Releases: usnistgov/ACVP-Server
v1.1.0.37
Demo: 2024-11-5
Prod: 2024-11-16
- KDA HKDF SP800-56Cr1 and KDA HKDF SP800-56Cr2 - Updates testing to provide an error message when a registration is missing the required macSaltMethods property.
- TupleHash-128 and TupleHash-256 - Updates testing to include the hexCustomization property in the prompt
- sample JSON files:
- Removes sample SHA3-224-1.0 JSON files as the SHA3 1.0 testing is deprecated.
- Updates the SLH-DSA keyGen FIPS205, SLH-DSA sigGen FIPS205, and SLH-DSA sigVer FIPS205 sample JSON files to include test cases for all SLH-DSA parameter sets instead of for a representative subset of the parameter sets.
v1.1.0.36
Demo: 2024-10-7
Prod: 2024-10-11
- ECDSA sigGen FIPS186-5 and ECDSA sigVer FIPS186-5 - updates testing to use the correct output lengths when SHAKE128 and SHAKE256 are used.
- ECDSA sigGen 1.0 and ECDSA sigGen FIPS186-5 - improves error handling to provide error messages that are more descriptive.
- ECDSA sigVer 1.0 and ECDSA sigVer FIPS186-5 - removes support for the componentTest registration property.
- EDDSA sigGen FIPS186-5 - fixes an issue where test cases with non-zero length contexts were provided for IUTs that indicated support for "contextLength": [0].
- sample JSON files - corrects an issue where the SHA2-384, SHA2-512, SHA2-512-224, and SHA2-512-256 sample JSON files were computed using the SHA2-256 algorithm.
- KDA HKDF Sp800-56Cr2 and KDA TwoStep Sp800-56Cr2 - updates error messages to use the correct casing when referring to the usesSharedHybridSecret and auxSharedSecretLen registration properties.
- ACVP-AES-CCM - updates testing to allow 96-bit nonce lengths.
- ACVP-AES-XTS 2.0 - Addresses issue where test cases sometimes used an invalid Data Unit Sequence Number or sequenceNumber.
- RSA sigGen FIPS186-5 and RSA sigVer FIPS186-5 - updates testing to reject registrations that include maskFunction or saltLen for pkcs1v1.5.
- RSA sigGen FIPS186-5 - updates testing to no longer include the maskFunction and saltLen properties for the pkcs1v1.5 tests.
v1.1.0.35
Demo: 2024-6-14
Prod: 2024-7-23
- New Algorithms:
- SLH-DSA keyGen FIPS205, SLH-DSA sigGen FIPS205 and SLH-DSA sigVer FIPS205 - adds testing for Stateless Hash-Based Digital Signature Standard algorithms.
- ML-KEM keyGen FIPS 203 - updates testing to include domain separation. Domain separation for key generation did not appear in the FIPS 203 Initial Public Draft, but was added in the final published version of FIPS 203. See FIPS 203 Appendix C.2. (https://csrc.nist.gov/pubs/fips/203/final)
- ML-DSA keyGen FIPS 204 - updates testing to include domain separation. Domain separation for key generation did not appear in the FIPS 204 Initial Public Draft, but was added in the final published version of FIPS 204. See FIPS 204 Appendix D.3. (https://csrc.nist.gov/pubs/fips/204/final)
- ECDSA sigVer FIPS186-5 - addresses issue where test groups using SHAKE were incorrectly identified as being component tests.
- EDDSA sigGen FIPS186-5 - Adds a check to enforce the requirement that at least one of the the "pure" or "preHash" registration properties must be set to "true."
- RSA keyGen FIPS186-5
- addresses an issue where submitting the response resulted in "General exception. Contact service provider."
- updates testing to indicate which hash algorithm is used for probableWithProvableAux
- GenValAppRunner sample application - changes the flag used to specify the "answer" file from "-a" to "-n" as .NET now uses "-a" to specify architecture.
2024-8-13 Prod Update
On 2024-8-13 the following algorithms were enabled on ACVTS Prod:
- SLH-DSA keyGen FIPS205, SLH-DSA sigGen FIPS205 and SLH-DSA sigVer FIPS205
- ML-DSA keyGen FIPS204, ML-DSA sigGen FIPS204 and ML-DSA sigVer FIPS204
- ML-KEM keyGen FIPS203 andML-KEM encapDecap FIPS203
v1.1.0.34
Demo: 2024-4-1
Prod: 2024-6-6
- New Algorithms (Demo only):
- ML-DSA keyGen FIPS204, ML-DSA sigGen FIPS204 and ML-DSA sigVer FIPS204 - testing for Module-Lattice-Based Digital Signature Standard based on the FIPS 204 Initial Public Draft.
