Hi,
On 2025-10-22 12:11, Ahmad Fatoum wrote:
On 10/22/25 12:04 PM, Ahmad Fatoum wrote:
Hi,
On 10/14/25 1:03 PM, Jonas Rebmann wrote:
Add TLV signature to TLV integration tests:
- Signed TLV using development RSA key
- Modify payload and fix CRC for a "tampered" tlv
- Include both cases in generator and tlv-command tests.
Use the keys selected by CRYPTO_BUILTIN_DEVELOPMENT_KEYS for all TLV
testing. Consequentially add the matching private keys from the public
repository at [1].
[1]: https://git.pengutronix.de/cgit/ptx-code-signing-dev/
Signed-off-by: Jonas Rebmann <[email protected]>
---
crypto/fit-4096-development.key | 51 ++++++++++
crypto/fit-ecdsa-development.key | 5 +
Move this into test/?
Ah, I see the *.crt files are already in crypto...
Can't you concatenate the *.key and *.crt files into a single pem file?
That's what we do for test/self/development_rsa2048.pem and it works
there. Removes clutter a bit.
I'd prefer not to. I suppose our tooling supports this, users that
utilize CRYPTO_BUILTIN_DEVELOPMENT_KEYS for testing may not; and they
should not have to pick apart private and public key again.
I'd consider concatenating them most of the time not the best practice.
You'll have a file of which `file` tells you it's an "OpenSSH public
key", but if you open it and then scroll down, you realize it's a
private key.
Yes this particular private key is all but private but lets not endorse
this practice.
Keeping them separates also makes it visible where we use the private
key: We need it when creating the signed TLVs in test/py/test_tlv.py and
only there.
Regards,
Jonas
--
Pengutronix e.K. | Jonas Rebmann |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |
