[フレーム]

You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

Information Technology Laboratory

Computer Security Resource Center

CSRC Logo

October 1, 2025: Due to a lapse in federal funding, this website is not being updated. Learn more.

Projects Cryptographic Algorithm Validation Program

Cryptographic Algorithm Validation Program CAVP

Project Links

Overview Presentations

CAVP Testing: Block Cipher Modes

Algorithm Specifications

Algorithm specifications for current FIPS-approved and NIST-recommended block cipher modes are available from the Cryptographic Toolkit.

Current testing includes the following block cipher modes:

CMAC (SP 800-38B)

XTS-AES (SP 800-38E)

CCM (SP 800-38C)

KW / KWP / TKW (SP 800-38F)(Key Wrap using AES and Triple-DES)

GCM / GMAC / XPN (SP 800-38D and CMVP Annex A)

_{For testing of ECB (Electronic Codebook), CBC (Cipher Block Chaining), OFB (Output Feedback),CFB (Cipher Feedback) and CTR (Counter) modes from SP 800-38A, see the CAVP block ciphers page.}

Algorithm Validation Testing Requirements

CMAC: Block Cipher-based Message Authentication Code

The CMAC Validation System (CMACVS) specifies validation testing requirements for the CMAC mode in SP 800-38B.

Testing Notes

Prerequisites for CMAC testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.

As of 1-1-2016, TDES KO2 encrypt is no longer compliant. TDES KO2 decrypt is allowed for legacy use only. (See SP800-131A Revision 1.)

CCM: Counter with Cipher Block Chaining Message Authentication Code

The CCM Validation System (CCMVS) specifies validation testing requirements for the CCM mode in SP 800-38C.

Testing Notes

Prerequisites for CCM testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.

As of 1-1-2016, TDES KO2 encrypt is no longer compliant. TDES KO2 decrypt is allowed for legacy use only. (See SP800-131A Revision 1.)

GCM, GMAC, XPN: Galois/Counter Mode, GCM Message Authentication Code, and GCM-AES-XPN mode

The GCM, GMAC and XPN Validation System (GCMVS) specifies validation testing requirements for the GCM and GMAC modes in SP 800-38D and GCM-AES-XPN mode from IEEE Std 802.1AEbw-2013 (See CMVP Annex A).

Testing Notes

Prerequisites for GCM, GMAC, and XPN testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.

XTS-AES

The XTS-AES Validation System (XTSVS) specifies validation testing requirements for the XTS-AES mode in SP 800-38E.

Testing Notes

Prerequisites for XTS-AES testing are listed in the CAVP Frequently Asked Questions (CAVP FAQ) General Question GEN.5.

KW, KWP and TKW: Key Wrapping and Authenticated Encryption and Decryption

The Key Wrap Validation System (KWVS) specifies validation testing requirements for the AES Key Wrap (KW), AES Key Wrap with Padding (KWP) and Triple DEA Key Wrap (TKW) modes in SP 800-38F.

Testing Notes