Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/47729/?format=api
http://patches.dpdk.org/api/patches/47729/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20181102095535.7906-9-marko.kovacevic@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20181102095535.7906-9-marko.kovacevic@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20181102095535.7906-9-marko.kovacevic@intel.com", "date": "2018-11-02T09:55:35", "name": "[v7,8/8] doc: add fips validation application guide", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "dfdab57c7348e6f91cac5541258817222a67a6c1", "submitter": { "id": 853, "url": "http://patches.dpdk.org/api/people/853/?format=api", "name": "Kovacevic, Marko", "email": "marko.kovacevic@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20181102095535.7906-9-marko.kovacevic@intel.com/mbox/", "series": [ { "id": 2223, "url": "http://patches.dpdk.org/api/series/2223/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=2223", "date": "2018-11-02T09:55:27", "name": "FIPS validation capability", "version": 7, "mbox": "http://patches.dpdk.org/series/2223/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/47729/comments/", "check": "warning", "checks": "http://patches.dpdk.org/api/patches/47729/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 7460C1B411;\n\tFri, 2 Nov 2018 10:55:59 +0100 (CET)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n\tby dpdk.org (Postfix) with ESMTP id 2E1431B3A4\n\tfor <dev@dpdk.org>; Fri, 2 Nov 2018 10:55:54 +0100 (CET)", "from fmsmga001.fm.intel.com ([10.253.24.23])\n\tby fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t02 Nov 2018 02:55:53 -0700", "from silpixa00399502.ir.intel.com (HELO\n\tsilpixa00399502.ger.corp.intel.com) ([10.237.223.218])\n\tby fmsmga001.fm.intel.com with ESMTP; 02 Nov 2018 02:55:52 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.54,455,1534834800\"; d=\"scan'208\";a=\"104701229\"", "From": "\"Kovacevic, Marko\" <marko.kovacevic@intel.com>", "To": "akhil.goyal@nxp.com", "Cc": "dev@dpdk.org, roy.fan.zhang@intel.com, arkadiuszx.kusztal@intel.com,\n\t\"Kovacevic, Marko\" <marko.kovacevic@intel.com>", "Date": "Fri, 2 Nov 2018 09:55:35 +0000", "Message-Id": "<20181102095535.7906-9-marko.kovacevic@intel.com>", "X-Mailer": "git-send-email 2.9.5", "In-Reply-To": "<20181102095535.7906-1-marko.kovacevic@intel.com>", "References": "<20181026110716.42093-1-marko.kovacevic@intel.com>\n\t<20181102095535.7906-1-marko.kovacevic@intel.com>", "Subject": "[dpdk-dev] [PATCH v7 8/8] doc: add fips validation application guide", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Document explains how to run the fips sample app\nand instructions users need to parser all the request\nfiles and generate the response files.\n\nSigned-off-by: Marko Kovacevic <marko.kovacevic@intel.com>\nSigned-off-by: Fan Zhang <roy.fan.zhang@intel.com>\nAcked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>\n---\n doc/guides/rel_notes/release_18_11.rst | 5 +\n doc/guides/sample_app_ug/fips_validation.rst | 132 +++++++++++++++++++++++++++\n doc/guides/sample_app_ug/index.rst | 1 +\n 3 files changed, 138 insertions(+)\n create mode 100644 doc/guides/sample_app_ug/fips_validation.rst", "diff": "diff --git a/doc/guides/rel_notes/release_18_11.rst b/doc/guides/rel_notes/release_18_11.rst\nindex 376128f..8fa0441 100644\n--- a/doc/guides/rel_notes/release_18_11.rst\n+++ b/doc/guides/rel_notes/release_18_11.rst\n@@ -285,6 +285,11 @@ New Features\n this application doesn't need to launch dedicated worker threads for vhost\n enqueue/dequeue operations.\n \n+* **Added Cryptodev Fips Validation Example Application.**\n+\n+ Added an example application to parse and perform symmetric cryptography\n+ computation to the NIST Cryptographic Algorithm Validation Program (CAVP)\n+ test vectors.\n \n API Changes\n -----------\ndiff --git a/doc/guides/sample_app_ug/fips_validation.rst b/doc/guides/sample_app_ug/fips_validation.rst\nnew file mode 100644\nindex 0000000..aeacfac\n--- /dev/null\n+++ b/doc/guides/sample_app_ug/fips_validation.rst\n@@ -0,0 +1,132 @@\n+.. SPDX-License-Identifier: BSD-3-Clause\n+ Copyright(c) 2018 Intel Corporation.\n+\n+Federal Information Processing Standards (FIPS) CryptoDev Validation\n+====================================================================\n+\n+Overview\n+--------\n+\n+Federal Information Processing Standards (FIPS) are publicly announced standards\n+developed by the United States federal government for use in computer systems by\n+non-military government agencies and government contractors.\n+\n+This application is used to parse and perform symmetric cryptography\n+computation to the NIST Cryptographic Algorithm Validation Program (CAVP) test\n+vectors.