@@ -17,32 +17,24 @@ file for details.
1717
1818
1919## Recent Changes
20- This document is currently a copy from libacvp and will be modified as development ramps up on AMVP.
20+
21+ This document will be updated as more details are worked out and finalized on the AMVP project.
2122
2223
2324# Overview
2425
2526Libamvp is a client-side AMVP library implementation, and also includes
2627an example application (amvp_app) which utilizes the library.
2728
28- The ` app/ ` directory contains a sample application which uses libamvp.
29-
30- The ` certs/ ` directory contains the certificates used to establish a TLS
31- session with well-known AMVP servers. If the AMVP server uses a self-signed certificate,
32- then the proper CA file must be specified.
33- libamvp also requires a client certificate and key pair,
34- which the AMVP server uses to identify the client. You will need to
35- contact NIST to register your client certificate with their server.
36-
29+ We request that users limit issue reports and discussion at this time as many protocol and
30+ implementation details are still in active and early development.
3731
3832## Dependencies
3933* autotools
4034* gcc
4135* make
4236* curl (or substitution)
4337* openssl (or substitution)
44- * libcriterion (for unit tests only)
45- * doxygen (for building documentation only)
4638
4739Curl is used for sending REST calls to the AMVP server.
4840
@@ -55,179 +47,15 @@ libcurl, libssl and libcrypto are not included, and must
5547be installed separately on your build/target host,
5648including the header files.
5749
58- ##### Dealing with system-default dependencies
59- This codebase uses features in OpenSSL >= 1.1.1.
60- If the system-default install does not meet this requirement,
61- you will need to download, compile and install at least OpenSSL 1.1.1 on your system.
62- The new OpenSSL resources should typically be installed into /usr/local/ssl to avoid
63- overwriting the default OpenSSL that comes with your distro.
64-
65- Version 1.1.1 of OpenSSL reaches end of life officially on September 11, 2023. Updating to OpenSSL
66- 3.X is highly recommended when possible. All previous versions have reached end of life status.
67-
68- A potential source of issues is the default libcurl on the Linux distro, which may be linked against
69- the previously mentioned default OpenSSL. This could result in linker failures when trying to use
70- the system default libcurl with the new OpenSSL install (due to missing symbols).
71- Therefore, you SHOULD download the Curl source, compile it against the "new" OpenSSL
72- header files, and link libcurl against the "new" OpenSSL.
73- libamvp uses compile time macro logic to address differences in the APIs of different OpenSSL
74- versions; therefore, it is important that you ensure libamvp is linking to the correct openSSL versions
75- at run time as well.
76-
77- Libamvp is designed to work with curl version 7.80.0 or newer. Some operating systems may ship with
78- older versions of Curl which are missing certain features that libamvp depends on. In this case you
79- should either acquire a newer version through your OS package manager if possible or build a newer
80- version from source. While it is possible some older versions may work, they are not tested or
81- supported.
8250
8351## Building
8452
8553` --prefix<path to install dir> ` can be used with any configure options to specify where you would
8654like the library and application to install to.
8755
88- #### To build app and library for supported algorithm testing
89-
90- ```
91- ./configure --with-ssl-dir=<path to ssl dir> --with-libcurl-dir=<path to curl dir>
92- make clean
93- make
94- make install
95- ```
96-
97- #### Building libamvp without the application code.
98- Use the following ./configure comand line option and only the library will be built and installed.
99-
100- --disable-app
101-
102- Note that this option is not useful when building for offline testing since the application is needed.
103- Using this option, only a libcurl installation dir needs to be provided.
104-
105- #### Building amvp_app only without the library code
106- Use the following ./configure comand line option and only the app will be built. Note that it depends
107- on libamvp having already been built. The libamvp directory can be provided using --with-libamvp-dir=
108- Otherwise, it will look in the default build directory in the root folder for libamvp.
109-
110- --disable-lib
111-
112- #### Other build options
113- More info about all available configure options can be found by using ./configure --help. Some important
114- ones include:
115- --enable-offline : Will link to all dependencies statically and remove the libcurl dependency. See "How
116- to test offline" for more details. NOTE: Support for statically linking OpenSSL 3.X is not supported
117- at this time. OpenSSL does not support static linking of the FIPS provider. Support for statically
118- linking other dependencies will be added.
119- --disable-kdf : Will disable kdf registration and processing in the application, in cases where the given
120- crypto implementation does not support it (E.g. all OpenSSL prior to 3.0)
121- --disable-lib-check : This will disable autoconf's attempts to automatically detect prerequisite libraries
122- before building libamvp. This may be useful in some edge cases where the libraries exist but autoconf
123- cannot detect them; however, it will give more cryptic error messages in the make stage if there are issues
124-
125-
126- #### Cross Compiling
127- Requires options --build and --host.
128- Your ` $PATH ` must contain a path the gcc.
129-
130- ```
131- export CROSS_COMPILE=powerpc-buildroot-linux-uclibc
132- ./configure --build=<local target prefix> --host=<gcc prefix of target host> --with-ssl-dir=<path to ssl dir> --with-libcurl-dir=<path to curl dir>
133- ```
134-
135- Example with build and host information:
136- ```
137- ./configure --build=localx86_64-unknown-linux-gnu --host=mips64-octeon-linux-gnu --with-ssl-dir=<path to ssl dir> --with-libcurl-dir=<path to curl dir>`
138- ```
139- All dependent libraries must have been built with the same cross compile.
