Re: [Swan-dev] CAVP testing of libreswan build on debian

Fri, 03 Feb 2017 16:49:54 -0800 

On Fri, 3 Feb 2017, Daniel Kahn Gillmor wrote:

[ CC:ing swan-dev and Apostol ]


On Fri 2017-02-03 18:14:40 -0500, Paul Wouters wrote:

We run CAVP tests in the "%check" part of our rpm building. Perhaps you
can add that to the debian builds too? This can be done on the build
binaries before/without running make install:

Basically:

# get the CAVP test files from https://download.libreswan.org/cavs/
bunzip2 *.fax.bz2
# work around for older xen based machines
export NSS_DISABLE_HW_GCM=1

: starting CAVS test for IKEv2
OBJ.linux.*/programs/pluto/cavp -v2 ikev2.fax | \
     diff -u ikev2.fax - > /dev/null
: starting CAVS test for IKEv1 RSASIG
OBJ.linux.*/programs/pluto/cavp -v1sig ikev1_dsa.fax | \
     diff -u ikev1_dsa.fax - > /dev/null
: starting CAVS test for IKEv1 PSK
OBJ.linux.*/programs/pluto/cavp -v1psk ikev1_psk.fax | \
     diff -u ikev1_psk.fax - > /dev/null
: CAVS tests passed

The cavs files are the originals from NIST, but with the bogus SHA-224
entries removed (since IKE/IPsec does not have SHA-224 defined)


As i said on IRC:

18:45 < dkg> LetoThinkpad: any reason we shouldn't be discussing this on-list?


No :)


18:45 < dkg> fetching files over the network isn't going to be OK on the debian 
build daemons
18:46 < dkg> so we'd need to ship the CAVP test files in debian


That's what we do for fedora/rhel.


18:46 < dkg> which means i'd need to review their licensing :/

I don't see any licensing info immediately available in them either :(


It is published by the US Government, if that helps.

http://csrc.nist.gov/groups/STM/cavp/

It states at:

http://csrc.nist.gov/groups/STM/cavp/key-derivation.html#kbkdfvs

        Test Vectors

        Use of these test vectors does not replace validation obtained through
        the CAVP.

        The test vectors linked below can be used to informally verify the
        correctness of the KBKDF algorithm listed above.

        See the KBKDFVS document for an explanation of the files.

Unfortunately, there is no clear mention on the NIST website either
what the license of these files are. Apostol, can you clarify this?

Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev

Reply via email to