keyutils: Add more kernel configuration needed by the test suite, ...

and document a known failure due to the removal of SHA1 with RSA signed certificate from the kernel.
2025-01-24 06:52:14 +08:00 · 2024-02-05 19:04:26 +08:00 · 2024-02-05 19:04:26 +08:00 · b27871069a
commit b27871069a
parent cb94e8a48e
3 changed files with 23 additions and 1 deletions
--- a/general/genlib/keyutils-test-kernel.xml
+++ b/general/genlib/keyutils-test-kernel.xml
@ -9,6 +9,14 @@
  [*]   <emphasis role='blue'>D</emphasis>iffie-Hellman operations on retained keys           [KEY_DH_OPERATIONS]

 -*- <emphasis role='blue'>C</emphasis>ryptographic API ---&gt;                                              [CRYPTO]
+  <emphasis role='blue'>P</emphasis>ublic-key cryptography ---&gt;
+    &lt;*/M&gt; <emphasis role='blue'>R</emphasis>SA (Rivest-Shamir-Adleman)                               [CRYPTO_RSA]
+  [*] <emphasis role='blue'>A</emphasis>symmetric (public-key cryptographic) key type ---&gt;  [ASYMMETRIC_KEY_TYPE]
+    &lt;*&gt; <emphasis role='blue'>A</emphasis>symmetric public-key crypto algorithm subtype
+                                            ...  [ASYMMETRIC_PUBLIC_KEY_SUBTYPE]
+    # If not built into the kernel, [SYSTEM_TRUSTED_KEYRING] won't show up;
+    # building as a module won't work:
+    &lt;*&gt;   <emphasis role='blue'>X</emphasis>.509 certificate parser                     [X509_CERTIFICATE_PARSER]
  <emphasis role='blue'>C</emphasis>ertificates for signature checking ---&gt;
    [*] <emphasis role='blue'>P</emphasis>rovide system-wide ring of trusted keys        [SYSTEM_TRUSTED_KEYRING]
    [*]   <emphasis role='blue'>P</emphasis>rovide a keyring to which extra trustable keys may be added
--- a/general/genlib/keyutils.xml
+++ b/general/genlib/keyutils.xml
@ -118,7 +118,11 @@
    <para>
      If <xref linkend='lsb-tools'/> is not installed, the test suite will
      output some lines complaining the <command>lsb_release</command>
-      command not available but it won't affect the test result.
+      command not available but it won't affect the test result.  One test
+      named <literal>TRY ADDING ASYMMETRIC KEYS</literal> is known to fail
+      due to the removal of the support for SHA1 with RSA signature
+      algorithm from Linux kernel version 6.7 <!-- commit 16ab7cb5825f -->
+      or newer.
    </para>

  </sect2>
--- a/kernel-config/general/genlib/keyutils-test.toml
+++ b/kernel-config/general/genlib/keyutils-test.toml
@ -5,6 +5,16 @@ CRYPTO = { value = '*', forced = '*' }
 SYSTEM_TRUSTED_KEYRING='*'
 SECONDARY_TRUSTED_KEYRING='*'
 SYSTEM_BLACKLIST_KEYRING='*'
+ASYMMETRIC_KEY_TYPE='*'
+ASYMMETRIC_PUBLIC_KEY_SUBTYPE='*'
+CRYPTO_RSA='*M'
+
+[X509_CERTIFICATE_PARSER]
+value = '*'
+comment = [
+  "If not built into the kernel, [SYSTEM_TRUSTED_KEYRING] won't show up;",
+  "building as a module won't work"
+]

 [CRYPTO_LIB_CHACHA20POLY1305]
 value = '*'