* [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-21 2:37 ` Yael Tiomkin via ltp
0 siblings, 0 replies; 16+ messages in thread
From: Yael Tiomkin @ 2021-12-21 2:37 UTC (permalink / raw)
To: ltp; +Cc: zohar, pvorel, linux-integrity, Yael Tiomkin
Test that encrypted keys can be instantiated using
both user-provided decrypted data
(https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
or kernel-generated numbers.
Signed-off-by: Yael Tiomkin <yaelt@google.com>
---
Notes:
v -> v2: added key revocation and made styling changes.
runtest/syscalls | 1 +
testcases/kernel/syscalls/keyctl/.gitignore | 1 +
testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
3 files changed, 60 insertions(+)
create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c
diff --git a/runtest/syscalls b/runtest/syscalls
index bcf3d56c9..ccea1ddbd 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -643,6 +643,7 @@ keyctl05 keyctl05
keyctl06 keyctl06
keyctl07 keyctl07
keyctl08 keyctl08
+keyctl09 keyctl09
kcmp01 kcmp01
kcmp02 kcmp02
diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
index 3544ac79c..f9948c176 100644
--- a/testcases/kernel/syscalls/keyctl/.gitignore
+++ b/testcases/kernel/syscalls/keyctl/.gitignore
@@ -6,3 +6,4 @@
/keyctl06
/keyctl07
/keyctl08
+/keyctl09
diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
new file mode 100644
index 000000000..507cd5628
--- /dev/null
+++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2021 Google, Inc.
+ */
+
+/*\
+ * [Description]
+ * Test that encrypted keys can be instantiated using user-provided decrypted
+ * data (plaintext), and separately, using kernel-generated key material.
+ */
+
+#include "tst_test.h"
+#include "lapi/keyctl.h"
+
+#define ENCRYPTED_KEY_1_PAYLOAD "new enc32 user:masterkey 32 plaintext12345678901234567890123"
+#define ENCRYPTED_KEY_2_PAYLOAD "new enc32 user:masterkey 32"
+
+static void do_test(void)
+{
+ key_serial_t masterkey;
+ key_serial_t encryptedkey1;
+ key_serial_t encryptedkey2;
+ char buffer[128];
+
+ masterkey = add_key("user", "user:masterkey", "foo", 3,
+ KEY_SPEC_PROCESS_KEYRING);
+ if (masterkey == -1)
+ tst_brk(TBROK | TERRNO, "Failed to add user key");
+
+ encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
+ 60, KEY_SPEC_PROCESS_KEYRING);
+ if (encryptedkey1 == -1)
+ tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
+
+ TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
+ if (TST_RET < 0)
+ tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
+
+ encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
+ 27, KEY_SPEC_PROCESS_KEYRING);
+ if (encryptedkey2 == -1)
+ tst_brk(TFAIL,
+ "Failed to instantiate encrypted key using kernel-generated key material");
+
+ TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
+ if (TST_RET < 0)
+ tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
+
+ tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
+
+ keyctl(KEYCTL_REVOKE, encryptedkey1);
+ keyctl(KEYCTL_REVOKE, encryptedkey2);
+ keyctl(KEYCTL_REVOKE, masterkey);
+}
+
+static struct tst_test test = {
+ .test_all = do_test,
+};
--
2.34.1.307.g9b7440fafd-goog
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-21 2:37 ` Yael Tiomkin via ltp
0 siblings, 0 replies; 16+ messages in thread
From: Yael Tiomkin via ltp @ 2021-12-21 2:37 UTC (permalink / raw)
To: ltp; +Cc: linux-integrity, Yael Tiomkin
Test that encrypted keys can be instantiated using
both user-provided decrypted data
(https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
or kernel-generated numbers.
