Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/111557/?format=api
{ "id": 111557, "url": "https://patches.dpdk.org/api/patches/111557/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20220520160554.495317-1-brian.dooley@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20220520160554.495317-1-brian.dooley@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20220520160554.495317-1-brian.dooley@intel.com", "date": "2022-05-20T16:05:53", "name": "[RFC] examples/fips_validation: add fips 140-3 acvp aes-cbc test", "commit_ref": null, "pull_url": null, "state": "rfc", "archived": true, "hash": "609485e15bfe0cb3059c695d9e62293846033fe5", "submitter": { "id": 2520, "url": "https://patches.dpdk.org/api/people/2520/?format=api", "name": "Dooley, Brian", "email": "brian.dooley@intel.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20220520160554.495317-1-brian.dooley@intel.com/mbox/", "series": [ { "id": 23070, "url": "https://patches.dpdk.org/api/series/23070/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=23070", "date": "2022-05-20T16:05:53", "name": "[RFC] examples/fips_validation: add fips 140-3 acvp aes-cbc test", "version": 1, "mbox": "https://patches.dpdk.org/series/23070/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/111557/comments/", "check": "fail", "checks": "https://patches.dpdk.org/api/patches/111557/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id DB621A0503;\n\tFri, 20 May 2022 18:09:59 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 85E8C40222;\n\tFri, 20 May 2022 18:09:59 +0200 (CEST)", "from mga09.intel.com (mga09.intel.com [134.134.136.24])\n by mails.dpdk.org (Postfix) with ESMTP id 5E00B40156\n for <dev@dpdk.org>; Fri, 20 May 2022 18:09:57 +0200 (CEST)", "from orsmga008.jf.intel.com ([10.7.209.65])\n by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 20 May 2022 09:06:35 -0700", "from silpixa00400883.ir.intel.com ([10.243.23.50])\n by orsmga008.jf.intel.com with ESMTP; 20 May 2022 09:06:33 -0700" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1653062997; x=1684598997;\n h=from:to:cc:subject:date:message-id:mime-version:\n content-transfer-encoding;\n bh=wKYo17j1Vz6dDxxng1V8dT6TjYfitjfKTYX5syCcH9c=;\n b=l2boxdAfv6g8tzzdhHia8kLDMwWOaSYLv6nYXpYzxe0Z94gaOY/Vos+G\n lht7tnlp5G8tRPRYopyZAJnne3mV+iaOZ4+weQHunYyVp8ro/u0bOv681\n 68OjZ1gljpXw66ACpeFvFmgYaDNLWGW6E+PY5ygYSn+D7JDJQfh7mn0vx\n zGV0Z2lUaEeLPeXsVJ01khl0G9AKZZGRrVK3+Jw98BYKRAXkpGltfd98T\n 39Wx7bujOoJAXzQ+9qq27IJeP53PWgZ2lFh5cxm/q48llPG6x87isOkz6\n kEZVeUDozMI1O3NXHUj29UhjK/iLhcBBy3+k8O9TCc7shaLUFHV5U1wLK g==;", "X-IronPort-AV": [ "E=McAfee;i=\"6400,9594,10353\"; a=\"272355873\"", "E=Sophos;i=\"5.91,239,1647327600\"; d=\"scan'208\";a=\"272355873\"", "E=Sophos;i=\"5.91,239,1647327600\"; d=\"scan'208\";a=\"599290403\"" ], "X-ExtLoop1": "1", "From": "Brian Dooley <brian.dooley@intel.com>", "To": "dev@dpdk.org", "Cc": "gakhil@marvell.com, gmuthukrishn@marvell.com,\n