Re: [PATCH 0/2] certs: Add FIPS self-test for signature verification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2022-06-13 at 22:56 +0100, David Howells wrote:
> Hi Herbert,
> 
> If you could look over this pair of patches?  The second patch adds a simple
> selftest to allow the signature verification code so that it can be FIPS
> compliant.  The first moves load_certificate_list() to the asymmetric key code
> to make this easier and renames it.
> 
> I generated the test data myself, but I'm open to using some standard test
> data if you know of some; we don't want too much, however, as it's
> incompressible.  Also, it has avoid blacklist checks on the keys it is using,
> lest the UEFI blacklist cause the selftest to fail.
> 
> The patches can be found on the following branch:
> 
> 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
> 
> David
> ---
> David Howells (2):
>       certs: Move load_certificate_list() to be with the asymmetric keys code
>       certs: Add FIPS selftests
> 
> 
>  certs/Makefile                           |   4 +-
>  certs/blacklist.c                        |   8 +-
>  certs/common.c                           |  57 ------
>  certs/common.h                           |   9 -
>  certs/system_keyring.c                   |   6 +-
>  crypto/asymmetric_keys/Kconfig           |  10 +
>  crypto/asymmetric_keys/Makefile          |   2 +
>  crypto/asymmetric_keys/selftest.c        | 224 +++++++++++++++++++++++
>  crypto/asymmetric_keys/x509_loader.c     |  57 ++++++
>  crypto/asymmetric_keys/x509_parser.h     |   9 +
>  crypto/asymmetric_keys/x509_public_key.c |   8 +-
>  include/keys/asymmetric-type.h           |   3 +
>  12 files changed, 321 insertions(+), 76 deletions(-)
>  delete mode 100644 certs/common.c
>  delete mode 100644 certs/common.h
>  create mode 100644 crypto/asymmetric_keys/selftest.c
>  create mode 100644 crypto/asymmetric_keys/x509_loader.c
> 
> 

Reviewed-by: Simo Sorce <simo@xxxxxxxxxx>

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc







[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux