ACVP Proxy

The ACVP Proxy allows the retrieving of test vectors from the ACVP servers. In addition, it allows the submission of test results to the ACVP servers and to retrieve the verdict of the test results.

The obtained test vectors stored in the files testvector-request.json are intended to be transferred to the test system hosting the cryptographic module to be tested. The JSON file must be inserted into the cryptographic module to produce the testvector-response.json file holding the responses according to the ACVP protocol specification. An example implementation that parses these JSON files, invokes the cryptographic implementation and generates the test response files, see the ACVP Parser.

Runtime-Dependencies

The ACVP Proxy is implemented in clean C99 and requires the presence of the POSIX API. In addition, the ACVP Proxy requires libcurl to be present. This library is commonly available to almost all general purpose operating systems. Other runtime-dependencies are not required. On Apple operating systems, the ACVP Proxy also supports the NSURL API.

The ACVP Proxy was successfully compiled and executed on the following operating systems:

  • Linux

  • macOS

  • Windows

A public git repository is provided at Github.

ACVP Protocol Specification

The ACVP Proxy implements the entire network side of the ACVP Protocol Specification. It implements almost all aspects of the protocol.

Historic Releases

For older releases, see the ACVP Proxy historic page.

Subsections of ACVP Proxy

ACVP Proxy 2.0.0

ACVP Proxy 2.0.0 Source Code

ACVP Proxy 2.0.0 Signature

Changelog

  • fix: rename now works for multiple test sessions
  • enhancement: leancrypto - add EDDSA
  • Update DRBG numbers to be consistent with spec
  • Support SHA-3-based DRBGs and test using OpenSSL 3
  • Support HKDF SP 800-56Cr2 and add to OpenSSL
  • Add SP 800-108r1 KMAC KBKDF to OpenSSL 3.1 and above
  • Support SP 800-108r1 KMAC KBKDF
  • Add EdDSA to OpenSSL
  • Fix bitwise checks across various algorithms
  • Add option to set customKeyInLength for KBKDF
  • fix handling of OE type processing
  • Support RSA Signature Component revision 2.0
  • fix rename for multiple sessions
  • update RSA decprim with fixed pub exp mode
  • OpenSSL 3 supports KAS2
  • enhancement: Support multiple emails and phone numbers in the vendor definition
  • enhancement: add ML-KEM and ML-DSA and SLH-DSA
  • enhancement: integrate AMVP with ACVP/ESVP
  • enhancement: ESVP - PUD update and OE add processes
  • enhancement: AMVP current for ICMC2024
  • OpenSSL3 fixes
  • leancrypto enhancements
  • treat ACVP IDs as 64 bit integer ->database version changes to 4