On Wed, Dec 22, 2021 at 09:14:43AM -0600, Eric Biggers wrote: > On Mon, Dec 20, 2021 at 09:37:21PM -0500, Yael Tiomkin wrote: > > diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c > > new file mode 100644 > > index 000000000..507cd5628 > > --- /dev/null > > +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c > > @@ -0,0 +1,58 @@ > > +// SPDX-License-Identifier: GPL-2.0-or-later > > +/* > > + * Copyright (c) 2021 Google, Inc. > > + */ > > + > > +/*\ > > + * [Description] > > + * Test that encrypted keys can be instantiated using user-provided decrypted > > + * data (plaintext), and separately, using kernel-generated key material. > > + */ > > + > > This test doesn't seem to work as intended. > > First, it fails if CONFIG_ENCRYPTED_KEYS is unset (it should be skipped): > > keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data > > Second, I don't have your patch "Instantiate key with user-provided decrypted > data" (https://lore.kernel.org/r/20211213192030.125091-1-yaelt@xxxxxxxxxx) in my > kernel, so instantiating a key using "user-provided decrypted data" is not > implemented by the kernel. However, the test still passes regardless: > > keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read > > The test should detect when "user-provided decrypted data" is not supported by > the kernel, and report that the test of that is being skipped in that case. > And of course, if "user-provided decrypted data" *is* supported by the kernel, the test should actually test it. - Eric
