From: Mimi Zohar <zohar@linux.ibm.com>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org
Cc: Stefan Berger <stefanb@linux.ibm.com>
Subject: Re: [PATCH v2 7/8] tests: Extend sign_verify test with pkcs11-specific test
Date: Fri, 03 Sep 2021 15:11:26 -0400 [thread overview]
Message-ID: <7a53fd3b1011c0a023ecbf8267db72d219442a53.camel@linux.ibm.com> (raw)
In-Reply-To: <20210810134557.2444863-8-stefanb@linux.vnet.ibm.com>
Hi Stefan,
On Tue, 2021-08-10 at 09:45 -0400, Stefan Berger wrote:
> From: Stefan Berger <stefanb@linux.ibm.com>
>
> Extend the sign_verify test with a pkcs11-specific test.
> Import softhsm_setup script from my swtpm project and contribute
> it to this porject under dual license BSD 3-clause and GLP 2.0.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Up to here, the patches were nicely split up. Just from reading the
patch description, this patch needs to be split up.
> ---
> tests/functions.sh | 26 ++++
> tests/sign_verify.test | 50 +++++--
> tests/softhsm_setup | 290 +++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 352 insertions(+), 14 deletions(-)
> create mode 100755 tests/softhsm_setup
>
> diff --git a/tests/functions.sh b/tests/functions.sh
> index 91cd5d9..cbb7ea4 100755
> --- a/tests/functions.sh
> +++ b/tests/functions.sh
> @@ -272,3 +272,29 @@ _report_exit() {
> fi
> }
>
> +_at_exit() {
> + _report_exit
> + if [ -n "${WORKDIR}" ]; then
> + rm -f "${WORKDIR}"
> + fi
> +}
> +
It would be nice to have a function comment here.
> +_softhsm_setup() {
> + local workdir="$1"
> +
${WORKDIR} is being passed as a parameter. Why is a local environment
variable needed?
> + local msg
> +
> + export SOFTHSM_SETUP_CONFIGDIR="${workdir}"
> + export SOFTHSM2_CONF="${workdir}/softhsm2.conf"
> +
> + msg=$(./softhsm_setup setup 2>&1)
> + if [ $? -eq 0 ]; then
> + echo "softhsm_setup setup succeeded: $msg"
> + PKCS11_KEYURI=$(echo $msg | sed -n 's|^keyuri: \(.*\)|\1|p')
> +
> + export OPENSSL_ENGINE="-engine pkcs11"
> + export OPENSSL_KEYFORM="-keyform engine"
> + else
> + echo "softhsm_setup setup failed: ${msg}"
> + fi
Should there be a test checking that softhsm_setup is installed before
using it? If it's not installed, then the test is "skipped".
> +}
> diff --git a/tests/sign_verify.test b/tests/sign_verify.test
> index 3b42eec..369765e 100755
> --- a/tests/sign_verify.test
> +++ b/tests/sign_verify.test
> @@ -28,7 +28,8 @@ fi
>
> ./gen-keys.sh >/dev/null 2>&1
>
> -trap _report_exit EXIT
> +trap _at_exit EXIT
> +WORKDIR=$(mktemp -d)
> set -f # disable globbing
>
> # Determine keyid from a cert
> @@ -132,11 +133,16 @@ check_sign() {
> # OPTS (additional options for evmctl),
> # FILE (working file to sign).
> local "$@"
> - local KEY=${KEY%.*}.key
> + local key verifykey
Agreed, don't modify the global variable, use a local one. Making this
a separate patch, would simplify review.
thanks,
Mimi
next prev parent reply other threads:[~2021-09-03 19:11 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-10 13:45 [PATCH v2 0/8] ima-evm-utils: Add support for signing with pkcs11 URIs Stefan Berger
2021-08-10 13:45 ` [PATCH v2 1/8] evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable Stefan Berger
2021-08-27 21:37 ` Mimi Zohar
2021-09-04 10:21 ` Vitaly Chikunov
2021-08-10 13:45 ` [PATCH v2 2/8] evmctl: Handle engine initialization properly Stefan Berger
2021-09-03 12:55 ` Mimi Zohar
2021-08-10 13:45 ` [PATCH v2 3/8] evmctl: Move code setting up engine to own funtion Stefan Berger
2021-09-03 12:55 ` Mimi Zohar
2021-08-10 13:45 ` [PATCH v2 4/8] evmctl: Extend libimaevm_params with ENGINE field and use it Stefan Berger
2021-09-03 12:55 ` Mimi Zohar
2021-08-10 13:45 ` [PATCH v2 5/8] evmctl: Setup the pkcs11 engine if key has pkcs11: prefix Stefan Berger
2021-09-03 12:55 ` Mimi Zohar
2021-08-10 13:45 ` [PATCH v2 6/8] libimaevm: Add support for pkcs11 private keys for signing a v2 hash Stefan Berger
2021-09-03 12:55 ` Mimi Zohar
2021-08-10 13:45 ` [PATCH v2 7/8] tests: Extend sign_verify test with pkcs11-specific test Stefan Berger
2021-09-03 19:11 ` Mimi Zohar [this message]
2021-09-03 19:30 ` Stefan Berger
2021-08-10 13:45 ` [PATCH v2 8/8] tests: Get the packages for pkcs11 testing on the CI/CD system Stefan Berger
2021-09-03 19:17 ` Mimi Zohar
2021-09-03 20:27 ` Stefan Berger
2021-09-03 12:54 ` [PATCH v2 0/8] ima-evm-utils: Add support for signing with pkcs11 URIs Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7a53fd3b1011c0a023ecbf8267db72d219442a53.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=stefanb@linux.ibm.com \
--cc=stefanb@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox