Re: CAVS test harness

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Donnerstag, 11. Juli 2019, 13:52:29 CEST schrieb Stephan Mueller:

Hi,

> Am Dienstag, 9. Juli 2019, 08:43:51 CEST schrieb Bhat, Jayalakshmi
> Manjunath:
> 
> Hi Jayalakshmi,
> 
> > Hi All,
> > 
> > We are working on a product that requires NIAP certification and use IPSec
> > environment for certification. IPSec functionality is achieved by third
> > party IPsec library and native XFRM. Third  party IPsec library is used
> > for
> > ISAKMP and XFRM for IPsec.
> > 
> > CAVS test cases are required for NIAP certification.  Thus we need to
> > implement CAVS test harness for Third party library and Linux crypto
> > algorithms. I found the documentation on kernel crypto API usage.
> > 
> > Please can you indication what is the right method to implement the test
> > harness for Linux crypto algorithms.
> > 1.	Should I implement CAVS test
> > harness for Linux kernel crypto algorithms as a user space application
> > that
> > exercise the kernel crypto API?
> > 2.	Should I implement  CAVS test harness as
> > module in Linux kernel?
> 
> As I have implemented the full CAVS test framework I can tell you that the
> AF_ALG interface will not allow you to perform all tests required by CAVS.
> 
> Thus you need to implement your own kernel module with its own interface.

As a side note: if you only want to test the symmetric ciphers and the hashes/
HMACs, you can implement that with libkcapi easily.

However, if you are interested in testing the DRBG due to its relevance for 
the GCM IV, you certainly need a kernel module.
> 
> > Any information on this will help me very much on implementation.
> > 
> > Regards,
> > Jayalakshmi
> 
> Ciao
> Stephan



Ciao
Stephan





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux