v1.1.0.14

• HACT testing
  • CBC
  • RSA-SigGen
• New SHA3 revision allowing a more similar (and controllable) registration in comparison to SHA2
  • usnistgov/ACVP#1003
• TLS v1.3 - removes hash algorithms not specified in RFC
  • valid hash algorithms now include SHA2-256 and SHA2-384
• Updates string validators to be case sensitive within registration validation for property values
  • #27
• KTS - update test case handling to property account for when the deferred crypto resolver cannot successfully complete the crypto.
  • #29
• KAS KDF OneStep adds l to prompt file
  • usnistgov/ACVP#1054
• KAS HKDF the HKDF was expecting DKM in bytes, was being passed in bits, causing too long of keys to be generated
  • usnistgov/ACVP#1048
• Domain update - changes maximum value of domain to the integer max of 2,147,483,647
  • The DRBG specification stated values up to 2^35 could be supported, also updated the specification to reflect this integer max change
  • #31
• KAS SP800-56Br2 and SP800-56Ar3 updates so that dkm is now comprised of the full MacKey || KeyData, was previously being set to just KeyData when Key Confirmation was utilized
  • #30
  • usnistgov/ACVP#1069
• KAS KDF OneStep and HKDF, the minimum allowed l value is now the output length of the largest registered hash function, rather than 2x that value.
  • usnistgov/ACVP#1011
• TLS v1.3 rename "earlyExporterTrafficSecret" -> "earlyExporterMasterSecret" to match RFC
  • usnistgov/ACVP#1046
• KAS Corrects an hmac function label "HMAC_SHA2_D512_T256"
  • usnistgov/ACVP#1081
• KTS Additional "required" property validation to return more meaningful error messages
  • usnistgov/ACVP#1079

Hotfix changes since previous documented release:

• PBKDF genvals correction
  • #28
• Better handling of metadata updates when certain properties were not updated
• Better error message handling in situations where an answer post/put was rejected
• Fixed several scenarios preventing newer KAS algorithms from properly certifying
  • usnistgov/ACVP#1060