From: Petr Vorel <pvorel@suse.cz>
To: Yael Tiomkin <yaelt@google.com>
Cc: ltp@lists.linux.it, zohar@linux.ibm.com, linux-integrity@vger.kernel.org
Subject: Re: [PATCH] syscalls/keyctl09: test encrypted keys.
Date: Fri, 17 Dec 2021 14:56:10 +0100 [thread overview]
Message-ID: <YbyW+nRbUnmfHue1@pevik> (raw)
In-Reply-To: <20211217021726.2487455-1-yaelt@google.com>
Hi Yael,
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
Thanks a lot for adding this test. There are few missing things:
BTW all mentioned here is implemented here to speedup your work:
https://github.com/pevik/ltp/tree/yael_tiomkin/keyctl09.fixes
Below is diff of my suggested changes.
What I didn't solve is broken test when run with more than 1 iteration:
./keyctl09 -i2
tst_test.c:1423: TINFO: Timeout per run is 0h 05m 00s
keyctl09.c:47: TPASS: Encrypted keys were successfully instantiated and read
keyctl09.c:31: TBROK: Failed to instantiate encrypted key using payload decrypted data: EINVAL (22)
NOTE: you can specify test setup to do things only once. You should also cleanup
after test run with test cleanup.
https://github.com/linux-test-project/ltp/wiki/C-Test-API#11-basic-test-structure
You also need to add entry to testcases/kernel/syscalls/keyctl/.gitignore
/keyctl09
and runtest/syscalls
keyctl09 keyctl09
...
> +/*
> + * Description: This tests that encrypted keys can be instantiated using
> + * user-provided decrypted data (plaintext), and separately, using
> + * kernel-generated key material.
> + */
I'd rephrase it a bit and use LTP metadata formatting
/*\
* [Description]
* Test that encrypted keys can be instantiated using user-provided decrypted
* data (plaintext), and separately, using kernel-generated key material.
*/
FYI metadata is LTP documentation - here is the output:
https://github.com/linux-test-project/ltp/releases/download/20210121/metadata.20210121.html
https://github.com/linux-test-project/ltp/releases/download/20210121/metadata.20210121.pdf
You can run make in docparse/ directory and then see in output in
metadata/metadata.{html,pdf}.
> +
> +#include <errno.h>
> +#include <stdint.h>
IMHO these 2 aren't needed.
> +
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
> +
> +static void do_test(void)
> +{
> + key_serial_t masterkey;
> + key_serial_t encryptedkey1;
> + key_serial_t encryptedkey2;
> + char buffer[128];
> +
> + masterkey = add_key("user", "user:masterkey", "foo", 3, KEY_SPEC_PROCESS_KEYRING);
> + if (masterkey == -1)
> + tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> + encryptedkey1 = add_key("encrypted", "ltptestkey1", "new enc32 user:masterkey 32 plaintext12345678901234567890123", 60, KEY_SPEC_PROCESS_KEYRING);
nit: It'd be nice to keep 80 lines per line (or 100 with string).
Maybe use #define for payload, which makes it shorter?
> + if (encryptedkey1 == -1)
> + tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using payload decrypted data");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TBROK | TTERRNO, "KEYCTL_READ failed for encryptedkey1");
> +
> + encryptedkey2 = add_key("encrypted", "ltptestkey2", "new enc32 user:masterkey 32", 27, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey2 == -1)
> + tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using kernel-generated key material");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TBROK | TTERRNO, "KEYCTL_READ failed for encryptedkey2");
At least one of these should be TFAIL - failing test. TBROK is used when test
fails in test preparation phase. Also have look at include/tst_test_macros.h
you can use e.g. TST_EXP_PASS_SILENT().
Kind regards,
Petr
diff --git runtest/syscalls runtest/syscalls
index bcf3d56c9c..ccea1ddbdb 100644
--- runtest/syscalls
+++ runtest/syscalls
@@ -643,6 +643,7 @@ keyctl05 keyctl05
keyctl06 keyctl06
keyctl07 keyctl07
keyctl08 keyctl08
+keyctl09 keyctl09
kcmp01 kcmp01
kcmp02 kcmp02
diff --git testcases/kernel/syscalls/keyctl/.gitignore testcases/kernel/syscalls/keyctl/.gitignore
index 3544ac79ce..f9948c1766 100644
--- testcases/kernel/syscalls/keyctl/.gitignore
+++ testcases/kernel/syscalls/keyctl/.gitignore
@@ -6,3 +6,4 @@
/keyctl06
/keyctl07
/keyctl08
+/keyctl09
diff --git testcases/kernel/syscalls/keyctl/keyctl09.c testcases/kernel/syscalls/keyctl/keyctl09.c
index 4589ef3679..7481526c67 100644
--- testcases/kernel/syscalls/keyctl/keyctl09.c
+++ testcases/kernel/syscalls/keyctl/keyctl09.c
@@ -3,15 +3,12 @@
* Copyright (c) 2021 Google, Inc.
