From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 026E4428C5 for ; Mon, 3 Apr 2023 20:49:40 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EF19640ED7; Mon, 3 Apr 2023 20:49:39 +0200 (CEST) Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) by mails.dpdk.org (Postfix) with ESMTP id 070C2400D6 for ; Mon, 3 Apr 2023 20:49:39 +0200 (CEST) Received: by mail-pg1-f178.google.com with SMTP id z10so18131889pgr.8 for ; Mon, 03 Apr 2023 11:49:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iol.unh.edu; s=unh-iol; t=1680547778; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=inVJpJ84wJd7qrVcH8AZfbMMiUMFdq0XnTz0XpiRyOQ=; b=RSMVn1UfLi2CDhzR/XTpHINf58eCR4JJ7fZmpq304mskmahG9kMAZuISqvL5OV+UZs 30LycKBx9/Hpepzjzc+HiTO8BwEsC6VaFvu3YGnvo7k2vxsFQP9dmGGfru1UZyadd4ib jEkQ32171WKMWDFNUSA+AFha3TIDL1m+lNQ1k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680547778; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=inVJpJ84wJd7qrVcH8AZfbMMiUMFdq0XnTz0XpiRyOQ=; b=rNQnu1VCFF0pcs3jvClAxh5Kpv+Fu7ISrkx4DW5CBCW+2XS2y0L5TeMguIiDsgl9cu o4frdn30kepGAeESQyi9VArkrKrm0cgYhl9yHsV4j3via4A0SwrLYZdeddixH8mDeOXl twF6UkW9wNFvnH8LKl10Xv03Xpn0Dm6RXu9ee09j9ui13x/j6zBHZVYsJ+GLyJ6fcJnr +ysOqWnDkpntGO4y3TMaYkreXYLx1KhG9+HQqOXJCF8F8nKSBjzVj5ckOzMYsa1KrGDL IWPaz70mpfxcOhTjGxRVoX1AP+D12yvjKKMIFosrvSGVtoQrF3C82Nwflf+Mai2ZGMUK YbtQ== X-Gm-Message-State: AAQBX9fD+J2UocTJE/mrs+EsV9pFQtkYrThR8pSclEkl2p+pxnBy40oF iY7DlzjlMufYOsATTf7WdQVUrlX+LIhQH2lIIwetvRHjZbYuml/bbLU= X-Google-Smtp-Source: AKy350ZqyxoYMyMXw5HdLFgq7FOB2sEjz20RGlSFbvUwH+Ha6G4+j926oia3q7Dihm9k5joW5sCoz/EWh6+rT8hp3Vo= X-Received: by 2002:a05:6a00:2443:b0:627:9d8a:a29c with SMTP id d3-20020a056a00244300b006279d8aa29cmr17521697pfj.2.1680547777895; Mon, 03 Apr 2023 11:49:37 -0700 (PDT) MIME-Version: 1.0 References: <20230327165141.7916-2-jspewock@iol.unh.edu> <20230327165141.7916-6-jspewock@iol.unh.edu> In-Reply-To: From: Jeremy Spewock Date: Mon, 3 Apr 2023 14:49:27 -0400 Message-ID: Subject: Re: [PATCH v6 4/4] doc: add readme file for acvp_tool To: Ali Alnubani Cc: "ci@dpdk.org" Content-Type: multipart/alternative; boundary="000000000000547d5f05f8730575" X-BeenThere: ci@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK CI discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ci-bounces@dpdk.org --000000000000547d5f05f8730575 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Mar 28, 2023 at 4:27=E2=80=AFAM Ali Alnubani w= rote: > > -----Original Message----- > > From: jspewock@iol.unh.edu > > Sent: Monday, March 27, 2023 7:52 PM > > To: ci@dpdk.org > > Cc: Jeremy Spewock > > Subject: [PATCH v6 4/4] doc: add readme file for acvp_tool > > > > From: Jeremy Spewock > > > > updated out-of-date acvp_tool readme > > This only describes the diff with Brandon's patch. The original commit > message should have been kept instead and expanded if needed. > > > > > Signed-off-by: Jeremy Spewock > > --- > [..] > > +* FIPS Object Module > > +``` > > +curl -o openssl-fips-2.0.16.tar.gz > https://www.openssl.org/source/openssl- > > fips-2.0.16.tar.gz > > +tar xvfm openssl-fips-2.0.16.tar.gz > > +cd openssl-fips-2.0.16 > > +./config > > +make > > +make install > > +``` > > Is this module required even with recent versions of openssl? > In recent testing of the dependencies, when this module wasn't present there is inconsistent behavior that leads to errors. > > > +* OpenSSL library > > +``` > > +curl -o openssl-1.0.2o.tar.gz https://www.openssl.org/source/openssl- > > 1.0.2o.tar.gz > > +export CFLAGS=3D'-fPIC' > > +tar xvfm openssl-1.0.2o.tar.gz > > +cd openssl-1.0.2o > > +./config shared fips > > +make depend > > +make > > +``` > > OpenSSL 1.0.2 is deprecated and probably vulnerable ( > https://www.openssl.org/news/vulnerabilities-1.0.2.html). > You're also only building locally here, and you aren't pointing DPDK buil= d > to it, so I doubt it's making a difference. > After doing some testing, it seems that this library is not needed in order to run the application and get passing vectors. > > Can you please double check these dependencies? > > These dependencies were actually taken from the test plan documentation written for running the FIPS sample application. This was the only documentation I could find that mentions the required libraries in order to run the sample application so I followed it as closely as I could. The only thing I had to change was the version of the IPsec library because it wouldn't build with this older outdated version. This documentation should likely be updated: https://git.dpdk.org/tools/dts/tree/test_plans/fips_cryptodev_test_plan.rst > [..] > > +### Using the DPDK FIPS Validation Example Application > > +First, you have to make sure that you configure DPDK to build the FIPS > > sample application before you compile with ninja > > +``` > > +#inside dpdk/ > > +meson build --werror > > +meson configure -Dexamples=3Dfips_validation build > > You can combine them into a single command: > meson --werror -Dexamples=3Dfips_validation build > > > +sudo ninja -C build > > You're only making local changes here. If sudo wasn't required for the > meson commands, it won't be required for this one. > > Additionally, I see the following warnings when applying the patch: > > Applying: doc: add readme file for acvp_tool > .git/rebase-apply/patch:63: trailing whitespace. > * In order to test AES-CTR you'll also have to remove the key `"ivGenMode= "` > .git/rebase-apply/patch:133: trailing whitespace. > Fixed in v7. > > - Ali > Thanks, Jeremy --000000000000547d5f05f8730575 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Tue, Mar 28, 2023 at 4:27=E2=80=AFAM A= li Alnubani <alialnu@nvidia.com> wrote:
>= ; -----Original Message-----
> From: jspewo= ck@iol.unh.edu <jspewock@iol.unh.edu>
> Sent: Monday, March 27, 2023 7:52 PM
> To: ci@dpdk.org > Cc: Jeremy Spewock <jspewock@iol.unh.edu>
> Subject: [PATCH v6 4/4] doc: add readme file for acvp_tool
>
> From: Jeremy Spewock <jspewock@iol.unh.edu>
>
> updated out-of-date acvp_tool readme

