[PATCH v2] syscalls/keyctl09: test encrypted keys.

[Yael Tiomkin <yaelt@google.com>]

Test that encrypted keys can be instantiated using
both user-provided decrypted data
(https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
or kernel-generated numbers.

Signed-off-by: Yael Tiomkin <yaelt@google.com>
---

Notes:
    v -> v2: added key revocation and made styling changes.

 runtest/syscalls                            |  1 +
 testcases/kernel/syscalls/keyctl/.gitignore |  1 +
 testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c

diff --git a/runtest/syscalls b/runtest/syscalls
index bcf3d56c9..ccea1ddbd 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -643,6 +643,7 @@ keyctl05 keyctl05
 keyctl06 keyctl06
 keyctl07 keyctl07
 keyctl08 keyctl08
+keyctl09 keyctl09
 
 kcmp01 kcmp01
 kcmp02 kcmp02
diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
index 3544ac79c..f9948c176 100644
--- a/testcases/kernel/syscalls/keyctl/.gitignore
+++ b/testcases/kernel/syscalls/keyctl/.gitignore
@@ -6,3 +6,4 @@
 /keyctl06
 /keyctl07
 /keyctl08
+/keyctl09
diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
new file mode 100644
index 000000000..507cd5628
--- /dev/null
+++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2021 Google, Inc.
+ */
+
+/*\
+ * [Description]
+ * Test that encrypted keys can be instantiated using user-provided decrypted
+ * data (plaintext), and separately, using kernel-generated key material.
+ */
+
+#include "tst_test.h"
+#include "lapi/keyctl.h"
+
+#define ENCRYPTED_KEY_1_PAYLOAD	"new enc32 user:masterkey 32 plaintext12345678901234567890123"
+#define ENCRYPTED_KEY_2_PAYLOAD	"new enc32 user:masterkey 32"
+
+static void do_test(void)
+{
+	key_serial_t masterkey;
+	key_serial_t encryptedkey1;
+	key_serial_t encryptedkey2;
+	char buffer[128];
+
+	masterkey = add_key("user", "user:masterkey", "foo", 3,
+			    KEY_SPEC_PROCESS_KEYRING);
+	if (masterkey == -1)
+		tst_brk(TBROK | TERRNO, "Failed to add user key");
+
+	encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
+				60, KEY_SPEC_PROCESS_KEYRING);
+	if (encryptedkey1 == -1)
+		tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
+
+	TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
+	if (TST_RET < 0)
+		tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
+
+	encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
+				27, KEY_SPEC_PROCESS_KEYRING);
+	if (encryptedkey2 == -1)
+		tst_brk(TFAIL,
+			"Failed to instantiate encrypted key using kernel-generated key material");
+
+	TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
+	if (TST_RET < 0)
+		tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
+
+	tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
+
+	keyctl(KEYCTL_REVOKE, encryptedkey1);
+	keyctl(KEYCTL_REVOKE, encryptedkey2);
+	keyctl(KEYCTL_REVOKE, masterkey);
+}
+
+static struct tst_test test = {
+	.test_all = do_test,
+};
-- 
2.34.1.307.g9b7440fafd-goog