ACVP Parser

Generic ACVP JSON Parser

This parser implements the ACVP protocol used by NIST for the automated CAVP testing (Automated Cryptographic Validation Program - ACVP).

This parser processes JSON files that are already downloaded from the NIST ACVP server. It invokes the cryptographic implementation and generates the test response JSON data as defined by the ACVP protocol.

The entire ACVP server interaction including download of test vectors and upload of test responses must be handled with a separate tool, like the ACVP Proxy.

The public version of the ACVP Parser provides full support for OpenSSL 1.1.x and OpenSSL 1.0.x. Support for other cipher implementations can be easily added as the ACVP Parser is intended to provide a flexible plug-in mechanism with a fully documented API. The following crypto implementations were successfully linked with and tested using the ACVP Parser:

Jitter RNG conditioning function
Linux /dev/random replacement implementation (LRNG) conditioning function
ACVP Proxy hash and HMAC implementations
Apple CommonCrypto
Apple CoreCrypto
BoringSSL
Botan
BouncyCastle Java implementation accessed via the JNA interface
GnuTLS
Linux kernel crypto API using a kernel module written for the testing
libkcapi
libreswan
libsodium
NSS
OpenSSH
OpenSSL
PKCS 11 token
Strongswan

In addition, the ACVP Parser is used to implement the following converters:

Conversion of ACVP test vectors into CAVS format
Conversion of CAVS test responses into ACVP test response format

No Runtime-Dependencies

The ACVP Parser is written in a clean C99 code and only requires the presence of a POSIX environment. It does not require any additional libraries or support functions and is therefore intended to be usable a large array of environments. For example, the ACVP Parser is successfully ported to iOS without requiring any code changes. Only a UI was required to be added to allow the application to be deployed.

GitHub Link

A public git repository is found at smuellerDD/acvpparser.

ACVP Protocol Specification

The ACVP Parser implements the entire test vector JSON parsing of the ACVP Protocol Specification. It implements all aspects of the protocol.

Source Code

The following source code contains the implementation of the ACVP Parser.

Link	Changes
0.5.3 (Signature of source code)	ACVP Parser was used for first successful ACVP certificate reenable OpenSSL FIPS mode add new TLS KDF and SSH KDF implementations to OpenSSL add OpenSSL 1.0.x support add AES GMAC support rename test case references from Common to "Generic C" to be compliant with ACVP Proxy
0.5.2 (Signature of source code)	ACVP Parser was used for a successful accreditation add PBKDF2 support for OpenSSL
0.6.1 (Signature of source code)	See CHANGES.md for list of changes.
0.6.2 (Signature of source code)	See CHANGES.md for list of changes.
0.6.2 (Signature of source code)	See CHANGES.md for list of changes.
0.7.0 (Signature of source code)	See CHANGES.md for list of changes.
0.8.0 (Signature of source code)	See CHANGES.md for list of changes.
1.0.0 (Signature of source code)	See CHANGES.md for list of changes.
1.1.0 (Signature of source code)	See CHANGES.md for list of changes.
1.2.0 (Signature of source code)	See CHANGES.md for list of changes.
2.0.0 (Signature of source code)	See CHANGES.md for list of changes.
2.1.0 (Signature of source code)	See CHANGES.md for list of changes.

2020-12-06 smueller at chronox.de