Brian Dooley <brian.dooley@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>", "Subject": "[RFC] examples/fips_validation: add fips 140-3 acvp aes-cbc test", "Date": "Fri, 20 May 2022 16:05:53 +0000", "Message-Id": "<20220520160554.495317-1-brian.dooley@intel.com>", "X-Mailer": "git-send-email 2.25.1", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "This RFC patch showcases an alternative approach to enable\nFIPS 140-3 support in the DPDK fips_validation sample application.\n\nThe approach presented here takes advantage of an existing open source\nlibrary, libacvp,(https://github.com/cisco/libacvp) to generate the\nparsed test cases instead of creating and maintaining a DPDK FIPS\ntest file parser. In addition call back functions are added to the\ndpdk-fips_validation application to process the parsed test vectors\nand write back the results.\n\nThis initial RFC patch contains the code to parse the FIPS 140-3\ntest files with libacvp library, and the AES-CBC test runner\ncallback function implementation with most test types covered\napart from MCT test.\n\nAlthough a different approach has been proposed\n(http://patches.dpdk.org/project/dpdk/list/?series=22738),\nit has the disadvantage of having to maintain the parsing code.\n\nFor the sake of this RFC here is some information on how to\nmodify and run a test case.\n\nThe libacvp library can be installed by following the Building\ninstructions in the README of the libacvp repo as linked above.\n\nAn example test vector which we can call as our input.req:\nhttps://github.com/cisco/libacvp/blob/main/test/json/aes/aes.json\n\nThe header acvVersion metadata at the start needs to been updated\nto the following:\n\n {\n \"acvVersion\": \"1.0\",\n \"jwt\": \"NA\",\n \"url\": \"NA\",\n \"isSample\": false,\n \"vectorSetUrls\": [\"NA\"]\n }\n\nWith this RFC patch applied you can then run the dpdk-fips_validation\nas follows:\n\n ./dpdk-fips_validation --vdev=crypto_aesni_mb -- \\\n --req-file input.req --rsp-file output.rsp --acvp\n\nPlease note the MCT tests in the input.req file will generate an\nincorrect result set as the IV update part has yet to be implemented.\nThis will be addressed in next revision.\n\nSigned-off-by: Brian Dooley <brian.dooley@intel.com>\n---\n examples/fips_validation/fips_test_acvp.c | 183 +++++++++++++++++++++\n examples/fips_validation/fips_validation.h | 34 ++++\n examples/fips_validation/main.c | 59 ++++---\n examples/fips_validation/meson.build | 9 +\n 4 files changed, 260 insertions(+), 25 deletions(-)\n create mode 100644 examples/fips_validation/fips_test_acvp.c", "diff": "diff --git a/examples/fips_validation/fips_test_acvp.c b/examples/fips_validation/fips_test_acvp.c\nnew file mode 100644\nindex 0000000000..55f6b35a7d\n--- /dev/null\n+++ b/examples/fips_validation/fips_test_acvp.c\n@@ -0,0 +1,183 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2022 