From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 983C6A0471 for ; Mon, 12 Aug 2019 09:09:51 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 88935325F; Mon, 12 Aug 2019 09:09:51 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by dpdk.org (Postfix) with ESMTP id 5BA8FDE3 for ; Mon, 12 Aug 2019 09:09:50 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Aug 2019 00:09:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,376,1559545200"; d="scan'208";a="180765513" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga006.jf.intel.com with ESMTP; 12 Aug 2019 00:09:48 -0700 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 12 Aug 2019 00:09:48 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 12 Aug 2019 00:09:47 -0700 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.80]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.112]) with mapi id 14.03.0439.000; Mon, 12 Aug 2019 15:09:45 +0800 From: "Tu, Lijuan" To: "Chen, Zhaoyan" , "dts@dpdk.org" CC: "Chen, Zhaoyan" Thread-Topic: [dts] [PATCH v1] Add FIPS validation for cryptodev test plan Thread-Index: AQHVUNu8BJf2TNZLdE+8pD6rFwoKO6b3GBrw Date: Mon, 12 Aug 2019 07:09:45 +0000 Message-ID: <8CE3E05A3F976642AAB0F4675D0AD20E0BB0199F@SHSMSX101.ccr.corp.intel.com> References: <20190812065934.190487-1-zhaoyan.chen@intel.com> In-Reply-To: <20190812065934.190487-1-zhaoyan.chen@intel.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNDBlODZkZjEtYjE0Ny00ZGFlLTk5NmYtNmRmMWEwNzI5MGNhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiazVkQ21SM2RWeUFLQVdITTU3VGpUUVo3RjBOOEVyc2VyeWVEMmZyd0tDOUl1c25zYnZWMldrZGhSOEkyeDNnKyJ9 x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dts] [PATCH v1] Add FIPS validation for cryptodev test plan X-BeenThere: dts@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: test suite reviews and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dts-bounces@dpdk.org Sender: "dts" Applied, thanks > -----Original Message----- > From: dts [mailto:dts-bounces@dpdk.org] On Behalf Of Chen, Zhaoyan > Sent: Monday, August 12, 2019 3:00 PM > To: dts@dpdk.org > Cc: Chen, Zhaoyan > Subject: [dts] [PATCH v1] Add FIPS validation for cryptodev test plan >=20 > Add FIPS validation for cryptodev test plan >=20 > --- > test_plans/fips_cryptodev_test_plan.rst | 265 ++++++++++++++++++++++++ > 1 file changed, 265 insertions(+) > create mode 100644 test_plans/fips_cryptodev_test_plan.rst >=20 > diff --git a/test_plans/fips_cryptodev_test_plan.rst > b/test_plans/fips_cryptodev_test_plan.rst > new file mode 100644 > index 0000000..f7e30f2 > --- /dev/null > +++ b/test_plans/fips_cryptodev_test_plan.rst > @@ -0,0 +1,265 @@ > +.. Copyright (c) <2019> Intel Corporation > + All rights reserved. > + > + Redistribution and use in source and binary forms, with or without > + modification, are permitted provided that the following conditions > + are met: > + > + - Redistributions of source code must retain the above copyright > + notice, this list of conditions and the following disclaimer. > + > + - Redistributions in binary form must reproduce the above copyright > + notice, this list of conditions and the following disclaimer in > + the documentation and/or other materials provided with the > + distribution. > + > + - Neither the name of Intel Corporation nor the names of its > + contributors may be used to endorse or promote products derived > + from this software without specific prior written permission. > + > + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND > CONTRIBUTORS > + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND > FITNESS > + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE > + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, > INDIRECT, > + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES > + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > OR > + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN > CONTRACT, > + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED > + OF THE POSSIBILITY OF SUCH DAMAGE. > + > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > +FIPS Validation Application Tests > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > + > +Description > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Federal Information Processing Standards (FIPS) are publicly announced > standards developed by the United States federal government for use in > computer systems by non-military government agencies and government > contractors. > + > +This application is used to parse and perform symmetric cryptography > computation to the NIST Cryptographic Algorithm Validation Program (CAVP) > test vectors. > + > +For an algorithm implementation to be listed on a cryptographic module > validation certificate as an Approved security function, the algorithm > implementation must meet all the requirements of FIPS 140-2 and must > successfully complete the cryptographic algorithm validation process. > + > +Limitations and Supported test vectors, please see > http://doc.dpdk.org/guides/sample_app_ug/fips_validation.html > + > + > +Prerequisites > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Get the latest IPSec Multi-buffer library (nasm package is required, for > Ubuntu "apt install nasm", for Fedora/RHEL "dnf install nasm"):: > + > + git clone https://github.com/intel/intel-ipsec-mb.git > + > + cd intel-ipsec-mb > + > + git checkout d3e25eed9d010b2c24b9970828eb9b45f4795c06 (latest > working commit) > + > + make -j 4 > + > + make install > + > + > +Get/install FIPS Object Module:: > + > + wget https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz > + > + cd openssl-fips-2.0.16 > + > + make > + > + make install > + > + > +Get/install the OpenSSL library:: > + > + wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz > + > + export CFLAGS=3D'-fPIC' > + > + ./config shared fips > + > + make depend > + > + make > + > + > +Build FIPS validation application(in DPDK examples directory):: > + > + make -C examples/fips_validation > + > + > +Test Case Common Step > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Launch fips validation application command:: > + > + ./fips_validation [EAL options] > + -- --req-file FILE_PATH/FOLDER_PATH > + --rsp-file FILE_PATH/FOLDER_PATH > + [--cryptodev DEVICE_NAME] [--cryptodev-id ID] [--path-is-folder] > + > +req-file: The path of the request file or folder, separated by path-is-f= older > option. > +rsp-file: The path that the response file or folder is stored. separated= by > path-is-folder option. > +cryptodev: The name of the target DPDK Crypto device to be validated. > +cryptodev-id: The id of the target DPDK Crypto device to be validated. > +path-is-folder: If presented the application expects req-file and rsp-fi= le are > folder paths. > + > + > +Check test results by comparing the generated .rsp files with the > reference .rsp/.fax files > + > + > +Test Case 01: fips_aesni_mb_aes_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_aesni_mb_pmd_1 -- --req-file /root/FIPS/AES/req --rsp-file > /root/FIPS/AES/resp --cryptodev crypto_aesni_mb_pmd_1 --path-is-folder -- > cryptodev-id 0 --self-test > + > + > +Test Case 02: fips_aesni_mb_3des_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_aesni_mb_pmd_1 -- --req-file /root/FIPS/TDES/req --rsp-file > /root/FIPS/TDES/resp --cryptodev crypto_aesni_mb_pmd_1 --path-is-folder -= - > cryptodev-id 0 --self-test > + > + > +Test Case 03: fips_aesni_mb_hmac_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_aesni_mb_pmd_1 -- --req-file /root/FIPS/HMAC/req --rsp-file > /root/FIPS/HMAC/resp --cryptodev crypto_aesni_mb_pmd_1 --path-is-folder > --cryptodev-id 0 --self-test > + > + > +Test Case 04: fips_aesni_mb_ccm_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_aesni_mb_pmd_1 -- --req-file /root/FIPS/CCM/req --rsp-file > /root/FIPS/CCM/resp --cryptodev crypto_aesni_mb_pmd_1 --path-is-folder -- > cryptodev-id 0 --self-test > + > + > +Test Case 05: fips_aesni_mb_cmac_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_aesni_mb_pmd_1 -- --req-file /root/FIPS/CMAC/req --rsp-file > /root/FIPS/CMAC/resp --cryptodev crypto_aesni_mb_pmd_1 --path-is-folder > --cryptodev-id 0 --self-test > + > + > +Test Case 06: fips_qat_gcm_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 -w > 0000:1a:01.0 -- --req-file /root/FIPS/GCM/req --rsp-file /root/FIPS/GCM/r= esp - > -path-is-folder --cryptodev-id 0 --self-test > + > + > +Test Case 07: fips_qat_aes_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 -w > 0000:1a:01.0 -- --req-file /root/FIPS/AES/req --rsp-file /root/FIPS/AES/r= esp -- > path-is-folder --cryptodev-id 0 --self-test > + > + > +Test Case 08: fips_qat_3des_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 -w > 0000:1a:01.0 -- --req-file /root/FIPS/TDES/req --rsp-file /root/FIPS/TDES= /resp - > -path-is-folder --cryptodev-id 0 --self-test > + > + > +Test Case 09: fips_qat_hmac_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 -w > 0000:1a:01.0 -- --req-file /root/FIPS/HMAC/req --rsp-file > /root/FIPS/HMAC/resp --path-is-folder --cryptodev-id 0 --self-test > + > + > +Test Case 10: fips_qat_ccm_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 -w > 0000:1a:01.0 -- --req-file /root/FIPS/CCM/req --rsp-file /root/FIPS/CCM/r= esp -- > path-is-folder --cryptodev-id 0 --self-test > + > + > +Test Case 11: fips_qat_cmac_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 -w > 0000:1a:01.0 -- --req-file /root/FIPS/CMAC/req --rsp-file > /root/FIPS/CMAC/resp --path-is-folder --cryptodev-id 0 --self-test > + > + > +Test Case 12: fips_openssl_gcm_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_openssl_pmd_1 -- --req-file /root/FIPS/GCM/req --rsp-file > /root/FIPS/GCM/resp --cryptodev crypto_openssl_pmd_1 --path-is-folder -- > cryptodev-id 0 --self-test > + > + > +Test Case 13: fips_openssl_aes_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_openssl_pmd_1 -- --req-file /root/FIPS/AES/req --rsp-file > /root/FIPS/AES/resp --cryptodev crypto_openssl_pmd_1 --path-is-folder -- > cryptodev-id 0 --self-test > + > + > +Test Case 14: fips_openssl_3des_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_openssl_pmd_1 -- --req-file /root/FIPS/TDES/req --rsp-file > /root/FIPS/TDES/resp --cryptodev crypto_openssl_pmd_1 --path-is-folder -- > cryptodev-id 0 --self-test > + > + > +Test Case 15: fips_openssl_hmac_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_openssl_pmd_1 -- --req-file /root/FIPS/HMAC/req --rsp-file > /root/FIPS/HMAC/resp --cryptodev crypto_openssl_pmd_1 --path-is-folder -- > cryptodev-id 0 --self-test > + > + > +Test Case 16: fips_openssl_ccm_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_openssl_pmd_1 -- --req-file /root/FIPS/CCM/req --rsp-file > /root/FIPS/CCM/resp --cryptodev crypto_openssl_pmd_1 --path-is-folder -- > cryptodev-id 0 --self-test > + > + > +Test Case 17: fips_aesni_gcm_gcm_test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation --socket-mem 2048,0 --legacy-mem -l 9,10,66 -n 6 --v= dev > crypto_aesni_gcm_pmd_1 -- --req-file /root/FIPS/GCM/req --rsp-file > /root/FIPS/GCM/resp --cryptodev crypto_aesni_gcm_pmd_1 --path-is-folder - > -cryptodev-id 0 --self-test > + > + > +Test Case 18: fips_self-test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation -w 0000:1a:01.0 --socket-mem 2048,0 --vdev > crypto_aesni_mb_pmd_1 -- --req-file /root/FIPS/AES/req --rsp- > file ./root/FIPS/AES/resp --cryptodev crypto_aesni_mb_pmd_1 --path-is- > folder --self-test > + > + > +Test Case 19: fips_broken-test > +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > + > +Test Command:: > + > + ./fips_validation -w 0000:1a:01.0--socket-mem 2048,0 --vdev > crypto_aesni_mb_pmd_1 -- --req-file /root/FIPS/AES/req --rsp- > file ./root/FIPS/AES/resp --cryptodev crypto_aesni_mb_pmd_1 --path-is- > folder --self-test --broken-test-id 15 --broken-test-dir dec > + > -- > 2.22.0