ACVTS for Global Adoption: Setting Up a Scheme-Specific ACVP Server (G13a)
Most labs and vendors involved in FIPS 140 evaluations are familiar with the basics of the NIST Automated Cryptographic Validation Test System (ACVTS). Although the ACVTS was developed for NIST-approved algorithms, NIST has open-sourced the Automated Cryptographic Validation Protocol (ACVP) Server, providing an extensible framework to facilitate the testing of any cryptographic algorithm. Certification bodies adopting ISO/IEC 19790 or Common Criteria could benefit from this framework by setting up independent instances of the ACVP Server tailored to their specific needs. Broader adoption of the ACVP would offer vendors and labs a more unified approach to testing cryptographic algorithms.
This talk demystifies the internals of the ACVP Server software. It begins with an overview of the broader ACVTS architecture, contextualizing the server software. The talk examines the functionality of the ACVP Server, its dependencies, and demonstrates how to run a local instance. It then delves into the server’s internal structure, focusing on the gen/val code responsible for generating and validating test vectors. Finally, as a proof of concept, the talk extends the server to support the X25519 and X448 algorithms, demonstrating a mock validation of the OpenSSL 3 implementation.