Cryptographic Algorithm Validation Program (CAVP)

The Computer Security Division at NIST maintains a number of cryptographic standards, and coordinates algorithm validation test suites for many of those standards. The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing for FIPS approved and NIST recommended cryptographic algorithms. Cryptographic algorithm validation is a prerequisite to the Cryptographic Module Validation Program (CMVP). The CAVP was established by NIST and the Communications Security Establishment Canada (CSEC) in July 1995. All of the tests under the CAVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing (CMT) laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). Vendors interested in validation testing of their algorithm implementation may select any of the accredited laboratories. The CAVP currently has algorithm validation testing for the following cryptographic algorithms:

Symmetric Algorithm

• FIPS 197:Advanced Encryption Standard (AES). FIPS 197 specifies the AES algorithm.
• FIPS 46-3 and FIPS 81: Data Encryption Standard (DES) and DES Modes of Operation. FIPS 46-3 specifies the DES and Triple DES algorithms.
• FIPS 185: Escrowed Encryption Standard (EES), which specifies the Skipjack algorithm.

Asymmetric Algorithms

• FIPS 186-2 with Change Notice 1 (October 5, 2001): Digital Signature Standard (DSS), which specifies the DSA, RSA, and ECDSA algorithms.

Hash Algorithms

• FIPS 180-2 with Change Notice 1 (February 25, 2004): Secure Hash Standard (SHS), specifying SHA-1, SHA 224, SHA 256, SHA 384 and SHA 512 algorithms.

Random Number Generator Algorithms

• FIPS 186-2 with Change Notice 1 (October 5, 2001) (Appendix 3.1 and 3.2): Specifies the Random Number Generation for the DSA algorithm.
• ANSI X9.31 (Appendix A.2.4) - Using 2-Key Triple DES: Specifies the Random Number Generation for the RSA algorithm.
• NIST Recommended Random Number Generator based on ANSI X9.31 Appendix A.2.4 using the 3-Key Triple DES and AES Algorithms: Specifies the random Number Generation for the RSA algorithm.
• ANSI X9.62 (Appendix A.4): Specifies the RNG for the ECDSA algorithm.

Deterministic Random Bit Generator (DRBG) Algorithms

• SP 800-90 Recommendation for Random Number Generation Using Deterministic Random Bit Generators
  (Revised_March2007): Specifies four algorithms for Random Number Generation using Deterministic Random Bit Generators.

Message Authentication Algorithms

• Special Publication 800-38B (May 2005): Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. CMAC can be considered a mode of operation of the block cipher because it is based on an approved symmetric key block cipher, such as the Advanced Encryption Standard (AES) algorithm currently specified in Federal Information Processing Standard (FIPS) Pub. 197. CMAC is also an approved mode of the Triple Data Encryption Algorithm (TDEA).
• Special Publication 800-38C (May 2004): Counter with Cipher Block Chaining - Message Authentication Code (CCM). CCM is based on an approved symmetric key block cipher algorithm whose block size is 128 bits, such as the Advanced Encryption Standard (AES) algorithm currently specified in Federal Information Processing Standard (FIPS) Pub. 197 [2]; thus, CCM cannot be used with the Triple Data Encryption Algorithm [3], whose block size is 64 bits. Currently the only NIST-Approved 128 bit symmetric key algorithm is AES.
• FIPS 198 (March 6, 2002): Keyed-Hash Message Authentication Code (HMAC). FIPS 198 specifies the HMAC algorithm.

Two other cryptographic standards (MAC; ANSI X9.17 Key Management) no longer have active validation testing. FIPS 113 remains in effect. Cryptographic module (FIPS 140-1 and FIPS 140-2) validation testing by the CMT laboratories may include testing for conformance to FIPS 113, as appropriate:

• FIPS 113: Computer Data Authentication, which specifies the generation of a Message Authentication Code (MAC), from ANSI X9.9, and
• FIPS 171: Key Management Using ANSI X9.17 (withdrawn February 08, 2005).