When configured for CAVP mode, the HSC Subsystem provides support for the Cryptographic Algorithm Validation Program. The CAVP was established in July 1995 by NIST (National Institute of Standards and Technology) and the Government of Canada's CCCS (Canadian Center for Cyber Security). CAVP goes hand-in-hand with Federal Information Processing Standards (FIPS). FIPS are standards and guidelines for federal computer systems that are developed by the National Institute of Standards and Technology (NIST) in accordance with the United States Federal Information Security Management Act (FISMA) and approved by the United States Secretary of Commerce. These standards and guidelines are developed when there are no acceptable industry standards or solutions for a particular government requirement. Although FIPS are developed for use by the federal government, many in the private sector voluntarily use these standards. CAVP provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components. Cryptographic algorithm validation is a prerequisite of cryptographic module validation.
More information about CAVP can be found on the NIST website.
- The Advanced Encryption Standard Algorithm Validation Suite (AESAVS) which specifies the procedures involved in validating implementations of the Advanced Encryption Standard (AES) algorithm in FIPS 197 : Advanced Encryption Standard.
- The Galois/Counter Mode (GCM) and GMAC Validation System (GCMVS) with the Addition of XPN Validation Testing which specifies the procedures for validating implementations of the Galois/Counter Mode (GCM), an algorithm for authenticated encryption with associated data, and its specialization, GMAC, for generating a message authentication code (MAC) on data that is not encrypted, as specified in SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC.
Successful algorithm validation by the CAVP requires successful completion of the tests outlined in the AESAVS and the GCMVS. Completion of AESAVS is a prerequisite for completion of the GCMVS. Each VS has configuration options based on the capabilities of the implementation under test. The tests and configuration options are described in the following sections.
For CAVP testing, the HSC Subsystem is configured in Fixed Port mode. Channelized mode is not supported. One port is tested at a time, and the specific port being tested is configured in BulkECB mode for AESAVS tests and BulkCrypto mode for GCMVS tests. CAVP stimulus is applied to the HSC Subsystem encryption/decryption path using an indirect (register-based) interface via the AXI4-Lite interface. The HSC Subsystem response is observed using the same indirect (register-based) interface. Software is required to iterate through various test sequences. Some tests have several different input vectors which software must write sequentially to the CAVP registers and trigger the test to start. Other tests require thousands of iterations, each of which uses the outputs of the current iteration to calculate inputs of the next iteration. Software is required to generate and write the desired data and trigger each iteration.