ACVT Mate

Please enter the vendor and implementation information that you would like to see displayed with your CAVP certificate.

Vendor Name:
Address:
Address:
Address:
City:
State:
Zip Code:
Country:
Main Contact Info:
Contact Name:
Contact Email:
Contact Phone:
Contact Fax:
Second Contact Info (if applicable):
Contact Name:
Contact Email:
Contact Phone:
Contact Fax:

Implementation Name:
Software Version:
Part Number:
Firmware Version:
Implementation Type:	Software Firmware Hardware
Processor (for Software/Firmware):
Operating System (for Software/Firmware):
Brief Implementation Description:
Request for Special Processing:
ITAR:	This algorithm implementation is subject to the requirements of the U.S. Department of State's International Traffic in Arms Regulations (ITAR). Yes No

Please select the settings for your TDES algorithm implementation.
K1 = K3,K2 is only allowed for legacy use decryption.

Prerequisites
Prerequisite Algorithm	Same Implementation	Algorithm Validation #
TDES for CMAC
TDES for Key Wrapping

ECB	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CBC	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CBC-I	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
OFB	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
OFB-I	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CFB-1	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CFB-8	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CFB-64	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CFB-P1	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CFB-P8	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CFB-P64	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
CTR	Encrypt Decrypt	K1, K2, K3 independent K1 = K3, K2 independent
	Payload Length: [ ?Enter the minimum and maximum payload lengths (1 - 64 bits) ]
	Overflow Counter: yes no Incremental Counter: yes no Perform Counter Test: yes no

Generate CMAC with TDES
Keying Options	K1, K2, K3 independent K1 = K3, K2 independent
Message lengths [ ?Enter minimum and maximum values. Values must be mod 8. Min: 0 bits / Max: 524288 bits. ]
CMAC length [ ?Enter minimum and maximum values. Values must be mod 8. Min: 32 bits / Max: 64 bits. ]

Verify CMAC with TDES
Keying Options	K1, K2, K3 independent K1 = K3, K2 independent
Message lengths [ ?Enter minimum and maximum values. Values must be mod 8. Min: 0 bits / Max: 524288 bits. ]
CMAC length [ ?Values must be mod 8. Min: 32 bits / Max: 64 bits. ]

TDES Key Wrap

Encryption Decryption

K1, K2, K3 independent K1 = K3, K2 independent

CIPH as defined in SP800-38F
TDES cipher function
inverse cipher function

Useful links:
ACVTS Capabilities Overview for TDES
ACVTS Capabilities Overview for TDES CMAC
Recommendation for the Triple Data Encryption Algorithm (TDES) Block Cipher (SP800-67 Rev 2)
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication (FIPS Publication 800-38B)
Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping (SP800-38F)

Please select the settings for your AES algorithm implementation.
NOTE: Please make sure to specifiy the counter source if your implementation supports AES CTR.

Prerequisites
Prerequisite Algorithm	Same Implementation	Algorithm Validation #
AES for CMAC
AES for CCM
AES for GCM, GCM-SIV and XPN [ ?Always required: AES algorithm with mode of operation using forward cipher function, including ECB encryption, CBC encryption, CFB encryption and decryption, OFB encryption and decryption. ]
DRBG for GCM and XPN [ ?Required only if IVs are generated internally using the method in Section 8.2.2. ]
AES for XTS
AES for Key Wrapping

	128 bits	192 bits	256 bits
ECB	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
CBC	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
CBC-CS1	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
Payload length: [ ?Enter the minimum and maximum payload lengths (128 - 65536 bits) ]
CBC-CS2	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
Payload length: [ ?Enter the minimum and maximum payload lengths (128 - 65536 bits) ]
CBC-CS3	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
Payload length: [ ?Enter the minimum and maximum payload lengths (128 - 65536 bits) ]
OFB	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
CFB1	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
CFB8	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
CFB128	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
CTR	Encrypt Decrypt	Encrypt Decrypt	Encrypt Decrypt
Payload length: [ ?Enter the minimum and maximum payload lengths (1 - 128 bits) ]
	Overflow Counter: yes no Incremental Counter: yes no Perform Counter Test: yes no

