Version 0.2
08/15/2005
Owner: Michael A. Halcrow
mhalcrow@us.ibm.com
(512)
838-8096
11501 Burnet Rd Austin, TX 78758
|
It is the responsibility of the user of this document to ensure that they are using the current version of this document. To validate that your copy of this document is at the latest level, view the latest version of this document: <official document location or contact author/owner> |
Initial Release: 0.1
Review
Frequency: At each major revision
Final Page Indicator: "End
of Document;" statement
Retention: Valid until superseded by
a new version/level.
Emily Ratliff - Reviewer
|
Review Date |
Version Reviewed |
New Version (if needed) |
Reviewer(s) |
Approver(s) |
Table of Contents
A. References/Related Documents. 4
B. LDP Items
A. Additional Program Products. 5
B. Test Approach and Methodology. 6
I. Installation Documentation. 7
J. Installation/Configuration Test 7
K. Reliability, Availability, and Serviceability. 7
VII. Functional Coverage Matrix. 9
<List any documents or references to LDP entries covered in this plan OR used in developing this plan>
|
Document/Reference |
Version |
Location |
|
|
|
|
<List LDP entries covered in this plan : include LDP number, one-liner description, product/package name that will include the LDP entry, and targeted release>
|
LDP Number (LDP) |
Description |
Included in Product/Package |
Targeted Kernel Release/Distro |
|
31056 |
TCG: PKCS#11 usage of TPM: openCryptoki future release |
openCryptoki |
RHEL4 U3 |
1. End-Use Impact
<Identify/List any end-user impacts/benefits of this feature/LDP item(s)? (i.e. performance, new function allowing end-user to..., change in behavior of an existing function allowing end-user to ... )>
Allows users to access cryptographic hardware through a PKCS#11 interface.
2. Files (Design/Implementation Details – New Section)
<Identify/List any files or code impacted by OR are new for this feature/LDP item(s)? (i.e. list files, or directories)>
/usr/lib/opencryptoki/
/var/lib/opencryptoki/
/etc/pkcs11
3. Enablement
<Identify how this feature/LDP item(s) is enabled. Is it automatically enabled/default turned on? If not, how would an end-user enable/"turn on" this feature/LDP item?>
openCryptoki is enabled by executing an initialization script and then running /etc/init.d/pkcsslotd. Applications link against libopencryptoki.a and make various calls through the library.
4. Parameters (Design/Implementation Details – New Section)
<Are there any parameters that can be passed to any files or commands in conjunction with this feature/LDP item? If so, please list all parameters and for each parameter (or provide access to a man page/help)>
See opencryptoki/doc/openCryptoki-HOWTO.pdf in the source base for documentation on openCryptoki application parameters.
5. Bugs/Defects
<Identify how l issues/bugs/defects be tracked? (i.e. Notes DB, Bugzilla, Bugzilla Family, Component, etc.) List components.>
Bugs are tracked via the Sourceforge bugzilla: http://sourceforge.net/tracker/?group_id=128009&atid=710344
6. Targeted Code Completion
<Identify targeted code completion date.>
05/31/2005
<Identify/List supported hardware architectures/platforms for this feature/LDP item? (i.e. common/architecture neutral, xSeries, pSeries, zSeries, iSeries, Power5 only, etc..)>
i386, ppc, ppc64, s390, s390x.
<Identify/List supported/required firmware for this feature/LDP item?>
N/A
< List any known limitations or restrictions of this feature.>
N/A
<Identify/List any other “general” dependencies not covered above that are required to support this feature/LDP item.>
Some hardware accelerators will be required to test specific openCryptoki STDLL's or OpenSSL will be required to test the software STDLL. For the ICA s390 token, VICOM emulation of certain instructions (e.g., SHA-256 or AES) will need to be enabled.
<If available, describe any past history relating to LDP items and/or components: customer problems, error prone areas, and any strengths/weaknesses of previous testing.>
Weaknesses in testing: although testcases exist, some of them may be token specific and therefor require updating. There is work currently in plan for 2005 to resolve this issue.
<Describe test goals, objectives, level of testing and scope of this plan in relation to the LDP item(s) covered.>
The goals of the current tests available are to test the PKCS#11 API and also the functionality of specific tokens (STDLL files).
<Identify/List software/products required to perform the tests covered in this plan – be sure to list the product/package that includes the LDP item(s)>
|
Software/Product Name |
Description |
Level/Version |
|
OpenSSL |
SSL and crypto libraries |
0.9.8+ |
<Document the test approach and methodology to be used.>
Manually, by running individual test cases included in the openCryptoki tarball.