140-
141- If using murl for cross compliles use the same CROSS_COMPILE and HOSTCC used with openssl, for example:
142-
143- CROSS_COMPILE=arm-linux-gnueabihf-
144- HOSTCC=gcc
145-
146- ## Windows
147- The Visual Studio projects for amvp_app and libamvp are set to use 2017 tools and are designed to
148- be easily updated to use the latest versions of Microsoft build tools while being backwards
149- compatible with Visual Studio 2017 and some older Windows 10 SDK versions.
150-
151- Prerequisites:
152- This system assumes all dependency library paths have /include folders containing all the headers
153- needed to properly link. This can be altered in the scripts if needed.
154-
155- For amvp_app, If you are using a FIPS Object Module with OpenSSL: you need a header in your
156- /include folder that maps FIPS functions to SSL ones (for example, fipssyms.h) which is sometimes
157- not moved to the install path from the source path by default on Windows.
158-
159- For these steps, use the Visual Studio Command Prompt for your platform (x64, x86, x86_64, or
160- x64_86)
161-
162- Steps:
163- 1.) Edit and run ms\config_windows.bat
164- -Add all of the directories for your dependencies
165- -Change any needed settings
166- 2.) Open libamvp.sln and amvp_app.sln in Visual Studio and allow the dialog to update the projects'
167- versions of MSVC and windows SDK to the latest installed (May be unnecessary if versions match)
168- 3.) run ms/make_lib.bat
169- 4.) run ms/make_app.bat
170-
171- The library files and app files will be placed in the ms/build/ directory.
172-
173- Notes:
174- Windows will only search specific paths for shared libraries, and will not check the
175- locations you specify in config_windows.bat by default unless they are in your path. This results
176- in amvp_app not being able to run. An alternative to altering your path or moving libraries to
177- system folders is moving/copying any needed .dll files to the same directory as amvp_app.
178-
179- If you are building statically, it is assumed for amvp_app that you have built Curl with OpenSSL,
180- and that you are linking amvp_app to the exact same version of OpenSSL that Curl is linked to. Other
181- configurations are not supported, untested, and may not work. Libamvp itself is indifferent
182- to which crypto and SSL libraries Curl uses, but any applications using libamvp statically
183- need to link to those libraries.
184-
185- Murl is not supported in windows at this time.
56+ ` configure ` searches for an OpenSSL install and a libcurl install. They can be provided manually if not found.
57+ The build system will be updated with fixes soon, and this document will be updated with more details.
18658
18759## Running
188- 1 . ` export LD_LIBRARY_PATH="<path to ssl lib;path to curl lib>" `
189- 2 . Modify scripts/nist_setup.sh and run ` source scripts/nist_setup.sh `
190- 3 . ` ./app/amvp_app --<options> `
191-
192- Use ` ./app/amvp_app --help ` for more information on available options.
193-
194- libamvp generates a file containing information that can be used to resume or check the results
195- of a session. By default, this is usually placed in the folder of the executable utilizing
196- libamvp, though this can be different on some OS. The name, by default, is
197- testSession_ (ID number).json. The path and prefix can be controlled using ACV_SESSION_SAVE_PATH
198- and ACV_SESSION_SAVE_PREFIX in your environment, respectively.
199-
200- ### How to test offline
201- 1 . Download vectors on network accessible device:
202- ` ./app/amvp_app --<algs of choice or all_algs> --vector_req <filename1> `
203- - where ` <filename1> ` is the file you are saving the tests to.
204-
205- 2 . Copy vectors and amvp_app to target:
206- ` ./app/amvp_app --all_algs --vector_req <filename1> --vector_rsp <filename2> `
207- - where ` <filename1> ` is the file the tests are saved in, and ` <filename2> ` is the file
208- you want to save your results to.
209-
210- 3 . Copy responses(filename2) to network accessible device:
211- ` ./app/amvp_app --all_algs --vector_upload <filename2> `
212- - where ` <filename2> ` is the file containing the results of the tests.
213-
214- * Note:* The below does not yet apply to OpenSSL 3.X
215- * Note:* If the target in Step 2 does not have the standard libraries used by
216- libamvp you may configure and build a special app used only for Step 2. This
217- can be done by using --enable-offline and --enable-static when running
218- ./configure and do not use --with-libcurl-dir or --with-libmurl-dir which
219- will minimize the library dependencies. Note that openssl with FOM must also
220- be built as static. For this case, OpenSSL MUST be built with the "no-dso" option,
221- OR the configure option ` --enable-offline-ldl-check ` must be used to resolve the libdl
222- dependency. Some specific versions of SSL may not be able to remove the libdl dependency.
223-
224- ## Testing
225- Move to the test/ directory and see the README.md there. The tests depend upon
226- a C test framework called Criterion, found here: https://github.com/Snaipe/Criterion
227-
228-
229- ## Contributing
230- Before opening a pull request on libamvp, please ensure that all unit tests are
231- passing. Additionally, new tests should be added for new library features.
232-
233- Any and all new API functions must also be added to ms\resources\source.def.
60+
61+ This section will be updated with details as more protocol details are finalized.
0 commit comments