From: Fan Zhang <roy.fan.zhang@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, Marko Kovacevic <marko.kovacevic@intel.com>
Subject: [dpdk-dev] [PATCH v3 8/8] doc: add guides for fips validation
Date: Thu, 4 Oct 2018 14:12:49 +0100 [thread overview]
Message-ID: <20181004131249.26726-9-roy.fan.zhang@intel.com> (raw)
In-Reply-To: <20181004131249.26726-1-roy.fan.zhang@intel.com>
From: Marko Kovacevic <marko.kovacevic@intel.com>
Document explains how to run the fips sample app
and instructions users need to parser all the request
files and generate the response files.
Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
doc/guides/rel_notes/release_18_11.rst | 6 ++
doc/guides/sample_app_ug/fips_validation.rst | 97 ++++++++++++++++++++++++++++
doc/guides/sample_app_ug/index.rst | 5 ++
3 files changed, 108 insertions(+)
create mode 100644 doc/guides/sample_app_ug/fips_validation.rst
diff --git a/doc/guides/rel_notes/release_18_11.rst b/doc/guides/rel_notes/release_18_11.rst
index 2133a5b9b..db1579b6e 100644
--- a/doc/guides/rel_notes/release_18_11.rst
+++ b/doc/guides/rel_notes/release_18_11.rst
@@ -104,6 +104,12 @@ New Features
the specified port. The port must be stopped before the command call in order
to reconfigure queues.
+* **Added Cryptodev Fips Validation Example Application.**
+
+ Added an example application to parse and perform symmetric cryptography
+ computation to the NIST Cryptographic Algorithm Validation Program (CAVP)
+ test vectors.
+
API Changes
-----------
diff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst
new file mode 100644
index 000000000..0e06aab99
--- /dev/null
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -0,0 +1,97 @@
+.. SPDX-License-Identifier: BSD-3-Clause
+ Copyright(c) 2018 Intel Corporation.
+
+Federal Information Processing Standards (FIPS) CryptoDev Validation
+====================================================================
+
+Overview
+--------
+
+Federal Information Processing Standards (FIPS) are publicly announced standards
+developed by the United States federal government for use in computer systems by
+non-military government agencies and government contractors.
+
+This application is used to parse and perform symmetric cryptography
+computation to the NIST Cryptographic Algorithm Validation Program (CAVP) test
+vectors.
+
+Limitations
+-----------
+
+* Only NIST CAVP request files are parsed by this application.
+* The version of request file supported is ``CAVS 21.0``
+* The application does not supply the test vectors. The user is expected to
+ obtain the test vector files from `NIST
+ <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/block-ciphers>`_
+* Supported test vectors
+ * AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT
+ * AES-GCM (128,192,256) - EncryptExtIV, Decrypt
+ * AES-CCM (128) - VADT, VNT, VPT, VTT, DVPT
+ * AES-CMAC (128) - Generate, Verify
+ * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
+ * TDES (1 Key, 2 Keys, 3 Keys) - MMT, Monte, Permop, Subkey, Varkey, VarText
+
+Compiling the Application
+-------------------------
+
+* Compile Application
+
+ .. code-block:: console
+
+ make -C examples/cryptodev_fips_validate
+
+* Run ``dos2unix`` on the request files
+
+ .. code-block:: console
+
+ dos2unix AES/req/*
+ dos2unix AES_GCM/req/*
+ dos2unix CCM/req/*
+ dos2unix CMAC/req/*
+ dos2unix HMAC/req/*
+ dos2unix TDES/req/*
+
+Running the Application
+-----------------------
+
+The application requires a number of command line options:
+
+ .. code-block:: console
+
+ ./cryptodev_fips_validate_app [EAL options]
+ -- --req-file FILE_PATH/FOLDER_PATH
+ --rsp-file FILE_PATH/FOLDER_PATH
+ [--cryptodev DEVICE_NAME] [--cryptodev-id ID] [--path-is-folder]
+
+where,
+ * req-file: The path of the request file or folder, separated by
+ ``path-is-folder`` option.
+
+ * rsp-file: The path that the response file or folder is stored. separated by
+ ``path-is-folder`` option.
+
+ * cryptodev: The name of the target DPDK Crypto device to be validated.
+
+ * cryptodev-id: The id of the target DPDK Crypto device to be validated.
+
+ * path-is-folder: If presented the application expects req-file and rsp-file
+ are folder paths.
+
+To run the application in linuxapp environment to test one AES FIPS test data
+file for crypto_aesni_mb PMD, issue the command:
+
+.. code-block:: console
+
+ $ ./cryptodev_fips_validate_app --vdev crypto_aesni_mb --
+ --req-file /PATH/TO/REQUEST/FILE.req --rsp-file ./PATH/TO/RESPONSE/FILE.rsp
+ --cryptodev crypto_aesni_mb
+
+To run the application in linuxapp environment to test all AES-GCM FIPS test
+data files in one folder for crypto_aesni_gcm PMD, issue the command:
+
+.. code-block:: console
+
+ $ ./cryptodev_fips_validate_app --vdev crypto_aesni_gcm0 --
+ --req-file /PATH/TO/REQUEST/FILE/FOLDER/
+ --rsp-file ./PATH/TO/RESPONSE/FILE/FOLDER/
+ --cryptodev-id 0 --path-is-folder
diff --git a/doc/guides/sample_app_ug/index.rst b/doc/guides/sample_app_ug/index.rst
index 5bedf4f6f..146296b7a 100644
--- a/doc/guides/sample_app_ug/index.rst
+++ b/doc/guides/sample_app_ug/index.rst
@@ -56,6 +56,7 @@ Sample Applications User Guides
performance_thread
ipsec_secgw
bbdev_app
+ fips_validation
**Figures**
@@ -83,6 +84,10 @@ Sample Applications User Guides
:numref:`figure_client_svr_sym_multi_proc_app` :ref:`figure_client_svr_sym_multi_proc_app`
+:numref:`figure_master_slave_proc` :ref:`figure_master_slave_proc`
+
+:numref:`figure_slave_proc_recov` :ref:`figure_slave_proc_recov`
+
:numref:`figure_qos_sched_app_arch` :ref:`figure_qos_sched_app_arch`
:numref:`figure_pipeline_overview` :ref:`figure_pipeline_overview`
--
2.13.6
next prev parent reply other threads:[~2018-10-04 13:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-04 9:40 [dpdk-dev] [PATCH v2 0/8] FIPS validation capability Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 1/8] examples: add fips validation into examples Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 2/8] examples: add aes parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 3/8] examples: add hmac parser Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 4/8] examples: add TDES parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 5/8] examples: add gcm parser Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 6/8] examples: add cmac parser and enablement for test types Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 7/8] examples: add ccm " Fan Zhang
2018-10-04 9:40 ` [dpdk-dev] [PATCH v2 8/8] doc: add guides for fips validation Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 0/8] FIPS validation capability Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 1/8] examples: add fips validation into examples Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 2/8] examples: add aes parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 3/8] examples: add hmac parser Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 4/8] examples: add TDES parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 5/8] examples: add gcm parser Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 6/8] examples: add cmac parser and enablement for test types Fan Zhang
2018-10-04 13:12 ` [dpdk-dev] [PATCH v3 7/8] examples: add ccm " Fan Zhang
2018-10-04 13:12 ` Fan Zhang [this message]
2018-10-09 7:01 ` [dpdk-dev] [PATCH v3 8/8] doc: add guides for fips validation Akhil Goyal
2018-10-09 20:14 ` Zhang, Roy Fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181004131249.26726-9-roy.fan.zhang@intel.com \
--to=roy.fan.zhang@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=marko.kovacevic@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).