Project

General

Profile

action #52808

Updated by whdu almost 5 years ago

Now, all FIPS test cases are classified and distributed into four test suits: 

 * `fips_env_tests_crypt_core` 
 * `fips_env_tests_crypt_misc` 
 * `fips_env_tests_crypt_tool` 
 * `fips_env_tests_crypt_web` 

 My proposal is re-classified to following test suites: 

 * **fips_tests_crypt_core** 
      Core utilities like openssl and openSSH 

      ```openssl_fips_alglist > openssl_fips_hash > openssl_fips_cipher > openssl_pubkey_rsa> openssl_pubkey_dsa > 
      openssl_alpn > openssh_fips > sshd > ssh_pubkey > ssh_cleanup``` 

 * **fips_tests_crypt_tools** 
      Misc tools 

      ```gpg > curl_fips_rc4_seed > aide_check > journald_fss > git > clamav > openvswitch_ssl``` 

 * **fips_tests_crypt_web** 
      All web services related cases, eg. w3m_https, apache_ssl 

      ```curl_https > wget_https > w3m_https > apache_ssl > apache_nssfips > libmicrohttpd``` 

 * **fips_env_tests_crypt_kernel** 
      Applications only can be enabled by kernel fips mode (`fips=1`), eg, dm-crypt 
 All cases in other test suites should be able to run under _'sigle mode'_ by setting variable environments. 

      ```dm_crypt > cryptsetup``` 

 * **fips_env_tests_crypt_x11** 
      GUI application cases. We install WE extension here only 

      ```x3270_ssl ```hexchat_ssl > firefox_nss x3270_ssl > hexchat_ssl seahorse_sshkey > seahorse_sshkey``` firefox_nss``` 

 All cases in **fips_tests_crypt_core**, **fips_tests_crypt_tools**, **fips_tests_crypt_web** and **fips_env_tests_crypt_x11** can be run either in FIPS kernel mode or environment single (env) mode. A case **fips_setups** will be added before every cases in test suite to configure FIPS environment according to the variables. 

 With `FIPS_ENV_MODE=1`, it will setup the system into FIPS environment mode. For **fips_env_tests_crypt_kernel**, kernel mode is mandatory. So the code will be added to check if it currently under kernel mode, if not, not then failed. 

 This ticket could be worked on with poo#52805 together. More information for this proposal will be added if necessary.

Back