| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Jun 2022 17:12:41 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Roberto Sassu <roberto.sassu@...wei.com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
KP Singh <kpsingh@...nel.org>, bpf <bpf@...r.kernel.org>,
Network Development <netdev@...r.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 2/3] selftests/bpf: Add test_progs opts for sign-file
and kernel priv key + cert
On Wed, Jun 8, 2022 at 4:15 AM Roberto Sassu <roberto.sassu@...wei.com> wrote:
>
> According to the logs of the eBPF CI, built kernel and tests are copied to
> a virtual machine to run there.
>
> Since a test for a new helper to verify PKCS#7 signatures requires to sign
> data to be verified, extend test_progs to store in the test_env data
> structure (accessible by individual tests) the path of sign-file and of the
> kernel private key and cert.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> ---
> tools/testing/selftests/bpf/test_progs.c | 12 ++++++++++++
> tools/testing/selftests/bpf/test_progs.h | 3 +++
> 2 files changed, 15 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
> index c639f2e56fc5..90ce2c06a15e 100644
> --- a/tools/testing/selftests/bpf/test_progs.c
> +++ b/tools/testing/selftests/bpf/test_progs.c
> @@ -707,6 +707,8 @@ enum ARG_KEYS {
> ARG_TEST_NAME_GLOB_DENYLIST = 'd',
> ARG_NUM_WORKERS = 'j',
> ARG_DEBUG = -1,
> + ARG_SIGN_FILE = 'S',
> + ARG_KERNEL_PRIV_CERT = 'C',
> };
>
> static const struct argp_option opts[] = {
> @@ -732,6 +734,10 @@ static const struct argp_option opts[] = {
> "Number of workers to run in parallel, default to number of cpus." },
> { "debug", ARG_DEBUG, NULL, 0,
> "print extra debug information for test_progs." },
> + { "sign-file", ARG_SIGN_FILE, "PATH", 0,
> + "sign-file path " },
> + { "kernel-priv-cert", ARG_KERNEL_PRIV_CERT, "PATH", 0,
> + "kernel private key and cert path " },
> {},
> };
>
> @@ -862,6 +868,12 @@ static error_t parse_arg(int key, char *arg, struct argp_state *state)
> case ARG_DEBUG:
> env->debug = true;
> break;
> + case ARG_SIGN_FILE:
> + env->sign_file_path = arg;
> + break;
> + case ARG_KERNEL_PRIV_CERT:
> + env->kernel_priv_cert_path = arg;
> + break;
That's cumbersome approach to use to force CI and
users to pass these args on command line.
The test has to be self contained.
test_progs should execute it without any additional input.
For example by having test-only private/public key
that is used to sign and verify the signature.
Powered by blists - more mailing lists