• Stars
    star
    163
  • Rank 231,141 (Top 5 %)
  • Language
    HTML
  • Created over 8 years ago
  • Updated about 1 month ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Industry Working Group on Automated Cryptographic Algorithm Validation

ACVP

The Automated Cryptographic Validation Protocol (ACVP) is a protocol to support a new National Voluntary Laboratory Accreditation Program (NVLAP) testing scope at the National Institute of Standards and Technology (NIST).

The new testing scope, 17ACVT, is available, and defined in NIST Handbook 150-17.

All current information about ACVP protocol may be found within this Github project at https://github.com/usnistgov/ACVP. View the protocol documents at https://pages.nist.gov/ACVP/.

For issues regarding the actual ACVP Server implementation, as well as pre-release (demo) and release notes (prod), see the ACVP-Server repository: https://github.com/usnistgov/ACVP-Server/.

Jump to

Background

The rapid development of cryptographic technology over the last two decades and its adoption in many different technology domains has resulted in a sharp increase in the number and complexity of approved algorithms. The volume of cryptographic algorithm validations has outstripped the available human resources available to test, report, and validate results. The plethora of different algorithms has created a dire need for consistent requesting and reporting of test data and results. We also live in times of unprecedented levels of threats and exploits that require frequent product updates to fix defects and remove security vulnerabilities, which in turn requires much faster turnaround of validation updates than what the existing validation model allows. See the NIST Automated Cryptographic Validation Testing project for broader context and information.

Requirements documents for the existing Cryptographic Algorithm Validation Program (CAVP) and the 17CAV scope can be found at https://nvlpubs.nist.gov/nistpubs/hb/2020/NIST.HB.150-2020.pdf. The requirements documents for the 17ACVT scope can be found on the same page.

General information about CAVP can be found at https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program with the CAVP management manual found at https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/CAVPMM.pdf and the FAQ at https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/CAVPFAQ.pdf.

How to use Metanorma

Using Metanorma is not required to view the documents in the GitHub repository. When changes occur, documents will automatically be built and deployed to https://pages.nist.gov/ACVP.

Metanorma is a library for writing standards. It can compile .adoc files into multiple common standards formats including the IETF's RFC format.

Use the instructions here to set up Metanorma: https://www.metanorma.org/install/

To compile an individual file, to make sure your gem versions are up to date run

gem install metanorma-cli

From there run

metanorma compile -t ietf -x html file.adoc

You can switch between -x html and -x txt for different RFC output formats.

If you make changes to a file that's referenced by a top level spec, run metanorma on the referenced file prior to running it on the top level file. E.g.,

metanorma compile -t ietf -x html symmetric/sections/04-testtypes.adoc
metanorma compile -t ietf -x html draft-celi-acvp-symmetric.adoc

Or you can use the Makefile which is available.

To build all documents, html and txt

make all

To build a specific file

make specific-file.html

To remove all xml, txt, html, err produces files,

make clean

Objective

The objective of this project is to define a protocol allowing independent implementation by all vendors participating in the NIST cryptographic validation programs (CAVP and CMVP) for accelerated test data generation and requisition, reporting of test results, and validation of NIST-approved cryptographic algorithms (see FIPS140-2 Annex A, Annex C and Annex D). For FIPS140-3, the NIST-approved cryptographic algorithms are defined in the SP800-140 Document Series.

Project Goals

The development of an Automated Cryptographic Validation Protocol (ACVP) that enables the generation and validation of standardized algorithm test evidence to facilitate the modernization of CAVP and CMVP.

Status

The demo server (demo.acvts.nist.gov) supports ACVP version 1.0. All endpoints defined in the protocol specification are available. Some additional endpoinds defined in https://github.com/usnistgov/ACVP-Server are also available but not considered part of this protocol.

The prod server (acvts.nist.gov) also supports ACVP version 1.0, with the same endpoints defined.

