Merge pull request usnistgov#1504 from usnistgov/AddMLAlgs

Add ML Algs

Author: livebe01

README.md

@@ -1,7 +1,7 @@
 # ACVP
 The [Automated Cryptographic Validation Protocol](https://pages.nist.gov/ACVP/draft-fussell-acvp-spec.html) (ACVP) is a protocol to support a new National Voluntary Laboratory Accreditation Program (NVLAP) testing scope at the [National Institute of Standards and Technology (NIST)](https://www.nist.gov).  
 
-The new testing scope, 17ACVT, is available, and defined in [NIST Handbook 150-17](https://www.nist.gov/system/files/documents/2020/05/12/NIST-HB-150-17-2020.pdf).
+The new testing scope, 17ACVT, is available, and defined in [NIST Handbook 150-17](https://nvlpubs.nist.gov/nistpubs/hb/2021/NIST.HB.150-17-2021.pdf).
 
 All current information about ACVP protocol may be found within this Github project at https://github.com/usnistgov/ACVP. View the protocol documents at https://pages.nist.gov/ACVP/.
 
@@ -25,6 +25,7 @@ For issues regarding the actual ACVP Server implementation, as well as pre-relea
   * [Safe Primes](#safe-primes)
   * [Conditioning Components](#conditioning-components)
   * [Stateful Hash-Based Signatures](#stateful-hash-based-signatures)
+  * [Module-Lattice Algorithms](#module-lattice-algorithms)
 * [Accessing the Server](#accessing-the-demo-server)
 * [Contribution Guidelines](contribution-guidelines)
 * [Related Projects](#related-projects)
@@ -340,9 +341,16 @@ Standalone KDA testing from SP800-56Cr1 or SP800-56Cr2. Can be used in conjuncti
 * [LMS sigGen](https://pages.nist.gov/ACVP/draft-celi-acvp-lms.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-lms.html)
 * [LMS sigVer](https://pages.nist.gov/ACVP/draft-celi-acvp-lms.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-lms.html)
 
-The prod server supports all of the above except for AES-FF3-1, and AES-GCM-SIV. Some of these algorithms have NIST SP800 series drafts in progress and will be available on the prod server when the draft becomes a standard.
+### Module-Lattice Algorithms
+* [ML-DSA keyGen](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.html)
+* [ML-DSA sigGen](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.html)
+* [ML-DSA sigVer](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.html)
+* [ML-KEM keyGen](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-kem.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-kem.html)
+* [ML-KEM encapDecap](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-kem.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-ml-kem.html)
 
-# Accessing the Server
+See [the algorithm endpoint](https://pages.nist.gov/ACVP/draft-fussell-acvp-spec.html#name-algorithms) to learn which algorithms are available on a given ACVP server.
+
+# Accessing the Demo Server
 
 To access the demo server one needs a TLS credential **and** a one-time password (OTP). The [protocol specification](https://pages.nist.gov/ACVP/draft-fussell-acvp-spec.html) and other development information are available in this repository. You may want to use the companion [ACVP client](https://github.com/cisco/libacvp) to jump-start your work.
 
@@ -352,7 +360,7 @@ To access the prod server, first you must demonstrate compentency on the demo se
 
 ## Obtaining TLS credentials
 
-To access the [demo environment](https://demo.acvts.nist.gov/acvp/home) you will need to send your CSR to us. Please use a 2048-bit RSA key pair and sign using at least a SHA-256 hash. Please send a request to [email protected] with 'CSR REQUEST FOR ACCESS TO DEMO' in the subject line. You will receive instructions for how to upload your CSR.
+To access the demo environment you will need to send your CSR to NIST. Please use a 2048-bit RSA key pair and sign using at least a SHA-256 hash. Please send the request to [email protected] with 'CSR REQUEST FOR ACCESS TO DEMO' in the subject line. You will receive instructions for how to upload your CSR.
 
 You are expected to protect the key pair from unauthorized use and to notify NIST in the event the keypair becomes compromised. Also, since we do not have a formal login page the following notice applies when accessing the ACVP system:
 
@@ -366,6 +374,10 @@ You are accessing a U.S. Government information system, which includes: 1) this
 
 TOTP has been configured on all servers. See details [here](https://github.com/usnistgov/ACVP/wiki#second-factor-authentication-and-authorization-schema-for-accessing-and-working-with-the-nist-automated-cryptographic-validation-services).
 
