Message ID | 165515741424.1554877.9363755381201121213.stgit@warthog.procyon.org.uk (mailing list archive) |
---|---|
Headers | show |
Series | certs: Add FIPS self-test for signature verification | expand |
On Mon, 2022-06-13 at 22:56 +0100, David Howells wrote: > Hi Herbert, > > If you could look over this pair of patches? The second patch adds a simple > selftest to allow the signature verification code so that it can be FIPS > compliant. The first moves load_certificate_list() to the asymmetric key code > to make this easier and renames it. > > I generated the test data myself, but I'm open to using some standard test > data if you know of some; we don't want too much, however, as it's > incompressible. Also, it has avoid blacklist checks on the keys it is using, > lest the UEFI blacklist cause the selftest to fail. > > The patches can be found on the following branch: > > https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes > > David > --- > David Howells (2): > certs: Move load_certificate_list() to be with the asymmetric keys code > certs: Add FIPS selftests > > > certs/Makefile | 4 +- > certs/blacklist.c | 8 +- > certs/common.c | 57 ------ > certs/common.h | 9 - > certs/system_keyring.c | 6 +- > crypto/asymmetric_keys/Kconfig | 10 + > crypto/asymmetric_keys/Makefile | 2 + > crypto/asymmetric_keys/selftest.c | 224 +++++++++++++++++++++++ > crypto/asymmetric_keys/x509_loader.c | 57 ++++++ > crypto/asymmetric_keys/x509_parser.h | 9 + > crypto/asymmetric_keys/x509_public_key.c | 8 +- > include/keys/asymmetric-type.h | 3 + > 12 files changed, 321 insertions(+), 76 deletions(-) > delete mode 100644 certs/common.c > delete mode 100644 certs/common.h > create mode 100644 crypto/asymmetric_keys/selftest.c > create mode 100644 crypto/asymmetric_keys/x509_loader.c > > Reviewed-by: Simo Sorce <simo@redhat.com>
On Mon, Jun 13, 2022 at 10:56:54PM +0100, David Howells wrote: > > Hi Herbert, > > If you could look over this pair of patches? The second patch adds a simple > selftest to allow the signature verification code so that it can be FIPS > compliant. The first moves load_certificate_list() to the asymmetric key code > to make this easier and renames it. Hi David: It looks OK to me. Cheers,
Herbert Xu <herbert@gondor.apana.org.au> wrote:
> It looks OK to me.
Can I put that down as a Reviewed-by?
Thanks,
David
On Wed, Jun 15, 2022 at 11:34:18PM +0100, David Howells wrote: > Herbert Xu <herbert@gondor.apana.org.au> wrote: > > > It looks OK to me. > > Can I put that down as a Reviewed-by? Reviewd-by: Herbert Xu <herbert@gondor.apana.org.au>