Supported Algorithms

Block Cipher Modes

Secure Hash

XOFs

Message Authentication

DRBG

Digital Signature

SP 800-56 Series Algorithms

Full KAS and KTS IFC Testing

Tests against shared secret computation (SSC), key derivation functions (KDF) or key derivation algorithms (KDA), and optionally key confirmation (KC). Test vectors issued under this set of tests (with the exception of 1.0 component based tests) are considered "full KAS" testing.

KAS SSC Testing

Standalone KAS SSC testing from SP800-56A/B. Can be used in conjunction with KDF/KDA testing and optionally key confirmation testing (as opposed to "full KAS" testing) to be considered a valid KAS implementation.

KDA Testing SP800-56Cr1/r2

Standalone KDA testing from SP800-56Cr1 or SP800-56Cr2. Can be used in conjunction with SSC testing and optionally key confirmation testing (as opposed to "full KAS" testing) to be considered a valid KAS implementation.

KAS KC Testing SP800-56

Standalone KAS Key Confirmation testing from SP800-56Ar3 and/or SP800-56Br2. Can be as a KC primitive validation as a part of a KAS validation.

KDFs

Safe Primes

Conditioning Components

Stateful Hash-Based Signatures

The prod server supports all of the above except for AES-FF3-1, and AES-GCM-SIV. Some of these algorithms have NIST SP800 series drafts in progress and will be available on the prod server when the draft becomes a standard.

Accessing the Server

To access the demo server one needs a TLS credential and a one-time password (OTP). The protocol specification and other development information are available in this repository. You may want to use the companion ACVP client to jump-start your work.

To set expectations, since this is a demo system, it will be in a state of flux and any all data on the system is considered temporary and may be reset to accommodate development of the Automated Cryptographic Validation Protocol (ACVP) service. We will try to keep the demo service relatively stable, but we plan to update it as we continue to add new algorithms and capabilities.

To access the prod server, first you must demonstrate compentency on the demo server. Then follow the instructions available at https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/how-to-access-acvts.

Obtaining TLS credentials

To access the demo environment you will need to send your CSR to us. Please use a 2048-bit RSA key pair and sign using at least a SHA-256 hash. Please send a request to [email protected] with 'CSR REQUEST FOR ACCESS TO DEMO' in the subject line. You will receive instructions for how to upload your CSR.

You are expected to protect the key pair from unauthorized use and to notify NIST in the event the keypair becomes compromised. Also, since we do not have a formal login page the following notice applies when accessing the ACVP system:

"***WARNING***WARNING***WARNING
You are accessing a U.S. Government information system, which includes: 1) this computer, 2) this computer network, 3) all computers connected to this network, and 4) all devices and storage media attached to this network or to a computer on this network. You understand and consent to the following: you may access this information system for authorized use only; you have no reasonable expectation of privacy regarding any communication of data transiting or stored on this information system; at any time and for any lawful Government purpose, the Government may monitor, intercept, and search and seize any communication or data transiting or stored on this information system; and any communications or data transiting or stored on this information system may be disclosed or used for any lawful Government purpose.
***WARNING***WARNING***WARNING"

Configuring and using One-Time-Passwords (OTP)

TOTP has been configured on all servers. See details here.

Contribution Guidelines

If you want to contribute, please follow the simple rules below and send us pull requests.

  • See Metanorma for installation instructions
  • Documents are templated out and organized into folders, find and edit the appropriate document and build the HTML or TXT file to ensure the changes are correct
  • Create a Pull Request with the updated ADOC files. GitHub Actions will verify the files can compile.
  • Once approved by a NIST member, GitHub Actions will rebuild the nist-pages branch to be reflected on https://pages.nist.gov/ACVP

If you would like to talk to our developers, you may want to send email to our mailing list [email protected]. You may also report bugs or request new tests.

