[LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.

Tue Dec 21 10:21:01 CET 2021

On 21/12/21 8:07 am, Yael Tiomkin wrote:
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
> 
> Signed-off-by: Yael Tiomkin <yaelt@google.com>

Tested on ppc64le platform

Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>

...
<<<test_start>>>
tag=keyctl09 stime=1640078325
cmdline="keyctl09"
contacts=""
analysis=exit
<<<test_output>>>
tst_test.c:1425: TINFO: Timeout per run is 0h 05m 00s
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read

Summary:
passed   1
failed   0
broken   0
skipped  0
warnings 0
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
...

> ---
> 
> Notes:
>      v -> v2: added key revocation and made styling changes.
> 
>   runtest/syscalls                            |  1 +
>   testcases/kernel/syscalls/keyctl/.gitignore |  1 +
>   testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
>   3 files changed, 60 insertions(+)
>   create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c
> 
> diff --git a/runtest/syscalls b/runtest/syscalls
> index bcf3d56c9..ccea1ddbd 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -643,6 +643,7 @@ keyctl05 keyctl05
>   keyctl06 keyctl06
>   keyctl07 keyctl07
>   keyctl08 keyctl08
> +keyctl09 keyctl09
>   
>   kcmp01 kcmp01
>   kcmp02 kcmp02
> diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
> index 3544ac79c..f9948c176 100644
> --- a/testcases/kernel/syscalls/keyctl/.gitignore
> +++ b/testcases/kernel/syscalls/keyctl/.gitignore
> @@ -6,3 +6,4 @@
>   /keyctl06
>   /keyctl07
>   /keyctl08
> +/keyctl09
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> new file mode 100644
> index 000000000..507cd5628
> --- /dev/null
> +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2021 Google, Inc.
> + */
> +
> +/*\
> + * [Description]
> + * Test that encrypted keys can be instantiated using user-provided decrypted
> + * data (plaintext), and separately, using kernel-generated key material.
> + */
> +
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
> +
> +#define ENCRYPTED_KEY_1_PAYLOAD	"new enc32 user:masterkey 32 plaintext12345678901234567890123"
> +#define ENCRYPTED_KEY_2_PAYLOAD	"new enc32 user:masterkey 32"
> +
> +static void do_test(void)
> +{
> +	key_serial_t masterkey;
> +	key_serial_t encryptedkey1;
> +	key_serial_t encryptedkey2;
> +	char buffer[128];
> +
> +	masterkey = add_key("user", "user:masterkey", "foo", 3,
> +			    KEY_SPEC_PROCESS_KEYRING);
> +	if (masterkey == -1)
> +		tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> +	encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
> +				60, KEY_SPEC_PROCESS_KEYRING);
> +	if (encryptedkey1 == -1)
> +		tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
> +
> +	TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
> +	if (TST_RET < 0)
> +		tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
> +
> +	encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
> +				27, KEY_SPEC_PROCESS_KEYRING);
> +	if (encryptedkey2 == -1)
> +		tst_brk(TFAIL,
> +			"Failed to instantiate encrypted key using kernel-generated key material");
> +
> +	TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
> +	if (TST_RET < 0)
> +		tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
> +
> +	tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
> +
> +	keyctl(KEYCTL_REVOKE, encryptedkey1);
> +	keyctl(KEYCTL_REVOKE, encryptedkey2);
> +	keyctl(KEYCTL_REVOKE, masterkey);
> +}
> +
> +static struct tst_test test = {
> +	.test_all = do_test,
> +};

-- 
Thanks and Regards
R.Nageswara Sastry