Intel Corporation\n+ */\n+\n+#include <stdio.h>\n+#include <string.h>\n+#include <acvp/acvp.h>\n+#include <intel-ipsec-mb.h>\n+#include <stdint.h>\n+#include <stdlib.h>\n+#include <ctype.h>\n+\n+#include <rte_cryptodev.h>\n+#include <rte_malloc.h>\n+\n+#include \"fips_validation.h\"\n+\n+#define IV_OFF (sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op))\n+\n+static ACVP_RESULT logger(char *msg)\n+{\n+\tprintf(\"%s\", msg);\n+\treturn ACVP_SUCCESS;\n+}\n+\n+static int aes_cbc_handler(ACVP_TEST_CASE *test_case)\n+{\n+\tACVP_SYM_CIPHER_TC *tc;\n+\tstruct rte_crypto_sym_xform xform = { 0 };\n+\tconst struct rte_cryptodev_symmetric_capability *cap;\n+\tstruct rte_cryptodev_sym_capability_idx cap_idx;\n+\tstruct rte_crypto_cipher_xform *cipher_xform = &xform.cipher;\n+\tstruct rte_crypto_sym_op *sym = env.op->sym;\n+\tstruct fips_val val = {NULL, 0};\n+\tuint8_t *iv = rte_crypto_op_ctod_offset(env.op, uint8_t *, IV_OFF);\n+\tuint16_t n_deqd;\n+\tint ret;\n+\n+\tmemset(&xform, 0, sizeof(xform));\n+\n+\ttc = test_case->tc.symmetric;\n+\n+\txform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\n+\tcipher_xform->algo = RTE_CRYPTO_CIPHER_AES_CBC;\n+\tcipher_xform->op = (tc->direction == ACVP_SYM_CIPH_DIR_ENCRYPT) ?\n+\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT :\n+\t\tRTE_CRYPTO_AEAD_OP_DECRYPT;\n+\tcipher_xform->key.data = tc->key;\n+\t/* Check support for 128 bit key*/\n+\tif (tc->key_len % 8 == 0)\n+\t\tcipher_xform->key.length = 16;\n+\telse\n+\t\tcipher_xform->key.length = tc->key_len;\n+\n+\tif (cipher_xform->algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tcipher_xform->iv.length = tc->iv_len;\n+\t\tcipher_xform->iv.offset = IV_OFF;\n+\t} else {\n+\t\tcipher_xform->iv.length = 0;\n+\t\tcipher_xform->iv.offset = 0;\n+\t}\n+\tcap_idx.algo.cipher = cipher_xform->algo;\n+\tcap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\n+\tcap = rte_cryptodev_sym_capability_get(env.dev_id, &cap_idx);\n+\tif (!cap) {\n+\t\tRTE_LOG(ERR, USER1, \"Failed to get capability for cdev %u\\n\",\n+\t\t\t\tenv.dev_id);\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (rte_cryptodev_sym_capability_check_cipher(cap,\n+\t\t\tcipher_xform->key.length,\n+\t\t\tcipher_xform->iv.length) != 0) {\n+\t\tRTE_LOG(ERR, USER1, \"PMD %s key length %u IV length %u\\n\",\n+\t\t\t\tinfo.device_name, cipher_xform->key.length,\n+\t\t\t\tcipher_xform->iv.length);\n+\t\treturn -EPERM;\n+\t}\n+\n+\tenv.sess = rte_cryptodev_sym_session_create(env.sess_mpool);\n+\tif (!env.sess)\n+\t\treturn -ENOMEM;\n+\n+\tret = rte_cryptodev_sym_session_init(env.dev_id, env.sess, &xform,\n+\tenv.sess_priv_mpool);\n+\tif (ret < 0) {\n+\t\tRTE_LOG(ERR, PMD, \"Error %i: Init session\\n\", ret);\n+\t\treturn ret;\n+\t}\n+\n+\tif (env.op)\n+\t\trte_crypto_op_free(env.op);\n+\n+\tenv.op = rte_crypto_op_alloc(env.op_pool,\n+\t\t\tRTE_CRYPTO_OP_TYPE_SYMMETRIC);\n+\tif (!env.op)\n+\t\tret = -ENOMEM;\n+\n+\tmemcpy(iv, tc->iv, tc->iv_len);\n+\n+\tif (tc->direction == ACVP_SYM_CIPH_DIR_ENCRYPT) {\n+\t\tval.val = tc->pt;\n+\t\tval.len = tc->pt_len;\n+\t} else { /* Decrypt */\n+\t\tval.val = tc->ct;\n+\t\tval.len = tc->ct_len;\n+\t}\n+\n+\tret = prepare_data_mbufs(&val);\n+\tif (ret < 0)\n+\t\treturn ret;\n+\n+\tif (tc->direction == ACVP_SYM_CIPH_DIR_ENCRYPT) {\n+\t\tsym->cipher.data.length = tc->pt_len;\n+\t} else { /* Decrypt */\n+\t\tsym->cipher.data.length = tc->ct_len;\n+\t}\n+\n+\trte_crypto_op_attach_sym_session(env.op, env.sess);\n+\n+\tsym->m_src = env.mbuf;\n+\tsym->cipher.data.offset = 0;\n+\n+\tif (rte_cryptodev_enqueue_burst(env.dev_id, 0, &env.op, 1) < 1) {\n+\t\tRTE_LOG(ERR, USER1, \"Error: Failed enqueue\\n\");\n+\t\treturn ret = -1;\n+\t}\n+\n+\tdo {\n+\t\tstruct rte_crypto_op *deqd_op[1];\n+\n+\t\tn_deqd = rte_cryptodev_dequeue_burst(env.dev_id, 0, deqd_op,\n+\t\t\t\t1);\n+\t} while (n_deqd == 0);\n+\n+\trte_cryptodev_sym_session_clear(env.dev_id, env.sess);\n+\trte_cryptodev_sym_session_free(env.sess);\n+\n+\tval.val = NULL;\n+\n+\tret = get_writeback_data(&val);\n+\tif (ret < 0)\n+\t\treturn ret;\n+\n+\tif (tc->direction == ACVP_SYM_CIPH_DIR_ENCRYPT) {\n+\t\tmemcpy(tc->ct, val.val, val.len);\n+\t\ttc->ct_len = val.len;\n+\t} else { /* Decrypt */\n+\t\tmemcpy(tc->pt, val.val, val.len);\n+\t\ttc->pt_len = val.len;\n+\t}\n+\n+\treturn ret;\n+}\n+\n+int\n+fips_test_acvp_init(void **acvp_ctx)\n+{\n+\t*acvp_ctx = NULL;\n+\tACVP_RESULT acvp_ret = ACVP_SUCCESS;\n+\n+\t/* Create test session and enable CBC tests */\n+\tacvp_ret = acvp_create_test_session((ACVP_CTX **)acvp_ctx, logger,\n+\t\t\t\t\tACVP_LOG_LVL_INFO);\n+\tif (acvp_ret != ACVP_SUCCESS)\n+\t\treturn acvp_ret;\n+\n+\tif (acvp_cap_sym_cipher_enable((ACVP_CTX *)*acvp_ctx, ACVP_AES_CBC,\n+\t\t\t\t&aes_cbc_handler) != ACVP_SUCCESS)\n+\t\treturn acvp_ret;\n+\n+\treturn ACVP_SUCCESS;\n+}\n+\n+void\n+fips_test_acvp(void *acvp_ctx, const char *req_file_path,\n+\t\t\tconst char *rsp_file_path)\n+{\n+\t/* Parse request file, run crypto tests and write out response file */\n+\tacvp_run_vectors_from_file(acvp_ctx, req_file_path, rsp_file_path);\n+}\ndiff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h\nindex aaadf01ba8..de831fd0aa 100644\n--- a/examples/fips_validation/fips_validation.h\n+++ b/examples/fips_validation/fips_validation.h\n@@ -193,8 +193,31 @@ struct fips_test_interim_info {\n \tpost_prcess_t kat_check;\n };\n \n+struct cryptodev_fips_validate_env {\n+\tconst char *req_path;\n+\tconst char *rsp_path;\n+\tuint32_t is_path_folder;\n+\tuint8_t dev_id;\n+\tuint8_t dev_support_sgl;\n+\tuint16_t mbuf_data_room;\n+\tstruct rte_mempool *mpool;\n+\tstruct rte_mempool *sess_mpool;\n+\tstruct rte_mempool *sess_priv_mpool;\n+\tstruct rte_mempool *op_pool;\n+\tstruct rte_mbuf *mbuf;\n+\tuint8_t *digest;\n+\tuint16_t digest_len;\n+\tstruct rte_crypto_op *op;\n+\tstruct