[PATCH testsuite 0/2] Make the keys test pass in FIPS mode

[PATCH testsuite 0/2] Make the keys test pass in FIPS mode

[Ondrej Mosnacek]

...and also fix Makefile deps for this subtest while there.

Ondrej Mosnacek (2):
  tests/keys: use a longer prime in DH params
  tests/keys: fix Makefile dependencies

 tests/keys/Makefile      |  2 ++
 tests/keys/keys_common.h | 48 ++++++++++++++++++++++------------------
 2 files changed, 29 insertions(+), 21 deletions(-)

-- 
2.36.1

[PATCH testsuite 1/2] tests/keys: use a longer prime in DH params

[Ondrej Mosnacek]

In FIPS mode the kernel rejects DH params with prime size < 2048 bits,
so use a 2048-bit prime so that the subtest can pass in FIPS mode.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 tests/keys/keys_common.h | 48 ++++++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 21 deletions(-)

diff --git a/tests/keys/keys_common.h b/tests/keys/keys_common.h
index 55cc4eb..64385bf 100644
--- a/tests/keys/keys_common.h
+++ b/tests/keys/keys_common.h
@@ -11,28 +11,34 @@
 #include <selinux/selinux.h>
 #include <selinux/context.h>
 
-/* dummy values - the prime was genearted using `openssl dhparam -C` */
+/* dummy values - prime generated by `openssl dhparam -text -2 2048` */
 static const unsigned char payload_prime[] = {
-	0x96, 0xC1, 0xFA, 0xA4, 0xD4, 0xAB, 0xD6, 0x6D, 0x6F, 0x99,
-	0x3A, 0xCC, 0xD4, 0x74, 0x71, 0xE9, 0x5B, 0x77, 0xA4, 0x5E,
-	0x68, 0x81, 0x04, 0x83, 0xE4, 0x92, 0x3C, 0xDD, 0x4B, 0xCA,
-	0x16, 0x83, 0xB4, 0x5B, 0x1A, 0x0A, 0x80, 0xA3, 0xFA, 0xCD,
-	0x24, 0xA5, 0xFF, 0x46, 0x49, 0x86, 0x7B, 0x42, 0xDC, 0x39,
-	0x20, 0x2A, 0x6A, 0x86, 0x17, 0x12, 0x95, 0x3F, 0x13, 0xAD,
-	0x5E, 0x98, 0x67, 0xAE, 0xA2, 0xA5, 0x78, 0x9D, 0x6D, 0x7D,
-	0x78, 0xF6, 0xB2, 0x85, 0x7A, 0xA4, 0xB2, 0xC1, 0x96, 0x03,
-	0x09, 0x15, 0x66, 0xBE, 0xFD, 0xA6, 0x63, 0xEA, 0xF6, 0xC4,
-	0x61, 0x1A, 0x78, 0x9E, 0x9C, 0x82, 0x53, 0x8A, 0xCF, 0x07,
-	0x90, 0x89, 0xE5, 0x28, 0x4A, 0x53, 0x77, 0x92, 0x72, 0xCB,
-	0xBD, 0x17, 0x51, 0xE9, 0xC6, 0x34, 0xC4, 0xC9, 0x9A, 0x6A,
-	0xFE, 0x55, 0x58, 0xD6, 0x7D, 0x3F, 0x67, 0xCD, 0xAF, 0x5C,
-	0xCB, 0x46, 0x9B, 0xD1, 0x25, 0x43, 0x80, 0xE0, 0xA6, 0x80,
-	0x1A, 0x15, 0xE6, 0xC6, 0x24, 0xB5, 0x8F, 0xC1, 0xA5, 0xAF,
-	0x23, 0xCD, 0xA9, 0x21, 0x1E, 0x1E, 0xA1, 0x6A, 0xC9, 0xA7,
-	0x17, 0xE9, 0xF5, 0x00, 0x94, 0x84, 0x7B, 0xF2, 0xD8, 0x28,
-	0xE2, 0x8A, 0xC5, 0x58, 0x34, 0xE8, 0xCE, 0xFD, 0x72, 0xA4,
-	0xC7, 0xEB, 0x93, 0x87, 0xC7, 0x54, 0x3D, 0x23, 0x75, 0x77,
-	0x50, 0x73
+	0x00, 0xad, 0xf4, 0x89, 0x34, 0x97, 0xf0, 0x98, 0x83, 0xb3,
+	0x99, 0x38, 0xb7, 0x35, 0xed, 0xf6, 0x81, 0xe8, 0xdd, 0x0f,
+	0x37, 0x50, 0x81, 0xbf, 0x06, 0x82, 0xe6, 0x0f, 0x39, 0x90,
+	0xd2, 0x8e, 0xc6, 0x69, 0xa4, 0x84, 0x79, 0xc9, 0x6a, 0x16,
+	0x1d, 0x6c, 0x5c, 0xf7, 0x5e, 0x74, 0x51, 0xef, 0x94, 0x33,
+	0x7c, 0x4a, 0x37, 0x26, 0x76, 0x20, 0x96, 0xf5, 0x54, 0xb7,
+	0x22, 0x09, 0xe4, 0xec, 0x35, 0x4c, 0x58, 0xf2, 0xf7, 0x27,
+	0x98, 0xb0, 0xc5, 0x66, 0x59, 0x00, 0x5a, 0xa5, 0x24, 0x2b,
+	0x5a, 0x27, 0x9e, 0xce, 0x28, 0x3d, 0x03, 0x97, 0x42, 0x8f,
+	0xd7, 0xc1, 0xcd, 0x93, 0x5c, 0xf0, 0x53, 0x66, 0xbf, 0x72,
+	0x29, 0xcd, 0xc3, 0xc9, 0x64, 0x85, 0xd4, 0xf6, 0x86, 0x5d,
+	0xb1, 0x99, 0xf6, 0x8c, 0xd7, 0xdf, 0xd0, 0x49, 0x7a, 0xd3,
+	0x5e, 0x17, 0xeb, 0xdf, 0xf3, 0xdf, 0xaa, 0x76, 0x2b, 0xa4,
+	0x43, 0xc8, 0xc6, 0xfd, 0xab, 0xf9, 0xf7, 0xb3, 0x21, 0x73,
+	0x06, 0xe7, 0x1f, 0x51, 0x1a, 0x51, 0x57, 0x15, 0xbe, 0x52,
+	0x26, 0xc9, 0x87, 0x24, 0x15, 0x4b, 0xf2, 0x39, 0x51, 0x92,
+	0xb9, 0xbe, 0xcf, 0xd3, 0xc6, 0xca, 0xdc, 0xbb, 0x5b, 0x1f,
+	0x60, 0x89, 0x96, 0x08, 0xf5, 0xe6, 0xa4, 0xb7, 0xf7, 0x72,
+	0x5d, 0xe2, 0x95, 0x04, 0x1c, 0x4a, 0xd6, 0x85, 0x18, 0x3b,
+	0xaf, 0x1a, 0x6a, 0xf3, 0x5a, 0xc1, 0x29, 0x47, 0x71, 0xe5,
+	0x39, 0x4d, 0x35, 0x31, 0xc6, 0xe9, 0x81, 0xc4, 0x90, 0xd1,
+	0x40, 0xf5, 0x08, 0x80, 0x6c, 0x91, 0x05, 0xcc, 0x24, 0x8d,
+	0x80, 0xc1, 0x7d, 0x27, 0xa2, 0xfd, 0x51, 0xfd, 0xc6, 0xd7,
+	0x11, 0x9d, 0x62, 0x89, 0xc3, 0x57, 0x71, 0xbf, 0x1a, 0x75,
+	0xaa, 0x6d, 0x37, 0x3f, 0xb1, 0x53, 0xf6, 0xa4, 0xa6, 0x6d,
+	0xd5, 0xbb, 0xc2, 0x9d, 0xb9, 0x31, 0xbf
 };
 static const unsigned char payload_base[] = { 0x02 };
 static const unsigned char payload_private[] = { 42 };
-- 
2.36.1

