Thanks for returning to our blog series on algorithms.[Please also check out Part 1 on the AES algorithm and Part 2 on Suite B and CNSA if you have not already.] For our third post and rounding out the trilogy, we’re talking about the Cryptographic Algorithm Validation Program (CAVP), the less popular sibling of the Cryptographic Module Validation Program (CMVP).
The CAVP is a key building block for FIPS 140-2 validation. Without individual algorithm implementation testing and certification, CMVP will not approve the crypto module itself. Likewise, NIST is very careful to denote that one “does not meet the FIPS 140-2 applicability requirements by simply implementing an Approved security function and acquiring validations for each of the implemented algorithms”. This is a specification that is often ignored by folks who think that they can skirt FIPS 140-2 mandates with a CAVP certificate in hand. The two programs, CAVP and CMVP, are designed to work hand-in-hand, administered jointly by NIST and Canada’s CSE, to certify the algorithm implementations and the full modules. Neither are intended to be in a vacuum. CMVP is dependent on CAVP, and CAVP alone does not satisfy requirements.
So what is tested at CAVP? Here is a great matrix, directly from the NIST website.
Block Ciphers | AES, Triple DES, Skipjack (decryption only)
Tests for ECB, CBC, CFB and OFB modes. |
Block Cipher Modes | CCM, CMAC, GCM / GMAC / XPN, Key Wrap, XTS |
Digital Signatures | FIPS 186-4: DSA, ECDSA, RSA |
Key Derivation Functions | KBKDF |
Key Management | KAS |
Message Authentication | HMAC (FIPS 198-1) |
Random Number Generation | DRBG |
Secure Hashing | SHA-2, SHA-1 |
Component Testing | ECC-CDH (SP 800-56A),
RSA PKCS1-v1.5 RSASP1 (FIPS 186-4), |
Here’s the strategic part: alg testing is done with NVLAP-accredited labs, leveraging test vectors to confirm the proper operation of the implementation. Traditionally, CAVP testing has yielded a significant delay in the FIPS 140-2 validation process. It’s just another prerequisite that vendors had to tackle, even if they were repeating the same old tests on the same old algorithms that had been done before. Just for the first listing in the database, AES-CBC, there are 4908 matching records. Seventeen of those are from SafeLogic!
When a SafeLogic customer begins the RapidCert process, it’s not just the CMVP that we align with, it’s the CAVP as well. Our existing algorithm certificates can be leveraged to accelerate the effort, and when needed, we have the expertise to complete new test vectors quickly. Because this is our focus and our core competency, there is never that ramp-up education phase. We can identify exactly what is required, execute the testing, and have the cert in hand faster than a consultant can respond to your queries about the problem in the first place.
We should also talk about the ACVP - the Automated Cryptographic Validation Protocol. This is the latest effort to accelerate the validation process for vendors, and it’s a doozy. In their words, “The structure and the rules under which the CAVP and CMVP operate worked well for the level of the technology utilized by the Federal Government at the time when the programs were created more than two decades ago. As technology has advanced however, the algorithm and module testing processes no longer satisfy current day industry and government operational needs. Testing and validation of test results are exceedingly long, well beyond typical product development cycles across a wide range of technologies.”
Sounds familiar, doesn’t it? That’s a drum that we’ve been beating for years now ourselves! By the time a vendor completes a certification the traditional way, it’s practically obsolete already. It creates a catch-22 in which the U.S. federal government ends up using old, outdated technology, just for the sake of satisfying the validation mandate. It creates a huge functional disadvantage when faced with combatants who are not under any such constraint.
Well, NIST was listening all this time (not in a creepy NSA way, lol) and it is establishing a self-serve algorithm testing platform, essentially. It promises to speed up that portion of the traditional path and even offers some time-saving potential for SafeLogic, although the caveat remains that it will not be particularly easy for a vendor starting from scratch. It is intended to reduce, if not eliminate, the NVLAP testing lab from their middleman role in the tedious and repetitive algorithm testing stage, but there remains overhead for a vendor to qualify for, submit for and receive credentials, learn the platform, and execute their testing. The learning curve will be somewhere between using a Redbox kiosk and performing open heart surgery. NIST hopes the former, but as always, the question is, if you’re only planning to validate one module, is it worth it?
Don't hesitate to reach out. We love talking to folks about their specific use cases and challenges!