*/
-/*
- * Description: This tests that encrypted keys can be instantiated using
- * user-provided decrypted data (plaintext), and separately, using
- * kernel-generated key material.
+/*\
+ * [Description]
+ * Test that encrypted keys can be instantiated using user-provided decrypted
+ * data (plaintext), and separately, using kernel-generated key material.
*/
-#include <errno.h>
-#include <stdint.h>
-
#include "tst_test.h"
#include "lapi/keyctl.h"
@@ -22,11 +19,14 @@ static void do_test(void)
key_serial_t encryptedkey2;
char buffer[128];
- masterkey = add_key("user", "user:masterkey", "foo", 3, KEY_SPEC_PROCESS_KEYRING);
+ masterkey = add_key("user", "user:masterkey", "foo", 3,
+ KEY_SPEC_PROCESS_KEYRING);
if (masterkey == -1)
tst_brk(TBROK | TERRNO, "Failed to add user key");
- encryptedkey1 = add_key("encrypted", "ltptestkey1", "new enc32 user:masterkey 32 plaintext12345678901234567890123", 60, KEY_SPEC_PROCESS_KEYRING);
+ encryptedkey1 = add_key("encrypted", "ltptestkey1",
+ "new enc32 user:masterkey 32 plaintext12345678901234567890123",
+ 60, KEY_SPEC_PROCESS_KEYRING);
if (encryptedkey1 == -1)
tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using payload decrypted data");
@@ -34,9 +34,11 @@ static void do_test(void)
if (TST_RET < 0)
tst_brk(TBROK | TTERRNO, "KEYCTL_READ failed for encryptedkey1");
- encryptedkey2 = add_key("encrypted", "ltptestkey2", "new enc32 user:masterkey 32", 27, KEY_SPEC_PROCESS_KEYRING);
+ encryptedkey2 = add_key("encrypted", "ltptestkey2", "new enc32 user:masterkey 32",
+ 27, KEY_SPEC_PROCESS_KEYRING);
if (encryptedkey2 == -1)
- tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using kernel-generated key material");
+ tst_brk(TBROK | TERRNO,
+ "Failed to instantiate encrypted key using kernel-generated key material");
TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
if (TST_RET < 0)
WARNING: multiple messages have this Message-ID (diff)
From: Petr Vorel <pvorel@suse.cz>
To: Yael Tiomkin <yaelt@google.com>
Cc: linux-integrity@vger.kernel.org, ltp@lists.linux.it
Subject: Re: [LTP] [PATCH] syscalls/keyctl09: test encrypted keys.
Date: Fri, 17 Dec 2021 14:56:10 +0100 [thread overview]
Message-ID: <YbyW+nRbUnmfHue1@pevik> (raw)
In-Reply-To: <20211217021726.2487455-1-yaelt@google.com>
Hi Yael,
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
Thanks a lot for adding this test. There are few missing things:
BTW all mentioned here is implemented here to speedup your work:
https://github.com/pevik/ltp/tree/yael_tiomkin/keyctl09.fixes
Below is diff of my suggested changes.
What I didn't solve is broken test when run with more than 1 iteration:
./keyctl09 -i2
tst_test.c:1423: TINFO: Timeout per run is 0h 05m 00s
keyctl09.c:47: TPASS: Encrypted keys were successfully instantiated and read
keyctl09.c:31: TBROK: Failed to instantiate encrypted key using payload decrypted data: EINVAL (22)
NOTE: you can specify test setup to do things only once. You should also cleanup
after test run with test cleanup.
https://github.com/linux-test-project/ltp/wiki/C-Test-API#11-basic-test-structure
You also need to add entry to testcases/kernel/syscalls/keyctl/.gitignore
/keyctl09
and runtest/syscalls
keyctl09 keyctl09
...
> +/*
> + * Description: This tests that encrypted keys can be instantiated using
> + * user-provided decrypted data (plaintext), and separately, using
> + * kernel-generated key material.
> + */
I'd rephrase it a bit and use LTP metadata formatting
/*\
* [Description]
* Test that encrypted keys can be instantiated using user-provided decrypted
* data (plaintext), and separately, using kernel-generated key material.
*/
FYI metadata is LTP documentation - here is the output:
https://github.com/linux-test-project/ltp/releases/download/20210121/metadata.20210121.html
https://github.com/linux-test-project/ltp/releases/download/20210121/metadata.20210121.pdf
You can run make in docparse/ directory and then see in output in
metadata/metadata.{html,pdf}.
> +
> +#include <errno.h>
> +#include <stdint.h>
IMHO these 2 aren't needed.
> +
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
> +
> +static void do_test(void)
> +{
> + key_serial_t masterkey;
> + key_serial_t encryptedkey1;
> + key_serial_t encryptedkey2;
> + char buffer[128];
> +
> + masterkey = add_key("user", "user:masterkey", "foo", 3, KEY_SPEC_PROCESS_KEYRING);
> + if (masterkey == -1)
> + tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> + encryptedkey1 = add_key("encrypted", "ltptestkey1", "new enc32 user:masterkey 32 plaintext12345678901234567890123", 60, KEY_SPEC_PROCESS_KEYRING);
nit: It'd be nice to keep 80 lines per line (or 100 with string).