<Document verification methods used for hardware and software configurations/combinations.>
Assume RHEL4+/s390/s390x or SLES9+/i386/ppc/ppc64/s390/s390x
rpm -q openCryptoki succeeds
rpm -q openCryptoki-32/64bit succeeds
< If applicable, document verification methods used to determine performance equal to or better than existing configurations.>
N/A
<If applicable, identify applicable test suites (SBLIM, GNU Automake, etc) to be run to verify standards compliance.>
N/A
<If applicable, describe stress testing to be done on the product to verify robustness during high system and possibly network usage. Include target length of test and expected/acceptable breaking point>
N/A
<Identify/List a set of tests from current and proposed set of testcases to be used during regression testing.>
The following directories under testcases/ contain tests that should be run during regression testing:
speed/
driver/
oc-digest/
v2.11/
<Identify/List a set of tests from current and proposed set of testcases to be used during ship/final testing.>
The following directories under testcases/ contain tests that should be run prior to shipping:
speed/
driver/
oc-digest/
v2.11/
<If applicable, describe how installation INSTRUCTIONS/DOCUMENTATION will be verified for the product/package containing the LDP item(s) covered in this plan. These instructions may be contained in README files shipped with the software.>
The instructions for installing the package are in the README and INSTALL files contained within the package tarball.
<If applicable, describe the various configurations/combinations to be used during the installation and configuration verification tasks of LDP item(s) covered in this plan.>
N/A
<If applicable, describe the RAS goals of the LDP item(s) covered in this plan and how these will be verified.>
N/A
<If applicable, describe how usability of the LDP item(s) covered in this plan will be verified.>
N/A
<Identify the quality goals of this plan.>
Runs stably under load (multiple applications concurrently making PKCS#11 calls through the openCryptoki library).
Provides PKCS#11 interface to an application.
<What measurement methods will be used to track goals?>.
Correct operation is measured via the tests found in the testcases/ directory.
<The following information will need to be collected and stored on a regular basis until the execution of this plan is completed. Identify here the location of this stored information (could be tracked by project management) and how frequently it will be updated.
NOTE: Some testcases my be logged by hours of successful test execution – which is ok.>
SUMMARY:
|
Planned Number of Testcases : # |
|
|
|
|
|
Date |
Number of Testcases Written (% of planned) |
Number of Testcases Executed (% of written) |
Number of Testcases Successful (% of executed) |
Defects Open/Active (newest -> oldest) |
|
8/15/2005 |
100 |
100 |
100 |
|
DETAILS: <List uncompleted work/testcases first>
|
|
|
Execution Status |
||||
|
Testcase/Testsuite |
Written/ Coded? (mm/dd/yy) |
Operating System/Distro |
Platform/ Hardware Model w/ Firmware Levels |
Dependent Software Product Levels |
Pass/Fail |
Defects Open/Active (newest -> oldest) |
|
testcases/ suite |
8/15/2005 |
all |
x86, ppc, ppc64, s390, s390x |
SLES9 SP2, RHEL 4 U3 |
Pass |
|
<If applicable, describe any name conventions used for the testcases.>
N/A
<Indicate the location/storage of these test cases.>
The tests are included in the package tarball under the testcases/ directory.
|
Name of testcase |
What it tests |
Expected result |
|
speed |
The implementation of many different algorithms . |
Success. |
|
driver |
The implementation of many different algorithms . |
Success. |
|
v2.11 |
Implementation of AES test. |
Success. |
|
oc-digest |
Implementation of hash function tests. |
Success. |
This table describes the functional coverage of the test suite(s). For each new or modified testcase, it shows the associated list of assertions, whether or not the test case is automated, and whether or not the test case is suitable for a lasting regression test suite.
|
Testcase |
Automated? |
Include in Regression? |
|
|
<test case name> |
<Y/N> |
<Y/N> |
n. <assertion n>
|
|
speed |
N |
Y |
For each slot reported by $ pkcsconf -s
|
|
driver |
N |
Y |
For each slot reported by $ pkcsconf -s 1. run “driver -slot N” [ Where N is the slot number]
|
|
v2.11 |
N |
Y |
For each slot reported by $ pkcsconf -s 1. run “aes_func -slot N” [ Where N is the slot number]
|
|
oc-digest |
N |
Y |
For each slot reported by $ pkcsconf -s 1. run “ocdigest -slot N -t [digest] [filename] ” [ Where N is the slot number, digest is the digest to test (i.e., md5, sha1, or sha256), and filename is the name of the file containing the contents to hash]
|
<Explicitly identify the approval criteria for the test case execution results.>
FV exit criteria:
100% of planned test cases written
100% of planned test cases executed
Resolution of all Sev 1 Bugs found executing this plan