Hi,
We're working on adding crypto test vectors into the code to confirm proper crypto functioning for IKE (not ESP/kernel). Currently, all our IKE ciphers are CBC only, and we will be adding CTR and GCM/CCM, so it important that we test our implementation for correctness when making these changes. We use NSS for our crypto, and it has its own initialization tests in the runtime. So we should already find out if there is a problem with the raw cipher when we try to use it (but not before) However, we do have some parameter handling such as counters (in CTR) and padding (in CBC) and other things we do in our code before handing it of to NSS. RFC's for IKE often specify those test vectors and we want to run those. We could run those as part of "make check" as our own handling code does not change during runtime. We could also run these as part of our initialisation/registration of the ciphers at runtime. Or we could have a configuration option or a compile time option for one of the above. I'm interested to know what other people think is the best place for these tests. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