[PATCH testsuite 2/2] tests/keys: fix Makefile dependencies

[Ondrej Mosnacek]

The tools need to be rebuild when the common header file changes.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 tests/keys/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/keys/Makefile b/tests/keys/Makefile
index d3793db..d9f36ff 100644
--- a/tests/keys/Makefile
+++ b/tests/keys/Makefile
@@ -1,6 +1,8 @@
 TARGETS = keyctl keyctl_relabel keyring_service request_keys
 LDLIBS += -lselinux -lkeyutils
 
+$(TARGETS): keys_common.h
+
 all: $(TARGETS)
 
 clean:
-- 
2.36.1

Re: [PATCH testsuite 0/2] Make the keys test pass in FIPS mode

[Ondrej Mosnacek]

On Tue, Jun 28, 2022 at 12:01 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> ...and also fix Makefile deps for this subtest while there.
>
> Ondrej Mosnacek (2):
>   tests/keys: use a longer prime in DH params
>   tests/keys: fix Makefile dependencies
>
>  tests/keys/Makefile      |  2 ++
>  tests/keys/keys_common.h | 48 ++++++++++++++++++++++------------------
>  2 files changed, 29 insertions(+), 21 deletions(-)
>
> --
> 2.36.1
>

Merged:
https://github.com/SELinuxProject/selinux-testsuite/commit/85832b99b430c48694eb7386a5a1e5957df44416
https://github.com/SELinuxProject/selinux-testsuite/commit/a3becc4a9701784d4d4f7e2d0e1c2296a16dc11e

-- 
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.