Generate CMAC with AES
Key Sizes Supported	AES 128	AES 192	AES 256
Message lengths [ ?Enter minimum and maximum values. Values must be mod 8. Min: 0 bits / Max: 524288 bits. ]
CMAC length [ ?Enter minimum and maximum values. Values must be mod 8. Min: 32 bits / Max: 128 bits. ]

Verify CMAC with AES
Key Sizes Supported	AES 128	AES 192	AES 256
Message lengths [ ?Enter minimum and maximum values. Values must be mod 8. Min: 0 bits / Max: 524288 bits. ]
CMAC length [ ?Enter minimum and maximum values. Values must be mod 8. Min: 32 bits / Max: 128 bits. ]

AES CCM
Direction	Encrypt Decrypt
Key Sizes	128 192 256
Associated Data Length [ ?Enter minimum and maximum length supported. Minimum: >=0 / Maximum: <=524288 bits. ]
Payload Length [ ?Enter minimum and maximum length supported in increments of 8 bits. Minimum: >=0 / Maximum: <=256 bits. ]
IV Length [ ?Enter minimum and maximum length supported in increments of 8 bits. Minimum: >=56 / Maximum: <=104 bits. ]
Tag Length in bits	32 64 96 104 112 120 128

	GCM	GCM SIV
Operations	Encryption Decryption	Encryption Decryption
Key Sizes	128 192 256	128 256
Payload [ ?Please enter minimum and maximum values in bits. Min: 0 / Max: 65536. NOTE: for GCM-SIV the increment is 8. ]
AAD [ ?Please enter minimum and maximum values in bits. Min: 0 / Max: 65536. NOTE: for GCM-SIV the increment is 8. ]
IV Length [ ?Please enter minimum and maximum values in bits. Min: 8 / Max: 1024. ]
IV Generation	Internal External Construction method: [ ?If the IV is generated internally, the laboratory will affirm that IV construction is using one of the two methods below from SP800-38D ] Section 8.2.1 Section 8.2.2
Tag Length	32 64 96 104 112 120 128

	GMAC	XPN
Operations	Encryption Decryption	Encryption Decryption
Key Sizes	128 192 256	128 192 256
Payload [ ?Please enter minimum and maximum values in bits. Min: 0 / Max: 65536. ]
AAD [ ?Please enter minimum and maximum values in bits. For GMAC: Min: 0 / Max: 65536. For XPN: Min: 1 / Max: 65536. NOTE: for both the increment is 8. ]
IV Length [ ?Please enter minimum and maximum values in bits. Min: 8 / Max: 1024. ]
IV Generation	Internal External Construction method: [ ?If the IV is generated internally, the laboratory will affirm that IV construction is using one of the two methods below from SP800-38D ] Section 8.2.1 Section 8.2.2	Internal External Construction method: [ ?If the IV is generated internally, the laboratory will affirm that IV construction is using one of the two methods below from SP800-38D ] Section 8.2.1 Section 8.2.2
Tag Length	32 64 96 104 112 120 128	32 64 96 104 112 120 128
Salt Generation		Internal External

AES XTS
	XTS AES-128	XTS AES 256
Supported functions	Encrypt Decrypt	Encrypt Decrypt
Payload Length [ ?Please enter minimum and maximum values. Min: 128 / Max: 65536 bits, divisible by 128. ]
Format of tweak value	hexadecimal string number

AES Key Wrap	AES Key Wrap with Padding
Encryption Decryption	Encryption Decryption
CIPH as defined in SP800-38F: AES cipher function Inverse cipher function	CIPH as defined in SP800-38F: AES cipher function Inverse cipher function
Key lengths: 128 192 256	Key lengths: 128 192 256

Useful links:
ACVTS Capabilities Overview for AES (all modes)
ACVTS Capabilities Overview for AES CMAC
ACVTS Capabilities Overview for AES GMAC
Advanced Encryption Standard (FIPS Publication 197)
Recommendation for Block Cipher Modes of Operation (FIPS Publication 800-38A)
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication (FIPS Publication 800-38B)
Recommendation for Block Cipher Modes of Operation: The CCM Mode (SP 800-38C)
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC (SP800-38D)
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices (SP800-38E)
Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping (SP800-38F)

Please select the settings for your DSA algorithm implementation.

Prerequisites
Prerequisite Algorithm	Same Implementation	Algorithm Validation #
SHA (Required for PQG Gen, PQG Ver, Sig Gen, Sig Ver)
DRBG (Required for Key Gen, Sig Gen)
SHA (optional 2nd implementation)
SHA (optional 3rd implementation)
DRBG (optional 2nd implementation)

PQG Generation
L=2048 and N=224	L=2048 and N=256	L=3072 and N=256
SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256	SHA-256 SHA-384 SHA 512 SHA-512/256	SHA-256 SHA-384 SHA 512 SHA-512/256
Generate P & Q (choose one or both)
Probable primes P & Q Provable primes P & Q
Generate G (choose one or both)
Unverifiable generationCanonical generation

PQG Verification
L=1024 and N=160	L=2048 and N=224	L=2048 and N=256	L=3072 and N=256
SHA-1 SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256	SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256	SHA-256 SHA-384 SHA 512 SHA-512/256	SHA-256 SHA-384 SHA 512 SHA-512/256
Generate P & Q (choose one or both)
Probable primes P & Q Provable primes P & Q
Generate G (choose one or both)
Unverifiable generationCanonical generation

Key Pair Generation
L=2048 and N=224	L=2048 and N=256	L=3072 and N=256

Signature Generation
L=2048 and N=224	L=2048 and N=256	L=3072 and N=256
SHA-1 SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256	SHA-1 SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256	SHA-1 SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256

Signature Verification
L=1024 and N 160 is for legacy use only.
L=1024 and N=160	L=2048 and N=224	L=2048 and N=256	L=3072 and N=256
SHA-1 SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256	SHA-1 SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256	SHA-1 SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256	SHA-1 SHA-224 SHA-256 SHA-384 SHA 512 SHA-512/224 SHA-512/256

Useful links:
ACVTS Capabilities Overview for DSA
Digital Signature Standard (DSS) (FIPS 186-4)

Please select the settings for your ECDSA algorithm implementation.

Prerequisites
Prerequisite Algorithm	Same Implementation	Algorithm Validation #
SHA (Required for Sig Gen, Sig Ver)
SHA3 (Required for Sig Gen, Sig Ver)
DRBG (Required for Key Pair, Sig Gen, Sig Gen Component)
SHA (optional 2nd implementation)
SHA (optional 3rd implementation)
SHA3 (optional 2nd implementation)
SHA3 (optional 3rd implementation)
DRBG (optional 2nd implementation)

Key Pair Generation
P-Curves	P-224	P-256	P-384	P-521
K-Curves	K-233	K-283	K-409	K-571
B-Curves	B-233	B-283	B-409	B-571
Key pair generation method [ ?Select one or both of B.4.1 and B.4.2 for 186-4 validation ]
B.4.1 Key Pair Generation using extra random bits B.4.2 Key Pair Generation by testing candidates

Key Pair Verification
P-Curves	P-192	P-224	P-256	P-384	P-521
K-Curves	K-163	K-233	K-283	K-409	K-571
B-Curves	B-163	B-233	B-283	B-409	B-571

Signature Generation
	P-Curves				K-Curves				B-Curves
	224	256	384	521	233	283	409	571	233	283	409	571
SHA-224
SHA-256
SHA-384
SHA-512
SHA-512/224
SHA-512/256
SHA3-224
SHA3-256
SHA3-384
SHA3-512
Test the complete ECDSA Signature Generation function as specified in FIPS186-4 Test the ECDSA Signature Generation Component [ ?The hashed message is used directly as the input message ]

Signature Verification
	P-Curves					K-Curves					B-Curves
	192	224	256	384	521	163	233	283	409	571	163	233	283	409	571
SHA-224
SHA-256
SHA-384
SHA-521
SHA-512/224
SHA-512/256
SHA3-224
SHA3-256
SHA3-256
SHA3-256

Useful links:
ACVTS Capabilities Overview for ECDSA
Digital Signature Standard (DSS) (FIPS 186-4)

Please select the settings for your RSA algorithm implementation.