Related Projects

Licensing Terms

This data was developed by employees of the National Institute of Standards and Technology (NIST), an agency of the Federal Government, in collaboration with third-party contributors. Pursuant to title 17 United States Code Section 105, works of NIST employees are not subject to copyright protection in the United States and are considered to be in the public domain. The data is provided by NIST as a public service and is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST does not warrant or make any representations regarding the use of the data or the results thereof, including but not limited to the correctness, accuracy, reliability or usefulness of the data. NIST SHALL NOT BE LIABLE AND YOU HEREBY RELEASE NIST FROM LIABILITY FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, OR INCIDENTAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, AND THE LIKE), WHETHER ARISING IN TORT, CONTRACT, OR OTHERWISE, ARISING FROM OR RELATING TO THE DATA (OR THE USE OF OR INABILITY TO USE THIS DATA), EVEN IF NIST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

To the extent that NIST may hold copyright in countries other than the United States, you are hereby granted the non-exclusive irrevocable and unconditional right to print, publish, prepare derivative works and distribute the NIST data, in any medium, or authorize others to do so on your behalf, on a royalty-free basis throughout the world.

You may improve, modify, and create derivative works of the data or any portion of the data, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the data and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the data: Data citation recommendations are provided below. Permission to use this data is contingent upon your acceptance of the terms of this agreement and upon your providing appropriate acknowledgments of NIST's creation of the data.

Citation Format

Author/editor (Publication Year), Title, Publisher, Persistent Identifier (PID) or URL (Access date).

More Repositories

1

macos_security

macOS Security Compliance Project
YAML
1,748
star
2

800-63-3

Home to public development of NIST Special Publication 800-63-3: Digital Authentication Guidelines
CSS
702
star
3

OSCAL

Open Security Controls Assessment Language (OSCAL)
XSLT
572
star
4

fipy

FiPy is a Finite Volume PDE solver written in Python
Python
430
star
5

jarvis

JARVIS-Tools: an open-source software package for data-driven atomistic materials design. Publications: https://scholar.google.com/citations?user=3w6ej94AAAAJ
Python
289
star
6

jsip

JSIP: Java SIP specification Reference Implementation (moved from java.net)
Java
287
star
7

frvt

Repository for the Face Recognition Vendor Test (FRVT)
C++
261
star
8

trec_eval

Evaluation software used in the Text Retrieval Conference
C
224
star
9

dioptra

Test Software for the Characterization of AI Technologies
Python
220
star
10

oscal-content

NIST SP 800-53 content and other OSCAL content examples
Shell
218
star
11

alignn

Atomistic Line Graph Neural Network https://scholar.google.com/citations?user=9Q-tNnwAAAAJ&hl=en
Python
218
star
12

SCTK

C
208
star
13

SP800-90B_EntropyAssessment

The SP800-90B_EntropyAssessment C++package implements the min-entropy assessment methods included in Special Publication 800-90B.
C++
200
star
14

PrivacyEngCollabSpace

Privacy Engineering Collaboration Space
Python
186
star
15

REFPROP-wrappers

Wrappers around NIST REFPROP for languages such as Python, MATLAB, etc.
Mathematica
160
star
16

mobile-threat-catalogue

NIST/NCCoE Mobile Threat Catalogue
HTML
141
star
17

trojai-literature

131
star
18

NFIQ2

Optical live-scan and ink fingerprint image quality assessment tool
C++
130
star
19

MIST

Microscopy Image Stitching Tool
Java
130
star
20

applesec

Draft SP 800-179r1 macOS 10.12 Security project files: draft publication, security settings spreadsheet and Bash script implementation of settings.
Shell
116
star
21

ndn-dpdk

NDN-DPDK: High-Speed Named Data Networking Forwarder
Go
114
star
22

ARIAC

Repository for ARIAC (Agile Robotics for Industrial Automation Competition), consisting of kit building and assembly in a simulated warehouse
C++
110
star
23

SFA

The NIST STEP File Analyzer and Viewer (SFA) generates a spreadsheet and a visualization from an ISO 10303 Part 21 STEP file.
Tcl
109
star
24

NEMO

NEMO is a laboratory logistics web application. Use it to schedule reservations, control tool access, track maintenance issues, and more.
Python
98
star
25

jsfive

A pure javascript HDF5 reader
JavaScript
97
star
26

h5wasm

A WebAssembly HDF5 reader/writer library
C++
84
star
27

pyMCR

pyMCR: Multivariate Curve Resolution for Python
Python
80
star
28

policy-machine-core

Core components of the Policy Machine, a NGAC reference implementation.
Java
76
star
29

psc-ns3

Public Safety Communication modeling tools based on ns-3
C++
68
star
30

chemnlp

ChemNLP: A Natural Language Processing based Library for Materials Chemistry Text Data
Python
65
star
31

