cryptographic algorithm validation

As an NVLAP accredited facility, EWA-Canada’s ITSET lab can perform testing of vendor algorithm implementations in accordance with the Cryptographic Algorithm Validation Program (CAVP) either as a separate endeavor or concurrently as part of an overall FIPS 140-2 validation effort. Cryptographic algorithm validation is a prerequisite of FIPS 140-2 validations under the CMVP, as each approved algorithm implemented in a module must be validated as meeting the requirements of the applicable FIPS, NIST or ANSI standard.

 

For each algorithm requiring validation, EWA-Canada generates test files and provides these to the vendor who must then run them through their cryptographic algorithm implementation to generate a correct set of outputs from the supplied input vectors.  Once the output files are returned, they are verified and, if correct, a submission is made to the CAVP for validation of the algorithm implementations and issuance of algorithm validation certificates.

 

EWA-Canada can perform verification of the following:

Symmetric Algorithms

  • Advanced Encryption Standard (AES), as outlined in FIPS 197
  • Triple Data Encryption Standard (Triple-DES), as outlined in FIPS 46-3
  • Escrowed Encryption Standard (EES), as outlined in FIPS 185 (which specifies the Skipjack algorithm).

Asymmetric Algorithms

  • Digital Signature Standard (DSS), as outlined in FIPS 186-3 (which specifies the DSA, RSA, and ECDSA algorithms)

Hashing Algorithms

  • Secure Hash Standard (SHS), as outlined in FIPS 180-3  (which specifies the SHA-1, SHA 224, SHA 256, SHA 384 and SHA 512 algorithms)

Random Number Generator (RNG) Algorithms

  • FIPS 186-3, Appendix 3.1 and 3.2 (specifies the RNG for the DSA algorithm)
  • ANSI X9.31 - Appendix A.2.4 - Using 2-Key Triple DES (specifies the RNG for the RSA algorithm)
  • NIST Recommended RNG based on ANSI X9.31 Appendix A.2.4 using 3-Key Triple DES and AES (specifies the RNG for the RSA algorithm)
  • ANSI X9.62 - Appendix A.4 (specifies the RNG for the ECDSA algorithm)

Message Authentication Algorithms

The EWA-Canada IT Security Evaluation & Test Facility can also perform the testing of the algorithm implementations or refer you to a FIPS 140-2 support specialist to perform the testing.

Please Contact Us for further information.