Prerequisites
Prerequisite Algorithm	Same Implementation	Algorithm Validation #
SHA
SHA (optional 2nd implementation)
SHA (optional 3rd implementation)
DRBG
DRBG (optional 2nd implementation)

Key Generation
Format	Standard Chinese Remainder Theorem
Key Generation Mode	Provable Provable (with auxiliary provable primes) Probable Probable (with auxiliary provable primes) Probable (with auxiliary probable primes)
Public Exponent	random fixed
Generate P and Q according to	B.3.2 B.3.3 B.3.4 B.3.5 B.3.6.
Hash	SHA-1 SHA-224 SHA-256 SHA-384 SHA-512
Modulo	1024 2048 3072 4096 5120 6144 7168 8192

Signature Generation
Hash	SHA-1 SHA-224 SHA-256 SHA-384 SHA-512
Modulo	1024 2048 3072 4096 5120 6144 7168 8192
Signature Type	ANSI X9.31 PKCS#1 v1.5 PSS
Salt Length (PSS only)	Ignore Zero Hash length Salt value:

Signature Generation Component
Format	Standard Chinese Remainder Theorem

Signature Verification
Hash	SHA-1 SHA-224 SHA-256 SHA-384 SHA-512
Modulo	1024 2048 3072 4096 5120 6144 7168 8192
Signature Type	ANSI X9.31 PKCS#1 v1.5 PSS
Salt Length (PSS only)	Ignore Zero Hash length Salt value:

Decryption Component
Modulo	1024 2048 3072 4096 5120 6144 7168 8192

Useful links:
ACVTS Capabilities Overview for RSA
Digital Signature Standard (DSS) (FIPS 186-4)

Please select the settings for your KBKDF algorithm implementation(s).

KDF in Counter Mode
Length of n in bits	8 16 24 32
CMAC-AES-128	HMAC-SHA-1
CMAC-AES-192	HMAC-SHA-224
CMAC-AES-256	HMAC-SHA-256
CMAC-TDES	HMAC-SHA-384
	HMAC-SHA-512
	HMAC-SHA3-224
	HMAC-SHA3-256
	HMAC-SHA3-384
	HMAC-SHA3-512
Length (L) of Ko [ ?Indicate L=length of Ko, keying material outoput from KDF. Enter number of bytes. Enter all that apply. Length divisible by h (full block lengths). ]
Length (L) of Ko [ ?Indicate L=length of Ko, keying material outoput from KDF. Enter number of bytes. Enter all that apply. Length NOT divisible by h (partial block length). ]
Special Publication used to generate K:
SP800-56A SP800-56B SP800-90A N/A (out of scope)
Order of fixed input data [ ?The counter can come at the beginning, middle or end of the fixed input data. Indicate which way(s) are supported. ]
Counter comes... before fixed input after fixed input in the middle of fixed input

KDF in Feedback Mode
CMAC-AES-128	HMAC-SHA-1
CMAC-AES-192	HMAC-SHA-224
CMAC-AES-256	HMAC-SHA-256
CMAC-TDES	HMAC-SHA-384
	HMAC-SHA-512
	HMAC-SHA3-224
	HMAC-SHA3-256
	HMAC-SHA3-384
	HMAC-SHA3-512
Does NOT support zero length IVs
Length (L) of Ko [ ?Indicate L=length of Ko, keying material outoput from KDF. Enter number of bytes. Enter all that apply. Length divisible by h (full block lengths). ]
Length (L) of Ko [ ?Indicate L=length of Ko, keying material outoput from KDF. Enter number of bytes. Enter all that apply. Length NOT divisible by h (partial block length). ]
Special Publication used to generate K:
SP800-56A SP800-56B SP800-90A N/A (out of scope)
Counter is used in feedback mode
Length of n in bits	8 16 24 32
Order of fixed input data [ ?The counter can come at the beginning, middle or end of the fixed input data. Indicate which way(s) are supported. ]
Counter comes... before fixed input after fixed input in the middle of fixed input