Metrology

Metrology for software; software for metrology
JavaScript
65
star
32

STP2X3D

Translator from STEP format to X3D format
C++
62
star
33

combinatorial-testing-tools

Tools for combinatorial testing developed by the NIST ACTS project
Java
61
star
34

jarvis_leaderboard

Explore State-of-the-Art Materials Design Methods: https://www.nature.com/articles/s41524-024-01259-w
Jupyter Notebook
55
star
35

COSMOSAC

A Benchmark Implementation of COSMO-SAC
HTML
52
star
36

ACVP-Server

A repository tracking releases of NIST's ACVP server. See www.github.com/usnistgov/ACVP for the protocol.
C#
52
star
37

pfhub

The CHiMaD Phase Field Community Website
HTML
49
star
38

REFPROP-cmake

Small repo with CMake build system for building REFPROP shared library
CMake
48
star
39

teqp

A highly efficient, flexible, and accurate implementation of thermodynamic EOS powered by automatic differentiation
C++
48
star
40

Lightweight-Cryptography-Benchmarking

C
48
star
41

SimulatedRadarWaveformGenerator

A software tool that generates simulated radar signals and creates RF datasets for developing and testing machine/deep learning detection algorithms.
MATLAB
47
star
42

iheos-toolkit2

XDS Toolkit
Java
46
star
43

OpenSeadragonFiltering

OpenSeadragon filtering plugin
JavaScript
45
star
44

pmml_pymcBN

Jupyter Notebook
42
star
45

ActEV_Scorer

Scoring software for the TRECVID Activities in Extended Video (ActEV) evaluation
Python
41
star
46

HTGS

The Hybrid Task Graph Scheduler API
C++
40
star
47

sctools

Tools for security content automation, baseline tailoring, and overlay development.
HTML
39
star
48

hiperc

High Performance Computing Strategies for Boundary Value Problems
HTML
39
star
49

OpenSeadragonScalebar

OpenSeadragon scalebar plugin
JavaScript
38
star
50

pyPRISM

A framework for conducting polymer reference interaction site model (PRISM) calculations
Python
38
star
51

ocr-pipeline

Convert a corpus of PDF to clean text files on a distributed architecture
Python
38
star
52

800-63-4

HTML
37
star
53

mosaic

A modular single-molecule analysis interface
Python
37
star
54

oscal-cli

A simple open source command line tool to support common operations over OSCAL content.
Java
37
star
55

vulntology

Development of the NIST vulnerability data ontology (Vulntology).
JavaScript
36
star
56

DT4SM

Digital Thread for Smart Manufacturing
C#
34
star
57

OOF3D

Object Oriented for Finite Elements 3D version code.
Python
34
star
58

NetSimulyzer

A flexible 3D visualizer for displaying, debugging, presenting, and understanding ns-3 scenarios.
C++
34
star
59

NetSimulyzer-ns3-module

A flexible 3D visualizer for displaying, debugging, presenting, and understanding ns-3 scenarios.
C++
33
star
60

pyramidio

Image pyramid reader and writer
Java
33
star
61

rcslib

NIST Real-Time Control Systems Library including Posemath, NML communications & Java Plotter
Java
33
star
62

AGA8

Files associated with the AGA8 standard
Rust
33
star
63

hugo-uswds

Implementation of the The United States Web Design System (USWDS) 2.0 using the Hugo open-source static site generator
SCSS
33
star
64

PrivacyFrmwkResources

This repository contains resources to support organizationsโ€™ use of the Privacy Framework. Resources include crosswalks, Profiles, guidelines, and tools. NIST encourages new contributions and feedback on these resources as part of the ongoing collaborative effort to improve implementation of the Privacy Framework.
33
star
65

dataplot

Source code and auxiliary files for dataplot.
Fortran
32
star
66

oscal-tools

Tools for the OSCAL project
XSLT
32
star
67

SDNist

SDNist: Benchmark data and evaluation tools for data synthesizers.
HTML
31
star
68

