Releases: usnistgov/ACVP-Server
Releases · usnistgov/ACVP-Server
v1.1.0.34
Demo: 2024-4-1
Prod:
- New Algorithms (Demo only):
- ML-DSA keyGen FIPS204, ML-DSA sigGen FIPS204 and ML-DSA sigVer FIPS204 - testing for Module-Lattice-Based Digital Signature Standard based on the FIPS 204 Initial Public Draft
- ML-KEM encapDecap FIPS203 and ML-KEM keyGen FIPS203 - testing for Module-Lattice-Based Key-Encapsulation Mechanism based on the FIPS 203 Initial Public Draft
- ECDSA keyGen FIPS186-5, ECDSA keyVer FIPS186-5, ECDSA sigGen FIPS186-5, ECDSA sigVer FIPS186-5, DetECDSA sigGen FIPS186-5 - adds testing for the B and K curves
- ECDSA sigGen FIPS186-5 and ECDSA sigVer FIPS186-5 - updates testing to use the correct output lengths for SHAKE-128 and SHAKE-256
- EDDSA sigGen 1.0 - Adds support for custom contextLength based on support outlined in sections 7.6 and 7.8 of FIPS 186-5
- RSA keyGen FIPS186-5 - removes support for testing the 15360 modulus. The runtimes involved in testing this modulus are too high.
v1.1.0.33
Demo: 2024-1-31
Prod: 2024-2-9
- EDDSA keyGen 1.0 - Adds check to ensure that user-supplied private key D values conform to FIPS 186-5 requirements
- RSA keyGen FIPS186-5 - updates testing to no longer require auxiliary values for deferred test cases
- RSA sigVer FIPS186-5 - removes SHA1 as a valid hash function
- hashDRBG, hmacDRBG, ctrDRBG - Updates testing to check that entropy input length + nonce length is >= 3/2 security strength in place of requiring the nonce length be >= 1/2 security strength bits.
- ACVP-AES-XTS 2.0 - Addresses an issue where the tweak value was sometimes incremented incorrectly
- GenValAppRunner sample application - Adds a feature whereby the correctness of algorithm capabilities can be verified without starting the the Orleans server.
v1.1.0.32
Demo: 2023-11-21
Prod: 2023-12-14
- Purchase endpoint - The /purchase endpoint is updated to allow a purchaseOrderNumber to be supplied as part of the request. An optional purchase number can be included in the request and will be included on the invoice from NIST for the purchase. See https://github.com/usnistgov/ACVP-Server/wiki/ACVTS-Purchasing-Endpoints#2-purchase for additional information.
- ConditioningComponent AES-CBC-MAC SP800-90B - Adds support for the IUT to be able to supply the key used for testing
- KDA HKDF Sp800-56Cr2
- Fixes an issue where, when a required registration property was omitted from the registration, A) an error was logged to the prompt file instead of B) the registration being rejected and citing the error.
- Adds the saltLens registration property to support IUTs that are constrained by the salt lengths that they support.
- LMS sigVer 1.0 - Addresses an issue related to parsing unusual public keys
- RSA decryptionPrimitive Sp800-56Br2 - Adds support for testing IUTs that require a fixed public exponent
- SHA1, SHA2-, and SHA3- - Corrects an issue where the server computed incorrect results for the "MCT" testType when mctVersion was set to "alternate".
Prod Update: 2024-01-18
- RSA signaturePrimitive 2.0 algorithm enabled on Prod
v1.1.0.31
Demo: 2023-9-21
Prod: 2023-10-6
CLIENT BREAKING CHANGE: SEE THE RSA decryptionPrimitive Sp800-56Br2 and RSA signaturePrimitive 2.0 SECTIONS OF THE RELEASE NOTES BELOW
- RSA decryptionPrimitive Sp800-56Br2 - renames the "modulus" registration property to "modulo" to be consistent with other RSA testing.
- RSA signaturePrimitive 2.0 - renames the "modulus" registration property to "modulo" to be consistent with other RSA testing.
- RSA sigGen FIPS186-5 - Updates the MGF1 mask function to account for the proper output lengths for SHAKE128 and SHAKE256 as defined by FIPS 186-5, i.e., to use 256 and 512 bits (instead of 128 and 256 bits).
- hashDRBG and hmacDRBG - adds SHA3-224, SHA3-256, SHA3-384, and SHA3-512 as newly supported modes.
- RSA keyGen FIPS186-5 - corrects an issue where test cases using the "standard" keyFormat were being marked as "failed" with the error "Internal key is unexpected type".
- RSA keyGen FIPS186-4 and RSA sigVer FIPS186-4 - resolves an issue where the supplied values for e were, in some cases, invalid.
- LMS keyGen 1.0 - Addresses truncation issue with M=24. Note: this issue only presented when generating test vectors using the GenValAppRunner as opposed to obtaining test vectors via ACVTS.
- Corrects issue where the timestamps returned by
GET /testSessions/{testSessionId}were not in RFC3339 format with no local timezone adjustment, e.g.,2018-06-01T20:10:33Z.
v1.1.0.30
Demo: 2023-7-13
Prod: 2023-7-26
CLIENT BREAKING CHANGE: SEE THE SHA1, SHA2- and SHA3- SECTIONS OF THE RELEASE NOTES BELOW**
- SHA1 and SHA2-* - The MCT update that was introduced in release v1.1.0.28-hotfix-1 is reworked to account for what is expected of test harnesses. This is a client breaking change. The pseudocode that must be implemented in a test harness has changed. In the new version of the MCT pseudocode the test harness is no longer required to have knowledge of the contents of the algorithm registration. See the updated SHA1/SHA2 MCT pseudocode in the SHA ACVP algorithm specification.
