mbox series

[v4,0/8] FIPS validation capability

Message ID 20181012144501.19562-1-marko.kovacevic@intel.com (mailing list archive)
Headers
Series FIPS validation capability |

Message

Kovacevic, Marko Oct. 12, 2018, 2:44 p.m. UTC
  This sample application is made for the purpose so that users of DPDK
who wish to get FIPS certification for their platforms, this sample app enables
users to parse test vectors that is gotten from NIST and be able to get
a generated response file which they can then verify and be sure their
system will pass FIPS certification.

Marko Kovacevic (8):
v4:
- Added Limitation
- Changed TDES BLOCK SIZE from 16 -> 8
  as DES block size is 64bits (main.c)
v3:
- Fixed a no-testing bug
- Fixed some code style issue

v2:
- Refactor the code.
- Move the code from test to sample applcation

  examples: add fips validation into examples
  examples: add aes parser and enablement for test types
  examples: add hmac parser
  examples: add TDES parser and enablement for test types
  examples: add gcm parser
  examples: add cmac parser and enablement for test types
  examples: add ccm parser and enablement for test types
  doc: add guides for fips validation

 doc/guides/rel_notes/release_18_11.rst             |    6 +
 doc/guides/sample_app_ug/fips_validation.rst       |  105 ++
 doc/guides/sample_app_ug/index.rst                 |    1 +
 examples/cryptodev_fips_validate/Makefile          |   75 ++
 .../cryptodev_fips_parse_3des.c                    |  259 +++++
 .../cryptodev_fips_parse_aes.c                     |  188 +++
 .../cryptodev_fips_parse_ccm.c                     |  272 +++++
 .../cryptodev_fips_parse_cmac.c                    |  116 ++
 .../cryptodev_fips_parse_gcm.c                     |  125 ++
 .../cryptodev_fips_parse_hmac.c                    |  105 ++
 .../cryptodev_fips_parse_validate.c                |  593 ++++++++++
 .../cryptodev_fips_validate.h                      |  234 ++++
 examples/cryptodev_fips_validate/main.c            | 1221 ++++++++++++++++++++
 examples/cryptodev_fips_validate/meson.build       |   20 +
 14 files changed, 3320 insertions(+)
 create mode 100644 doc/guides/sample_app_ug/fips_validation.rst
 create mode 100644 examples/cryptodev_fips_validate/Makefile
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_3des.c
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_aes.c
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_ccm.c
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_gcm.c
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_hmac.c
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
 create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_validate.h
 create mode 100644 examples/cryptodev_fips_validate/main.c
 create mode 100644 examples/cryptodev_fips_validate/meson.build
  

Comments

Arkadiusz Kusztal Oct. 15, 2018, 6:36 a.m. UTC | #1
> -----Original Message-----
> From: Kovacevic, Marko
> Sent: Friday, October 12, 2018 4:45 PM
> To: dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; akhil.goyal@nxp.com;
> Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Kovacevic, Marko
> <marko.kovacevic@intel.com>
> Subject: [PATCH v4 0/8] FIPS validation capability
> 
> This sample application is made for the purpose so that users of DPDK who
> wish to get FIPS certification for their platforms, this sample app enables
> users to parse test vectors that is gotten from NIST and be able to get a
> generated response file which they can then verify and be sure their system
> will pass FIPS certification.
> 
> Marko Kovacevic (8):
> v4:
> - Added Limitation
> - Changed TDES BLOCK SIZE from 16 -> 8
>   as DES block size is 64bits (main.c)
> v3:
> - Fixed a no-testing bug
> - Fixed some code style issue
> 
> v2:
> - Refactor the code.
> - Move the code from test to sample applcation
> 
>   examples: add fips validation into examples
>   examples: add aes parser and enablement for test types
>   examples: add hmac parser
>   examples: add TDES parser and enablement for test types
>   examples: add gcm parser
>   examples: add cmac parser and enablement for test types
>   examples: add ccm parser and enablement for test types
>   doc: add guides for fips validation
> 
>  doc/guides/rel_notes/release_18_11.rst             |    6 +
>  doc/guides/sample_app_ug/fips_validation.rst       |  105 ++
>  doc/guides/sample_app_ug/index.rst                 |    1 +
>  examples/cryptodev_fips_validate/Makefile          |   75 ++
>  .../cryptodev_fips_parse_3des.c                    |  259 +++++
>  .../cryptodev_fips_parse_aes.c                     |  188 +++
>  .../cryptodev_fips_parse_ccm.c                     |  272 +++++
>  .../cryptodev_fips_parse_cmac.c                    |  116 ++
>  .../cryptodev_fips_parse_gcm.c                     |  125 ++
>  .../cryptodev_fips_parse_hmac.c                    |  105 ++
>  .../cryptodev_fips_parse_validate.c                |  593 ++++++++++
>  .../cryptodev_fips_validate.h                      |  234 ++++
>  examples/cryptodev_fips_validate/main.c            | 1221
> ++++++++++++++++++++
>  examples/cryptodev_fips_validate/meson.build       |   20 +
>  14 files changed, 3320 insertions(+)
>  create mode 100644 doc/guides/sample_app_ug/fips_validation.rst
>  create mode 100644 examples/cryptodev_fips_validate/Makefile
>  create mode 100644
> examples/cryptodev_fips_validate/cryptodev_fips_parse_3des.c
>  create mode 100644
> examples/cryptodev_fips_validate/cryptodev_fips_parse_aes.c
>  create mode 100644
> examples/cryptodev_fips_validate/cryptodev_fips_parse_ccm.c
>  create mode 100644
> examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
>  create mode 100644
> examples/cryptodev_fips_validate/cryptodev_fips_parse_gcm.c
>  create mode 100644
> examples/cryptodev_fips_validate/cryptodev_fips_parse_hmac.c
>  create mode 100644
> examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
>  create mode 100644
> examples/cryptodev_fips_validate/cryptodev_fips_validate.h
>  create mode 100644 examples/cryptodev_fips_validate/main.c
>  create mode 100644 examples/cryptodev_fips_validate/meson.build
> 
> --
> 2.9.5

