github usnistgov/ACVP-Server v1.1.0.41
on GitHub

pre-releaseone day ago

Demo: 2025-10-31
Prod:

  • New Algorithms (Demo only):
    • SHAKE-128 FIPS202 and SHAKE-256 FIPS202 - This new testing revision for the SHAKE algorithms adds support for IUTs to supply their supported messageLengths. The FIPS202 testing revision omits MCT tests, combines AFT and VOT tests, and, if supported by the IUT, tests message lengths where the bitlength of the trailer (4-bits) appended to the message exceeds the block size.
      • NOTE: SHAKE-128 FIPS202 and SHAKE-256 FIPS202 will initially only be enabled on ACVTS Demo. SHAKE-128 FIPS202 and SHAKE-256 FIPS202 will not be enabled on ACVTS Prod initially. SHAKE-128 FIPS202 and SHAKE-256 FIPS202 will be enabled on ACVTS Prod only after they have been tested sufficiently on ACVTS Demo.
  • SHAKE-128 1.0 and SHAKE-256 1.0 - Updates SHAKE 1.0 testing to honor "inEmpty": false, i.e., to not include a test for 0-bit messages when "inEmpty": false.
  • ACVP-AES-CCM 1.0 - Updates testing to record the correct value for ivLen in the prompt, i.e., 104 bits, when the "ECMA" conformance is tested.
  • KAS-ECC Sp800-56Ar3 and KAS-FFC Sp800-56Ar3 - Fixes bug where, when different KAS schemes used different L values, there was a chance that the L value from one scheme would be applied to the other schemes.
  • RSA keyGen FIPS186-5
    • Addresses issues related to pMod8 and qMod8
      • Fixes issue where pMod8 and qMod8 values supplied in the registration were not being used in probable-based prime generation tests.
      • Adds parameter validation to ensure pMod8 and qMod8 are in {0, 1, 3, 5, 7}.
      • Adds pMod8 and qMod8 to the prompt files for groups where it is relevant.
      • #411
    • Updates testing to provide a meaningful error message when randPQ is probable and primeTest is missing from the registration.
  • RSA sigVer FIPS186-5 - improves error handling to provide a meaningful error message when maskFunction is omitted.
  • ACVP-AES-KW 1.0 - Addresses issue where the maximum payload length of 4096 was not being enforced.
  • ACVP-AES-XTS 2.0
    • Fixes bug around not allowing payload sizes that are exact multiples of data unit sizes
    • Fixes bug around not allowing payload sizes that are smaller than the data unit size
    • usnistgov/ACVP#1602
  • SHA3-* 2.0, SHAKE-128 1.0, SHAKE-256 1.0 - resolves issue where the invalid registration property "digestSize" was being accepted.
  • SHA3-* 2.0 - adds tests for message lengths where the bitlength of the trailer (2-bits) appended to the message exceeds the block size.
  • EDDSA sigGen 1.0 - corrects typo in error message.
  • /health endpoint - Addresses issue where the health endpoint would sometimes omit the "status" key and value.
  • Sample JSON files
    • removes sample JSON files for algorithm for which ACVTS testing never existed, HKDF 1.0. HKDF is testable via the KDA HKDF Sp800-56Cr1 and KDA HKDF Sp800-56Cr2 algorithm tests.
    • Adds sample JSON files for SHA3-384 2.0, SHA3-512 2.0, and SHAKE-256 1.0
Check out latest releases or
releases around usnistgov/ACVP-Server v1.1.0.41

Don't miss a new ACVP-Server release

NewReleases is sending notifications on new releases.

Get notifications