KDF in Double Pipeline Iteration Mode
CMAC-AES-128	HMAC-SHA-1
CMAC-AES-192	HMAC-SHA-224
CMAC-AES-256	HMAC-SHA-256
CMAC-TDES	HMAC-SHA-384
	HMAC-SHA-512
	HMAC-SHA3-224
	HMAC-SHA3-256
	HMAC-SHA3-384
	HMAC-SHA3-512
Length (L) of Ko [ ?Indicate L=length of Ko, keying material outoput from KDF. Enter number of bytes. Enter all that apply. Length divisible by h (full block lengths). ]
Length (L) of Ko [ ?Indicate L=length of Ko, keying material outoput from KDF. Enter number of bytes. Enter all that apply. Length NOT divisible by h (partial block length). ]
Special Publication used to generate K:
SP800-56A SP800-56B SP800-90A N/A (out of scope)
Counter is used in pipeline mode
Length of n in bits	8 16 24 32
Order of fixed input data [ ?The counter can come at the beginning, middle or end of the fixed input data. Indicate which way(s) are supported. ]
Counter comes... before fixed input after fixed input in the middle of fixed input

Useful links:
ACVTS Capabilities Overview for KBKDF
Recommendation for Key Derivation Using Pseudorandom Functions (SP800-108)

Please select the settings for your PBKDF algorithm implementation(s).

PBKDF
HMAC-SHA-1	HMAC-SHA3-224
HMAC-SHA-224	HMAC-SHA3-256
HMAC-SHA-256	HMAC-SHA3-384
HMAC-SHA-384	HMAC-SHA3-512
HMAC-SHA-512
HMAC-SHA-512/224
HMAC-SHA-512/256
Key Length [ ?Please enter the minimum and maximum values. Min: 112 / Max: 4096 bits. ]
Password Length [ ?Please enter the minimum and maximum values. Min: 8 / Max: 128 bits. ]
Salt Length [ ?Please enter the minimum and maximum values. Min: 128 / Max: 4096 bits. ]
Iteration [ ?Number of hash interations. Min: 1 / Max: 10000000 bits. ]

Useful links:
ACVTS Capabilities Overview for PBKDF
Recommendation for Password-Based Key Derivation (SP800-132)

ANS X9.63
Minimum and maximum field size	Shared Info lengths [ ?Enter two values. Min: 0 / Max: 1024 bits. ]

SHA functions supported	SHA-224 SHA-256 SHA-384 SHA-512
Key data length [ ?Enter two values. Min: 128 / Max: 4096 bits. ]

IKE version 1
Authentication methods:	Digital Signature Public Key Encryption Pre-shared Key
Pre-shared key [ ?If Pre-shared Key is selected: please enter the minimum and maximum values. Min: 8 / Max: 8192. ]
Initiator nonce [ ?Please enter the minimum and maximum values. Min: 64 / Max: 2048. ]
Responder nonce [ ?Please enter the minimum and maximum values. Min: 64 / Max: 2048. ]
Shared Secret Length [ ?Please enter the minimum and maximum values. Min: 224 / Max: 8192. ]
Supported Hashes	SHA-1 SHA-224 SHA-256 SHA-384 SHA-512

IKE version 2
Derived Keying Material [ ?Please enter the minimum and maximum values. Min: 160 / Max: 16384. ]
Initiator nonce [ ?Please enter the minimum and maximum values. Min: 64 / Max: 2048. ]
Responder nonce [ ?Please enter the minimum and maximum values. Min: 64 / Max: 2048. ]
Shared Secret Length [ ?Please enter the minimum and maximum values. Min: 224 / Max: 8192. ]
Supported Hashes	SHA-1 SHA-224 SHA-256 SHA-384 SHA-512

SSH
Supported ciphers:	TDESAES-128AES-192AES-256
SHA functions supported	SHA-1 SHA-224 SHA-256 SHA-384 SHA-512

