OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 8776736775
[email protected]
Instructions for CMVP Testing Dell Streak Draft November 22, 2011
http://opensslfoundation.com/testing/validation2.0/platforms/android/TestingInstructionsMotorolaXoom.pdf
Table of Contents 1 Overview.................................................................................................................................................1 2 Inventory.................................................................................................................................................2 2.1 Hardware .........................................................................................................................................2 2.2 Software...........................................................................................................................................2 3 Preparation..............................................................................................................................................3 3.1 Hardware Setup................................................................................................................................3 3.2 Preparing the Test Environment......................................................................................................3 4 Testing.....................................................................................................................................................5 4.1 CrossCompilation...........................................................................................................................5 4.2 Processing test vectors.....................................................................................................................7
1 Overview Platform testing instructions for the OpenSSL FIPS Object Module v2.0 validation. This target device is the Motorola Xoom (ARMv7 running Android) in the form of a commercial mobile phone. Note: the Motorola Xoom appears to be internally identical to the Droid II, right down to the device USB serial number (02885003435f8057).
1 of 10
Instructions for CMVP Testing Dell Streak
2 Inventory 2.1 Hardware Hardware supplied by OSF: •
Motorola Xoom mobile phone (target device)
•
Power supply
•
USB cable (mini to A)
Hardware supplied by test facility: •
Linux host system (any recent version of Linux, on any machine architecture, will suffice)
2.2 Software Software supplied by OSF: (all software should be installed in the same directory on Linux host system as described in the following section): •
the file opensslfips1.9.tar.gz from http://opensslfoundation.com/testing/validation2.0/source/
•
the files setenvandroid.sh androidsdk_r07linux_x86.tgz androidndkr4blinuxx86.zip from http://opensslfoundation.com/testing/validation2.0/tools/android
•
the files mkrespdir.pl from http://opensslfoundation.com/testing/validation2.0/testvectors/
When all downloads are complete the TOP directory should contain the following files (as shown by the "ls l" command): androidndkr4blinuxx86.zip 2 of 10
Instructions for CMVP Testing Dell Streak androidsdk_r07linux_x86.tgz opensslfips1.9.tar.gz setenvandroid.sh mkrespdir.pl Software supplied by the test lab: •
The .tar.gz or .zip file containing a set of test vector request files. Note an example of such a testvector data set can be found at http://opensslfoundation.com/testing/validation 2.0/testvectors/tv.tar.gz
3 Preparation 3.1 Hardware Setup Do not plug in the power supply until the USB cable is connected to the Android target device and to the Linux host system. Once the USB cable is connected, plug in the power supply and hold down the power button on the top left corner of the device for several seconds. It takes less than half a minute to boot. To truly power down the Android devices, enable the menu display (menu button), then hold down the power button until the shutdown menu appears. If you just tap the power button when at the home screen the device will only turn off the display.
3.2 Preparing the Test Environment All commands are typed on the Linux host system, though some commands (those executed via “adb shell”) will be remotely executed on the Android target device. You will be able to cutandpaste from this document (fortunately, as some of these commands are fairly complex). We could script these commands more heavily but thought you might prefer to have full visibility. In this document commands entered and executed on the Linux host system are bolded. Commands entered on the Linux host system but executed on the target device are shown in blue. The five files identified in the Inventory section should reside in a single directory on the Linux host system; in this document we refer to this directory as TOP. The filesystem should have at least 500Mb of free space (the "df h ." command will show the amount of available space under the Avail column). Open a command shell on the Linux host system (use of an unprivileged account is highly recommended), anbd change the working directory to TOP. Unpack the four compressed files: $ unzip q androidndkr4blinuxx86.zip $ gunzip c androidsdk_r07linux_x86.tgz | tar xf $ gunzip c tv.tar.gz | tar xf (unpack this test lab supplied file as appropriate) 3 of 10
Instructions for CMVP Testing Dell Streak (first we start the communications service) Open a separate command shell as root ("sudo su "), and change to the directory containing the files that were just unpacked. Then start the background service. Note this must be done with root privilege: # androidsdklinux_x86/tools/adb startserver (next we establish that the Linux host system can talk to the Android device) We strongly recommend that you not use the root shell for any subsequent testing. The USB cable to the Android target device and the Linux host system should have been connected before the Android target device was powered up. $ androidsdklinux_x86/tools/adb devices List of devices attached 0123456789ABCDEF device If you see only the one line List of devices attached then the USB connection has not been initializing; try powering down the Android target device, confirming that the USB is connected at both ends, and powering it back up. Note if you instead see List of devices attached ???????????? no permissions then the background service was not started with root privilege. Try the following in a separate root shell: $ androidsdklinux_x86/tools/adb killserver $ androidsdklinux_x86/tools/adb startserver and then try androidsdklinux_x86/tools/adb devices again from the unprivileged shell. If more than one device is displayed, for instance: List of devices attached 20100720 device 4 of 10
Instructions for CMVP Testing Dell Streak 02885003435f8057 device then more than one Android device is currently connected to the Linux host system. In that case the specific device of interest will need to be specified with the "s " option to subsequent androidsdklinux_x86/tools/adb invocations: androidsdklinux_x86/tools/adb s 02885003435f8057 For clarity the the "s " option is not shown in the following discussion. Note at this point the processor type of the Android test device can be displayed: $ androidsdklinux_x86/tools/adb shell should see “#” prompt from a shell executing on the Android target device $ cat /proc/cpuinfo Processor : ARMv7 Processor rev 0 (v7l) processor : 0 BogoMIPS : 1998.84 processor : 1 BogoMIPS : 1998.84 Features : swp half thumb fastmult vfp edsp vfpv3 vfpv3d16 CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x1 CPU part : 0xc09 CPU revision : 0 Hardware : stingray Revision : 8000 Serial : 02885003435f8057 $ exit
(return to shell on Linux host system)
4 Testing 4.1 CrossCompilation First we set the environment variables to define the target platform, and confirm the pathnames are correct: $ . setenvandroidecp.sh
(note the leading dot "." followed by a space " ") 5 of 10
Instructions for CMVP Testing Dell Streak $ gunzip c opensslfipsecp1.9.tar.gz | tar xf $ cd opensslfipsecp2.0 $ armeabigcc version armeabigcc (GCC) 4.4.0 Copyright (C) 2009 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE Next we perform the actual crosscompilation to generate the binaries: $ ./config should see several screens of output $ make should see lots of output $ make build_fipsalgvs should see lots of output $ cd .. (back to TOP directory) Note a sanity check to confirm that bianry curve ECC support is not present is to check for symbol names containing "gf2m" in the fipscanister.o object file: $ nm opensslfipsecp2.0/fips/fipscanister.o | grep gf2m $ If no occurences are found then that object files was compiled without the binary field ECC support (.e., using the opensslfipsecp1.9.tar.gz distribution). Then copy the testdriver programs to the Android target device: $ androidsdklinux_x86/tools/adb push opensslfipsecp2.0/test/fips_algvs /data/local/tmp/ 1181 KB/s (531250 bytes in 0.438s) (exact counts may vary) $ At this point we can execute the fips_test_suite program on the Android target device: $ androidsdklinux_x86/tools/adb shell $ cd /data/local/tmp $ ./fips_algvs fips_test_suite FIPSmode test application FIPS 2.0rc1 unvalidated test module xx XXX xxxx 6 of 10
Instructions for CMVP Testing Dell Streak DRBG AES256CTR DF test started DRBG AES256CTR DF test OK 1. NonApproved cryptographic operation test... . . . should see the typical fips_test_suite output; note it will take a long time to run; the "./test/fips_test_suite post" command will exercise the POST only and run much more quickly $ exit The fips_test_suite program can be invoked with different command line options for the various demonstrations such as KAT corruption.
