Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1499479iog;
        Tue, 14 Jun 2022 07:17:39 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw2de3wH3g0+FfiXVp5A+eYmAhbfQZTkta3kZ5bqu4eNfy6i4h8fbRINO2QbDCGaZX6Xo0m
X-Received: by 2002:a17:907:7b95:b0:6f4:ff03:981a with SMTP id ne21-20020a1709077b9500b006f4ff03981amr4500202ejc.653.1655216259704;
        Tue, 14 Jun 2022 07:17:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1655216259; cv=none;
        d=google.com; s=arc-20160816;
        b=MhFYQ45NAbCAdxIGaunWyPQ8Ikp06YvRDKUFtjRAB1R/r3QA6eRmCzqVHSVxfnq6pG
         +koXYNb8hgtPvIC1wftFbLsu84ciJCEDscjK4QFm6FVs/LxOUx++49zG6PDvcL1mR/g0
         ezCpZDn7kjzx/kXHnBuz+yJIHkEh1GsMAjuPoRcBgbsW+ddnPa1jpoNcdqg53xNRV1qZ
         +g6STsEXJzrXQG24v6IOvEofT5VsHAwNiRABNkwUCIc/mDhGMy1Y5KQBiM4baIZ/d2MZ
         JCxmlVgVYCqxAQvtT2wESMI2ABGwHdk3SqXjQwgF8/T3TNGbrQGecgsViyS/wNEQEXNd
         M5yA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent
         :content-transfer-encoding:organization:references:in-reply-to:date
         :cc:to:from:subject:message-id:dkim-signature;
        bh=JctC2m2+QZN18u2MNb2HvFmHLpXv366LEOSyUu6TasQ=;
        b=tXv5gR5EhdBImgpBXk7y/O8LzxGh2/t7hO9lt6DI/vMCyRh8Hm4lWxjUgYh1MFfaFo
         yHgIeEwddipMyx8GfCJhkm/JJeTS6FzGYnj4SwaQT2LCwuWHeo9ycQG4bOMA64eWRpvx
         1KwJ0udcRqG5oWhBV9qrpravUSM2hfNEP1d8TcPgdNDon5NbEF3NXd/pRQeD+DQIe4my
         fEg4VeIGXua+ZUsBVfkVkpdKksuHk+O1HHtqpf9OjWLIkE3fgSZQIXTNS8zWGhhnSWF+
         8U4Sao+Sg19EZmHbzAexd2FJGsCvtOFzM15tC/7GrBroJFrXClsVR3YxQosxBl9ef3AH
         OXcw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=iDnpfzdK;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id 25-20020a170906015900b006feb4cd0e22si9924870ejh.331.2022.06.14.07.17.13;
        Tue, 14 Jun 2022 07:17:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=iDnpfzdK;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239770AbiFNOPk (ORCPT <rfc822;benevolent.opressor@gmail.com>
        + 99 others); Tue, 14 Jun 2022 10:15:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58828 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242601AbiFNOPj (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 14 Jun 2022 10:15:39 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9AA9633A0A
        for <linux-crypto@vger.kernel.org>; Tue, 14 Jun 2022 07:15:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1655216135;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=JctC2m2+QZN18u2MNb2HvFmHLpXv366LEOSyUu6TasQ=;
        b=iDnpfzdKKza6TuZmcvl+vbofoPO7jDrSkkz7OdC8+TPKF9DR8BL3KseY8nqTMPGuFn9O2h
        6DZ9KPeUG5NQWnBHQaCI+YJ7puia/mzwaJRfCSIrT+Xwyh4VTvPZOSGQJARQRJ5CM5TkWk
        c9SHn7ojEpCT2axlHqkg6JSovCbIegs=
Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com
 [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-317-W1nI5BIIM06fc2d3Bl9xgg-1; Tue, 14 Jun 2022 10:15:34 -0400
X-MC-Unique: W1nI5BIIM06fc2d3Bl9xgg-1
Received: by mail-qv1-f70.google.com with SMTP id kj4-20020a056214528400b0044399a9bb4cso5996402qvb.15
        for <linux-crypto@vger.kernel.org>; Tue, 14 Jun 2022 07:15:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
         :references:organization:content-transfer-encoding:user-agent
         :mime-version;
        bh=JctC2m2+QZN18u2MNb2HvFmHLpXv366LEOSyUu6TasQ=;
        b=Cso4Mi3SPvIYH1aJLnFLfuqe/zts/zXSJJKlOmxArjt6AWYHsG0e/kp4J3vNxWwo5u
         7yiQ9cp7vEbZmrUcgxex79hsO1s7OLaQQvG0EHB6q+YD4+5Qm+2tYH2wM4z0diDOw5UO
         2ON3LW0AieCYNylrnQbxTf7/6T6Lia97kRydzttRzwRpKJaPf0QuPN7BLwDEBlvSZ1n9
         52I706pC0Ytqty7wZR8T9e0igHr3kHaHSeJ/WldFP7EYzVc8S4QNMRrG+61KDkxmCPkp