+## Renewing TLS credentials
+
+Credentials are valid for a period of two years and will then expire. To renew your credentials, please send an email to [email protected] with the subject 'ACVTS DEMO CREDENTIAL RENEWAL REQUEST' in the subject line. You will receive further instructions via email regarding the renewal process.
+
 # Contribution Guidelines
 
 If you want to contribute, please follow the simple rules below and send us pull requests.
@@ -375,8 +387,7 @@ If you want to contribute, please follow the simple rules below and send us pull
 - Create a Pull Request with the updated ADOC files. GitHub Actions will verify the files can compile.
 - Once approved by a NIST member, GitHub Actions will rebuild the `nist-pages` branch to be reflected on https://pages.nist.gov/ACVP
 
-If you would like to talk to our developers, you may want to send email to our mailing list [email protected]. You may also report bugs or request new tests.
-
+If you would like to talk to our developers, you may want to send email to our mailing list cavp (at) nist.gov. You may also report bugs or request new tests.
 
 # Related Projects
 - [ACVP Server](https://github.com/usnistgov/ACVP-Server/) (Release/Issue tracking for NIST's implementation of the ACVP protocol)

index.html

@@ -12,7 +12,7 @@
 	  function gtag(){dataLayer.push(arguments);}
 	  gtag('js', new Date());
 
-	  gtag('config', ‘381374812');
+	  gtag('config', '381374812');
 	</script>
 
         <script async type="text/javascript" id="_fed_an_ua_tag" src="https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=NIST&subagency=github&pua=UA-66610693-1&yt=true&exts=ppsx,pps,f90,sch,rtf,wrl,txz,m1v,xlsm,msi,xsd,f,tif,eps,mpg,xml,pl,xlt,c"></script>
@@ -57,7 +57,7 @@ <h1 id="acvp">ACVP</h1>
 		        <p>
 		          The <a href="https://pages.nist.gov/ACVP/draft-fussell-acvp-spec.html">Automated Cryptographic Validation Protocol</a> (ACVP) is a protocol to support a new National Voluntary Laboratory Accreditation Program (NVLAP) testing scope at the <a href="https://www.nist.gov">National Institute of Standards and Technology (NIST)</a>.
 
-		          The new testing scope, 17ACVT, is available, and defined in <a href="https://www.nist.gov/system/files/documents/2020/05/12/NIST-HB-150-17-2020.pdf">NIST Handbook 150-17</a>.
+		          The new testing scope, 17ACVT, is available, and defined in <a href="https://nvlpubs.nist.gov/nistpubs/hb/2021/NIST.HB.150-17-2021.pdf">NIST Handbook 150-17</a>.
 
 		          All current information about ACVP protocol may be found within the Github project at <a href="https://github.com/usnistgov/ACVP">https://github.com/usnistgov/ACVP</a>. View the protocol documents at <a href="https://pages.nist.gov/ACVP/">https://pages.nist.gov/ACVP/</a>.
 
@@ -85,9 +85,10 @@ <h1>Jump to</h1>
 							<li><a href="#safe-primes">Safe Primes</a></li>
 							<li><a href="#conditioning-components">Conditioning Components</a></li>
 							<li><a href="#stateful-hash-based-signatures">Stateful Hash-Based Signatures</a></li>
+							<li><a href="#module-lattice-algorithms">Module-Lattice Algorithms</a></li>
 						</ul>
 					</li>
-					<li><a href="#access">Accessing the Server</a></li>
+					<li><a href="#access">Accessing the Demo Server</a></li>
 					<li><a href="#contribution">Contribution Guidelines</a></li>
 					<li><a href="#related">Related Projects</a></li>
 					<li><a href="#licensing">Licensing Terms</a></li>
@@ -120,16 +121,14 @@ <h1 id="metanorma">How to use Metanorma</h1>
 				<p>You can switch between <code class="language-plaintext highlighter-rouge">-x html</code> and <code class="language-plaintext highlighter-rouge">-x txt</code> for different RFC output formats.</p>
 
