[dpdk-dev] [PATCH v4 0/8] FIPS validation capability

Akhil Goyal akhil.goyal at nxp.com
Tue Oct 16 16:40:11 CEST 2018


Hi Marko/Fan,

On 10/12/2018 8:14 PM, Marko Kovacevic wrote:
> This sample application is made for the purpose so that users of DPDK
> who wish to get FIPS certification for their platforms, this sample app enables
> users to parse test vectors that is gotten from NIST and be able to get
> a generated response file which they can then verify and be sure their
> system will pass FIPS certification.
>
> Marko Kovacevic (8):
> v4:
> - Added Limitation
> - Changed TDES BLOCK SIZE from 16 -> 8
>    as DES block size is 64bits (main.c)
> v3:
> - Fixed a no-testing bug
> - Fixed some code style issue
>
> v2:
> - Refactor the code.
> - Move the code from test to sample applcation
>
>    examples: add fips validation into examples
>    examples: add aes parser and enablement for test types
>    examples: add hmac parser
>    examples: add TDES parser and enablement for test types
>    examples: add gcm parser
>    examples: add cmac parser and enablement for test types
>    examples: add ccm parser and enablement for test types
>    doc: add guides for fips validation
>
>   doc/guides/rel_notes/release_18_11.rst             |    6 +
>   doc/guides/sample_app_ug/fips_validation.rst       |  105 ++
>   doc/guides/sample_app_ug/index.rst                 |    1 +
>   examples/cryptodev_fips_validate/Makefile          |   75 ++
>   .../cryptodev_fips_parse_3des.c                    |  259 +++++
>   .../cryptodev_fips_parse_aes.c                     |  188 +++
>   .../cryptodev_fips_parse_ccm.c                     |  272 +++++
>   .../cryptodev_fips_parse_cmac.c                    |  116 ++
>   .../cryptodev_fips_parse_gcm.c                     |  125 ++
>   .../cryptodev_fips_parse_hmac.c                    |  105 ++
>   .../cryptodev_fips_parse_validate.c                |  593 ++++++++++
>   .../cryptodev_fips_validate.h                      |  234 ++++
>   examples/cryptodev_fips_validate/main.c            | 1221 ++++++++++++++++++++
>   examples/cryptodev_fips_validate/meson.build       |   20 +
>   14 files changed, 3320 insertions(+)
>   create mode 100644 doc/guides/sample_app_ug/fips_validation.rst
>   create mode 100644 examples/cryptodev_fips_validate/Makefile
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_3des.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_aes.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_ccm.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_cmac.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_gcm.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_hmac.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_parse_validate.c
>   create mode 100644 examples/cryptodev_fips_validate/cryptodev_fips_validate.h
>   create mode 100644 examples/cryptodev_fips_validate/main.c
>   create mode 100644 examples/cryptodev_fips_validate/meson.build
>
Some generic comments
- patch titles should be examples/cryptodev_fips_validate:XXX
- app name could be fips_validation. better to have same name file in doc.
- MAINTAINERS file is not updated.
- better to mention about Publication 140-2 of FIPS (which represent the 
crypto cases) in documentation
- Please mention in the documentation and the application as well that 
the .req file is optional and the application can be run without that. 
and the procedure to get the .req file as the documentation depicts that 
the .req file is present in the link provided.
- Why is the build dependent on bus_pci? Does it have limitation for not 
being used by any other buses? I think this should be bus independent.

Thanks,
Akhil



More information about the dev mailing list