Am Donnerstag, 11. Juli 2019, 13:52:29 CEST schrieb Stephan Mueller: Hi, > Am Dienstag, 9. Juli 2019, 08:43:51 CEST schrieb Bhat, Jayalakshmi > Manjunath: > > Hi Jayalakshmi, > > > Hi All, > > > > We are working on a product that requires NIAP certification and use IPSec > > environment for certification. IPSec functionality is achieved by third > > party IPsec library and native XFRM. Third party IPsec library is used > > for > > ISAKMP and XFRM for IPsec. > > > > CAVS test cases are required for NIAP certification. Thus we need to > > implement CAVS test harness for Third party library and Linux crypto > > algorithms. I found the documentation on kernel crypto API usage. > > > > Please can you indication what is the right method to implement the test > > harness for Linux crypto algorithms. > > 1. Should I implement CAVS test > > harness for Linux kernel crypto algorithms as a user space application > > that > > exercise the kernel crypto API? > > 2. Should I implement CAVS test harness as > > module in Linux kernel? > > As I have implemented the full CAVS test framework I can tell you that the > AF_ALG interface will not allow you to perform all tests required by CAVS. > > Thus you need to implement your own kernel module with its own interface. As a side note: if you only want to test the symmetric ciphers and the hashes/ HMACs, you can implement that with libkcapi easily. However, if you are interested in testing the DRBG due to its relevance for the GCM IV, you certainly need a kernel module. > > > Any information on this will help me very much on implementation. > > > > Regards, > > Jayalakshmi > > Ciao > Stephan Ciao Stephan
