v1.1.0.20

Demo: 2021-07-28
Prod: 2021-08-19

Public Web:

• Update PUT operation on /testSessions/{tsId}/vectorSets/{vsId}/results endpoint to allow for PUT when vs in error state.
  • #119

Algorithms:

• SP800-56C Correct 56C L lower bounds to 112 as minimum
  • #123
• KBKDF validator to check for the absence of a fixedDataOrder value of "none" when a counterLength of "0" is present.
  • https://github.com/usnistgov/ACVP/issues/1109
• New algorithm "KAS-KC" / null / "Sp800-56"
  • usnistgov/ACVP#1209
• New algorithm "KAS-KDF" / "OneStepNoCounter" / "Sp800-56Cr2"
  • usnistgov/ACVP#1210
• New KDF type for SP800-56Ar3 (ECC and FFC) and SP800-56Br2 (IFC)
  • usnistgov/ACVP#1210
• Conditioning Component BlockCipher - updates returned bits to be the length of the key size used, rather than the static 128 bit block size.
  • usnistgov/ACVP#1218

v1.1.0.19

Demo: 2021-06-23
Prod: 2021-07-07

Algorithms:

• KAS - enables SHA-1 for KAS registrations (includes full kas and kas kdf testing)
  • usnistgov/ACVP#1170

Web.Public:

• Updates capability registrations received at the /testSessions POST endpoint to be case sensitive going forward. This is a potentially client breaking change, depending on whether or not the client was using properties whose casings matched the protocol/specification.
  • #114

v1.1.0.18

Demo: 2021-05-26
Prod: 2021-06-09

Algorithms:

• HMAC
  • update generation for better coverage of registered domains
    • #59
  • HMAC always include min/max from domain
    • #83
• KAS KDFs max z len correction 65336 -> 65536
  • #64
• asni x9.42
  • updates parameter validation to ensure at least one valid type included
  • update properties to be on the byte boundary
    • #98
• KAS 1.0
  • KdfNoKc update label in expected/actual from "tag" -> "hashZ"
    • #107
  • ensure that key confirmation object is provided for key confirmation option
    • usnistgov/ACVP#1169
  • Adds 104 bits as valid nonce length for AES-CCM
    • usnistgov/ACVP#1162
• KAS IFC corrects issue where failing test not introduced for val test group
  • #97
• Disables modulo 1024 for RSA KeyGen 1.0
  • #82
• RSA KeyGen correction to validator when RSA key aux values don't meet appropriate lower bounds
  • #108
• DRBG update max testable bitlength from 1024 -> 65536
  • #101
• CMAC removes keylen projection from prompt file for TDES vectors
  • #106
• KDF Update keyIn length to be equal to the output of the aux function
  • usnistgov/ACVP#1013
  • Additionally adds an optional parameter customKeyInLength to allow for the customization of the key in length.
    • usnistgov/ACVP#1013 (comment)
• GCM write out IV in prompt file only when "external" for encrypt operations, or always for decrypt
• Updates IsSample for CTR modes so that the size of the messages is the same on every environment
• KTS for ktsMethod validate that if !supportsNullAssociatedData, that a valid associatedDataPattern is present.
  • usnistgov/ACVP#1184
• SHAKE parameter validation update to check for outputLen property
  • #111

Public Web:

• Previously, would return "retry" objects indefinitely if attempting to pull vector set json that had already been archived through archival process (expiration or certification). Now returning an "archived" object rather than retry object for this scenario.
  • #57
• HealthCheck endpoint
  • usnistgov/ACVP#822
• Version endpoint
  • usnistgov/ACVP#649

v1.1.0.17 Hotfix2

• Updates to crypto caching system to correct improperly generated RSA keys

  • #104

v1.1.0.17 Hotfix1

Demo: 2021-05-06
Prod: 2021-05-06

• Fixed public exponent pool correction
  • usnistgov/ACVP#1166
• Update RSA validation routine to no longer attempt validate aux values for B.3.6 when InfoGeneratedByServer
  • usnistgov/ACVP#1168
• Update to B.3.6 aux value generation
  • #99