Signed-off-by: Yael Tiomkin <yaelt@google.com>
---
Notes:
v -> v2: added key revocation and made styling changes.
runtest/syscalls | 1 +
testcases/kernel/syscalls/keyctl/.gitignore | 1 +
testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
3 files changed, 60 insertions(+)
create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c
diff --git a/runtest/syscalls b/runtest/syscalls
index bcf3d56c9..ccea1ddbd 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -643,6 +643,7 @@ keyctl05 keyctl05
keyctl06 keyctl06
keyctl07 keyctl07
keyctl08 keyctl08
+keyctl09 keyctl09
kcmp01 kcmp01
kcmp02 kcmp02
diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
index 3544ac79c..f9948c176 100644
--- a/testcases/kernel/syscalls/keyctl/.gitignore
+++ b/testcases/kernel/syscalls/keyctl/.gitignore
@@ -6,3 +6,4 @@
/keyctl06
/keyctl07
/keyctl08
+/keyctl09
diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
new file mode 100644
index 000000000..507cd5628
--- /dev/null
+++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2021 Google, Inc.
+ */
+
+/*\
+ * [Description]
+ * Test that encrypted keys can be instantiated using user-provided decrypted
+ * data (plaintext), and separately, using kernel-generated key material.
+ */
+
+#include "tst_test.h"
+#include "lapi/keyctl.h"
+
+#define ENCRYPTED_KEY_1_PAYLOAD "new enc32 user:masterkey 32 plaintext12345678901234567890123"
+#define ENCRYPTED_KEY_2_PAYLOAD "new enc32 user:masterkey 32"
+
+static void do_test(void)
+{
+ key_serial_t masterkey;
+ key_serial_t encryptedkey1;
+ key_serial_t encryptedkey2;
+ char buffer[128];
+
+ masterkey = add_key("user", "user:masterkey", "foo", 3,
+ KEY_SPEC_PROCESS_KEYRING);
+ if (masterkey == -1)
+ tst_brk(TBROK | TERRNO, "Failed to add user key");
+
+ encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
+ 60, KEY_SPEC_PROCESS_KEYRING);
+ if (encryptedkey1 == -1)
+ tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
+
+ TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
+ if (TST_RET < 0)
+ tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
+
+ encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
+ 27, KEY_SPEC_PROCESS_KEYRING);
+ if (encryptedkey2 == -1)
+ tst_brk(TFAIL,
+ "Failed to instantiate encrypted key using kernel-generated key material");
+
+ TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
+ if (TST_RET < 0)
+ tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
+
+ tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
+
+ keyctl(KEYCTL_REVOKE, encryptedkey1);
+ keyctl(KEYCTL_REVOKE, encryptedkey2);
+ keyctl(KEYCTL_REVOKE, masterkey);
+}
+
+static struct tst_test test = {
+ .test_all = do_test,
+};
--
2.34.1.307.g9b7440fafd-goog
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
2021-12-21 2:37 ` [LTP] " Yael Tiomkin via ltp
@ 2021-12-21 9:01 ` Petr Vorel
-1 siblings, 0 replies; 16+ messages in thread
From: Petr Vorel @ 2021-12-21 9:01 UTC (permalink / raw)
To: Yael Tiomkin; +Cc: ltp, zohar, linux-integrity
Hi Yael,
you still have some problem when running more iterations:
./keyctl09 -i500
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
...
keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
(some people really try high number of iterations.)
Could you please have a look?
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
+1 for doc!
...
> +static void do_test(void)
> +{
> + key_serial_t masterkey;
> + key_serial_t encryptedkey1;
> + key_serial_t encryptedkey2;
> + char buffer[128];
> +
> + masterkey = add_key("user", "user:masterkey", "foo", 3,
> + KEY_SPEC_PROCESS_KEYRING);
> + if (masterkey == -1)
> + tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
> + 60, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey1 == -1)
> + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
nit: this might be TBROK (test preparation phase), not sure
(and not that important).
The rest LGTM.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Kind regards,
Petr
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-21 9:01 ` Petr Vorel
0 siblings, 0 replies; 16+ messages in thread
From: Petr Vorel @ 2021-12-21 9:01 UTC (permalink / raw)
To: Yael Tiomkin; +Cc: linux-integrity, ltp
Hi Yael,
you still have some problem when running more iterations:
./keyctl09 -i500
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
...
keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
(some people really try high number of iterations.)