4.2 Processing test vectors A subdirectory containing all the test vector files should be present at the root of the source code workarea. Create the "fipstest.sh" script: $ perl opensslfipsecp2.0/fips/fipsalgtest.pl minimalscript generatescript=fipstests.sh (you may see lots of informative or nonfatal warning messages depending on the content of the test vector directory) Note that the fipsalgtest.pl program will automatically locate the test vector files if they are present in the current directory, and are the only such set of test vector files. The dir=TV option can be used to search just the subdirectory TV for the test vector files. Note for this platform the ./resp/ subdirectories in the test vector directory tree must exist. Use the mkrespdir.pl utility to generate any missing subdirectories: $ perl mkrespdir.pl TV making OE3/OSF_2464_OE3/AES/resp touching OE3/OSF_2464_OE3/AES/resp/CBCGFSbox128.rsp touching OE3/OSF_2464_OE3/AES/resp/CBCGFSbox192.rsp touching OE3/OSF_2464_OE3/AES/resp/CBCGFSbox256.rsp touching OE3/OSF_2464_OE3/AES/resp/CBCKeySbox128.rsp . . . touching OE3/OSF_2464_OE3/XTS/resp/XTSGenAES128.rsp touching OE3/OSF_2464_OE3/XTS/resp/XTSGenAES256.rsp 7 of 10
Instructions for CMVP Testing Dell Streak making OE3/OSF_2464_OE3_Part3_RSAPSS_0salt/RSA/resp touching OE3/OSF_2464_OE3_Part3_RSAPSS_0salt/RSA/resp/SigGenPSS_1862.rsp touching OE3/OSF_2464_OE3_Part3_RSAPSS_0salt/RSA/resp/SigVerPSS_1862.rsp $ Copy the fipstest.sh program and testvectors to the Android target device: $ androidsdklinux_x86/tools/adb push fipstests.sh /mnt/sdcard 705 KB/s (30512 bytes in 0.042s) (actual number may differ) $ androidsdklinux_x86/tools/adb push TV /mnt/sdcard/TV push: tv/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/req/SigGenPSS_1862.req > /mnt/sdcard/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/req/SigGenPSS_1862.req push: tv/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/req/SigVerPSS_1862.req > . . . push: OE2/OSF_2464_OE2_Part2_ECPrime/ECDSA/resp/SigVer.rsp > /data/local/tmp/OE2/OSF_2464_OE2_Part2_ECPrime/ECDSA/resp/SigVer.rsp push: OE2/OSF_2464_OE2_Part2_ECPrime/ECDSA/resp/PKV.rsp > /data/local/tmp/OE2/OSF_2464_OE2_Part2_ECPrime/ECDSA/resp/PKV.rsp 518 files pushed. 0 files skipped. 958 KB/s (70139190 bytes in 71.488s) ...where TV is the name of the subdirectory containing the test vector files. Invoke a shell on the Android target device to run the fipstest.sh script. At this point the /data/local/tmp/ directory on the Android target device should contain the fipstest.sh program and two subdirectories: $ androidsdklinux_x86/tools/adb shell $ cd /data/local/tmp $ ls l drwxrwxrx root root 20000101 00:19 test $ cd /mnt/sdcard $ ls l drwxrwxrx root root 20000101 00:26 TV rwrwrw root root 44427 20111027 16:43 fipstest.sh Now invoke the fipstest.sh program. Note this will take a long time (several hours) to complete: $ /data/local/tmp/fips_algvs Running Algorithm Tests Running DSA tests 8 of 10
Instructions for CMVP Testing Dell Streak rm failed for ./tv/OSF_2464_Template/DSA/resp, No such file or directory running PQGGen test running KeyPair test running SigGen test running SigVer test running PQGVer test Running DSA2 tests rm failed for ./tv/OSF_2464_Template/DSA2/resp, No such file or directory running PQGGen test running KeyPair test running SigGen test . . . running gcmEncryptIntIV192 test running gcmEncryptIntIV256 test Running AES XTS tests rm failed for ./tv/OSF_2464_Template/XTS/resp, No such file or directory running XTSGenAES128 test running XTSGenAES256 test Running ECDH Ephemeral Primitives Only tests running KAS_ECC_CDH_PrimitiveTest test All Tests Completed ...this runs for a long time (an hour or more)...note any "rm failed for ..., No such file or directory" or "mkdir failed for ..., File exists" messages can be ignored $ exit Copy the testvector directory back to the Linux host system: $ androidsdklinux_x86/tools/adb pull /mnt/sdcard/TV TV.results pull: building file list... pull: /data/local/tmp/tv/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/resp/SigGenPSS_186 2.rsp > tv.results/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/resp/SigGenPSS_1862.rsp pull: /data/local/tmp/tv/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/resp/SigVerPSS_186 2.rsp > tv.results/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/resp/SigVerPSS_1862.rsp pull: /data/local/tmp/tv/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/req/SigVerPSS_186 2.req > tv.results/OSF_2464_Template_Part3_RSAPSS_0salt/RSA/req/SigVerPSS_1862.req . . . pull: /data/local/tmp/tv/OSF_2464_Template/KAS/req/KAS_ECC_CDH_PrimitiveTest.req > tv.results/OSF_2464_Template/KAS/req/KAS_ECC_CDH_PrimitiveTest.req pull: /data/local/tmp/tv/OSF_2464_Template/HMAC/resp/HMAC.rsp > 9 of 10
Instructions for CMVP Testing Dell Streak tv.results/OSF_2464_Template/HMAC/resp/HMAC.rsp pull: /data/local/tmp/tv/OSF_2464_Template/HMAC/req/HMAC.req > tv.results/OSF_2464_Template/HMAC/req/HMAC.req 513 files pulled. 0 files skipped. 2187 KB/s (154218178 bytes in 68.835s) $ The resulting directory TV.results can then be zipped/tarred and exported for analysis.
10 of 10