From: Eric Biggers <ebiggers@kernel.org>
To: Yael Tiomkin <yaelt@google.com>
Cc: ltp@lists.linux.it, zohar@linux.ibm.com, pvorel@suse.cz,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
Date: Wed, 22 Dec 2021 09:33:53 -0600 [thread overview]
Message-ID: <YcNFYd78LfV2FcSW@quark> (raw)
In-Reply-To: <YcNA4w6mof+zKIak@quark>
On Wed, Dec 22, 2021 at 09:14:43AM -0600, Eric Biggers wrote:
> On Mon, Dec 20, 2021 at 09:37:21PM -0500, Yael Tiomkin wrote:
> > diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> > new file mode 100644
> > index 000000000..507cd5628
> > --- /dev/null
> > +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> > @@ -0,0 +1,58 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> > +/*
> > + * Copyright (c) 2021 Google, Inc.
> > + */
> > +
> > +/*\
> > + * [Description]
> > + * Test that encrypted keys can be instantiated using user-provided decrypted
> > + * data (plaintext), and separately, using kernel-generated key material.
> > + */
> > +
>
> This test doesn't seem to work as intended.
>
> First, it fails if CONFIG_ENCRYPTED_KEYS is unset (it should be skipped):
>
> keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
>
> Second, I don't have your patch "Instantiate key with user-provided decrypted
> data" (https://lore.kernel.org/r/20211213192030.125091-1-yaelt@google.com) in my
> kernel, so instantiating a key using "user-provided decrypted data" is not
> implemented by the kernel. However, the test still passes regardless:
>
> keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
>
> The test should detect when "user-provided decrypted data" is not supported by
> the kernel, and report that the test of that is being skipped in that case.
>
And of course, if "user-provided decrypted data" *is* supported by the kernel,
the test should actually test it.
- Eric
prev parent reply other threads:[~2021-12-22 15:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-21 2:37 [PATCH v2] syscalls/keyctl09: test encrypted keys Yael Tiomkin
2021-12-21 9:01 ` Petr Vorel
2021-12-21 9:21 ` Nageswara Sastry
2021-12-21 10:48 ` Petr Vorel
2021-12-22 5:11 ` Nageswara Sastry
2021-12-22 9:10 ` Petr Vorel
2021-12-22 15:14 ` Eric Biggers
2021-12-22 15:33 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YcNFYd78LfV2FcSW@quark \
--to=ebiggers@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=pvorel@suse.cz \
--cc=yaelt@google.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).