- NOTE: The ML-DSA testing was updated on 5/23/24 to incorporate updates to the FIPS 204 draft and to add the messageLength registration property to ML-DSA sigGen FIPS204. For more information, refer to the comments included in the following discussion: #332.
- ML-KEM encapDecap FIPS203 and ML-KEM keyGen FIPS203 - testing for Module-Lattice-Based Key-Encapsulation Mechanism based on the FIPS 203 Initial Public Draft
- ML-DSA keyGen FIPS204, ML-DSA sigGen FIPS204 and ML-DSA sigVer FIPS204 - testing for Module-Lattice-Based Digital Signature Standard based on the FIPS 204 Initial Public Draft.
- AES-GCM-SIV - addresses an issue where, when an IUT reports that a decryption operation which should fail has failed, the server marks the IUT's result as being incorrect. Fix provided by jvdsn at #308.
- ECDSA keyGen FIPS186-5, ECDSA keyVer FIPS186-5, ECDSA sigGen FIPS186-5, ECDSA sigVer FIPS186-5, DetECDSA sigGen FIPS186-5 - adds testing for the B and K curves
- ECDSA sigGen FIPS186-5 and ECDSA sigVer FIPS186-5 - updates testing to use the correct output lengths for SHAKE-128 and SHAKE-256
- EDDSA sigGen 1.0 - Adds support for custom contextLength based on support outlined in sections 7.6 and 7.8 of FIPS 186-5
- RSA keyGen FIPS186-5 - removes support for testing the 15360 modulus. The runtimes involved in testing this modulus are too high.
v1.1.0.33
Demo: 2024-1-31
Prod: 2024-2-9
- EDDSA keyGen 1.0 - Adds check to ensure that user-supplied private key D values conform to FIPS 186-5 requirements
- RSA keyGen FIPS186-5 - updates testing to no longer require auxiliary values for deferred test cases
- RSA sigVer FIPS186-5 - removes SHA1 as a valid hash function
- hashDRBG, hmacDRBG, ctrDRBG - Updates testing to check that entropy input length + nonce length is >= 3/2 security strength in place of requiring the nonce length be >= 1/2 security strength bits.
- ACVP-AES-XTS 2.0 - Addresses an issue where the tweak value was sometimes incremented incorrectly
- GenValAppRunner sample application - Adds a feature whereby the correctness of algorithm capabilities can be verified without starting the the Orleans server.
v1.1.0.32
Demo: 2023-11-21
Prod: 2023-12-14
- Purchase endpoint - The /purchase endpoint is updated to allow a purchaseOrderNumber to be supplied as part of the request. An optional purchase number can be included in the request and will be included on the invoice from NIST for the purchase. See https://github.com/usnistgov/ACVP-Server/wiki/ACVTS-Purchasing-Endpoints#2-purchase for additional information.
- ConditioningComponent AES-CBC-MAC SP800-90B - Adds support for the IUT to be able to supply the key used for testing
- KDA HKDF Sp800-56Cr2
- Fixes an issue where, when a required registration property was omitted from the registration, A) an error was logged to the prompt file instead of B) the registration being rejected and citing the error.
- Adds the saltLens registration property to support IUTs that are constrained by the salt lengths that they support.
- LMS sigVer 1.0 - Addresses an issue related to parsing unusual public keys
- RSA decryptionPrimitive Sp800-56Br2 - Adds support for testing IUTs that require a fixed public exponent
- SHA1, SHA2-, and SHA3- - Corrects an issue where the server computed incorrect results for the "MCT" testType when mctVersion was set to "alternate".
Prod Update: 2024-01-18
- RSA signaturePrimitive 2.0 algorithm enabled on Prod
v1.1.0.31
Demo: 2023-9-21
Prod: 2023-10-6
CLIENT BREAKING CHANGE: SEE THE RSA decryptionPrimitive Sp800-56Br2 and RSA signaturePrimitive 2.0 SECTIONS OF THE RELEASE NOTES BELOW
- RSA decryptionPrimitive Sp800-56Br2 - renames the "modulus" registration property to "modulo" to be consistent with other RSA testing.
