Updated documentation for counterFieldLen support added to AES ctrDRBG

src/drbg/sections/03-supported.adoc

@@ -10,4 +10,6 @@ The following deterministic random bit generator algorithms *MAY* be advertised
 
 === Counter DRBG Triple-DES
 
-The "ctrDRBG-TDES" mode shall only be used with the three-key option of the Triple-DES algorithm.
+The "ctrDRBG-TDES" mode shall only be used with the three-key option of the Triple-DES algorithm.
+
+NOTE: TDES is no longer supported and is end-of-life as of 1/1/2024; please refer to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf for more information.

src/drbg/sections/04-testtypes.adoc

@@ -16,9 +16,9 @@ The tests described in this document have the intention of ensuring an implement
 
 * SP 800-90A - 7.1 Entropy Input. The IUT is *REQUIRED* to inject the ACVP server's provided entropy for testing.
 
-*  SP 800-90A - 7.2 Other Inputs. The IUT is *REQUIRED* to inject the ACVP server's provided other input information for testing.
+* SP 800-90A - 7.2 Other Inputs. The IUT is *REQUIRED* to inject the ACVP server's provided other input information for testing.
 
-*  SP 800-90A - 7.3 Internal State. Indirect testing of the IUT's DRBG internal state *SHALL* be inferred through multiple calls to the DRBG "generate" function.  Multiple calls *SHALL* ensure the internal state is successfully mutated for each "generate" invocation.
+* SP 800-90A - 7.3 Internal State. Indirect testing of the IUT's DRBG internal state *SHALL* be inferred through multiple calls to the DRBG "generate" function.  Multiple calls *SHALL* ensure the internal state is successfully mutated for each "generate" invocation.
 
 * SP 800-90A - 7.4 The DRBG Mechanism Functions. "Instantiate", "Generate", and "Reseed" DRBG functions *SHALL* be tested within the ACVP server's provided tests.
 

src/drbg/sections/05-capabilities.adoc

@@ -36,6 +36,7 @@ Each DRBG algorithm capability advertised is a self-contained JSON object. A reg
 | persoStringLen | Personalization string length. See the notes below. | domain | Min: maximum security strength (see <<supported_values>>), Max: See <<supported_values>>. Set to 0 if not supported
 | additionalInputLen | See the notes below. | domain | Min: maximum security strength (see <<supported_values>>), Max: See <<supported_values>>. Set to 0 if not supported
 | returnedBitsLen | Returned bits length | integer | Min: See <<supported_values>>, Max: 4096.
+| counterFieldLen | The length of the counter field in bits. This property is 1) optional and 2) only available for the ctrDRBG algorithm and "AES-128", "AES-192", and "AES-256" modes. See the note below. If omitted, tests are generated using a 128-bit counter. | integer | Min: 4, Max: 128
 |===
 
 
@@ -53,6 +54,8 @@ NOTE: ACVP allows bit length values for 'persoString' ranging from the maximum s
 
 NOTE: The 'addtionalInput' configuration and restrictions are the same as those for the 'persoString'.
 
+NOTE: The 'counterFieldLen' property was introduced to support the concept of counter field length as introduced in SP800-90Ar1. See SP800-90Ar1 Section 10.2.1, Table 3
+
 [[value_req_per_option]]
 === Supported values per DRBG option
 
@@ -74,20 +77,20 @@ DRBG minimum/maximum values for the properties listed in <<capabilities-table>>
 | hashDRBG | "SHA-1" | N/A | 128 | 128 | 65536 | 65536 | 65536 | 64 | 65536 | 160
 | hashDRBG | "SHA2-224" | N/A | 192| 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
 | hashDRBG | "SHA2-256" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
-| hashDRBG | "SHA2-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384 
+| hashDRBG | "SHA2-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384
 | hashDRBG | "SHA2-512" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 512
 | hashDRBG | "SHA2-512/224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
 | hashDRBG | "SHA2-512/256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
 | hashDRBG | "SHA3-224" | N/A | 192| 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
 | hashDRBG | "SHA3-256" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
-| hashDRBG | "SHA3-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384 
+| hashDRBG | "SHA3-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384
 | hashDRBG | "SHA3-512" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 512
 | hmacDRBG | "SHA-1" | N/A | 128 | 128 | 65536 | 65536 | 65536 | 64 | 65536 | 160
 | hmacDRBG | "SHA2-224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
 | hmacDRBG | "SHA2-256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
 | hmacDRBG | "SHA2-384" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384
 | hmacDRBG | "SHA2-512" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 512
-| hmacDRBG | "SHA2-512/224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224 
+| hmacDRBG | "SHA2-512/224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
 | hmacDRBG | "SHA2-512/256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
 | hmacDRBG | "SHA3-224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
 | hmacDRBG | "SHA3-256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
@@ -97,6 +100,8 @@ DRBG minimum/maximum values for the properties listed in <<capabilities-table>>
 
 NOTE: If an implementation utilizes a nonce in the construction of a seed during instantiation, the length of the nonce shall be at least half the maximum security strength supported. The values listed in the Min Nonce Len column of <<supported_values>> are the maximum security strength / 2. Per allowances in <<SP800-90A>>, the length of a nonce may be less than 1/2 the maximum security strength supported as long as the entropy input length + the nonce length >= 3/2 security strength. If the entropy input length is >= 3/2 security strength the minimum nonce length will be 0.
 
+NOTE: TDES is no longer supported and is end-of-life as of 1/1/2024; please refer to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf for more information.
+
 === DRBG Registration Example
 
 The following is an example registration.
@@ -144,7 +149,8 @@ The following is an example registration.
       "additionalInputLen": [
         256
       ],
-      "returnedBitsLen": 512
+      "returnedBitsLen": 512,
+      "counterFieldLen": 100
     }
   ]
 }

src/drbg/sections/06-test-vectors.adoc

@@ -18,6 +18,7 @@ The testGroups element at the top level in the test vector JSON object is an arr
 | persoStringLen | Personalization string length; set to 0 if not used/supported. See also notes after <<capabilities-table>> above | integer
 | additonalInputLen | Additional input length; set to 0 if not used/supported. See also notes after <<capabilities-table>> above | integer
 | returnedBitsLen | returned bits length | integer
+| counterFieldLen | The length of the counter. Only included when algorithm is "ctrDRBG". | integer
 | tests | Array of individual test cases | array
 |===
 
@@ -96,6 +97,7 @@ Here is an abbreviated yet fully constructed example of the prompt
       "persoStringLen": 256,
       "additionalInputLen": 256,
       "returnedBitsLen": 512,
+      "counterFieldLen": 100,
       "mode": "AES-128",
       "tests": [
         {

src/drbg/sections/97-examples.adoc

@@ -39,7 +39,8 @@ The following is a example JSON object advertising support for ctrDRBG with TDES
       "additionalInputLen": [
         256
       ],
-      "returnedBitsLen": 512
+      "returnedBitsLen": 512,
+      "counterFieldLen": 75
     },
     {
       "mode": "AES-192",
@@ -73,7 +74,8 @@ The following is a example JSON object advertising support for ctrDRBG with TDES
       "additionalInputLen": [
         384
       ],
-      "returnedBitsLen": 512
+      "returnedBitsLen": 512,
+      "counterFieldLen": 100
     },
     {
       "mode": "TDES",
@@ -124,7 +126,8 @@ The following is a example JSON object advertising support for ctrDRBG with TDES
       "additionalInputLen": [
         320
       ],
-      "returnedBitsLen": 512
+      "returnedBitsLen": 512,
+      "counterFieldLen": 10
     },
     {
       "mode": "AES-256",
@@ -141,7 +144,8 @@ The following is a example JSON object advertising support for ctrDRBG with TDES
       "additionalInputLen": [
         384
       ],
-      "returnedBitsLen": 512
+      "returnedBitsLen": 512,
+      "counterFieldLen": 50
     },
     {
       "mode": "TDES",
@@ -336,6 +340,7 @@ The following is a example JSON object for ctrDRBG test vectors sent from the AC
         "persoStringLen": 112,
         "additionalInputLen": 112,
         "returnedBitsLen": 256,
+        "counterFieldLen": 100,
         "tests": [
           {
             "tcId": 1815,

src/drbg/sections/98-references.adoc

@@ -6,6 +6,7 @@
 * [[[RFC7991,RFC 7991]]]
 * [[[RFC8174,RFC 8174]]]
 * [[[SP800-90A,NIST SP 800-90A]]]
+* [[[SP800-90Ar1,NIST SP 800-90Ar1]]]
 
 [%bibitem]
 === Automatic Cryptographic Validation Protocol

src/drbg/sections/XX-examples.adoc

@@ -39,7 +39,8 @@ The following is a example JSON object advertising support for ctrDRBG with 3Key
       "additionalInputLen": [
         256
       ],
-      "returnedBitsLen": 512
+      "returnedBitsLen": 512,
+      "counterFieldLen": 100
     },
     {
       "mode": "AES-192",
@@ -141,7 +142,8 @@ The following is a example JSON object advertising support for ctrDRBG with 3Key
       "additionalInputLen": [
         384
       ],
-      "returnedBitsLen": 512
+      "returnedBitsLen": 512,
+      "counterFieldLen": 100
     },
     {
       "mode": "TDES",