* [PATCH testsuite] tests/keys: remove extraneous zero byte from the DH prime
@ 2023-01-09 21:18 Ondrej Mosnacek
2023-01-12 12:05 ` Ondrej Mosnacek
0 siblings, 1 reply; 2+ messages in thread
From: Ondrej Mosnacek @ 2023-01-09 21:18 UTC (permalink / raw
To: selinux
The extra zero byte at the beginning is unnecessary and not expected by
the kernel. While the generic DH implementation is able to deal with it,
at least one hardware driver implementation (intel_qat) rejects it.
Since the kernel's test vectors do not include one with zero bytes at
the beginning, assume that it's invalid and remove it from our prime
byte array.
While there also regroup the byte values by 8 instead of 10, so that it
is easy to verify that the size of the array is a multiple of 8 as
expected.
Verified on a machine with the Intel QAT accelerator, where the test was
failing before.
Fixes: 85832b99b430 ("tests/keys: use a longer prime in DH params")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
tests/keys/keys_common.h | 58 ++++++++++++++++++++++------------------
1 file changed, 32 insertions(+), 26 deletions(-)
diff --git a/tests/keys/keys_common.h b/tests/keys/keys_common.h
index 64385bf..c9a8ec6 100644
--- a/tests/keys/keys_common.h
+++ b/tests/keys/keys_common.h
@@ -13,32 +13,38 @@
/* dummy values - prime generated by `openssl dhparam -text -2 2048` */
static const unsigned char payload_prime[] = {
- 0x00, 0xad, 0xf4, 0x89, 0x34, 0x97, 0xf0, 0x98, 0x83, 0xb3,
- 0x99, 0x38, 0xb7, 0x35, 0xed, 0xf6, 0x81, 0xe8, 0xdd, 0x0f,
- 0x37, 0x50, 0x81, 0xbf, 0x06, 0x82, 0xe6, 0x0f, 0x39, 0x90,
- 0xd2, 0x8e, 0xc6, 0x69, 0xa4, 0x84, 0x79, 0xc9, 0x6a, 0x16,
- 0x1d, 0x6c, 0x5c, 0xf7, 0x5e, 0x74, 0x51, 0xef, 0x94, 0x33,
- 0x7c, 0x4a, 0x37, 0x26, 0x76, 0x20, 0x96, 0xf5, 0x54, 0xb7,
- 0x22, 0x09, 0xe4, 0xec, 0x35, 0x4c, 0x58, 0xf2, 0xf7, 0x27,
- 0x98, 0xb0, 0xc5, 0x66, 0x59, 0x00, 0x5a, 0xa5, 0x24, 0x2b,
- 0x5a, 0x27, 0x9e, 0xce, 0x28, 0x3d, 0x03, 0x97, 0x42, 0x8f,
- 0xd7, 0xc1, 0xcd, 0x93, 0x5c, 0xf0, 0x53, 0x66, 0xbf, 0x72,
- 0x29, 0xcd, 0xc3, 0xc9, 0x64, 0x85, 0xd4, 0xf6, 0x86, 0x5d,
- 0xb1, 0x99, 0xf6, 0x8c, 0xd7, 0xdf, 0xd0, 0x49, 0x7a, 0xd3,
- 0x5e, 0x17, 0xeb, 0xdf, 0xf3, 0xdf, 0xaa, 0x76, 0x2b, 0xa4,
- 0x43, 0xc8, 0xc6, 0xfd, 0xab, 0xf9, 0xf7, 0xb3, 0x21, 0x73,
- 0x06, 0xe7, 0x1f, 0x51, 0x1a, 0x51, 0x57, 0x15, 0xbe, 0x52,
- 0x26, 0xc9, 0x87, 0x24, 0x15, 0x4b, 0xf2, 0x39, 0x51, 0x92,
- 0xb9, 0xbe, 0xcf, 0xd3, 0xc6, 0xca, 0xdc, 0xbb, 0x5b, 0x1f,
- 0x60, 0x89, 0x96, 0x08, 0xf5, 0xe6, 0xa4, 0xb7, 0xf7, 0x72,
- 0x5d, 0xe2, 0x95, 0x04, 0x1c, 0x4a, 0xd6, 0x85, 0x18, 0x3b,
- 0xaf, 0x1a, 0x6a, 0xf3, 0x5a, 0xc1, 0x29, 0x47, 0x71, 0xe5,
- 0x39, 0x4d, 0x35, 0x31, 0xc6, 0xe9, 0x81, 0xc4, 0x90, 0xd1,
- 0x40, 0xf5, 0x08, 0x80, 0x6c, 0x91, 0x05, 0xcc, 0x24, 0x8d,
- 0x80, 0xc1, 0x7d, 0x27, 0xa2, 0xfd, 0x51, 0xfd, 0xc6, 0xd7,
- 0x11, 0x9d, 0x62, 0x89, 0xc3, 0x57, 0x71, 0xbf, 0x1a, 0x75,
- 0xaa, 0x6d, 0x37, 0x3f, 0xb1, 0x53, 0xf6, 0xa4, 0xa6, 0x6d,
- 0xd5, 0xbb, 0xc2, 0x9d, 0xb9, 0x31, 0xbf
+ 0xad, 0xf4, 0x89, 0x34, 0x97, 0xf0, 0x98, 0x83,
+ 0xb3, 0x99, 0x38, 0xb7, 0x35, 0xed, 0xf6, 0x81,
+ 0xe8, 0xdd, 0x0f, 0x37, 0x50, 0x81, 0xbf, 0x06,
+ 0x82, 0xe6, 0x0f, 0x39, 0x90, 0xd2, 0x8e, 0xc6,
+ 0x69, 0xa4, 0x84, 0x79, 0xc9, 0x6a, 0x16, 0x1d,
+ 0x6c, 0x5c, 0xf7, 0x5e, 0x74, 0x51, 0xef, 0x94,
+ 0x33, 0x7c, 0x4a, 0x37, 0x26, 0x76, 0x20, 0x96,
+ 0xf5, 0x54, 0xb7, 0x22, 0x09, 0xe4, 0xec, 0x35,
+ 0x4c, 0x58, 0xf2, 0xf7, 0x27, 0x98, 0xb0, 0xc5,
+ 0x66, 0x59, 0x00, 0x5a, 0xa5, 0x24, 0x2b, 0x5a,
+ 0x27, 0x9e, 0xce, 0x28, 0x3d, 0x03, 0x97, 0x42,
+ 0x8f, 0xd7, 0xc1, 0xcd, 0x93, 0x5c, 0xf0, 0x53,
+ 0x66, 0xbf, 0x72, 0x29, 0xcd, 0xc3, 0xc9, 0x64,
+ 0x85, 0xd4, 0xf6, 0x86, 0x5d, 0xb1, 0x99, 0xf6,
+ 0x8c, 0xd7, 0xdf, 0xd0, 0x49, 0x7a, 0xd3, 0x5e,
+ 0x17, 0xeb, 0xdf, 0xf3, 0xdf, 0xaa, 0x76, 0x2b,
+ 0xa4, 0x43, 0xc8, 0xc6, 0xfd, 0xab, 0xf9, 0xf7,
+ 0xb3, 0x21, 0x73, 0x06, 0xe7, 0x1f, 0x51, 0x1a,
+ 0x51, 0x57, 0x15, 0xbe, 0x52, 0x26, 0xc9, 0x87,
+ 0x24, 0x15, 0x4b, 0xf2, 0x39, 0x51, 0x92, 0xb9,
+ 0xbe, 0xcf, 0xd3, 0xc6, 0xca, 0xdc, 0xbb, 0x5b,
+ 0x1f, 0x60, 0x89, 0x96, 0x08, 0xf5, 0xe6, 0xa4,
+ 0xb7, 0xf7, 0x72, 0x5d, 0xe2, 0x95, 0x04, 0x1c,
+ 0x4a, 0xd6, 0x85, 0x18, 0x3b, 0xaf, 0x1a, 0x6a,
+ 0xf3, 0x5a, 0xc1, 0x29, 0x47, 0x71, 0xe5, 0x39,
+ 0x4d, 0x35, 0x31, 0xc6, 0xe9, 0x81, 0xc4, 0x90,
+ 0xd1, 0x40, 0xf5, 0x08, 0x80, 0x6c, 0x91, 0x05,
+ 0xcc, 0x24, 0x8d, 0x80, 0xc1, 0x7d, 0x27, 0xa2,
+ 0xfd, 0x51, 0xfd, 0xc6, 0xd7, 0x11, 0x9d, 0x62,
+ 0x89, 0xc3, 0x57, 0x71, 0xbf, 0x1a, 0x75, 0xaa,
+ 0x6d, 0x37, 0x3f, 0xb1, 0x53, 0xf6, 0xa4, 0xa6,
+ 0x6d, 0xd5, 0xbb, 0xc2, 0x9d, 0xb9, 0x31, 0xbf,
};
static const unsigned char payload_base[] = { 0x02 };
static const unsigned char payload_private[] = { 42 };
--
2.39.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH testsuite] tests/keys: remove extraneous zero byte from the DH prime
2023-01-09 21:18 [PATCH testsuite] tests/keys: remove extraneous zero byte from the DH prime Ondrej Mosnacek
@ 2023-01-12 12:05 ` Ondrej Mosnacek
0 siblings, 0 replies; 2+ messages in thread
From: Ondrej Mosnacek @ 2023-01-12 12:05 UTC (permalink / raw
To: selinux
On Mon, Jan 9, 2023 at 10:18 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> The extra zero byte at the beginning is unnecessary and not expected by
> the kernel. While the generic DH implementation is able to deal with it,
> at least one hardware driver implementation (intel_qat) rejects it.
> Since the kernel's test vectors do not include one with zero bytes at
> the beginning, assume that it's invalid and remove it from our prime
> byte array.
>
> While there also regroup the byte values by 8 instead of 10, so that it
> is easy to verify that the size of the array is a multiple of 8 as
> expected.
>
> Verified on a machine with the Intel QAT accelerator, where the test was
> failing before.
>
> Fixes: 85832b99b430 ("tests/keys: use a longer prime in DH params")
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Applied:
https://github.com/SELinuxProject/selinux-testsuite/commit/5dda1f3f2dc2274a13e423dcb20292129b6633d5
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-01-12 12:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-09 21:18 [PATCH testsuite] tests/keys: remove extraneous zero byte from the DH prime Ondrej Mosnacek
2023-01-12 12:05 ` Ondrej Mosnacek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.