search

smuellerDD / acvpparser

ACVP Parser for invocation of cryptographic implementations using the ACVP JSON test vectors
https://www.chronox.de/acvpparser
Other
36 stars 27 forks source link

Support ACVP_CBC case in kcapi_lrng backend #82

Closed x168 closed 3 months ago

x168 commented 4 months ago

Prior to this adjustment, I encountered an error message indicating that...

ACVPParser (08:03:14) Error [backends/backend_kcapi_lrng.c:kcapi_ciphername:251]: Unknown cipher

But the kcapi_lrng backend can handle this test case if we incorporate support for it.

[PASSED] compare ACVP-AES-CBC-1.0/expected-response.json with ACVP-AES-CBC-1.0/testvector-response.json
smuellerDD commented 4 months ago

Am Donnerstag, 4. Juli 2024, 10:11:25 MESZ schrieb daoq:

Hi daoq,

Prior to this adjustment, I encountered an error message indicating that...

Thank you for the patch, but I am not sure I should take it. The kcapi_lrng backend is intended to cover my LRNG series and its use of crypto (https:// chronox.de/lrng/).

I have the full KCAPI test code covering all crypto implementations including CBC separately, but as closed source.

What is your argument why this patch is relevant for the LRNG, i.e. why should I take it?

Ciao Stephan

x168 commented 3 months ago

Thank you for your reply.

After reading your description about the kcapi_lrng backend, I think I may have misunderstood the usage of this section: Backend-Specific Hints - Linux Kernel.

I started testing kcapi, so I loaded the module from backend_interfaces/kcapi_lrng and built the acvp-parser with the kcapi_lrng backend to execute the AES-CBC test case on my host.

I think if the above test steps for kcapi are correct, this PR is valid. If not, this PR should be declined.

smuellerDD commented 3 months ago

Am Freitag, 12. Juli 2024, 11:06:54 MESZ schrieb daoq:

Hi daoq,

Thank you for your reply.

After reading your description about the kcapi_lrng backend, I think I may have misunderstood the usage of this section: Backend-Specific Hints - Linux Kernel.

Well, this section contains the hints for many different backends, not all of them are public.

I started testing kcapi, so I loaded the module from backend_interfaces/kcapi_lrng and built the acvp-parser with the kcapi_lrng backend to execute the AES-CBC test case on my host.

Understood, and I would have done the same in your position. But there is much much more to a full-fledged KCAPI test module. Thus, I would like to leave the backend untouched as its purpose is solely for supporting the LRNG work.

Feel free to either come to the atsec FIPS lab when you want to have the full KCAPI backend or enhance the existing code.

I think if the above test steps for kcapi are correct, this PR is valid. If not, this PR should be declined.

Based on the explanation I will close the issue without applying the patch. Thanks though for consideration.

Ciao Stephan