CAVP Testing｜株式会社 ECSEC Laboratory（公式ホームページ）

CAVP Testing

What is CAVP?

・CAVP stands for Cryptographic Algorithm Validation Program.

・Like CMVP, it is a joint program between the US government agency NIST and the Canadian government agency CCCS.

・Cryptographic algorithms, random number (bit) generators and key establishment techniques approved or recommended by the CAVP are subject to CAVP Validation.

・Parameters provided by the testing laboratory are entered into the cryptographic algorithm implementation to generate a processing result, and if the result values are correct, CAVP validation is awarded.

Validation can be achieved at low cost and in a short period of time

・The time from application to validation is usually around one month if no major problems arise.

・The test is much less demanding than the cryptographic module test.

List of testable cryptographic algorithms

・Please check the CAVP cryptographic algorithms that can be tested in the ECSEC Lab from the “List of Testable Cryptographic Algorithms”. Please request a Cryptographic Algorithm test by specifying the name of the cryptographic algorithm and the function or mode name.

・List of Testable Cryptographic Algorithms

Relationship between CMVP and CAVP

・Cryptographic algorithm testing, previously part of CMVP, has been separated and now is independent validation program called CAVP.

・CAVP does not replace CMVP. CMVP is required for US and Canadian Government procurement of cryptographic products, only CAVP is not sufficient for the procurement.

Preparation for the cryptographic algorithm testing

・Preparation for the cryptographic algorithm testing typically involves two preparation items.

Check test specifications

The method of conducting cryptographic algorithm testing is determined in advance by the test specifications. Therefore, it is necessary to first check the test specification (Algorithm JSON Specification) of the cryptographic algorithm to be tested.
The test specifications can be found in the List of Testable Cryptographic Algorithms.
The test specifications are described in the linked information (Algorithm JSON Specification) from the cryptographic algorithm listed in the “Supported Algorithms“ section that appears when you scroll down the page of the above site.
The information linked from the cryptographic algorithm name is in text format, and the information linked from “HTML“ next to the cryptographic algorithm name is in html format. Please refer to the appropriate it depending on your environment.

Preparation of test harnesses for cryptographic algorithm testing

It is necessary to prepare a test harness to input the cryptographic algorithm test parameters provided by the ECSEC Lab into the developed cryptographic algorithm implementation.

This test harness retrieves input data (cryptographic algorithm test parameters) from “Check test specifications“ provided by ECSEC Lab, inputs it to the target cryptographic algorithm implementation, receives or retrieves the resulting values from the target implementation, and generates ”response file” from the resulting values.

The format of “request file“ and “response file“ (JSON format) can be checked in the Algorithm JSON Specification of each algorithm shown in “Check test specifications“.

See “Test Vectors“ for request file and “Test Vector Responses“ for response file.

In the “Appendix“ you can refer to the specific format.

Note that the file name is a variable string (XXXX.json). Therefore, it is necessary to design the test harness to be able to read file with variable file name.

Cryptographic algorithm testing procedures

For the procedure, download and refer to the following file.

CAVP Implementation Procedures.pdf

(395KB)

Inquiry

For evaluation or testing requests, questions or consultation inquiries, please contact.

■ Email labinquiry@ecsec.jp