OpenSSL Software Foundation, Inc 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 support@opensslfoundationcom Instructions for CMVP Testing TS Linux on ARMv4 November 16, 2014 Table of Contents 1 Overview1 2 Inventory1 21 Hardware 1 22 Software2 3 Preparation2 4 Compilation and Testing4 42 Compilation on Target System4 43 Testing on Target Device5 1 Overview Platform testing instructions for the OpenSSL FIPS Object Module v20 validation This target device is a tabletop device with an ARMv4 processor running TS Linux 24 generic hardware (no picture) 2 Inventory 21 Hardware Hardware supplied by OSF: Build system: Generic x86 based "Lintel" system (target device): Dell PowerEdge R320 (VSI00280) Hardware supplied by test lab: N/A 1 of 6
22 Software Software supplied by OSF: Instructions for CMVP Testing Linux x86 no AES NI (all software should be installed in the same directory on Linux host system as described in the following section): the file openssl fips 209targz from http://opensslfoundationcom/testing/validation 20/source/ When all downloads are complete the TOP directory should contain the following files (as shown by the "ls l" command): openssl fips 209targz Software supplied by the test lab: The targz or zip file(s) containing a set of test vector request files 3 Preparation OSF preparation: On Ubuntu x86 build system host: Unpack customer suplied file hidglobal_qemu_vmtarbz2 bunzip2 c /mnt/tmp/hidglobal_qemu_vmtarbz2 tar xf apt get install qemu system apt get install rinetd # config 19216822240:2222 > 127001:5022 # start virtual build image qemu system arm M versatilepb kernel vmlinuz 2626 2 versatile initrd initrdimg 2626 2 versatile hda debian_lenny_arm_standardqcow2 append "root=/dev/sda1" m 256 redir tcp:5022::22 # log in via rinetd redirection from 222 lan ssh p 2222 root@19216822240 ( : root) On build image: mkdir /mnt/share mount 1921682221:/opt/share/ /mnt/share groupadd g 1003 fipstest 2 of 6
useradd u 1003 c "FIPS testing" g 1003 m fipstest passwd fipstest 3 of 6
4 Compilation and Testing All commands as typed on a client system used for remote access are bolded Commands as executed on the target device are bolded in blue You will be able to cut and paste from this document (fortunately, as some of these commands are fairly complex) We could script these commands more heavily but thought you might prefer to have full visibility For each set of commands in green, choose only one of the commands For remote access via the OSF testhub server: ssh fipstest@testhub1opensslfoundationcom Last login: Thu Dec 15 15:02:10 2011 from 4303837 fipstest@testhub1:~ cd /mnt/share/top ts linux fipstest@testhub1:/mnt/share/top ts linux From this point on the shell prompt "fipstest@testhub1:/mnt/share/top ts linux" is abbreviated as "" 42 Compilation on Target System Next log onto the virtual build system to create the test suite program: ssh p 2222 19216822240 fipstest@19216822240's password: fipstest Linux debian arm 2626 2 versatile #1 Mon Dec 13 09:50:01 GMT 2010 armv5tejl cd /mnt/osf/top ts linux Create the test suite program executable: gcc version gcc (Debian 432 11) 432 Copyright (C) 2008 Free Software Foundation, Inc This is free software; see the source for copying conditions There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE rm rf openssl fips 209 gunzip c openssl fips 209targz tar xf 4 of 6
cd openssl fips 209 /config no asm (lots of output) This is the OpenSSL FIPS 20 module make (lots of output) make build_algvs (several lines of output) cd file openssl fips 209/test/fips_algvs file openssl fips 205/test/fips_algvs openssl fips 209/test/fips_algvs: ELF 32 bit LSB executable, ARM, version 1, dynamically linked (uses shared libs), for GNU/Linux 2612, not stripped Log off of the build system (returning to testhub1), we do this because the virtual build system can't talk directly to the target device: exit logout Connection to 19216822240 closed Copy executable to target device from testhub1: scp openssl fips 209/test/fips_algvs root@192168222182:/tmp root@192168222182's password: root fips_algvs 43 Testing on Target Device Log on to the target device: ssh root@192168222182 root@192168222182's password: root BusyBox v100 rc2 (20040805 21:44+0000) Built in shell (ash) Enter 'help' for a list of built in commands 5 of 6
uname a Linux pam 2426 ts11 #3 Tue May 15 11:21:07 MST 2007 armv4l unknown cat /proc/cpuinfo Processor : Arm920Tid(wb) rev 0 (v4l) BogoMIPS : 9994 Features : swp half thumb Hardware : ep9301 Revision : 0000 Serial : 0000000000000000 cd /tmp /fips_algvs fips_test_suite FIPS mode test application FIPS 205 validated module 10 Apr 2013 DRBG AES 256 CTR DF test started DRBG AES 256 CTR DF test OK 1 Non Approved cryptographic operation test ECDSA key generation failed as expected Induced failure test completed with 0 errors successful as expected All tests completed with 0 errors exit logout Connection to 192168222182 closed The fips_test_suite program can be invoked with different command line options for the various demonstrations such as KAT corruption 6 of 6