Generic ACVP JSON Parser

This parser implements the ACVP protocol used by NIST for the automated CAVP testing (Automated Cryptographic Validation Program - ACVP).

This parser processes JSON files that are already downloaded from the NIST ACVP server. It invokes the cryptographic implementation and generates the test response JSON data as defined by the ACVP protocol.

The entire ACVP server interaction including download of test vectors and upload of test responses must be handled with a separate tool, like the ACVP Proxy.

The public version of the ACVP Parser provides full support for OpenSSL 1.1.x and OpenSSL 1.0.x. Support for other cipher implementations can be easily added as the ACVP Parser is intended to provide a flexible plug-in mechanism with a fully documented API. The following crypto implementations were successfully linked with and tested using the ACVP Parser:

In addition, the ACVP Parser is used to implement the following converters:

No Runtime-Dependencies

The ACVP Parser is written in a clean C99 code and only requires the presence of a POSIX environment. It does not require any additional libraries or support functions and is therefore intended to be usable a large array of environments. For example, the ACVP Parser is successfully ported to iOS without requiring any code changes. Only a UI was required to be added to allow the application to be deployed.

GitHub Link

A public git repository is found at smuellerDD/acvpparser.

ACVP Protocol Specification

The ACVP Parser implements the entire test vector JSON parsing of the ACVP Protocol Specification. It implements all aspects of the protocol.

Source Code

The following source code contains the implementation of the ACVP Parser.

Link Changes

0.5.3 (Signature of source code)

ACVP Parser was used for first successful ACVP certificate
  • reenable OpenSSL FIPS mode
  • add new TLS KDF and SSH KDF implementations to OpenSSL
  • add OpenSSL 1.0.x support
  • add AES GMAC support
  • rename test case references from Common to "Generic C" to be compliant with ACVP Proxy

0.5.2 (Signature of source code)

ACVP Parser was used for a successful accreditation
  • add PBKDF2 support for OpenSSL

2019-07-14 smueller at chronox.de