acvp_app needs the ability to support multiple implementations under test (IuTs). In current versions of acvp_app, the code for running the general flow (CLI parsing, libacvp calls, end user flow, etc) of the software is intertwined with openSSL-specific code. This includes the capabilities registration code, but also CLI parsing, TOTP generation, utility apis, etc. This refactor serves to separate the IUT code from the code responsible for managing the general flow of the software.
Overview
Any implementations supported by acvp_app will have all of their relevant code stored in their own folder in the app "implementations" folder. Each supported implementation will have several generic APIs that interface with the main app code -
/* Perform any setup needed to initialize the given IUT */
ACVP_RESULT iut_setup(APP_CONFIG *cfg);
/* Register the capabilities of the given IUT */
ACVP_RESULT iut_register_capabilities(ACVP_CTX *ctx, APP_CONFIG *cfg);
/** Frees any memory associated with the harness AFTER all tests are complete */
ACVP_RESULT iut_cleanup(void);
/* prints all relevant IuT version information to stdout */
void iut_print_version(APP_CONFIG *cfg);
The main code of acvp_app will now call these functions instead of any implementation-specific code.
Each version of acvp_app will be built to support running tests for a single implementation. This will be determined at configure time, and automake will pull in the correct files for that IuT. There is wiggle room for implementations that can be dynamically loaded at run time (like OpenSSL FIPS provider; the build system knows its OpenSSL 3.X and we determine the rest at runtime).
All of the existing harness code supporting OpenSSL 3.X has been moved into the proper implementation folder. We also have added a basic harness for testing jitter entropy - a readme and details about this will added in a future PR. This also helps illustrate the new structure of the application.
TOTP Handling
Current versions of acvp_app use OpenSSL to generate TOTPs. However, we want the flexibility to avoid linking to a library that we are not testing. Instead, we have integrated the HMAC SHA implementation here - https://github.com/h5p9sl/hmac_sha256 -so TOTP is handled independently of any IuT we are built with or linked to.
Other improvements
Registration code for each version of OpenSSL supported now gets its own file. This removes depending on a bunch of different #ifs and #ifdefs for registration, and makes it much easier to ensure that IuT registrations don't change after they have already been certified.
Todo
Add more documentation for new app structure in readmes
Update application UTs to match new structure (Currently likely won't build)
Update windows build system to accommodate new app structure (Currently won't build)
Double check all registrations for OpenSSL
Initial work for acvp_app refactor
acvp_app needs the ability to support multiple implementations under test (IuTs). In current versions of acvp_app, the code for running the general flow (CLI parsing, libacvp calls, end user flow, etc) of the software is intertwined with openSSL-specific code. This includes the capabilities registration code, but also CLI parsing, TOTP generation, utility apis, etc. This refactor serves to separate the IUT code from the code responsible for managing the general flow of the software.
Overview
Any implementations supported by acvp_app will have all of their relevant code stored in their own folder in the app "implementations" folder. Each supported implementation will have several generic APIs that interface with the main app code -
The main code of acvp_app will now call these functions instead of any implementation-specific code.
Each version of acvp_app will be built to support running tests for a single implementation. This will be determined at configure time, and automake will pull in the correct files for that IuT. There is wiggle room for implementations that can be dynamically loaded at run time (like OpenSSL FIPS provider; the build system knows its OpenSSL 3.X and we determine the rest at runtime).
All of the existing harness code supporting OpenSSL 3.X has been moved into the proper implementation folder. We also have added a basic harness for testing jitter entropy - a readme and details about this will added in a future PR. This also helps illustrate the new structure of the application.
TOTP Handling
Current versions of acvp_app use OpenSSL to generate TOTPs. However, we want the flexibility to avoid linking to a library that we are not testing. Instead, we have integrated the HMAC SHA implementation here - https://github.com/h5p9sl/hmac_sha256 -so TOTP is handled independently of any IuT we are built with or linked to.
Other improvements
Registration code for each version of OpenSSL supported now gets its own file. This removes depending on a bunch of different #ifs and #ifdefs for registration, and makes it much easier to ensure that IuT registrations don't change after they have already been certified.
Todo
Add more documentation for new app structure in readmes Update application UTs to match new structure (Currently likely won't build) Update windows build system to accommodate new app structure (Currently won't build) Double check all registrations for OpenSSL