SRTP
AES Key Lengths:	AES-128 AES-192 AES-256
Zero KDR supported	yes no
Select exponent [ ?Select exponent n where 2^∧n is supported. E.g. Select 6 = 2^∧6 = 64. ]	0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

ANS X9.42
KDF Type	DER Concatenation
SHA-1	SHA3-224
SHA-224	SHA3-256
SHA-256	SHA3-384
SHA-384	SHA3-512
SHA-512
SHA-512/224
SHA-512/256
Output Key Length [ ?Enter two values. Min: 1 / Max: 65536 bits. ]
Other Info Length [ ?Enter two values. Min: 0 / Max: 65536 bits. ]
ZZ Length [ ?Enter two values. Min: 1 / Max: 65536 bits. ]

SNMP
SNMP Engine ID in hexadecimal [ ?Hex between 9 and 32 bytes (18-64 characters). ]
2nd SNMP Engine ID in hexadecimal [ ?Enter the same value as above if only one supported. ]
Password length [ ?Please enter minimum and maximum values. Min: 64 / Max: 8192. ]

The implementation contains routines to perform the following functions:	KAS FFC Scheme Capabilities
Key Pair Generation Full Validation (SP800-56Ar3 section 5.6.2.3) Partial Validation (SP800-56Ar3 section 5.6.2.3)	dhHybrid1 mqv2 dhEphem [ ?Key Confirmation not supported. ] dhHybridOneFlow mqv1 dhOneFlow [ ?Can only provide unilateral key confirmation party V to party U. ] dhStatic

Key Agreement Scheme
Supported Roles for Key Agreement	Initiator Responder
Supported KDF Methods	One Step KDF Two Step KDF
One Step KDF
Auxiliary Functions	SHA-224 SHA-256 SHA-384 SHA-512 SHA-512/224 SHA-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 HMAC-SHA-224 HMAC-SHA-256 HMAC-SHA-384 HMAC-SHA-512 HMAC-SHA-512/224 HMAC-SHA-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384HMAC-SHA3-512 KMAC-128 KMAC-256
Mac Salt Method [ ?Default: all zeros, Random: random salt. ]	Default Random
Fixed Input Pattern	Literal (hex): L: [ ?The length of the derived keying material in bits, MUST be represented in 32 bits for ACVP testing. ] uPartyInfo [ ?Optional items such as ephemeralKey MUST be included when available for ACVP testing. ] vPartyInfo [ ?Optional items such as ephemeralKey MUST be included when available for ACVP testing. ] Context [ ?Random value chosen by ACVP server to represent the context. ] Algorithm ID [ ?Random value chosen by ACVP server to represent the context. ] Label [ ?Random value chosen by ACVP server to represent the context. ] Concatenation
Encoding	Concatenation
Two Step KDF
Mac Mode	CMAC-AES-128 CMAC-AES-192CMAC-AES-256 HMAC-SHA-1HMAC-SHA-224 HMAC-SHA-256 HMAC-SHA-384 HMAC-SHA-512 HMAC-SHA-512/224 HMAC-SHA-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384 HMAC-SHA3-512
Mac Salt Method [ ?Default: all zeros, Random: random salt. ]	Default Random
Fixed Input Pattern	Literal (hex): L: [ ?The length of the derived keying material in bits, MUST be represented in 32 bits for ACVP testing. ] uPartyInfo [ ?Optional items such as ephemeralKey MUST be included when available for ACVP testing. ] vPartyInfo [ ?Optional items such as ephemeralKey MUST be included when available for ACVP testing. ] Context [ ?Random value chosen by ACVP server to represent the context. ] Algorithm ID [ ?Random value chosen by ACVP server to represent the context. ] Label [ ?Random value chosen by ACVP server to represent the context. ] Concatenation
Encoding	Concatenation
KDF Mode	Counter Feedback Double Pipeline
Fixed Data Order	None Before fixed data After fixed data Before iterator
Counter Length	8 16 24 32
Supported Length	[ ?The supported derivation lengths (min and max). The value must be support the L value provided. ]
Supports Empty IV	Yes No
Requires Empty IV	Yes No
Key Confirmation
Supported Key Confirmation Roles	Provider Recipient
Supported types of Key Confirmation	Unilateral Bilateral [ ?Provider and Recipient will be checked ]
Key Confirmation Method
MAC		Key Length [ ?CMAC key length has to be 128, 192 or 256. All others can be 128-512 bits. ]	Mac Length [ ?Value has to be between 64 and 512. ]
CMAC-AES-128
CMAC-AES-192
CMAC-AES-256
HMAC-SHA-224
HMAC-SHA-256
HMAC-SHA-384
HMAC-SHA-512
HMAC-SHA-512/224
HMAC-SHA-512/256
HMAC-SHA3-224
HMAC-SHA3-256
HMAC-SHA3-384
HMAC-SHA3-512
KMAC-128
KMAC-256
Length of Key to derive [ ?The length of the key to derive (using a KDF) or transport (using a KTS scheme). This value should be large enough to accomodate the key length used for the mac algorithms in use for key confirmation. Minimum value without KC: 128 bits, minimum value with KC: 136 bits, maximum value: 1024 bits ]