Voting

The NIST Voting Program repository
31
star
69

metaschema

Documentation for and implementations of the metaschema modeling language
Shell
31
star
70

MDCS

CSS
31
star
71

pySCATMECH

pySCATMECH is a Python interface to SCATMECH: Polarized Light Scattering C++ Class Library
C++
31
star
72

phasefield-precipitate-aging

Phase field model for precipitate aging in ternary analogues to Ni-based superalloys
Cuda
30
star
73

atomvision

Deep learning framework for atomistic image data
Python
29
star
74

OFDM-GAN

Python
29
star
75

feasst

The Free Energy and Advanced Sampling Simulation Toolkit (FEASST) is a free, open-source, modular program to conduct molecular and particle-based simulations with flat-histogram Monte Carlo methods.
C++
29
star
76

liboscal-java

A Java library to support processing OSCAL content
Java
28
star
77

lantern

Interpretable genotype-phenotype landscape modeling
Python
28
star
78

ns3-oran

A module that can be used to model and simulate O-RAN-like behavior in ns-3.
C++
28
star
79

ChebTools

C++ tools for working with Chebyshev expansion interpolants
C++
27
star
80

MediScore

Scoring tools for Media Forensics Evaluations
HTML
27
star
81

hedgehog

C++
27
star
82

REFPROP-issues

A repository solely used for reporting issues with NIST REFPROP
26
star
83

SCATMECH

SCATMECH: Polarized light scattering C++ class library
C++
26
star
84

youbot

Robotic platform for industrial control systems cybersecurity research. We use the research-grade Youbot as the robotics platform for our research. The ROS framework is used for inter-process communication, and Python is the language used for application development.
Python
26
star
85

ThreeBodyTB.jl

Accurate and fast tight-binding calculations, using pre-fit coefficients and three-body terms.
Julia
25
star
86

Circuits

Circuits for functions of interest to cryptography
C++
25
star
87

OOF2

Object Oriented for Finite Elements 2D version.
C++
25
star
88

libbiomeval

Software components for biometric technology evaluations.
C++
25
star
89

F4DE

Framework for Detection Evaluation (F4DE) : set of evaluation tools for detection evaluations and for specific NIST-coordinated evaluations
Perl
24
star
90

optbayesexpt

Optimal Bayesian Experiment Design
Python
24
star
91

blockmatrix

This project is developing code to implement features and extensions to the NIST Cybersecurity Whitepaper, "A Data Structure for Integrity Protection with Erasure Capability". The block matrix data structure may have utility for incorporation into applications requiring integrity protection that currently use permissioned blockchains. This capability could for example be useful in meeting privacy requirements such as the European Union General Data Protection Regulation (GDPR), which requires that organizations make it possible to delete all information related to a particular individual, at that person's request.
Java
24
star
92

texture

Python scripts for analysis of crystallographic texture
Jupyter Notebook
23
star
93

ElectionResultsReporting

Common data format specification for election results reporting data
23
star
94

oscal-deep-diff

Open Security Controls Assessment Language (OSCAL) Deep Differencing Tool
TypeScript
22
star
95

IFA

The NIST IFC File Analyzer (IFA) generates a spreadsheet from an IFC file.
Tcl
22
star
96

MUD-PD

A tool for characterizing the network behavior of IoT Devices. The primary intended use is to assist in the generation of allowlist files formatted according to the Manufacturer Usage Description specification.
Python
21
star
97

trojai-example

Example TrojAI Submission
21
star
98

NIST-Tech-Pubs

XML metadata for NIST Technical Series Publications
HTML
21
star
99

blossom-case-study

A case study for ACSAC 2022 utilizing OSCAL with a custom GitHub action to automate assessments.
HTML
21
star
100

atomgpt

AtomGPT: Atomistic Generative Pretrained Transformer for Forward and Inverse Materials Design
Python
21
star