[PATCH 12/15] test: py: add signature to TLV integration tests

Jonas Rebmann jre at pengutronix.de
Wed Oct 22 05:28:54 PDT 2025 

Hi,

On 2025-10-22 12:11, Ahmad Fatoum wrote:
> 
> 
> On 10/22/25 12:04 PM, Ahmad Fatoum wrote:
>> Hi,
>>
>> On 10/14/25 1:03 PM, Jonas Rebmann wrote:
>>> Add TLV signature to TLV integration tests:
>>>   - Signed TLV using development RSA key
>>>   - Modify payload and fix CRC for a "tampered" tlv
>>>   - Include both cases in generator and tlv-command tests.
>>>
>>> Use the keys selected by CRYPTO_BUILTIN_DEVELOPMENT_KEYS for all TLV
>>> testing. Consequentially add the matching private keys from the public
>>> repository at [1].
>>>
>>> [1]: https://git.pengutronix.de/cgit/ptx-code-signing-dev/
>>>
>>> Signed-off-by: Jonas Rebmann <jre at pengutronix.de>
>>> ---
>>>   crypto/fit-4096-development.key  |  51 ++++++++++
>>>   crypto/fit-ecdsa-development.key |   5 +
>>
>> Move this into test/?
> 
> Ah, I see the *.crt files are already in crypto...
> Can't you concatenate the *.key and *.crt files into a single pem file?
> 
> That's what we do for test/self/development_rsa2048.pem and it works
> there. Removes clutter a bit.

I'd prefer not to. I suppose our tooling supports this, users that
utilize CRYPTO_BUILTIN_DEVELOPMENT_KEYS for testing may not; and they
should not have to pick apart private and public key again.

I'd consider concatenating them most of the time not the best practice.
You'll have a file of which `file` tells you it's an "OpenSSH public
key", but if you open it and then scroll down, you realize it's a
private key.

Yes this particular private key is all but private but lets not endorse
this practice.

Keeping them separates also makes it visible where we use the private
key: We need it when creating the signed TLVs in test/py/test_tlv.py and
only there.

Regards,
Jonas

-- 
Pengutronix e.K.                           | Jonas Rebmann               |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-9    |

More information about the barebox mailing list