v1.1.0.17

Demo: 2021-04-16
Prod: 2021-04-28

• Web-Public fixes "failed" test session disposition when a GET is issue on a test session that has already been published (or is in the process of a certify being approved)
  • #63
  • usnistgov/ACVP#1144
  • #56
• New algorithm KAS-ECC / CDH-Component / Sp800-56Cr3
  • usnistgov/ACVP#1147
• Speed improvements for algorithms that utilize SHA as a primitive.
• ANSIx9.42 OID updates
  • usnistgov/ACVP#1127
• RSA Probable primes with auxiliary probable primes generated updated to ensure the most significant bit is always "1"
  • #67
• RSA Probable primes correction for 6144 modulo using the incorrect lower bound
  • usnistgov/ACVP#1153

v1.1.0.16 Hotfix 1

Demo: 2021-03-16
Prod: 2021-03-17

• Corrects SHA2 parameter validator to check for 3x the digest size rather than the digest size as a value within the message lengths domain
• Wasn't fully rejecting SHA1 from KAS registration
  • #84
• Determine "features" of KAS-IFC scheme group generation based on scheme metadata, rather than the "not null" presence of the array that describes that scheme feature.
  • #88
• Updates /testSessions/ GET endpoint to enable pagination
  • Should be related to #89, but can't completely verify until the fix is out there.
  • The execution time against the endpoint is vastly improved.

v1.1.0.16

Demo: 2021-02-26
Prod: 2021-03-08

• Removes SHA1 as valid MAC algorithm for full KAS testing
  • usnistgov/ACVP#1129
• KAS-IFC SSC corrects "failure for changed z" test case generation to properly mangle the value for the KAS2 scheme.
  • usnistgov/ACVP#1126
• KeyWrapping corrects property label within parameter validation from ptLen -> payloadLen
  • usnistgov/ACVP#1133
• Correction to KAS IFC flavors to successfully generate vectors for the higher modulo
  • #81

v1.1.0.15

Demo 2021-01-14
Prod 2021-02-12

• New Algorithms (Demo only)
  • KAS-KDF / OneStep / Sp800-56Cr2
    • usnistgov/ACVP#1095
  • KAS-KDF / TwoStep / Sp800-56Cr2
    • usnistgov/ACVP#1095
  • KAS-KDF / HKDF / Sp800-56Cr2
    • usnistgov/ACVP#1095
  • ACVP-AES-XTS / null / 2.0 (Demo only)
    • New revision of XTS testing that allows for the separation of data unit length and payload length
    • usnistgov/ACVP#1102
  • TLSv1.2 / KDF / RFC7626
    • new TLS v1.2 testing using the extended master secret extension
    • #41
• X9.42 correction for DER encoding
  • usnistgov/ACVP#1056
• Added conformance "RFC3686" to AES-CTR testing (Demo only)
  • usnistgov/ACVP#1049
• KAS SP800-56Ar3, SP800-56Br2 update prompt file to include kdfMode for TwoStep KDFs
  • usnistgov/ACVP#1110
• MathDomain
  • correction to edge case where a "range" math domain supports a small number of values.
    • #66
    • #70
  • cSHAKE and derivatives, updates test case generation to fix situations where certain MathDomain interactions would fail to generate vectors
    • usnistgov/ACVP#1119
• AES-CCM - correct "expected results" json file to no longer include pt property in failure verification test cases
• KTS correction to maximum L calculation within OAEP
  • #69
• AES-FF1 fixes issue with larger message lengths
  • #73
• KAS group generation updates
  • Updates to SP800-56Ar3 and SP800-56Br2 test group creation to have a more diverse spread of registered capabilities within the groups, while avoiding a cartesian product of the capabilities to keep the group/test case count somewhat contained.
  • #34
  • #54
  • #55
  • #71

v1.1.0.14 Hotfix 3

• TLSv1.3 release to prod environment
• SHA-1 is no longer an option for any SigGen algorithm
  • usnistgov/ACVP#1053
• We introduced a temporary fix for the TOTP errors and are looking into the issue long-term. Please report feedback to us on TOTP if you encounter any issues.
  • #44
• Additional compute resources were added to Demo to help reduce the frequency of longer delays and provide added redundancy