Test that encrypted keys can be instantiated using both user-provided decrypted data (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@xxxxxxxxxx/), or kernel-generated numbers. Signed-off-by: Yael Tiomkin <yaelt@xxxxxxxxxx> --- testcases/kernel/syscalls/keyctl/keyctl09.c | 50 +++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c new file mode 100644 index 000000000..4589ef367 --- /dev/null +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) 2021 Google, Inc. + */ + +/* + * Description: This tests that encrypted keys can be instantiated using + * user-provided decrypted data (plaintext), and separately, using + * kernel-generated key material. + */ + +#include <errno.h> +#include <stdint.h> + +#include "tst_test.h" +#include "lapi/keyctl.h" + +static void do_test(void) +{ + key_serial_t masterkey; + key_serial_t encryptedkey1; + key_serial_t encryptedkey2; + char buffer[128]; + + masterkey = add_key("user", "user:masterkey", "foo", 3, KEY_SPEC_PROCESS_KEYRING); + if (masterkey == -1) + tst_brk(TBROK | TERRNO, "Failed to add user key"); + + encryptedkey1 = add_key("encrypted", "ltptestkey1", "new enc32 user:masterkey 32 plaintext12345678901234567890123", 60, KEY_SPEC_PROCESS_KEYRING); + if (encryptedkey1 == -1) + tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using payload decrypted data"); + + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer))); + if (TST_RET < 0) + tst_brk(TBROK | TTERRNO, "KEYCTL_READ failed for encryptedkey1"); + + encryptedkey2 = add_key("encrypted", "ltptestkey2", "new enc32 user:masterkey 32", 27, KEY_SPEC_PROCESS_KEYRING); + if (encryptedkey2 == -1) + tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using kernel-generated key material"); + + TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer))); + if (TST_RET < 0) + tst_brk(TBROK | TTERRNO, "KEYCTL_READ failed for encryptedkey2"); + + tst_res(TPASS, "Encrypted keys were successfully instantiated and read"); +} + +static struct tst_test test = { + .test_all = do_test, +}; -- 2.34.1.173.g76aa8bc2d0-goog