Could you please have a look?
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
+1 for doc!
...
> +static void do_test(void)
> +{
> + key_serial_t masterkey;
> + key_serial_t encryptedkey1;
> + key_serial_t encryptedkey2;
> + char buffer[128];
> +
> + masterkey = add_key("user", "user:masterkey", "foo", 3,
> + KEY_SPEC_PROCESS_KEYRING);
> + if (masterkey == -1)
> + tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
> + 60, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey1 == -1)
> + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
nit: this might be TBROK (test preparation phase), not sure
(and not that important).
The rest LGTM.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
2021-12-21 2:37 ` [LTP] " Yael Tiomkin via ltp
@ 2021-12-21 9:21 ` Nageswara Sastry
-1 siblings, 0 replies; 16+ messages in thread
From: Nageswara Sastry @ 2021-12-21 9:21 UTC (permalink / raw)
To: Yael Tiomkin, ltp; +Cc: zohar, pvorel, linux-integrity
On 21/12/21 8:07 am, Yael Tiomkin wrote:
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
>
> Signed-off-by: Yael Tiomkin <yaelt@google.com>
Tested on ppc64le platform
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
...
<<<test_start>>>
tag=keyctl09 stime=1640078325
cmdline="keyctl09"
contacts=""
analysis=exit
<<<test_output>>>
tst_test.c:1425: TINFO: Timeout per run is 0h 05m 00s
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
Summary:
passed 1
failed 0
broken 0
skipped 0
warnings 0
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
...
> ---
>
> Notes:
> v -> v2: added key revocation and made styling changes.
>
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/keyctl/.gitignore | 1 +
> testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
> 3 files changed, 60 insertions(+)
> create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index bcf3d56c9..ccea1ddbd 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -643,6 +643,7 @@ keyctl05 keyctl05
> keyctl06 keyctl06
> keyctl07 keyctl07
> keyctl08 keyctl08
> +keyctl09 keyctl09
>
> kcmp01 kcmp01
> kcmp02 kcmp02
> diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
> index 3544ac79c..f9948c176 100644
> --- a/testcases/kernel/syscalls/keyctl/.gitignore
> +++ b/testcases/kernel/syscalls/keyctl/.gitignore
> @@ -6,3 +6,4 @@
> /keyctl06
> /keyctl07
> /keyctl08
> +/keyctl09
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> new file mode 100644
> index 000000000..507cd5628
> --- /dev/null
> +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2021 Google, Inc.
> + */
> +
> +/*\
> + * [Description]
> + * Test that encrypted keys can be instantiated using user-provided decrypted
> + * data (plaintext), and separately, using kernel-generated key material.
> + */
> +
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
> +
> +#define ENCRYPTED_KEY_1_PAYLOAD "new enc32 user:masterkey 32 plaintext12345678901234567890123"
> +#define ENCRYPTED_KEY_2_PAYLOAD "new enc32 user:masterkey 32"
> +
> +static void do_test(void)
> +{
> + key_serial_t masterkey;
> + key_serial_t encryptedkey1;
> + key_serial_t encryptedkey2;
> + char buffer[128];
> +
> + masterkey = add_key("user", "user:masterkey", "foo", 3,
> + KEY_SPEC_PROCESS_KEYRING);
> + if (masterkey == -1)
> + tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
> + 60, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey1 == -1)
> + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
> +
> + encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
> + 27, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey2 == -1)
> + tst_brk(TFAIL,
> + "Failed to instantiate encrypted key using kernel-generated key material");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
> +
> + tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
> +
> + keyctl(KEYCTL_REVOKE, encryptedkey1);
> + keyctl(KEYCTL_REVOKE, encryptedkey2);
> + keyctl(KEYCTL_REVOKE, masterkey);
> +}
> +
> +static struct tst_test test = {
> + .test_all = do_test,
> +};
--
Thanks and Regards
R.Nageswara Sastry
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-21 9:21 ` Nageswara Sastry
0 siblings, 0 replies; 16+ messages in thread
From: Nageswara Sastry @ 2021-12-21 9:21 UTC (permalink / raw)
To: Yael Tiomkin, ltp; +Cc: linux-integrity
On 21/12/21 8:07 am, Yael Tiomkin wrote:
> Test that encrypted keys can be instantiated using
> both user-provided decrypted data
> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> or kernel-generated numbers.