Series-acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
  
Akhil Goyal Oct. 16, 2018, 2:40 p.m. UTC | #2
Hi Marko/Fan,

On 10/12/2018 8:14 PM, Marko Kovacevic wrote:
> This sample application is made for the purpose so that users of DPDK
> who wish to get FIPS certification for their platforms, this sample app enables
> users to parse test vectors that is gotten from NIST and be able to get
> a generated response file which they can then verify and be sure their
> system will pass FIPS certification.
>
> Marko Kovacevic (8):
> v4:
> - Added Limitation
> - Changed TDES BLOCK SIZE from 16 -> 8
>    as DES block size is 64bits (main.c)
> v3:
> - Fixed a no-testing bug
> - Fixed some code style issue
>
> v2:
> - Refactor the code.
> - Move the code from test to sample applcation
>
>    examples: add fips validation into examples
>    examples: add aes parser and enablement for test types
>    examples: add hmac parser
>    examples: add TDES parser and enablement for test types
>    examples: add gcm parser
>    examples: add cmac parser and enablement for test types
>    examples: add ccm parser and enablement for test types
>    doc: add guides for fips validation
>
>   doc/guides/rel_notes/release_18_11.rst             |    6 +
>   doc/guides/sample_app_ug/fips_validation.rst       |  105 ++
>   doc/guides/sample_app_ug/index.rst                 |    1 +
>   examples/cryptodev_fips_validate/Makefile          |   75 ++
>   .../cryptodev_fips_parse_3des.c                    |  259 +++++
>   .../cryptodev_fips_parse_aes.c                     |  188 +++
>   .../cryptodev_fips_parse_ccm.c                     |  272 +++++
>   .../cryptodev_fips_parse_cmac.c                    |  116 ++
>   .../cryptodev_fips_parse_gcm.c                     |  125 ++
>   .../cryptodev_fips_parse_hmac.c                    |  105 ++
>   .../cryptodev_fips_parse_validate.c                |  593 ++++++++++
>   .../cryptodev_fips_validate.h                      |  234 ++++
>   examples/cryptodev_fips_validate/main.c            | 1221 ++++++++++++++++++++
>   examples/cryptodev_fips_validate/meson.build       |   20 +
>   14 files changed, 3320 insertions(+)
>   create mode 100644 doc/guides/sample_app_ug/fips_validation.rst
>   create mode 100644 examples/cryptodev_fips_validate/Makefile
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_3des.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_aes.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_ccm.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_gcm.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_hmac.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_validate.h
>   create mode 100644 examples/cryptodev_fips_validate/main.c
>   create mode 100644 examples/cryptodev_fips_validate/meson.build
>
Some generic comments
- patch titles should be examples/cryptodev_fips_validate:XXX
- app name could be fips_validation. better to have same name file in doc.
- MAINTAINERS file is not updated.
- better to mention about Publication 140-2 of FIPS (which represent the 
crypto cases) in documentation
- Please mention in the documentation and the application as well that 
the .req file is optional and the application can be run without that. 
and the procedure to get the .req file as the documentation depicts that 
the .req file is present in the link provided.
- Why is the build dependent on bus_pci? Does it have limitation for not 
being used by any other buses? I think this should be bus independent.

Thanks,
Akhil