Maybe use #define for payload, which makes it shorter?
> + if (encryptedkey1 == -1)
> + tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using payload decrypted data");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TBROK | TTERRNO, "KEYCTL_READ failed for encryptedkey1");
> +
> + encryptedkey2 = add_key("encrypted", "ltptestkey2", "new enc32 user:masterkey 32", 27, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey2 == -1)
> + tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using kernel-generated key material");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TBROK | TTERRNO, "KEYCTL_READ failed for encryptedkey2");
At least one of these should be TFAIL - failing test. TBROK is used when test
fails in test preparation phase. Also have look at include/tst_test_macros.h
you can use e.g. TST_EXP_PASS_SILENT().
Kind regards,
Petr
diff --git runtest/syscalls runtest/syscalls
index bcf3d56c9c..ccea1ddbdb 100644
--- runtest/syscalls
+++ runtest/syscalls
@@ -643,6 +643,7 @@ keyctl05 keyctl05
keyctl06 keyctl06
keyctl07 keyctl07
keyctl08 keyctl08
+keyctl09 keyctl09
kcmp01 kcmp01
kcmp02 kcmp02
diff --git testcases/kernel/syscalls/keyctl/.gitignore testcases/kernel/syscalls/keyctl/.gitignore
index 3544ac79ce..f9948c1766 100644
--- testcases/kernel/syscalls/keyctl/.gitignore
+++ testcases/kernel/syscalls/keyctl/.gitignore
@@ -6,3 +6,4 @@
/keyctl06
/keyctl07
/keyctl08
+/keyctl09
diff --git testcases/kernel/syscalls/keyctl/keyctl09.c testcases/kernel/syscalls/keyctl/keyctl09.c
index 4589ef3679..7481526c67 100644
--- testcases/kernel/syscalls/keyctl/keyctl09.c
+++ testcases/kernel/syscalls/keyctl/keyctl09.c
@@ -3,15 +3,12 @@
* Copyright (c) 2021 Google, Inc.
*/
-/*
- * Description: This tests that encrypted keys can be instantiated using
- * user-provided decrypted data (plaintext), and separately, using
- * kernel-generated key material.
+/*\
+ * [Description]
+ * Test that encrypted keys can be instantiated using user-provided decrypted
+ * data (plaintext), and separately, using kernel-generated key material.
*/
-#include <errno.h>
-#include <stdint.h>
-
#include "tst_test.h"
#include "lapi/keyctl.h"
@@ -22,11 +19,14 @@ static void do_test(void)
key_serial_t encryptedkey2;
char buffer[128];
- masterkey = add_key("user", "user:masterkey", "foo", 3, KEY_SPEC_PROCESS_KEYRING);
+ masterkey = add_key("user", "user:masterkey", "foo", 3,
+ KEY_SPEC_PROCESS_KEYRING);
if (masterkey == -1)
tst_brk(TBROK | TERRNO, "Failed to add user key");
- encryptedkey1 = add_key("encrypted", "ltptestkey1", "new enc32 user:masterkey 32 plaintext12345678901234567890123", 60, KEY_SPEC_PROCESS_KEYRING);
+ encryptedkey1 = add_key("encrypted", "ltptestkey1",
+ "new enc32 user:masterkey 32 plaintext12345678901234567890123",
+ 60, KEY_SPEC_PROCESS_KEYRING);
if (encryptedkey1 == -1)
tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using payload decrypted data");
@@ -34,9 +34,11 @@ static void do_test(void)
if (TST_RET < 0)
tst_brk(TBROK | TTERRNO, "KEYCTL_READ failed for encryptedkey1");
- encryptedkey2 = add_key("encrypted", "ltptestkey2", "new enc32 user:masterkey 32", 27, KEY_SPEC_PROCESS_KEYRING);
+ encryptedkey2 = add_key("encrypted", "ltptestkey2", "new enc32 user:masterkey 32",
+ 27, KEY_SPEC_PROCESS_KEYRING);
if (encryptedkey2 == -1)
- tst_brk(TBROK | TERRNO, "Failed to instantiate encrypted key using kernel-generated key material");
+ tst_brk(TBROK | TERRNO,
+ "Failed to instantiate encrypted key using kernel-generated key material");
TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
if (TST_RET < 0)
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2021-12-17 13:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-17 2:17 [PATCH] syscalls/keyctl09: test encrypted keys Yael Tiomkin
2021-12-17 2:17 ` [LTP] " Yael Tiomkin via ltp
2021-12-17 13:56 ` Petr Vorel [this message]
2021-12-17 13:56 ` Petr Vorel
2021-12-21 2:35 ` Yael Tiomkin via ltp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YbyW+nRbUnmfHue1@pevik \
--to=pvorel@suse.cz \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=yaelt@google.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.