Message ID | 20220222181034.1005633-1-yaelt@google.com |
---|---|
State | Superseded |
Headers | show |
Series | [v3] syscalls/keyctl09: test encrypted keys with provided decrypted data. | expand |
Hi! > +static void do_test(void) > +{ > + key_serial_t masterkey; > + key_serial_t encryptedkey1; > + key_serial_t encryptedkey2; > + char buffer[128]; > + > + masterkey = add_key("user", "user:masterkey", "foo", 3, > + KEY_SPEC_PROCESS_KEYRING); > + if (masterkey == -1) > + tst_brk(TBROK | TERRNO, "Failed to add user key"); > + > + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD, > + 60, KEY_SPEC_PROCESS_KEYRING); > + if (encryptedkey1 == -1) > + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data"); I guess that we should print errno (by adding the | TERRNO to the TFAIL) here as well. Also we can make the message shorter since the FAIL part is printed by the library because of the TFAIL flag. So maybe something as: tst_brk(TFAIL | TERRNO, "instatiation of encrypted key with decrypted payload"); Which would print message as: foo.c:XX: TFAIL: instatiation of encrypted key with decrypted payload: ENOMEM (12) Or even better use the LTP TST_EXP_*() macros which will generate most of the code for you. Assuming the return value from add_key() on success is >= 0 we can do: TST_EXP_POSITIVE(add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD, 60, KEY_SPEC_PROCESS_KEYRING)); if (!TST_PASS) return; The TST_EXP_POSITIVE() has optional printf-like parameters if you want to customize the message, so if you want to keep the original message you can do: TST_EXP_POSITIVE(add_key(...), "instatiation of encrypted key with decrypted payload"); And the return value from add_key is stored in TST_RET. > + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer))); > + if (TST_RET < 0) > + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1"); And here as well. > + encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD, > + 60, KEY_SPEC_PROCESS_KEYRING); > + if (encryptedkey2 != -1) > + tst_brk(TFAIL, "Instantiation of encrypted key using non hex-encoded decrypted data unexpectedly succeeded"); We should check that the errno was set correctly here as well. We do have a TST_EXP_FAIL() macro for this. If this is supposed to end with EINVAL it can be simply done as: TST_EXP_FAIL2(add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD, 60, KEY_SPEC_PROCESS_KEYRING), EINVAL); And you can pass a printf-like parameters to this macro as well to customize the message. > + tst_res(TPASS, "Encrypted keys were instantiated with decrypted data as expected"); > + > + keyctl(KEYCTL_CLEAR, KEY_SPEC_PROCESS_KEYRING); > +} > + > +static struct tst_test test = { > + .test_all = do_test, > + .needs_kconfigs = (const char *[]) { > + "CONFIG_USER_DECRYPTED_DATA=y", > + NULL > + } > +};
diff --git a/runtest/syscalls b/runtest/syscalls index bcf3d56c9..ccea1ddbd 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -643,6 +643,7 @@ keyctl05 keyctl05 keyctl06 keyctl06 keyctl07 keyctl07 keyctl08 keyctl08 +keyctl09 keyctl09 kcmp01 kcmp01 kcmp02 kcmp02 diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore index 3544ac79c..f9948c176 100644 --- a/testcases/kernel/syscalls/keyctl/.gitignore +++ b/testcases/kernel/syscalls/keyctl/.gitignore @@ -6,3 +6,4 @@ /keyctl06 /keyctl07 /keyctl08 +/keyctl09 diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c new file mode 100644 index 000000000..5d90a6a8d --- /dev/null +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (c) 2022 Google, Inc. + */ + +/*\ + * [Description] + * Test that encrypted keys can be instantiated using user-provided decrypted + * data that is hex-ascii encoded. + */ + +#include "tst_test.h" +#include "lapi/keyctl.h" + +#define ENCRYPTED_KEY_1_PAYLOAD "new enc32 user:masterkey 32 abcdefABCDEF1234567890aaaaaaaaaa" +#define ENCRYPTED_KEY_2_PAYLOAD "new enc32 user:masterkey 32 plaintext123@123!123@123!123@123" + +static void do_test(void) +{ + key_serial_t masterkey; + key_serial_t encryptedkey1; + key_serial_t encryptedkey2; + char buffer[128]; + + masterkey = add_key("user", "user:masterkey", "foo", 3, + KEY_SPEC_PROCESS_KEYRING); + if (masterkey == -1) + tst_brk(TBROK | TERRNO, "Failed to add user key"); + + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD, + 60, KEY_SPEC_PROCESS_KEYRING); + if (encryptedkey1 == -1) + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data"); + + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer))); + if (TST_RET < 0) + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1"); + + encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD, + 60, KEY_SPEC_PROCESS_KEYRING); + if (encryptedkey2 != -1) + tst_brk(TFAIL, "Instantiation of encrypted key using non hex-encoded decrypted data unexpectedly succeeded"); + + tst_res(TPASS, "Encrypted keys were instantiated with decrypted data as expected"); + + keyctl(KEYCTL_CLEAR, KEY_SPEC_PROCESS_KEYRING); +} + +static struct tst_test test = { + .test_all = do_test, + .needs_kconfigs = (const char *[]) { + "CONFIG_USER_DECRYPTED_DATA=y", + NULL + } +};
Test that encrypted keys can be instantiated using hex-ascii encoded user-provided decrypted data. (https://lore.kernel.org/lkml/20220215141953.1557009-1-yaelt@google.com/). Signed-off-by: Yael Tzur <yaelt@google.com> --- Notes: v -> v2: added key revocation and made styling changes. v2 -> v3: updated per latest kernel patch version. runtest/syscalls | 1 + testcases/kernel/syscalls/keyctl/.gitignore | 1 + testcases/kernel/syscalls/keyctl/keyctl09.c | 55 +++++++++++++++++++++ 3 files changed, 57 insertions(+) create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c