 
-			<p>If you make changes to a file that's referenced by a top level spec, run metanorma 
-				on the referenced file prior to running it on the top level file. E.g.,</p>
+				<p>If you make changes to a file that's referenced by a top level spec, run metanorma on the referenced file prior to running it on the top level file. E.g.,</p>
 
- <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>
+ 				<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight">
+ 				<code>
  metanorma compile -t ietf -x html symmetric/sections/04-testtypes.adoc<br>
  metanorma compile -t ietf -x html draft-celi-acvp-symmetric.adoc 
  				</code></pre></div></div>
 
-			
-			
 				<p>Or you can use the <code class="language-plaintext highlighter-rouge">Makefile</code> which is available.</p>
 
 				<p>To build all documents, html and txt</p>
@@ -427,9 +426,18 @@ <h2 id="stateful-hash-based-signatures">Stateful Hash-Based Signatures</h2>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-lms.txt">LMS sigVer</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-lms.html">HTML</a></li>
 				</ul>
 
-				<p>The prod server supports all of the above except for, AES-FF3-1, and AES-GCM-SIV. Some of these algorithms have NIST SP800 series drafts in progress and will be available on the prod server when the draft becomes a standard.</p>
+				<h2 id="module-lattice-algorithms">Module-Lattice Algorithms</h2>
+				<ul>
+					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.txt">ML-DSA keyGen</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.html">HTML</a></li>
+					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.txt">ML-DSA sigGen</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.html">HTML</a></li>
+					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.txt">ML-DSA sigVer</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-dsa.html">HTML</a></li>
+					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-kem.txt">ML-KEM keyGen</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-kem.html">HTML</a></li>
+					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-kem.txt">ML-KEM encapsulation and decapsulation</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-ml-kem.html">HTML</a></li>
+				</ul>
 
-				<h1 id="access">Accessing the Server</h1>
+				<p>See <a href="https://pages.nist.gov/ACVP/draft-fussell-acvp-spec.html#name-algorithms">the algorithm endpoint</a> to learn which algorithms are available on a given ACVP server.</p>
+
+				<h1 id="access">Accessing the Demo Server</h1>
 				<p>To access the demo server one needs a TLS credential <strong>and</strong> a one-time password (OTP). The <a href="https://pages.nist.gov/ACVP/draft-fussell-acvp-spec.html">protocol specification</a> and other development information are available in this repository. You may want to use the companion <a href="https://github.com/cisco/libacvp">ACVP client</a> to jump-start your work.</p>
 
 				<p>To set expectations, since this is a demo system, it will be in a state of flux and any all data on the system is considered temporary and may be reset to accommodate development of the Automated Cryptographic Validation Protocol (ACVP) service. We will try to keep the demo service relatively stable, but we plan to update it as we continue to add new algorithms and capabilities.</p>
@@ -438,7 +446,7 @@ <h1 id="access">Accessing the Server</h1>
 
 				<h2 id="obtaining-tls-credentials">Obtaining TLS credentials</h2>
 
-				<p>To access the <a href="https://demo.acvts.nist.gov/acvp/home">demo environment</a> you will need to send your CSR to us. Please use a 2048-bit RSA key pair and sign using at least a SHA-256 hash. Please send a request to <a href="mailto:[email protected]">[email protected]</a> with 'CSR REQUEST FOR ACCESS TO DEMO' in the subject line. You will receive instructions for how to upload your CSR.</p>
+				<p>To access the demo environment you will need to send your CSR to us. Please use a 2048-bit RSA key pair and sign using at least a SHA-256 hash. Please send a request to <a href="mailto:[email protected]">[email protected]</a> with 'CSR REQUEST FOR ACCESS TO DEMO' in the subject line. You will receive instructions for how to upload your CSR.</p>
 
 				<p>You are expected to protect the key pair from unauthorized use and to notify NIST in the event the keypair becomes compromised. Also, since we do not have a formal login page the following notice applies when accessing the ACVP system:</p>
 
@@ -450,6 +458,10 @@ <h2 id="configuring-and-using-one-time-passwords-otp">Configuring and using One-
 
 				<p>TOTP has been configured on all servers. See details <a href="https://github.com/usnistgov/ACVP/wiki#second-factor-authentication-and-authorization-schema-for-accessing-and-working-with-the-nist-automated-cryptographic-validation-services">on the GitHub Wiki here</a>.</p>
 
+				<h2 id="renewing-tls-credentials">Renewing TLS credentials</h2>
+
+				<p>Credentials are valid for a period of two years and will then expire. To renew your credentials, please send an email to [email protected] with the subject 'ACVTS DEMO CREDENTIAL RENEWAL REQUEST' in the subject line. You will receive further instructions via email regarding the renewal process.</p>
+
 				<h1 id="contribution">Contribution Guidelines</h1>
 
 				<p>If you want to contribute, please follow the simple rules below and send us pull requests.</p>
@@ -461,7 +473,7 @@ <h1 id="contribution">Contribution Guidelines</h1>
 					<li>Once approved by a NIST member, GitHub Actions will rebuild the <code class="language-plaintext highlighter-rouge">nist-pages</code> branch to be reflected on <a href="https://pages.nist.gov/ACVP">https://pages.nist.gov/ACVP</a></li>
 				</ul>
 
-				<p>If you would like to talk to our developers, you may want to send email to our mailing list algotest@list.nist.gov. You may also report bugs or request new tests.</p>
+				<p>If you would like to talk to our developers, you may want to send email to our mailing list cavp (at) nist.gov. You may also report bugs or request new tests.</p>
 
 				<h1 id="related">Related Projects</h1>
 				<ul>

src/Makefile

@@ -10,7 +10,7 @@ update:
 	bundle install
 
 clean:
-	rm -rf *.err *.html *.xml *.txt documents/
+	rm -rf *.err *.html *.xml *.txt *.abort documents/
 
 %.html %.txt: %.adoc
 	bundle exec metanorma compile $<

src/draft-celi-acvp-ml-dsa.adoc

@@ -0,0 +1,78 @@
+= ACVP ML-DSA JSON Specification
+:doctype: internet-draft
+:docname: acvp-ml
+:docnumber: draft-celi-acvp-ml-dsa-01
+:abbrev: ACVP ML-DSA
+:ipr: trust200902
+:submission-type: independent
+:area: Internet
+:intended-series: informational
+:revdate: 2024-04-01
+:forename_initials: C.C.
+:lastname: Celi
+:fullname: Christopher Celi
+:organization: National Institute of Standards and Technology
+:street: 100 Bureau Drive
+:city: Gaithersburg
+:code: 20899
+:country: United States of America
+:email: [email protected]
+:role: editor
+:docfile: draft-celi-acvp-ml-dsa.adoc
+:mn-document-class: ietf
+:mn-output-extensions: xml,rfc,txt,html
+:area: General
+:keyword: acvp, crypto
+
+// Singular name of the algorithm
+:spec-algorithm: Module Lattice-based Digital Signature Algorithm (ML-DSA)
+:algo-short-name: ML-DSA
+
+include::common/common-sections/00-abstract.adoc[]
+
+include::common/common-sections/01-intro.adoc[]
+
+include::common/common-sections/02-conventions.adoc[]
+
+include::ml-dsa/sections/03-supported.adoc[]
+
+include::ml-dsa/sections/04-testtypes.adoc[]
+
+include::common/common-sections/05-capabilities-description.adoc[]
+
+include::common/common-sections/051-prerequisites.adoc[]
+
+include::ml-dsa/sections/05-capabilities.adoc[]
+
+include::ml-dsa/sections/05-ml-dsa-keygen-capabilities.adoc[]
+
+include::ml-dsa/sections/05-ml-dsa-siggen-capabilities.adoc[]
+
+include::ml-dsa/sections/05-ml-dsa-sigver-capabilities.adoc[]
+
+include::common/common-sections/06-test-vector-intro.adoc[]
+
+include::ml-dsa/sections/06-test-vectors.adoc[]
+
+include::ml-dsa/sections/06-ml-dsa-keygen-test-vectors.adoc[]
+
+include::ml-dsa/sections/06-ml-dsa-siggen-test-vectors.adoc[]
+
+include::ml-dsa/sections/06-ml-dsa-sigver-test-vectors.adoc[]
+
+include::ml-dsa/sections/07-responses.adoc[]
+
+include::ml-dsa/sections/07-ml-dsa-keygen-responses.adoc[]
+
+include::ml-dsa/sections/07-ml-dsa-siggen-responses.adoc[]
+
+include::ml-dsa/sections/07-ml-dsa-sigver-responses.adoc[]
+
+include::common/common-sections/10-security.adoc[]
+
+include::common/common-sections/11-iana.adoc[]
+
+include::common/common-sections/99-acknowledgements.adoc[]
+
+// References must be given before appendixes
+include::ml-dsa/sections/98-references.adoc[]