Shared Secret Computation
SSC FFC Scheme Capabilities	Domain Parameter Generation Methods
dhHybrid1 mqv2 dhEphem [ ?Key Confirmation not supported. ] dhHybridOneFlow mqv1 dhOneFlow [ ?Can only provide unilateral key confirmation party V to party U. ] dhStatic	MODP-2048 MODP-3072 MODP-4096 MODP-6144 MODP-8192
	ffdhe2048 ffdhe3072 ffdhe4096 ffdhe6144 ffdhe8192
	FB FC
Supported Roles	Initiator Responder
Hash Function Z	SHA-224 SHA-256 SHA-384 SHA-512 SHA-512/224 SHA-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512

The implementation contains routines to perform the following functions:	KAS ECC Scheme Capabilities
Key Pair Generation Full Validation (SP800-56Ar3 section 5.6.2.3) Partial Validation (SP800-56Ar3 section 5.6.2.3)	ephemeralUnified [ ?keyConfirmation not supported. ] fullMqv fullUnified onePassDh [ ?Can only provide unilateral key confirmation party V to party U. ] onePassMqv onePassUnified staticUnified

Shared Secret Computation
SSC ECC Scheme Capabilities	Domain Parameter Generation Methods
ephemeralUnified [ ?keyConfirmation not supported. ] fullMqv fullUnified onePassDh [ ?Can only provide unilateral key confirmation party V to party U. ] onePassMqv onePassUnified staticUnified	P-224	P-256	P-384	P-521
	K-233	K-283	K-409	K-571
	B-233	B-283	B-409	B-571
Supported Roles	Initiator Responder
Hash Function Z	SHA-224 SHA-256 SHA-384 SHA-512 SHA-512/224 SHA-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512

HMAC with SHA-1 Block Size: 512	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 160 bits. ]
HMAC with SHA-224 Block Size: 512	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 224 bits. ]
HMAC with SHA-256 Block Size: 512	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 256 bits. ]
HMAC with SHA-384 Block Size: 1024	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 384 bits. ]
HMAC with SHA-512 Block Size: 1024	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 512 bits. ]
HMAC with SHA-512/224 Block Size: 1024	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 224 bits. ]
HMAC with SHA-512/256 Block Size: 1024	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 256 bits. ]
HMAC with SHA3-224 Block Size: 1152	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 224 bits. ]
HMAC with SHA3-256 Block Size: 1088	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 256 bits. ]
HMAC with SHA3-384 Block Size: 832	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 384 bits. ]
HMAC with SHA3-512 Block Size: 576	Key Length Domain [ ?Please enter the minimum and maximum values. Min: 0 / Max: 524288 bits. ]	MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 512 bits. ]

Hash DRBG
Prediction Resitance Enabled Prediction Resitance Not Enabled		Reseed implemented
	Entropy Input [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. ]	Nonce Length [ ?Minimum value: HALF maximum security strength. Set to 0 if not supported. ]	Additional Input [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. Set to 0 if not supported. ]	Personalization String [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. Set to 0 if not supported. ]	Returned Bits Length [ ?Please enter an integer bit value. No restrictions on size. ]
SHA-1
SHA-224
SHA-256
SHA-384
SHA 512
SHA-512/224
SHA-512/256

