From: Nageswara Sastry <rnsastry@linux.ibm.com>
To: Yael Tiomkin <yaelt@google.com>, ltp@lists.linux.it
Cc: zohar@linux.ibm.com, pvorel@suse.cz, linux-integrity@vger.kernel.org
Subject: Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
Date: Tue, 21 Dec 2021 14:51:01 +0530 [thread overview]
Message-ID: <aafb5351-a73a-dac3-b0fa-3faad707bafa@linux.ibm.com> (raw)
In-Reply-To: <20211221023721.129689-1-yaelt@google.com>
On 21/12/21 8:07 am, Yael Tiomkin wrote:
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
>
> Signed-off-by: Yael Tiomkin <yaelt@google.com>
Tested on ppc64le platform
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
...
<<<test_start>>>
tag=keyctl09 stime=1640078325
cmdline="keyctl09"
contacts=""
analysis=exit
<<<test_output>>>
tst_test.c:1425: TINFO: Timeout per run is 0h 05m 00s
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
Summary:
passed 1
failed 0
broken 0
skipped 0
warnings 0
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
...
> ---
>
> Notes:
> v -> v2: added key revocation and made styling changes.
>
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/keyctl/.gitignore | 1 +
> testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
> 3 files changed, 60 insertions(+)
> create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index bcf3d56c9..ccea1ddbd 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -643,6 +643,7 @@ keyctl05 keyctl05
> keyctl06 keyctl06
> keyctl07 keyctl07
> keyctl08 keyctl08
> +keyctl09 keyctl09
>
> kcmp01 kcmp01
> kcmp02 kcmp02
> diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
> index 3544ac79c..f9948c176 100644
> --- a/testcases/kernel/syscalls/keyctl/.gitignore
> +++ b/testcases/kernel/syscalls/keyctl/.gitignore
> @@ -6,3 +6,4 @@
> /keyctl06
> /keyctl07
> /keyctl08
> +/keyctl09
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> new file mode 100644
> index 000000000..507cd5628
> --- /dev/null
> +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2021 Google, Inc.
> + */
> +
> +/*\
> + * [Description]
> + * Test that encrypted keys can be instantiated using user-provided decrypted
> + * data (plaintext), and separately, using kernel-generated key material.
> + */
> +
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
> +
> +#define ENCRYPTED_KEY_1_PAYLOAD "new enc32 user:masterkey 32 plaintext12345678901234567890123"
> +#define ENCRYPTED_KEY_2_PAYLOAD "new enc32 user:masterkey 32"
> +
> +static void do_test(void)
> +{
> + key_serial_t masterkey;
> + key_serial_t encryptedkey1;
> + key_serial_t encryptedkey2;
> + char buffer[128];
> +
> + masterkey = add_key("user", "user:masterkey", "foo", 3,
> + KEY_SPEC_PROCESS_KEYRING);
> + if (masterkey == -1)
> + tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
> + 60, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey1 == -1)
> + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
> +
> + encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
> + 27, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey2 == -1)
> + tst_brk(TFAIL,
> + "Failed to instantiate encrypted key using kernel-generated key material");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
> +
> + tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
> +
> + keyctl(KEYCTL_REVOKE, encryptedkey1);
> + keyctl(KEYCTL_REVOKE, encryptedkey2);
> + keyctl(KEYCTL_REVOKE, masterkey);
> +}
> +
> +static struct tst_test test = {
> + .test_all = do_test,
> +};
--
Thanks and Regards
R.Nageswara Sastry
WARNING: multiple messages have this Message-ID (diff)
From: Nageswara Sastry <rnsastry@linux.ibm.com>
To: Yael Tiomkin <yaelt@google.com>, ltp@lists.linux.it
Cc: linux-integrity@vger.kernel.org
Subject: Re: [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
Date: Tue, 21 Dec 2021 14:51:01 +0530 [thread overview]
Message-ID: <aafb5351-a73a-dac3-b0fa-3faad707bafa@linux.ibm.com> (raw)
In-Reply-To: <20211221023721.129689-1-yaelt@google.com>
On 21/12/21 8:07 am, Yael Tiomkin wrote:
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
>
> Signed-off-by: Yael Tiomkin <yaelt@google.com>
Tested on ppc64le platform
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
...