         CxhNMqRiAPyypQq+EU/7Nmt0FBmSHXCDK5Cad3/yhTVB1nhWUqZGZQHiwM+4HiTcfBtV
         Dm2g==
X-Gm-Message-State: AJIora+LgD8gk5fmBpzJJ3b+RC4Gr8k4cFKuhhYm1/Z29F2OsoQ58WNq
        3gEvM0UWzby7RfZHuUDzvne5QICubpxVIxW3HjfaUjmTyPmafxYiA7wVAEtLxSxaY+aMUP/BI17
        LWjd5b+dere4E8DJGt1gQapj5
X-Received: by 2002:ad4:5c4a:0:b0:464:5920:7c1a with SMTP id a10-20020ad45c4a000000b0046459207c1amr3579679qva.58.1655216133915;
        Tue, 14 Jun 2022 07:15:33 -0700 (PDT)
X-Received: by 2002:ad4:5c4a:0:b0:464:5920:7c1a with SMTP id a10-20020ad45c4a000000b0046459207c1amr3579632qva.58.1655216133401;
        Tue, 14 Jun 2022 07:15:33 -0700 (PDT)
Received: from m8.users.ipa.redhat.com ([93.56.163.49])
        by smtp.gmail.com with ESMTPSA id h20-20020a05620a245400b006a32bf19502sm9394754qkn.60.2022.06.14.07.15.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Jun 2022 07:15:32 -0700 (PDT)
Message-ID: <831c7380f7d89fd8fb3a3043cf3b3d01001ae0be.camel@redhat.com>
Subject: Re: [PATCH 0/2] certs: Add FIPS self-test for signature verification
From:   Simo Sorce <simo@redhat.com>
To:     David Howells <dhowells@redhat.com>,
        Herbert Xu <herbert@gondor.apana.org.au>
Cc:     Jarkko Sakkinen <jarkko@kernel.org>, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Date:   Tue, 14 Jun 2022 10:15:24 -0400
In-Reply-To: <165515741424.1554877.9363755381201121213.stgit@warthog.procyon.org.uk>
References: <165515741424.1554877.9363755381201121213.stgit@warthog.procyon.org.uk>
Organization: Red Hat
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.44.2 (3.44.2-1.fc36) 
MIME-Version: 1.0
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Mon, 2022-06-13 at 22:56 +0100, David Howells wrote:
> Hi Herbert,
>=20
> If you could look over this pair of patches?  The second patch adds a sim=
ple
> selftest to allow the signature verification code so that it can be FIPS
> compliant.  The first moves load_certificate_list() to the asymmetric key=
 code
> to make this easier and renames it.
>=20
> I generated the test data myself, but I'm open to using some standard tes=
t
> data if you know of some; we don't want too much, however, as it's
> incompressible.  Also, it has avoid blacklist checks on the keys it is us=
ing,
> lest the UEFI blacklist cause the selftest to fail.
>=20
> The patches can be found on the following branch:
>=20
> 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/lo=
g/?h=3Dkeys-fixes
>=20
> David
> ---
> David Howells (2):
>       certs: Move load_certificate_list() to be with the asymmetric keys =
code
>       certs: Add FIPS selftests
>=20
>=20
>  certs/Makefile                           |   4 +-
>  certs/blacklist.c                        |   8 +-
>  certs/common.c                           |  57 ------
>  certs/common.h                           |   9 -
>  certs/system_keyring.c                   |   6 +-
>  crypto/asymmetric_keys/Kconfig           |  10 +
>  crypto/asymmetric_keys/Makefile          |   2 +
>  crypto/asymmetric_keys/selftest.c        | 224 +++++++++++++++++++++++
>  crypto/asymmetric_keys/x509_loader.c     |  57 ++++++
>  crypto/asymmetric_keys/x509_parser.h     |   9 +
>  crypto/asymmetric_keys/x509_public_key.c |   8 +-
>  include/keys/asymmetric-type.h           |   3 +
>  12 files changed, 321 insertions(+), 76 deletions(-)
>  delete mode 100644 certs/common.c
>  delete mode 100644 certs/common.h
>  create mode 100644 crypto/asymmetric_keys/selftest.c
>  create mode 100644 crypto/asymmetric_keys/x509_loader.c
>=20
>=20

Reviewed-by: Simo Sorce <simo@redhat.com>

--=20
Simo Sorce
RHEL Crypto Team
Red Hat, Inc