Hi Stephan, Thank you very much for the reply. Yes we would need to write the test for AEC (ECB,CBC,CTR) 128 and 256 bits, SHA-1, SHA-2 (256,384 and 512), HMAC, DRBG and also for key derivation functions. We are planning to write netlink based kernel module to receive the data (test vector input) from the user space and process the data and generate the result, pass it on to user space. I wanted to know if this sounds a reasonable approach? Thanks in advance, Jayalakshmi -----Original Message----- From: Stephan Mueller <smueller@xxxxxxxxxx> Sent: Thursday, July 11, 2019 5:30 PM To: Bhat, Jayalakshmi Manjunath <jayalakshmi.bhat@xxxxxx> Cc: linux-crypto@xxxxxxxxxxxxxxx Subject: Re: CAVS test harness Am Donnerstag, 11. Juli 2019, 13:52:29 CEST schrieb Stephan Mueller: Hi, > Am Dienstag, 9. Juli 2019, 08:43:51 CEST schrieb Bhat, Jayalakshmi > Manjunath: > > Hi Jayalakshmi, > > > Hi All, > > > > We are working on a product that requires NIAP certification and use > > IPSec environment for certification. IPSec functionality is achieved > > by third party IPsec library and native XFRM. Third party IPsec > > library is used for ISAKMP and XFRM for IPsec. > > > > CAVS test cases are required for NIAP certification. Thus we need > > to implement CAVS test harness for Third party library and Linux > > crypto algorithms. I found the documentation on kernel crypto API usage. > > > > Please can you indication what is the right method to implement the > > test harness for Linux crypto algorithms. > > 1. Should I implement CAVS test > > harness for Linux kernel crypto algorithms as a user space > > application that exercise the kernel crypto API? > > 2. Should I implement CAVS test harness as > > module in Linux kernel? > > As I have implemented the full CAVS test framework I can tell you that > the AF_ALG interface will not allow you to perform all tests required by CAVS. > > Thus you need to implement your own kernel module with its own interface. As a side note: if you only want to test the symmetric ciphers and the hashes/ HMACs, you can implement that with libkcapi easily. However, if you are interested in testing the DRBG due to its relevance for the GCM IV, you certainly need a kernel module. > > > Any information on this will help me very much on implementation. > > > > Regards, > > Jayalakshmi > > Ciao > Stephan Ciao Stephan
