Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.

Nageswara Sastry <rnsastry@xxxxxxxxxxxxx> · Tue, 21 Dec 2021 14:51:01 +0530

On 21/12/21 8:07 am, Yael Tiomkin wrote:
Test that encrypted keys can be instantiated using
both user-provided decrypted data
(https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@xxxxxxxxxx/),
or kernel-generated numbers.

Signed-off-by: Yael Tiomkin <yaelt@xxxxxxxxxx>

Tested on ppc64le platform

Tested-by: Nageswara R Sastry <rnsastry@xxxxxxxxxxxxx>

...
<<<test_start>>>
tag=keyctl09 stime=1640078325
cmdline="keyctl09"
contacts=""
analysis=exit
<<<test_output>>>
tst_test.c:1425: TINFO: Timeout per run is 0h 05m 00s
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read

Summary:
passed   1
failed   0
broken   0
skipped  0
warnings 0
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
...


---

Notes:
     v -> v2: added key revocation and made styling changes.

  runtest/syscalls                            |  1 +
  testcases/kernel/syscalls/keyctl/.gitignore |  1 +
  testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
  3 files changed, 60 insertions(+)
  create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c

diff --git a/runtest/syscalls b/runtest/syscalls
index bcf3d56c9..ccea1ddbd 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -643,6 +643,7 @@ keyctl05 keyctl05
  keyctl06 keyctl06
  keyctl07 keyctl07
  keyctl08 keyctl08
+keyctl09 keyctl09
  
  kcmp01 kcmp01
  kcmp02 kcmp02
diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
index 3544ac79c..f9948c176 100644
--- a/testcases/kernel/syscalls/keyctl/.gitignore
+++ b/testcases/kernel/syscalls/keyctl/.gitignore
@@ -6,3 +6,4 @@
  /keyctl06
  /keyctl07
  /keyctl08
+/keyctl09
diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
new file mode 100644
index 000000000..507cd5628
--- /dev/null
+++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2021 Google, Inc.
+ */
+
+/*\
+ * [Description]
+ * Test that encrypted keys can be instantiated using user-provided decrypted
+ * data (plaintext), and separately, using kernel-generated key material.
+ */
+
+#include "tst_test.h"
+#include "lapi/keyctl.h"
+
+#define ENCRYPTED_KEY_1_PAYLOAD	"new enc32 user:masterkey 32 plaintext12345678901234567890123"
+#define ENCRYPTED_KEY_2_PAYLOAD	"new enc32 user:masterkey 32"
+
+static void do_test(void)
+{
+	key_serial_t masterkey;
+	key_serial_t encryptedkey1;
+	key_serial_t encryptedkey2;
+	char buffer[128];
+
+	masterkey = add_key("user", "user:masterkey", "foo", 3,
+			    KEY_SPEC_PROCESS_KEYRING);
+	if (masterkey == -1)
+		tst_brk(TBROK | TERRNO, "Failed to add user key");
+
+	encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
+				60, KEY_SPEC_PROCESS_KEYRING);
+	if (encryptedkey1 == -1)
+		tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
+
+	TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
+	if (TST_RET < 0)
+		tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
+
+	encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
+				27, KEY_SPEC_PROCESS_KEYRING);
+	if (encryptedkey2 == -1)
+		tst_brk(TFAIL,
+			"Failed to instantiate encrypted key using kernel-generated key material");
+
+	TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
+	if (TST_RET < 0)
+		tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
+
+	tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
+
+	keyctl(KEYCTL_REVOKE, encryptedkey1);
+	keyctl(KEYCTL_REVOKE, encryptedkey2);
+	keyctl(KEYCTL_REVOKE, masterkey);
+}
+
+static struct tst_test test = {
+	.test_all = do_test,
+};

--
Thanks and Regards
R.Nageswara Sastry






