Test that encrypted keys can be instantiated using hex-ascii encoded user-provided decrypted data. (https://lore.kernel.org/lkml/20220215141953.1557009-1-yaelt@xxxxxxxxxx/). Signed-off-by: Yael Tzur <yaelt@xxxxxxxxxx> --- Notes: v -> v2: added key revocation and made styling changes. v2 -> v3: updated per latest kernel patch version. runtest/syscalls | 1 + testcases/kernel/syscalls/keyctl/.gitignore | 1 + testcases/kernel/syscalls/keyctl/keyctl09.c | 55 +++++++++++++++++++++ 3 files changed, 57 insertions(+) create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c diff --git a/runtest/syscalls b/runtest/syscalls index bcf3d56c9..ccea1ddbd 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -643,6 +643,7 @@ keyctl05 keyctl05 keyctl06 keyctl06 keyctl07 keyctl07 keyctl08 keyctl08 +keyctl09 keyctl09 kcmp01 kcmp01 kcmp02 kcmp02 diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore index 3544ac79c..f9948c176 100644 --- a/testcases/kernel/syscalls/keyctl/.gitignore +++ b/testcases/kernel/syscalls/keyctl/.gitignore @@ -6,3 +6,4 @@ /keyctl06 /keyctl07 /keyctl08 +/keyctl09 diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c new file mode 100644 index 000000000..5d90a6a8d --- /dev/null +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) 2022 Google, Inc. + */ + +/*\ + * [Description] + * Test that encrypted keys can be instantiated using user-provided decrypted + * data that is hex-ascii encoded. + */ + +#include "tst_test.h" +#include "lapi/keyctl.h" + +#define ENCRYPTED_KEY_1_PAYLOAD "new enc32 user:masterkey 32 abcdefABCDEF1234567890aaaaaaaaaa" +#define ENCRYPTED_KEY_2_PAYLOAD "new enc32 user:masterkey 32 plaintext123@123!123@123!123@123" + +static void do_test(void) +{ + key_serial_t masterkey; + key_serial_t encryptedkey1; + key_serial_t encryptedkey2; + char buffer[128]; + + masterkey = add_key("user", "user:masterkey", "foo", 3, + KEY_SPEC_PROCESS_KEYRING); + if (masterkey == -1) + tst_brk(TBROK | TERRNO, "Failed to add user key"); + + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD, + 60, KEY_SPEC_PROCESS_KEYRING); + if (encryptedkey1 == -1) + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data"); + + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer))); + if (TST_RET < 0) + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1"); + + encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD, + 60, KEY_SPEC_PROCESS_KEYRING); + if (encryptedkey2 != -1) + tst_brk(TFAIL, "Instantiation of encrypted key using non hex-encoded decrypted data unexpectedly succeeded"); + + tst_res(TPASS, "Encrypted keys were instantiated with decrypted data as expected"); + + keyctl(KEYCTL_CLEAR, KEY_SPEC_PROCESS_KEYRING); +} + +static struct tst_test test = { + .test_all = do_test, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_DECRYPTED_DATA=y", + NULL + } +}; -- 2.35.1.473.g83b2b277ed-goog