Test that encrypted keys can be instantiated using hex-ascii encoded user-provided decrypted data. (https://lore.kernel.org/lkml/20220215141953.1557009-1-yaelt@xxxxxxxxxx/). Signed-off-by: Yael Tzur <yaelt@xxxxxxxxxx> --- Notes: v -> v2: added key revocation and made styling changes. v2 -> v3: updated per latest kernel patch version. v3 -> v4: made styling changes. runtest/syscalls | 1 + testcases/kernel/syscalls/keyctl/.gitignore | 1 + testcases/kernel/syscalls/keyctl/keyctl09.c | 53 +++++++++++++++++++++ 3 files changed, 55 insertions(+) create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c diff --git a/runtest/syscalls b/runtest/syscalls index bcf3d56c9..ccea1ddbd 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -643,6 +643,7 @@ keyctl05 keyctl05 keyctl06 keyctl06 keyctl07 keyctl07 keyctl08 keyctl08 +keyctl09 keyctl09 kcmp01 kcmp01 kcmp02 kcmp02 diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore index 3544ac79c..f9948c176 100644 --- a/testcases/kernel/syscalls/keyctl/.gitignore +++ b/testcases/kernel/syscalls/keyctl/.gitignore @@ -6,3 +6,4 @@ /keyctl06 /keyctl07 /keyctl08 +/keyctl09 diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c new file mode 100644 index 000000000..71fc2f2a9 --- /dev/null +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) 2022 Google, Inc. + */ + +/*\ + * [Description] + * Test that encrypted keys can be instantiated using user-provided decrypted + * data that is hex-ascii encoded. + */ + +#include "tst_test.h" +#include "lapi/keyctl.h" + +#define ENCRYPTED_KEY_VALID_PAYLOAD "new enc32 user:masterkey 32 abcdefABCDEF1234567890aaaaaaaaaa" +#define ENCRYPTED_KEY_INVALID_PAYLOAD "new enc32 user:masterkey 32 plaintext123@123!123@123!123@123" + +static void do_test(void) +{ + char buffer[128]; + + TST_EXP_POSITIVE(add_key("user", "user:masterkey", "foo", 3, + KEY_SPEC_PROCESS_KEYRING)); + + if (!TST_PASS) + return; + + TST_EXP_POSITIVE(add_key("encrypted", "ltptestkey1", + ENCRYPTED_KEY_VALID_PAYLOAD, + 60, KEY_SPEC_PROCESS_KEYRING)); + + if (!TST_PASS) + return; + + TST_EXP_POSITIVE(keyctl(KEYCTL_READ, TST_RET, buffer, sizeof(buffer))); + + if (!TST_PASS) + return; + + TST_EXP_FAIL2(add_key("encrypted", "ltptestkey2", + ENCRYPTED_KEY_INVALID_PAYLOAD, 60, + KEY_SPEC_PROCESS_KEYRING), EINVAL); + + keyctl(KEYCTL_CLEAR, KEY_SPEC_PROCESS_KEYRING); +} + +static struct tst_test test = { + .test_all = do_test, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_DECRYPTED_DATA=y", + NULL + } +}; -- 2.35.1.473.g83b2b277ed-goog