HMAC DRBG
Prediction Resitance Enabled Prediction Resitance Not Enabled		Reseed implemented
	Entropy Input [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. ]	Nonce Length [ ?Minimum value: HALF maximum security strength. Set to 0 if not supported. ]	Additional Input [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. Set to 0 if not supported. ]	Personalization String [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. Set to 0 if not supported. ]	Returned Bits Length [ ?Please enter an integer bit value. No restrictions on size. ]
SHA-1
SHA-224
SHA-256
SHA-384
SHA 512
SHA-512/224
SHA-512/256

CTR DRBG
Prediction Resitance Enabled Prediction Resitance Not Enabled		Reseed implemented
	Entropy Input [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. ]	Nonce Length [ ?Minimum value: HALF maximum security strength. Set to 0 if not supported. ]	Additional Input [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. Set to 0 if not supported. ]	Personalization String [ ?Minimum value: maximum security strength. Maximum value: 2³⁵ bits. Set to 0 if not supported. ]	Returned Bits Length [ ?Please enter an integer bit value. No restrictions on size. ]
3KeyTDES df
3KeyTDES no df
AES-128 df
AES-128 no df
AES-192 df
AES-192 no df
AES-256 df
AES-256 no df

SHA
SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 SHA-512/224 SHA-512/256
Message length [ ?Enter the minimum and maximum values in bits. Min: 0 / Max: 65535 ]
SHA-3
SHA3-224 SHA3-256 SHA3-384 SHA3-512
Implementation accepts bit-oriented messages Implementation accepts Null (zero-length) messages
SHAKE
SHAKE-128	Output length [ ?Enter the minimum and maximum values. Min: 16 / Max: 65536 ]
SHAKE-256	Output length [ ?Enter the minimum and maximum values. Min: 16 / Max: 65536 ]
Additional testing options for SHAKE:
Implementation accepts bit-oriented messages Implementation accepts Null (zero-length) messages Implementation can output bit-oiented messages

cSHAKE
Algorithm	cSHAKE-128 cSHAKE-256
Input Length [ ?Please enter the minimum and maximum values. Min: 0 / Max: 65536 bits. ]
Output Length [ ?Please enter the minimum and maximum values. Min: 16 / Max: 65536 bits. ]
Parallel Hash
Algorithm	ParallelHash-128 ParallelHash-256
Input Length [ ?Please enter the minimum and maximum values. Min: 0 / Max: 65536 bits. ]
Output Length [ ?Please enter the minimum and maximum values. Min: 16 / Max: 65536 bits. ]
XOF	Implementation has the ability to act as an XOF algorithm Implementation has the ability to act as a non-XOF algorithm
Customization	Implementation supports only hexadecimal customization strings
Tuple Hash
Algorithm	TupleHash-128 TupleHash-256
Input Length [ ?Please enter the minimum and maximum values. Min: 0 / Max: 65536 bits. ]
Output Length [ ?Please enter the minimum and maximum values. Min: 16 / Max: 65536 bits. ]
XOF	Implementation has the ability to act as an XOF algorithm Implementation has the ability to act as a non-XOF algorithm
Customization	Implementation supports only hexadecimal customization strings
KMAC
Algorithm	KMAC-128 KMAC-256
Input Length [ ?Please enter the minimum and maximum values. Min: 0 / Max: 65536 bits. ]
Output Length [ ?Please enter the minimum and maximum values. Min: 0 / Max: 65536 bits. ]
Key Length [ ?Please enter the minimum and maximum values. Min: 128 / Max: 524288 bits, increment 8. ]
MAC Length [ ?Please enter the minimum and maximum values. Min: 32 / Max: 65536 bits, increment 8. ]
XOF	Implementation has the ability to act as an XOF algorithm Implementation has the ability to act as a non-XOF algorithm
Customization	Implementation supports only hexadecimal customization strings