[LTP] [PATCH v3] syscalls/keyctl09: test encrypted keys with provided decrypted data.

Cyril Hrubis chrubis@suse.cz
Wed Feb 23 15:42:24 CET 2022 

Hi!
> +static void do_test(void)
> +{
> +	key_serial_t masterkey;
> +	key_serial_t encryptedkey1;
> +	key_serial_t encryptedkey2;
> +	char buffer[128];
> +
> +	masterkey = add_key("user", "user:masterkey", "foo", 3,
> +			    KEY_SPEC_PROCESS_KEYRING);
> +	if (masterkey == -1)
> +		tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> +	encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
> +				60, KEY_SPEC_PROCESS_KEYRING);
> +	if (encryptedkey1 == -1)
> +		tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");

I guess that we should print errno (by adding the | TERRNO to the TFAIL)
here as well.

Also we can make the message shorter since the FAIL part is printed by
the library because of the TFAIL flag. So maybe something as:

	tst_brk(TFAIL | TERRNO, "instatiation of encrypted key with decrypted payload");

Which would print message as:

	foo.c:XX: TFAIL: instatiation of encrypted key with decrypted payload: ENOMEM (12)

Or even better use the LTP TST_EXP_*() macros which will generate most
of the code for you.

Assuming the return value from add_key() on success is >= 0 we can do:

	TST_EXP_POSITIVE(add_key("encrypted", "ltptestkey1",
	                         ENCRYPTED_KEY_1_PAYLOAD,
			         60, KEY_SPEC_PROCESS_KEYRING));

	if (!TST_PASS)
		return;

The TST_EXP_POSITIVE() has optional printf-like parameters if you want
to customize the message, so if you want to keep the original message
you can do:

	TST_EXP_POSITIVE(add_key(...),
	                 "instatiation of encrypted key with decrypted payload");

And the return value from add_key is stored in TST_RET.

> +	TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
> +	if (TST_RET < 0)
> +		tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");

And here as well.

> +	encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
> +				60, KEY_SPEC_PROCESS_KEYRING);
> +	if (encryptedkey2 != -1)
> +		tst_brk(TFAIL, "Instantiation of encrypted key using non hex-encoded decrypted data unexpectedly succeeded");

We should check that the errno was set correctly here as well. We do
have a TST_EXP_FAIL() macro for this. If this is supposed to end with
EINVAL it can be simply done as:

	TST_EXP_FAIL2(add_key("encrypted", "ltptestkey2",
	              ENCRYPTED_KEY_2_PAYLOAD, 60,
		      KEY_SPEC_PROCESS_KEYRING), EINVAL);

And you can pass a printf-like parameters to this macro as well to
customize the message.

> +	tst_res(TPASS, "Encrypted keys were instantiated with decrypted data as expected");
> +
> +	keyctl(KEYCTL_CLEAR, KEY_SPEC_PROCESS_KEYRING);
> +}
> +
> +static struct tst_test test = {
> +	.test_all = do_test,
> +	.needs_kconfigs = (const char *[]) {
> +		"CONFIG_USER_DECRYPTED_DATA=y",
> +		NULL
> +	}
> +};

-- 
Cyril Hrubis
chrubis@suse.cz

More information about the ltp mailing list