rte_cryptodev_sym_session *sess;\n+\tuint16_t self_test;\n+\tstruct fips_dev_broken_test_config *broken_test_config;\n+\tuint8_t is_acvp;\n+\tvoid *acvp_ctx;\n+};\n+\n extern struct fips_test_vector vec;\n extern struct fips_test_interim_info info;\n+extern struct cryptodev_fips_validate_env env;\n \n int\n fips_test_init(const char *req_file_path, const char *rsp_file_path,\n@@ -289,4 +312,15 @@ int prepare_gcm_xform(struct rte_crypto_sym_xform *xform);\n \n int prepare_gmac_xform(struct rte_crypto_sym_xform *xform);\n \n+int prepare_data_mbufs(struct fips_val *val);\n+\n+int get_writeback_data(struct fips_val *val);\n+\n+__rte_weak void\n+fips_test_acvp(void *acvp_ctx, const char *req_file_path,\n+\t\t\t\tconst char *rsp_file_path);\n+\n+__rte_weak int\n+fips_test_acvp_init(void **acvp_ctx);\n+\n #endif\ndiff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c\nindex e06ae37567..54b45dcc1f 100644\n--- a/examples/fips_validation/main.c\n+++ b/examples/fips_validation/main.c\n@@ -12,6 +12,8 @@\n #include <rte_mbuf.h>\n #include <rte_string_fns.h>\n \n+#include <acvp/acvp.h>\n+\n #include \"fips_validation.h\"\n #include \"fips_dev_self_test.h\"\n \n@@ -34,30 +36,13 @@ enum {\n \tOPT_CRYPTODEV_BK_ID_NUM,\n #define OPT_CRYPTODEV_BK_DIR_KEY \"broken-test-dir\"\n \tOPT_CRYPTODEV_BK_DIR_KEY_NUM,\n+#define OPT_CRYPTODEV_ACVP\t\t\t\"acvp\"\n+\tOPT_CRYPTODEV_ACVP_NUM,\n };\n \n struct fips_test_vector vec;\n struct fips_test_interim_info info;\n-\n-struct cryptodev_fips_validate_env {\n-\tconst char *req_path;\n-\tconst char *rsp_path;\n-\tuint32_t is_path_folder;\n-\tuint8_t dev_id;\n-\tuint8_t dev_support_sgl;\n-\tuint16_t mbuf_data_room;\n-\tstruct rte_mempool *mpool;\n-\tstruct rte_mempool *sess_mpool;\n-\tstruct rte_mempool *sess_priv_mpool;\n-\tstruct rte_mempool *op_pool;\n-\tstruct rte_mbuf *mbuf;\n-\tuint8_t *digest;\n-\tuint16_t digest_len;\n-\tstruct rte_crypto_op *op;\n-\tstruct rte_cryptodev_sym_session *sess;\n-\tuint16_t self_test;\n-\tstruct fips_dev_broken_test_config *broken_test_config;\n-} env;\n+struct cryptodev_fips_validate_env env;\n \n static int\n cryptodev_fips_validate_app_int(void)\n@@ -79,6 +64,12 @@ cryptodev_fips_validate_app_int(void)\n \t\t}\n \t}\n \n+\tif (env.is_acvp) {\n+\t\tret = fips_test_acvp_init(&env.acvp_ctx);\n+\t\tif (ret < 0)\n+\t\t\treturn ret;\n+\t}\n+\n \tret = rte_cryptodev_configure(env.dev_id, &conf);\n \tif (ret < 0)\n \t\treturn ret;\n@@ -161,6 +152,7 @@ cryptodev_fips_validate_app_uninit(void)\n \trte_mempool_free(env.sess_mpool);\n \trte_mempool_free(env.sess_priv_mpool);\n \trte_mempool_free(env.op_pool);\n+\tacvp_free_test_session(env.acvp_ctx);\n }\n \n static int\n@@ -218,11 +210,13 @@ cryptodev_fips_validate_usage(const char *prgname)\n \t\t\" --%s: CRYPTODEV-ID-NAME\\n\"\n \t\t\" --%s: self test indicator\\n\"\n \t\t\" --%s: self broken test ID\\n\"\n-\t\t\" --%s: self broken test