src/draft-celi-acvp-ml-kem.adoc

@@ -0,0 +1,72 @@
+= ACVP ML-KEM JSON Specification
+:doctype: internet-draft
+:docname: acvp-ml
+:docnumber: draft-celi-acvp-ml-kem-01
+:abbrev: ACVP ML-KEM
+:ipr: trust200902
+:submission-type: independent
+:area: Internet
+:intended-series: informational
+:revdate: 2024-04-01
+:forename_initials: C.C.
+:lastname: Celi
+:fullname: Christopher Celi
+:organization: National Institute of Standards and Technology
+:street: 100 Bureau Drive
+:city: Gaithersburg
+:code: 20899
+:country: United States of America
+:email: [email protected]
+:role: editor
+:docfile: draft-celi-acvp-ml-kem.adoc
+:mn-document-class: ietf
+:mn-output-extensions: xml,rfc,txt,html
+:area: General
+:keyword: acvp, crypto
+
+// Singular name of the algorithm
+:spec-algorithm: Module Lattice-based Key Encapsulation Mechanism (ML-KEM)
+:algo-short-name: ML-KEM
+
+include::common/common-sections/00-abstract.adoc[]
+
+include::common/common-sections/01-intro.adoc[]
+
+include::common/common-sections/02-conventions.adoc[]
+
+include::ml-kem/sections/03-supported.adoc[]
+
+include::ml-kem/sections/04-testtypes.adoc[]
+
+include::common/common-sections/05-capabilities-description.adoc[]
+
+include::common/common-sections/051-prerequisites.adoc[]
+
+include::ml-kem/sections/05-capabilities.adoc[]
+
+include::ml-kem/sections/05-ml-kem-keygen-capabilities.adoc[]
+
+include::ml-kem/sections/05-ml-kem-encapdecap-capabilities.adoc[]
+
+include::common/common-sections/06-test-vector-intro.adoc[]
+
+include::ml-kem/sections/06-test-vectors.adoc[]
+
+include::ml-kem/sections/06-ml-kem-keygen-test-vectors.adoc[]
+
+include::ml-kem/sections/06-ml-kem-encapdecap-test-vectors.adoc[]
+
+include::ml-kem/sections/07-responses.adoc[]
+
+include::ml-kem/sections/07-ml-kem-keygen-responses.adoc[]
+
+include::ml-kem/sections/07-ml-kem-encapdecap-responses.adoc[]
+
+include::common/common-sections/10-security.adoc[]
+
+include::common/common-sections/11-iana.adoc[]
+
+include::common/common-sections/99-acknowledgements.adoc[]
+
+// References must be given before appendixes
+include::ml-kem/sections/98-references.adoc[]

src/lms/sections/05-capabilities.adoc

@@ -105,5 +105,3 @@ The following LMOTS Modes *MAY* be registerd by the module.
 * LMOTS_SHAKE_N32_W2
 * LMOTS_SHAKE_N32_W4
 * LMOTS_SHAKE_N32_W8
-
-Test.

src/ml-dsa/sections/03-supported.adoc

@@ -0,0 +1,9 @@
+
+[#supported]
+== Supported ML-DSA Algorithms
+
+The following ML-DSA algorithms *MAY* be advertised by the ACVP compliant cryptographic module. The list is in the form "algorithm / mode / revision".
+
+* ML-DSA / keyGen / FIPS204
+* ML-DSA / sigGen / FIPS204
+* ML-DSA / sigVer / FIPS204