>
> Signed-off-by: Yael Tiomkin <yaelt@google.com>
Tested on ppc64le platform
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
...
<<<test_start>>>
tag=keyctl09 stime=1640078325
cmdline="keyctl09"
contacts=""
analysis=exit
<<<test_output>>>
tst_test.c:1425: TINFO: Timeout per run is 0h 05m 00s
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
Summary:
passed 1
failed 0
broken 0
skipped 0
warnings 0
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=0 corefile=no
cutime=0 cstime=0
<<<test_end>>>
...
> ---
>
> Notes:
> v -> v2: added key revocation and made styling changes.
>
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/keyctl/.gitignore | 1 +
> testcases/kernel/syscalls/keyctl/keyctl09.c | 58 +++++++++++++++++++++
> 3 files changed, 60 insertions(+)
> create mode 100644 testcases/kernel/syscalls/keyctl/keyctl09.c
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index bcf3d56c9..ccea1ddbd 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -643,6 +643,7 @@ keyctl05 keyctl05
> keyctl06 keyctl06
> keyctl07 keyctl07
> keyctl08 keyctl08
> +keyctl09 keyctl09
>
> kcmp01 kcmp01
> kcmp02 kcmp02
> diff --git a/testcases/kernel/syscalls/keyctl/.gitignore b/testcases/kernel/syscalls/keyctl/.gitignore
> index 3544ac79c..f9948c176 100644
> --- a/testcases/kernel/syscalls/keyctl/.gitignore
> +++ b/testcases/kernel/syscalls/keyctl/.gitignore
> @@ -6,3 +6,4 @@
> /keyctl06
> /keyctl07
> /keyctl08
> +/keyctl09
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> new file mode 100644
> index 000000000..507cd5628
> --- /dev/null
> +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2021 Google, Inc.
> + */
> +
> +/*\
> + * [Description]
> + * Test that encrypted keys can be instantiated using user-provided decrypted
> + * data (plaintext), and separately, using kernel-generated key material.
> + */
> +
> +#include "tst_test.h"
> +#include "lapi/keyctl.h"
> +
> +#define ENCRYPTED_KEY_1_PAYLOAD "new enc32 user:masterkey 32 plaintext12345678901234567890123"
> +#define ENCRYPTED_KEY_2_PAYLOAD "new enc32 user:masterkey 32"
> +
> +static void do_test(void)
> +{
> + key_serial_t masterkey;
> + key_serial_t encryptedkey1;
> + key_serial_t encryptedkey2;
> + char buffer[128];
> +
> + masterkey = add_key("user", "user:masterkey", "foo", 3,
> + KEY_SPEC_PROCESS_KEYRING);
> + if (masterkey == -1)
> + tst_brk(TBROK | TERRNO, "Failed to add user key");
> +
> + encryptedkey1 = add_key("encrypted", "ltptestkey1", ENCRYPTED_KEY_1_PAYLOAD,
> + 60, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey1 == -1)
> + tst_brk(TFAIL, "Failed to instantiate encrypted key using payload decrypted data");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey1, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey1");
> +
> + encryptedkey2 = add_key("encrypted", "ltptestkey2", ENCRYPTED_KEY_2_PAYLOAD,
> + 27, KEY_SPEC_PROCESS_KEYRING);
> + if (encryptedkey2 == -1)
> + tst_brk(TFAIL,
> + "Failed to instantiate encrypted key using kernel-generated key material");
> +
> + TEST(keyctl(KEYCTL_READ, encryptedkey2, buffer, sizeof(buffer)));
> + if (TST_RET < 0)
> + tst_brk(TFAIL, "KEYCTL_READ failed for encryptedkey2");
> +
> + tst_res(TPASS, "Encrypted keys were successfully instantiated and read");
> +
> + keyctl(KEYCTL_REVOKE, encryptedkey1);
> + keyctl(KEYCTL_REVOKE, encryptedkey2);
> + keyctl(KEYCTL_REVOKE, masterkey);
> +}
> +
> +static struct tst_test test = {
> + .test_all = do_test,
> +};
--
Thanks and Regards
R.Nageswara Sastry
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
2021-12-21 9:21 ` [LTP] " Nageswara Sastry
@ 2021-12-21 10:48 ` Petr Vorel
-1 siblings, 0 replies; 16+ messages in thread
From: Petr Vorel @ 2021-12-21 10:48 UTC (permalink / raw)
To: Nageswara Sastry; +Cc: Yael Tiomkin, ltp, zohar, linux-integrity
Hi Nageswara,
> On 21/12/21 8:07 am, Yael Tiomkin wrote:
> > Test that encrypted keys can be instantiated using
> > both user-provided decrypted data
> > (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> > or kernel-generated numbers.