direction\\n\",\n+\t\t\" --%s: self broken test direction\\n\"\n+\t\t\" --%s: acvp test indicator\\n\",\n \t\tprgname, OPT_REQ_FILE_PATH, OPT_RSP_FILE_PATH,\n \t\tOPT_FOLDER, OPT_MBUF_DATAROOM, def_mbuf_seg_size,\n \t\tOPT_CRYPTODEV, OPT_CRYPTODEV_ID, OPT_CRYPTODEV_ST,\n-\t\tOPT_CRYPTODEV_BK_ID, OPT_CRYPTODEV_BK_DIR_KEY);\n+\t\tOPT_CRYPTODEV_BK_ID, OPT_CRYPTODEV_BK_DIR_KEY,\n+\t\tOPT_CRYPTODEV_ACVP);\n }\n \n static int\n@@ -251,6 +245,8 @@ cryptodev_fips_validate_parse_args(int argc, char **argv)\n \t\t\t\tNULL, OPT_CRYPTODEV_BK_ID_NUM},\n \t\t{OPT_CRYPTODEV_BK_DIR_KEY, required_argument,\n \t\t\t\tNULL, OPT_CRYPTODEV_BK_DIR_KEY_NUM},\n+\t\t{OPT_CRYPTODEV_ACVP, no_argument,\n+\t\t\t\tNULL, OPT_CRYPTODEV_ACVP_NUM},\n \t\t{NULL, 0, 0, 0}\n \t};\n \n@@ -363,6 +359,10 @@ cryptodev_fips_validate_parse_args(int argc, char **argv)\n \t\t\t}\n \t\t\tbreak;\n \n+\t\tcase OPT_CRYPTODEV_ACVP_NUM:\n+\t\t\tenv.is_acvp = 1;\n+\t\t\tbreak;\n+\n \t\tdefault:\n \t\t\tcryptodev_fips_validate_usage(prgname);\n \t\t\treturn -EINVAL;\n@@ -417,6 +417,11 @@ main(int argc, char *argv[])\n \tif (!env.is_path_folder) {\n \t\tprintf(\"Processing file %s... \", env.req_path);\n \n+\t\tif (env.is_acvp) {\n+\t\t\tfips_test_acvp(env.acvp_ctx, env.req_path, env.rsp_path);\n+\t\t\tprintf(\"Done\\n\");\n+\t\t\tgoto exit;\n+\t\t}\n \t\tret = fips_test_init(env.req_path, env.rsp_path,\n \t\t\trte_cryptodev_name_get(env.dev_id));\n \t\tif (ret < 0) {\n@@ -425,7 +430,6 @@ main(int argc, char *argv[])\n \t\t\tgoto exit;\n \t\t}\n \n-\n \t\tret = fips_test_one_file();\n \t\tif (ret < 0) {\n \t\t\tRTE_LOG(ERR, USER1, \"Error %i: Failed test %s\\n\",\n@@ -473,6 +477,11 @@ main(int argc, char *argv[])\n \n \t\t\tprintf(\"Processing file %s... \", req_path);\n \n+\t\t\tif (env.is_acvp) {\n+\t\t\t\tfips_test_acvp(env.acvp_ctx, env.req_path, env.rsp_path);\n+\t\t\t\tcontinue;\n+\t\t\t}\n+\n \t\t\tret = fips_test_init(req_path, rsp_path,\n \t\t\trte_cryptodev_name_get(env.dev_id));\n \t\t\tif (ret < 0) {\n@@ -511,7 +520,7 @@ main(int argc, char *argv[])\n \n struct fips_test_ops test_ops;\n \n-static int\n+int\n prepare_data_mbufs(struct fips_val *val)\n {\n \tstruct rte_mbuf *m, *head = 0;\n@@ -1115,7 +1124,7 @@ prepare_xts_xform(struct rte_crypto_sym_xform *xform)\n \treturn 0;\n }\n \n-static int\n+int\n get_writeback_data(struct fips_val *val)\n {\n \tstruct rte_mbuf *m = env.mbuf;\ndiff --git a/examples/fips_validation/meson.build b/examples/fips_validation/meson.build\nindex 7eef456318..03302fcc5a 100644\n--- a/examples/fips_validation/meson.build\n+++ b/examples/fips_validation/meson.build\n@@ -19,5 +19,14 @@ sources = files(\n 'fips_validation_sha.c',\n 'fips_validation_xts.c',\n 'fips_dev_self_test.c',\n+ 'fips_test_acvp.c',\n 'main.c',\n )\n+\n+libacvp = cc.find_library('acvp', required: true)\n+\n+if not libacvp.found()\n+ libacvp = false\n+endif\n+\n+ext_deps += libacvp\n", "prefixes": [ "RFC" ] }