\n+\n+For an algorithm implementation to be listed on a cryptographic module\n+validation certificate as an Approved security function, the algorithm\n+implementation must meet all the requirements of FIPS 140-2 and must\n+successfully complete the cryptographic algorithm validation process.\n+\n+Limitations\n+-----------\n+\n+* Only NIST CAVP request files are parsed by this application.\n+* The version of request file supported is ``CAVS 21.0``\n+* If the header comment in a ``.req`` file does not contain a Algo tag\n+ i.e ``AES,TDES,GCM`` you need to manually add it into the header comment for\n+ example::\n+\n+ # VARIABLE KEY - KAT for CBC / # TDES VARIABLE KEY - KAT for CBC\n+\n+* The application does not supply the test vectors. The user is expected to\n+ obtain the test vector files from `NIST\n+ <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-\n+ program/block-ciphers>`_ website. To obtain the ``.req`` files you need to\n+ email a person from the NIST website and pay for the ``.req`` files.\n+ The ``.rsp`` files from the site can be used to validate and compare with\n+ the ``.rsp`` files created by the FIPS application.\n+\n+* Supported test vectors\n+ * AES-CBC (128,192,256) - GFSbox, KeySbox, MCT, MMT\n+ * AES-GCM (128,192,256) - EncryptExtIV, Decrypt\n+ * AES-CCM (128) - VADT, VNT, VPT, VTT, DVPT\n+ * AES-CMAC (128) - Generate, Verify\n+ * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)\n+ * TDES-CBC (1 Key, 2 Keys, 3 Keys) - MMT, Monte, Permop, Subkey, Varkey,\n+ VarText\n+\n+Application Information\n+-----------------------\n+\n+If a ``.req`` is used as the input file after the application is finished\n+running it will generate a response file or ``.rsp``. Differences between the\n+two files are, the ``.req`` file has missing information for instance if doing\n+encryption you will not have the cipher text and that will be generated in the\n+response file. Also if doing decryption it will not have the plain text until it\n+finished the work and in the response file it will be added onto the end of each\n+operation.\n+\n+The application can be run with a ``.rsp`` file and what the outcome of that\n+will be is it will add a extra line in the generated ``.rsp`` which should be\n+the same as the ``.rsp`` used to run the application, this is useful for\n+validating if the application has done the operation correctly.\n+\n+\n+Compiling the Application\n+-------------------------\n+\n+* Compile Application\n+\n+ .. code-block:: console\n+\n+ make -C examples/fips_validation\n+\n+* Run ``dos2unix`` on the request files\n+\n+ .. code-block:: console\n+\n+ dos2unix AES/req/*\n+ dos2unix AES_GCM/req/*\n+ dos2unix CCM/req/*\n+ dos2unix CMAC/req/*\n+ dos2unix HMAC/req/*\n+ dos2unix TDES/req/*\n+\n+Running the Application\n+-----------------------\n+\n+The application requires a number of command line options:\n+\n+ .. code-block:: console\n+\n+ ./fips_validation [EAL options]\n+ -- --req-file FILE_PATH/FOLDER_PATH\n+ --rsp-file FILE_PATH/FOLDER_PATH\n+ [--cryptodev DEVICE_NAME] [--cryptodev-id ID] [--path-is-folder]\n+\n+where,\n+ * req-file: The path of the request file or folder, separated by\n+ ``path-is-folder`` option.\n+\n+ * rsp-file: The path that the response file or folder is stored. separated by\n+ ``path-is-folder`` option.\n+\n+ * cryptodev: The name of the target DPDK Crypto device to be validated.\n+\n+ * cryptodev-id: The id of the target DPDK Crypto device to be validated.\n+\n+ * path-is-folder: If presented the application expects req-file and rsp-file\n+ are folder paths.\n+\n+\n+To run the application in linuxapp environment to test one AES FIPS test data\n+file for crypto_aesni_mb PMD, issue the command:\n+\n+.. code-block:: console\n+\n+ $ ./fips_validation --vdev crypto_aesni_mb --\n+ --req-file /PATH/TO/REQUEST/FILE.req --rsp-file ./PATH/TO/RESPONSE/FILE.rsp\n+ --cryptodev crypto_aesni_mb\n+\n+To run the application in linuxapp environment to test all AES-GCM FIPS test\n+data files in one folder for crypto_aesni_gcm PMD, issue the command:\n+\n+.. code-block:: console\n+\n+ $ ./fips_validation --vdev crypto_aesni_gcm0 --\n+ --req-file /PATH/TO/REQUEST/FILE/FOLDER/\n+ --rsp-file ./PATH/TO/RESPONSE/FILE/FOLDER/\n+ --cryptodev-id 0 --path-is-folder\ndiff --git a/doc/guides/sample_app_ug/index.rst b/doc/guides/sample_app_ug/index.rst\nindex 74b12af..65c12d9 100644\n--- a/doc/guides/sample_app_ug/index.rst\n+++ b/doc/guides/sample_app_ug/index.rst\n@@ -57,6 +57,7 @@ Sample Applications User Guides\n performance_thread\n ipsec_secgw\n bbdev_app\n+ fips_validation\n \n **Figures**\n \n", "prefixes": [ "v7", "8/8" ] }{ "id": 47729, "url": "