- RSA signaturePrimitive 2.0 - renames the "modulus" registration property to "modulo" to be consistent with other RSA testing.
- RSA sigGen FIPS186-5 - Updates the MGF1 mask function to account for the proper output lengths for SHAKE128 and SHAKE256 as defined by FIPS 186-5, i.e., to use 256 and 512 bits (instead of 128 and 256 bits).
- hashDRBG and hmacDRBG - adds SHA3-224, SHA3-256, SHA3-384, and SHA3-512 as newly supported modes.
- RSA keyGen FIPS186-5 - corrects an issue where test cases using the "standard" keyFormat were being marked as "failed" with the error "Internal key is unexpected type".
- RSA keyGen FIPS186-4 and RSA sigVer FIPS186-4 - resolves an issue where the supplied values for e were, in some cases, invalid.
- LMS keyGen 1.0 - Addresses truncation issue with M=24. Note: this issue only presented when generating test vectors using the GenValAppRunner as opposed to obtaining test vectors via ACVTS.
- Corrects issue where the timestamps returned by
GET /testSessions/{testSessionId}
were not in RFC3339 format with no local timezone adjustment, e.g.,2018-06-01T20:10:33Z
.
v1.1.0.30
Demo: 2023-7-13
Prod: 2023-7-26
CLIENT BREAKING CHANGE: SEE THE SHA1, SHA2- and SHA3- SECTIONS OF THE RELEASE NOTES BELOW**
- SHA1 and SHA2-* - The MCT update that was introduced in release v1.1.0.28-hotfix-1 is reworked to account for what is expected of test harnesses. This is a client breaking change. The pseudocode that must be implemented in a test harness has changed. In the new version of the MCT pseudocode the test harness is no longer required to have knowledge of the contents of the algorithm registration. See the updated SHA1/SHA2 MCT pseudocode in the SHA ACVP algorithm specification.
- SHA3-* - The MCT update that was introduced in release v1.1.0.29 is reworked to account for what is expected of test harnesses. This is a client breaking change. The pseudocode that must be implemented in a test harness has changed. In the new version of the MCT pseudocode the test harness is no longer required to have knowledge of the contents of the algorithm registration. See the updated SHA3 MCT pseudocode in the SHA3 ACVP algorithm specification.
- EdDSA sigVer 1.0 - Updates testing to honor "preHash": true
- KDF KMAC Sp800-108r1 - Fixes issue where ACVTS would sometimes generate incorrect answers.
- AES-XTS 2.0 - Corrects how AES XTS tweak is incremented for Multi-data unit payloads
v1.1.0.29-hotfix-1
Demo: 2023-6-9
Prod: 2023-6-23
CLIENT BREAKING CHANGE: SEE THE ConditioningComponent BlockCipher_DF SP800-90B SECTION OF THE RELEASE NOTES BELOW
- ConditioningComponent BlockCipher_DF SP800-90B - Adds outputLen as a required registration property. This is a CLIENT BREAKING CHANGE. Clients must provide outputLen for ConditioningComponent BlockCipher_DF SP800-90B registrations.
- RSA sigGen FIPS186-5 and RSA sigVer FIPS186-5
- kdf-components tls 1.0 - adds keyBlockLength as an optional registration property.
- SHA3-* 2.0 - updates MCT so that IUTs that do not support digestSize as a supported messageLength can be tested <-- completes this update from the v1.1.0.29 release. Part of this update was missing from the v1.1.0.29 release.
v1.1.0.29
Demo: 2023-06-01
- New Algorithm (Demo Only):
- RSA signaturePrimitive 2.0 - Tests RSASP1 from RFC 3447. Whereas RSA signaturePrimitive 1.0 only supports testing a 2048 bit modulus, RSA signaturePrimitive 2.0 supports testing the 2048, 3072 and 4096 moduli.
- RSA sigGen FIPS186-5 and RSA sigVer FIPS186-5
- EDDSA keyGen 1.0 - removes secretGenerationMode as a valid registration property
- SHA3-* 2.0 - updates MCT so that IUTs that do not support digestSize as a supported messageLength can be tested
- TLS-v1.2 KDF RFC7627 - Adds keyBlockLength as a registration property. If keyBlockLength is omitted, a 1024-bit key block length is assumed
- ACVP-AES-FF1 1.0 - Adds corner cases for AES-FF1 testing on particular radix-payloadLength pairs to catch rounding errors
- LMS sigGen 1.0 - Fixes issue where test cases were not generated when "isSample": false