From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E2038A00C4 for ; Mon, 18 Apr 2022 15:36:25 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D74F24014F; Mon, 18 Apr 2022 15:36:25 +0200 (CEST) Received: from mail-qk1-f195.google.com (mail-qk1-f195.google.com [209.85.222.195]) by mails.dpdk.org (Postfix) with ESMTP id 93A2940141 for ; Mon, 18 Apr 2022 15:36:23 +0200 (CEST) Received: by mail-qk1-f195.google.com with SMTP id c1so11125337qkf.13 for ; Mon, 18 Apr 2022 06:36:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iol.unh.edu; s=unh-iol; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=QZc4UjgJLCMhRo0NA6AfehPeyNQRVtBAuFPRiCiTA+s=; b=elACILvRG+bttOJhMdmcP28WAUW6KCoL/opfEanPhnI8Qt1sjVXE//yiZCZfh8w8PB 6IsY4I3MnzKexP/i3HGJSJddjtCnE1AWsKH5CiW26lzdmiJo1FDW8Zqu/aGurbKE/AUe luCN73ZXAlNsucSMw/r/+vGp1wyuffKhnzDxM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QZc4UjgJLCMhRo0NA6AfehPeyNQRVtBAuFPRiCiTA+s=; b=FmUE5ZAeYQaQ562FV3LCCFP6udVWAEba56M73Qwf+j4dFe7+SP0Zdph546nTWnbg2d ME5UcBE2OG1GXIeZhnxOc6En8/xHQWIw3LldQflpwSUxsVO/f6egs3VX0wLPkdkXlpCd QW9A6uGTnnXtarSwr0onQcsEMuSw6UGtEhQYlWhmrpwslBfOJXfsV3PVJ+EKYi8iwX8g TfdX9n1zfmexqmXaCqd8+xY8siKgZMxnjC0fJeJMud7V7JwA8y26lTsOUTMEF1IR6A0e uPz7rUGXSXnF6uq2AxBdYT6QcWd6HYIvwbUrsoRiaOtG2QaSPqswob0kPYDfOSIJZMO3 u3hQ== X-Gm-Message-State: AOAM532ygcyV2B9AQrhCrhg8+pnkdmajWQ8R0xqQUV6ZhqMXwq4MgQff WG8wd1H3eCR05dBYGKd4WG9Vww== X-Google-Smtp-Source: ABdhPJwd9gX6TNPygfzT7jp/whFid0CC1+OegSFIhlr0+0Aq6fh65c3bDI3cxgRu1eoYxdPTIUO1Xg== X-Received: by 2002:a37:5582:0:b0:69e:88dc:79a1 with SMTP id j124-20020a375582000000b0069e88dc79a1mr4571593qkb.661.1650288982905; Mon, 18 Apr 2022 06:36:22 -0700 (PDT) Received: from blo.iol.unh.edu ([2601:187:807e:37c0:ecc3:edc7:5dbb:9578]) by smtp.gmail.com with ESMTPSA id v14-20020a05622a144e00b002f1f32f86a6sm4480605qtx.5.2022.04.18.06.36.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Apr 2022 06:36:22 -0700 (PDT) From: Brandon Lo To: alialnu@nvidia.com Cc: ci@dpdk.org, Brandon Lo Subject: [PATCH v4 4/4] doc: add readme file for acvp_tool Date: Mon, 18 Apr 2022 09:36:10 -0400 Message-Id: <20220418133610.10835-5-blo@iol.unh.edu> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220418133610.10835-1-blo@iol.unh.edu> References: <20220202150445.28995-1-blo@iol.unh.edu> <20220418133610.10835-1-blo@iol.unh.edu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: ci@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK CI discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ci-bounces@dpdk.org This readme file contains instructions to set up and use the acvp_tool. Signed-off-by: Brandon Lo --- tools/acvp/README | 71 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 tools/acvp/README diff --git a/tools/acvp/README b/tools/acvp/README new file mode 100644 index 0000000..0cd3acc --- /dev/null +++ b/tools/acvp/README @@ -0,0 +1,71 @@ +The ACVP tool is a general tool for interacting with the NIST ACVP API +in order to test different cryptographic implementations. + +It produces machine-readable output for parsing in a CI environment. + + +Requirements +------------ + +There are also packages you need to download from the requirements.txt file: +* pyotp +* requests + +The tool expects that you have all the credential files from NIST: +* Client certificate (usually a .cer file from NIST) +* Key file for the certificate +* Time-based one-time password seed file (usually a .txt file from NIST) + +The path to each file must be stored in an environment variable: +$ACVP_SEED_FILE = Path to the TOTP seed .txt file (given by NIST). +$ACVP_CERT_FILE = Path to the client .cer/.crt file (given by NIST). +$ACVP_KEY_FILE = Path to the certificate key file (generated by user). + +If you do not have the required files from NIST, you must email them +to create demo credentials. +https://pages.nist.gov/ACVP/#access + + +Setup +----- + +After setting the environment variables as described in the +"Requirements" section, you will need to edit the acvp_config.json file. + +The acvp_config.json file is expected to be a json object +containing two keys: "url" and "algorithms" + +"url" must be the base URL string of the API you want to use. +"algorithms" must be an array of algorithm objects as detailed in the +ACVP API specification here: +https://github.com/usnistgov/ACVP/wiki/ACVTS-End-User-Documentation + +Now you can use the acvp_tool.py script to register a test session, +upload the results, and download the verdict. + + +Usage +----- + +To see all options available, use the --help flag. + +First, register and download a new test session with the tool: + acvp_tool.py --request $DOWNLOAD_PATH +The file written to $DOWNLOAD_PATH will contain both the session information +and the test vectors. + +You should use the DPDK FIPS validation example application to test +the vectors in this file. The example application will generate +the result file which is uploaded back to the ACVP API. + +After running tests with the vector file, you can submit the result: + acvp_tool.py --response $RESULT_PATH --upload +where $RESULT_PATH is the path of the file containing the answers. + +Once you submit your results, you can do + acvp_tool.py --response $RESULT_PATH --verdict $VERDICT_PATH +where $VERDICT_PATH is where you want to save the verdict information. +The verdict file will contain the result of each test case submitted. + +You can also combine the options: + acvp_tool.py --response $RESULT_PATH --upload --verdict $VERDICT_PATH -- 2.25.1