- SHA3-* - The MCT update that was introduced in release v1.1.0.29 is reworked to account for what is expected of test harnesses. This is a client breaking change. The pseudocode that must be implemented in a test harness has changed. In the new version of the MCT pseudocode the test harness is no longer required to have knowledge of the contents of the algorithm registration. See the updated SHA3 MCT pseudocode in the SHA3 ACVP algorithm specification.
- EdDSA sigVer 1.0 - Updates testing to honor "preHash": true
- KDF KMAC Sp800-108r1 - Fixes issue where ACVTS would sometimes generate incorrect answers.
- AES-XTS 2.0 - Corrects how AES XTS tweak is incremented for Multi-data unit payloads
v1.1.0.29-hotfix-1
Demo: 2023-6-9
Prod: 2023-6-23
CLIENT BREAKING CHANGE: SEE THE ConditioningComponent BlockCipher_DF SP800-90B SECTION OF THE RELEASE NOTES BELOW
- ConditioningComponent BlockCipher_DF SP800-90B - Adds outputLen as a required registration property. This is a CLIENT BREAKING CHANGE. Clients must provide outputLen for ConditioningComponent BlockCipher_DF SP800-90B registrations.
- RSA sigGen FIPS186-5 and RSA sigVer FIPS186-5
- kdf-components tls 1.0 - adds keyBlockLength as an optional registration property.
- SHA3-* 2.0 - updates MCT so that IUTs that do not support digestSize as a supported messageLength can be tested <-- completes this update from the v1.1.0.29 release. Part of this update was missing from the v1.1.0.29 release.
v1.1.0.29
Demo: 2023-06-01
- New Algorithm (Demo Only):
- RSA signaturePrimitive 2.0 - Tests RSASP1 from RFC 3447. Whereas RSA signaturePrimitive 1.0 only supports testing a 2048 bit modulus, RSA signaturePrimitive 2.0 supports testing the 2048, 3072 and 4096 moduli.
- RSA sigGen FIPS186-5 and RSA sigVer FIPS186-5
- EDDSA keyGen 1.0 - removes secretGenerationMode as a valid registration property
- SHA3-* 2.0 - updates MCT so that IUTs that do not support digestSize as a supported messageLength can be tested
- TLS-v1.2 KDF RFC7627 - Adds keyBlockLength as a registration property. If keyBlockLength is omitted, a 1024-bit key block length is assumed
- ACVP-AES-FF1 1.0 - Adds corner cases for AES-FF1 testing on particular radix-payloadLength pairs to catch rounding errors
- LMS sigGen 1.0 - Fixes issue where test cases were not generated when "isSample": false
v1.1.0.28-hotfix-2
Demo: 2023-4-28
Prod: 2023-4-28
- LMS sigVer 1.0 - Fixes an issue where signature verification tests that should not fail are marked as failing.
- RSA decryptionPrimitive Sp800-56Br2 - Includes additional test case information in the prompt file, i.e., values for e, p, q, n & d. Updates the testing to check for the failure conditions identified in section 7.1.2 of SP 800-56Br2, i.e., "c: the ciphertext; an integer such that 1 < c < (n – 1)".
Prod Update: 2023-05-12
- RSA decryptionPrimitive Sp800-56Br2 algorithm enabled on Prod.
v1.1.0.28-hotfix-1
Demo: 2023-3-24
Prod: 2023-4-12
- LMS keyGen 1.0 - Decreases the number of test cases.
- SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 - The MCTs are updated to support the case where !SupportedMessageLengths.Contains(3*digestSize), a limitation of the original MCT design. This change is backwards compatible.
Prod Update: 2023-04-19
- LMS keyGen 1.0, LMS sigGen 1.0 and LMS sigVer 1.0 algorithms enabled on Prod.
v1.1.0.28
Demo: 2023-3-2
Prod: 2023-3-21
- LMS algorithms:
- LMS keyGen 1.0 - New algorithm. Adds support for testing LMS key generation.
- LMS sigGen 1.0 - New algorithm. Adds support for testing LMS signature generation
- LMS sigVer 1.0 - New algorithm. Adds support for testing LMS signature verification.
- NOTE: LMS keyGen 1.0, sigGen 1.0 and sigVer 1.0 will not be enabled in Prod until further testing in Demo has been completed.
- kdf-components srtp 1.0 - Adds support for testing SRTP/SRTCP KDF implementations where a 48-bit quantity, i.e., 000...0 || 0 || SRTCP index, is used in the SRTCP key derivation (see IETF RFC Errata ID 7606 and https://csrc.nist.gov/csrc/media/publications/sp/800-135/rev-1/final/documents/sp800-135r1-informative-note-20160919.pdf) vs the 32-bit quantity, i.e., 0 || SRTCP index, defined in the original RFC 3711. This is accomplished with the addition of the supports48BitSrtcpIndex registration property.
- RSA keyGen FIPS186-4 and RSA keyGen FIPS186-5 - Fixes an issue where a "General exception. Contact service provider." would be returned when the RSA key generation parameters provided by an IUT ran afoul of the FIPS 186-4 "Compute a probable prime factor based on aux primes" failure condition at FIPS 186-4 C.9 Step 9. Instead of ending the validation with a General exception, an informative error is now logged for any offending test cases in the validation.json.
- kdf-components ansix9.63 1.0 - Adds testing support for SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384 and SHA3-512.
- ECDSA sigGen FIPS186-5 - Adds testing support for SHAKE-128 and SHAKE-256
- RSA sigGen FIPS186-5 and RSA sigVer FIPS186-5 - Adds testing support for SHAKE and SHA3.