<<<test_start>>>
tag=keyctl09 stime=1640078325
cmdline="keyctl09"
contacts=""
analysis=exit
<<<test_output>>>
tst_test.c:1425: TINFO: Timeout per run is 0h 05m 00s
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
Summary:
passed 1
failed 0
broken 0
skipped 0
warnings 0
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
...
> ---
>
> Notes:
> v -> v2: added key revocation and made styling changes.
>
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/keyctl/.gitignore | 1 +
> testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
> 3 files changed, 60 insertions(+)
> create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index bcf3d56c9..ccea1ddbd 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -643,6 +643,7 @@ keyctl05 keyctl05
> keyctl06 keyctl06
> keyctl07 keyctl07
> keyctl08 keyctl08
> +keyctl09 keyctl09
>
> kcmp01 kcmp01
> kcmp02 kcmp02
> diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
> index 3544ac79c..f9948c176 100644
> --- a/testcases/kernel/syscalls/keyctl/.gitignore
> +++ b/testcases/kernel/syscalls/keyctl/.gitignore
> @@ -6,3 +6,4 @@
> /keyctl06
> /keyctl07
> /keyctl08
> +/keyctl09
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> new file mode 100644
> index 000000000..507cd5628
> --- /dev/null
> +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2021 Google, Inc.
> + */
> +
> +/*\
> + * [Description]
> + * Test that encrypted keys can be instantiated using user-provided decrypted
> + * data (plaintext), and separately, using kernel-generated key material.
> + */
> +
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
> +
> +#define ENCRYPTED_KEY_1_PAYLOAD "new enc32 user:masterkey 32 plaintext12345678901234567890123"
> +#define ENCRYPTED_KEY_2_PAYLOAD "new enc32 user:masterkey 32"
> +
> +static void do_test(void)
> +{
> + key_serial_t masterkey;
> + key_serial_t encryptedkey1;
> + key_serial_t encryptedkey2;
> + char buffer[128];
> +
> + masterkey = add_key("user", "user:masterkey", "foo", 3,
> + KEY_SPEC_PROCESS_KEYRING);
> + if (masterkey == -1)
> + tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
> + 60, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey1 == -1)
> + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
> +
> + encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
> + 27, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey2 == -1)
> + tst_brk(TFAIL,
> + "Failed to instantiate encrypted key using kernel-generated key material");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
> +
> + tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
> +
> + keyctl(KEYCTL_REVOKE, encryptedkey1);
> + keyctl(KEYCTL_REVOKE, encryptedkey2);
> + keyctl(KEYCTL_REVOKE, masterkey);
> +}
> +
> +static struct tst_test test = {
> + .test_all = do_test,
> +};
--
Thanks and Regards
R.Nageswara Sastry
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2021-12-21 9:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-21 2:37 [PATCH v2] syscalls/keyctl09: test encrypted keys Yael Tiomkin
2021-12-21 2:37 ` [LTP] " Yael Tiomkin via ltp
2021-12-21 9:01 ` Petr Vorel
2021-12-21 9:01 ` [LTP] " Petr Vorel
2021-12-21 9:21 ` Nageswara Sastry [this message]
2021-12-21 9:21 ` Nageswara Sastry
2021-12-21 10:48 ` Petr Vorel
2021-12-21 10:48 ` [LTP] " Petr Vorel
2021-12-22 5:11 ` Nageswara Sastry
2021-12-22 5:11 ` [LTP] " Nageswara Sastry
2021-12-22 9:10 ` Petr Vorel
2021-12-22 9:10 ` [LTP] " Petr Vorel
2021-12-22 15:14 ` Eric Biggers
2021-12-22 15:14 ` [LTP] " Eric Biggers
2021-12-22 15:33 ` Eric Biggers
2021-12-22 15:33 ` [LTP] " Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aafb5351-a73a-dac3-b0fa-3faad707bafa@linux.ibm.com \
--to=rnsastry@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=pvorel@suse.cz \
--cc=yaelt@google.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.