Demo: 2025-6-11
Prod: 2025-6-23
IMPORTANT: PLEASE NOTE THE IMPACT OF THIS RELEASE'S DEPLOYMENT TO THE ACVTS DEMO ENVIRONMENT FOR ML-KEM / encapDecap / FIPS203 TEST VECTORS THAT WERE GENERATED BY RELEASES PRIOR TO RELEASE V1.1.0.40 WITH "isSample": false. SEE THE ML-KEM / encapDecap / FIPS203 BULLET BELOW FOR THIS INFORMATION.
- New Algorithms (Prod 6/25/25):
- Adds HMAC revision 2.0 testing, e.g., HMAC-SHA-1 / 2.0, HMAC-SHA2-224 / 2.0, HMAC-SHA2-256 / 2.0, etc. (Algo / Revision) - Adds a new revision 2.0 to HMAC that adds
msgLenas a registration property and moves themsgLen,keyLenandmacLenproperties into the test case instead of the test group for the prompt. This reduces the number of test groups and test cases.
- Adds HMAC revision 2.0 testing, e.g., HMAC-SHA-1 / 2.0, HMAC-SHA2-224 / 2.0, HMAC-SHA2-256 / 2.0, etc. (Algo / Revision) - Adds a new revision 2.0 to HMAC that adds
- ACVP-AES-XTS / "2.0" (Algo / Revision) - Updates the testing to reverse the assumption that "all lengths listed by the payloadLen property are also valid data unit lengths." The updated assumption is that "all lengths listed by the dataUnitLen property are also valid payload lengths. As such, the values for the payloadLen property MUST include all dataUnitLen values."
- KMAC-128 and KMAC-256 - Updates testing to ensure both block-aligned and non-block-aligned key sizes are tested.
- ML-KEM / encapDecap / FIPS203 (Algo / Mode / Revision)
- Adds "encapsulationKeyCheck" and "decapsulationKeyCheck" as functions for ML-KEM Encap/Decap FIPS203 to exercise an implementation's capability to perform the Encapsulation Key Check in FIPS 203 Section 7.2 and the Decapsulation Key Check in FIPS 203 Section 7.3. These tests are only included if the appropriate function is present in the registration. They operate by providing a valid or invalid key and expecting the IUT to return a
truefor a valid key orfalsefor an invalid key. - The test group and test case formats for decapsulation test groups and test cases are updated so that
dkis provided at the test case level rather than at the test group level.- IMPLICATIONS FOR ACVTS DEMO RELEASE: test vectors that were generated by releases prior to v1.1.0.40 with "isSample": false will fail on validation as a result of this update and will need to be regenerated using ACVTS release v1.1.0.40 or higher. CAVP will implement a workaround as part of the v1.1.0.40 release's deployment to Prod so that test vectors will not need to be regenerated on Prod.
- Adds "encapsulationKeyCheck" and "decapsulationKeyCheck" as functions for ML-KEM Encap/Decap FIPS203 to exercise an implementation's capability to perform the Encapsulation Key Check in FIPS 203 Section 7.2 and the Decapsulation Key Check in FIPS 203 Section 7.3. These tests are only included if the appropriate function is present in the registration. They operate by providing a valid or invalid key and expecting the IUT to return a
- Ascon / AEAD128 / SP800-232, Ascon / Hash256 / SP800-232, Ascon / XOF128 / SP800-232, and Ascon / CXOF128 / SP800-232 (Algo / Mode / Revision)
- Updates property names to more closely match those of other algorithms supported by ACVTS.
- Fixes issues with domains not being respected by increment.
- Adds decryption failure test cases to check the authentication element of the AEAD128 mode.
- Updates the minimum tag length for Ascon / AEAD128 / SP800-232 from 64 bits to 32 bits
- Fixes a bug in the Ascon / AEAD128 / SP800-232 nonceMasking encrypt tests
- Addresses: #1568, usnistgov/ACVP#1570, usnistgov/ACVP#1571, usnistgov/ACVP#1572, usnistgov/ACVP#1573, usnistgov/ACVP#1574, usnistgov/ACVP#1575, usnistgov/ACVP#1576, and usnistgov/ACVP#1577
- Updates ACVTS to provide a meaningful error message when an ACVTS Prod registration contains
"isSample" : true. NOTE: the only valid value for "isSample" for an ACVTS Prod registration isfalse.- Addresses #393