS2-basic - HTML - DEMO only
- KAS IFC KAS2-bilateral-confirmation - HTML - DEMO only
- KAS IFC KAS2-Party_U-confirmation - HTML - DEMO only
- KAS IFC KAS2-Party_V-confirmation - HTML - DEMO only
- KTS IFC KTS-OAEP-basic - HTML - DEMO only
- KTS IFC KTS-OAEP-Party_V-confirmation - HTML - DEMO only
- KAS SSC ECC ephemeralUnified Sp800-56Ar3 - HTML - DEMO only
- KAS SSC ECC fullMqv Sp800-56Ar3 - HTML - DEMO only
- KAS SSC ECC fullUnified Sp800-56Ar3 - HTML - DEMO only
- KAS SSC ECC onePassDh Sp800-56Ar3 - HTML - DEMO only
- KAS SSC ECC onePassMqv Sp800-56Ar3 - HTML - DEMO only
- KAS SSC ECC OnePassUnified Sp800-56Ar3 - HTML - DEMO only
- KAS SSC ECC staticUnified Sp800-56Ar3 - HTML - DEMO only
- KAS SSC FFC dhHybrid1 Sp800-56Ar3 - HTML - DEMO only
- KAS SSC FFC mqv2 Sp800-56Ar3 - HTML - DEMO only
- KAS SSC FFC dhEphem Sp800-56Ar3 - HTML - DEMO only
- KAS SSC FFC dhHybridOneFlow Sp800-56Ar3 - HTML - DEMO only
- KAS SSC FFC mqv1 Sp800-56Ar3 - HTML - DEMO only
- KAS SSC FFC dhOneFlow Sp800-56Ar3 - HTML - DEMO only
- KAS SSC FFC dhStatic Sp800-56Ar3 - HTML - DEMO only
- Counter KDF - HTML
- Feedback KDF - HTML
- Double Pipeline Iterator KDF - HTML
- IKEv1 - HTML
- IKEv2 - HTML
- SNMP - HTML
- SRTP - HTML
- SSH - HTML
- TLS - HTML
- TPM - HTML
- ANSX9.63 - HTML
- ANSX9.42 - HTML
- PBKDF - HTML
- SafePrimes KeyGen - HTML - DEMO only
- SafePrimes KeyVer - HTML - DEMO only
The prod server supports all of the above except for the EdDSA variants, AES-FF3-1, KAS/KTS-IFC, and AES-GCM-SIV. Some of these algorithms have NIST SP800 series drafts in progress and will be available on the prod server when the draft becomes a standard.
Please check the protocol specification for details on how to access the available resources.
To access the demo server one needs a TLS credential and a one-time password (OTP). The protocol specification and other development information are available in this repository. You may want to use the companion ACVP client to jump-start your work.
To set expectations, since this is a demo system, it will be in a state of flux and any all data on the system is considered temporary and may be reset to accommodate development of the Automated Cryptographic Validation Protocol (ACVP) service. We will try to keep the demo service relatively stable, but we plan to update it as we continue to add new algorithms and capabilities.
To access the demo environment you will need to send your CSR to us. Please use a 2048-bit RSA key pair and sign using at least a SHA-256 hash. Please send a request to acvts-demo@nist.gov with 'CSR REQUEST FOR ACCESS TO DEMO' in the subject line. You will receive instructions for how to upload your CSR.
You are expected to protect the key pair from unauthorized use and to notify NIST in the event the keypair becomes compromised. Also, since we do not have a formal login page the following notice applies when accessing the ACVP system:
“***WARNING***WARNING***WARNING
You are accessing a U.S. Government information system, which includes: 1) this computer,
2) this computer network, 3) all computers connected to this network, and 4) all devices
and storage media attached to this network or to a computer on this network. You understand
and consent to the following: you may access this information system for authorized use
only; you have no reasonable expectation of privacy regarding any communication of data
transiting or stored on this information system; at any time and for any lawful Government
purpose, the Government may monitor, intercept, and search and seize any communication or
data transiting or stored on this information system; and any communications or data
transiting or stored on this information system may be disclosed or used for any lawful
Government purpose.
***WARNING***WARNING***WARNING”
Please be aware that starting in the week of March 12th, 2018, the second-factor authentication based on OTP and associated workflows have been turned-on - see details here.
If you want to contribute, please follow the simple rules below and send us pull requests.
- Updates to specs, JSON, etc should take place within the
./src/*.xmlfiles. - Feel free to run
WindowsGenerateAllArtifacts.bat(Windows) orMakefile(non-Windows) to ensure valid HTML and TXT files can be generated from the changes. - Create a Pull Request with the updated XML files. TravisCI will verify the XML can compile with
xml2rfcand upload the artifacts to thegh-pagesbranch to be reflected on https://usnistgov.github.io/ACVP/
If you would like to talk to our developers, you may want to send email to our mailing list algotest@list.nist.gov. You may also report bugs or request new tests.
- Automated Cryptographic Validation Testing
- Cisco libacvp
- Google Project Wycheproof
- HACL*, a formally verified cryptographic library written in F*
- Automated Module Validation Protocol
- ACVP Proxy
- ACVP Parser
This data was developed by employees of the National Institute of Standards and Technology (NIST), an agency of the Federal Government, in collaboration with third-party contributers. Pursuant to title 17 United States Code Section 105, works of NIST employees are not subject to copyright protection in the United States and are considered to be in the public domain. The data is provided by NIST as a public service and is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST does not warrant or make any representations regarding the use of the data or the results thereof, including but not limited to the correctness, accuracy, reliability or usefulness of the data. NIST SHALL NOT BE LIABLE AND YOU HEREBY RELEASE NIST FROM LIABILITY FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, OR INCIDENTAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, AND THE LIKE), WHETHER ARISING IN TORT, CONTRACT, OR OTHERWISE, ARISING FROM OR RELATING TO THE DATA (OR THE USE OF OR INABILITY TO USE THIS DATA), EVEN IF NIST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
To the extent that NIST may hold copyright in countries other than the United States, you are hereby granted the non-exclusive irrevocable and unconditional right to print, publish, prepare derivative works and distribute the NIST data, in any medium, or authorize others to do so on your behalf, on a royalty-free basis throughout the world.
You may improve, modify, and create derivative works of the data or any portion of the data, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the data and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the data: Data citation recommendations are provided below. Permission to use this data is contingent upon your acceptance of the terms of this agreement and upon your providing appropriate acknowledgments of NIST's creation of the data.
-
Citation format:
- Author/editor (Publication Year), Title, Publisher, Persistent Identifier (PID) or URL (Access date).