Hi, On 10/22/25 2:28 PM, Jonas Rebmann wrote: > Hi, > > On 2025-10-22 12:11, Ahmad Fatoum wrote: >> >> >> On 10/22/25 12:04 PM, Ahmad Fatoum wrote: >>> Hi, >>> >>> On 10/14/25 1:03 PM, Jonas Rebmann wrote: >>>> Add TLV signature to TLV integration tests: >>>> - Signed TLV using development RSA key >>>> - Modify payload and fix CRC for a "tampered" tlv >>>> - Include both cases in generator and tlv-command tests. >>>> >>>> Use the keys selected by CRYPTO_BUILTIN_DEVELOPMENT_KEYS for all TLV >>>> testing. Consequentially add the matching private keys from the public >>>> repository at [1]. >>>> >>>> [1]: https://git.pengutronix.de/cgit/ptx-code-signing-dev/ >>>> >>>> Signed-off-by: Jonas Rebmann <[email protected]> >>>> --- >>>> crypto/fit-4096-development.key | 51 ++++++++++ >>>> crypto/fit-ecdsa-development.key | 5 + >>> >>> Move this into test/? >> >> Ah, I see the *.crt files are already in crypto... >> Can't you concatenate the *.key and *.crt files into a single pem file? >> >> That's what we do for test/self/development_rsa2048.pem and it works >> there. Removes clutter a bit. > > I'd prefer not to. I suppose our tooling supports this, users that > utilize CRYPTO_BUILTIN_DEVELOPMENT_KEYS for testing may not; and they > should not have to pick apart private and public key again.
Which users? These keys are for barebox-internal consumption. > I'd consider concatenating them most of the time not the best practice. > You'll have a file of which `file` tells you it's an "OpenSSH public > key", but if you open it and then scroll down, you realize it's a > private key. > > Yes this particular private key is all but private but lets not endorse > this practice. I don't buy this argument. > Keeping them separates also makes it visible where we use the private > key: We need it when creating the signed TLVs in test/py/test_tlv.py and > only there. The private key we already have in tree are piggy backing on the public key. I think we should do the same here as well. Cheers, Ahmad > > Regards, > Jonas > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