This only describes the diff with Brandon's patch. The original commit = message should have been kept instead and expanded if needed.

>
> Signed-off-by: Jeremy Spewock <jspewock@iol.unh.edu>
> ---
[..]
> +* FIPS Object Module
> +```
> +curl -o openssl-fips-2.0.16.tar.gz https://www.openssl.= org/source/openssl-
> fips-2.0.16.tar.gz
> +tar xvfm openssl-fips-2.0.16.tar.gz
> +cd openssl-fips-2.0.16
> +./config
> +make
> +make install
> +```

Is this module required even with recent versions of openssl?

In recent testing of the dependencies, when this mod= ule wasn't present there is inconsistent behavior that leads to errors.=
=C2=A0

> +* OpenSSL library
> +```
> +curl -o openssl-1.0.2o.tar.gz https://www.openssl.org/s= ource/openssl-
> 1.0.2o.tar.gz
> +export CFLAGS=3D'-fPIC'
> +tar xvfm openssl-1.0.2o.tar.gz
> +cd openssl-1.0.2o
> +./config shared fips
> +make depend
> +make
> +```

OpenSSL 1.0.2 is deprecated and probably vulnerable (https://www.openssl.org/news/vulnerabilities-1.0.2.html).
You're also only building locally here, and you aren't pointing DPD= K build to it, so I doubt it's making a difference.

After doing some testing, it seems that this library is no= t needed in order to run the application and get passing vectors.
=C2=A0

Can you please double check these dependencies?


These dependencies were actually taken= from the test plan documentation written for running the FIPS sample appli= cation. This was the only documentation I could find that mentions the requ= ired libraries in order to run the sample application so I followed it as c= losely as I could. The only thing I had to change was the version of the IP= sec library because it wouldn't build with this older outdated version.= This documentation should likely be updated:

=C2=A0
[..]
> +### Using the DPDK FIPS Validation Example Application
> +First, you have to make sure that you configure DPDK to build the FIP= S
> sample application before you compile with ninja
> +```
> +#inside dpdk/
> +meson build --werror
> +meson configure -Dexamples=3Dfips_validation build

You can combine them into a single command:
meson --werror=C2=A0 -Dexamples=3Dfips_validation build

> +sudo ninja -C build

You're only making local changes here. If sudo wasn't required for = the meson commands, it won't be required for this one.

Additionally, I see the following warnings when applying the patch:

Applying: doc: add readme file for acvp_tool
.git/rebase-apply/patch:63: trailing whitespace.
* In order to test AES-CTR you'll also have to remove the key `"iv= GenMode"`
.git/rebase-apply/patch:133: trailing whitespace.

=
Fixed in v7.
=C2=A0

- Ali

Thanks,
Jeremy=C2=A0
--000000000000547d5f05f8730575--