> > Signed-off-by: Yael Tiomkin <yaelt@google.com>
> Tested on ppc64le platform
I suppose it also fails on ppc64le when run more iterations.
./keyctl09 -i500
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
...
keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
(It's always good to put higher number iterations.)
Kind regards,
Petr
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-21 10:48 ` Petr Vorel
0 siblings, 0 replies; 16+ messages in thread
From: Petr Vorel @ 2021-12-21 10:48 UTC (permalink / raw)
To: Nageswara Sastry; +Cc: linux-integrity, Yael Tiomkin, ltp
Hi Nageswara,
> On 21/12/21 8:07 am, Yael Tiomkin wrote:
> > Test that encrypted keys can be instantiated using
> > both user-provided decrypted data
> > (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> > or kernel-generated numbers.
> > Signed-off-by: Yael Tiomkin <yaelt@google.com>
> Tested on ppc64le platform
I suppose it also fails on ppc64le when run more iterations.
./keyctl09 -i500
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
...
keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
(It's always good to put higher number iterations.)
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
2021-12-21 10:48 ` [LTP] " Petr Vorel
@ 2021-12-22 5:11 ` Nageswara Sastry
-1 siblings, 0 replies; 16+ messages in thread
From: Nageswara Sastry @ 2021-12-22 5:11 UTC (permalink / raw)
To: Petr Vorel; +Cc: Yael Tiomkin, ltp, zohar, linux-integrity
On 21/12/21 4:18 pm, Petr Vorel wrote:
> Hi Nageswara,
>
>> On 21/12/21 8:07 am, Yael Tiomkin wrote:
>>> Test that encrypted keys can be instantiated using
>>> both user-provided decrypted data
>>> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
>>> or kernel-generated numbers.
>
>>> Signed-off-by: Yael Tiomkin <yaelt@google.com>
>
>> Tested on ppc64le platform
>
> I suppose it also fails on ppc64le when run more iterations.
Tried with -i500, -i5000 and -i50000 also ... no failures were seen on
ppc64le architecture.
Summary:
passed 500
failed 0
Summary:
passed 5000
failed 0
Summary:
passed 50000
failed 0
> ./keyctl09 -i500
> keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
> keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
> ...
> keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
>
> (It's always good to put higher number iterations.)
>
> Kind regards,
> Petr
--
Thanks and Regards
R.Nageswara Sastry
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-22 5:11 ` Nageswara Sastry
0 siblings, 0 replies; 16+ messages in thread
From: Nageswara Sastry @ 2021-12-22 5:11 UTC (permalink / raw)
To: Petr Vorel; +Cc: linux-integrity, Yael Tiomkin, ltp
On 21/12/21 4:18 pm, Petr Vorel wrote:
> Hi Nageswara,
>
>> On 21/12/21 8:07 am, Yael Tiomkin wrote:
>>> Test that encrypted keys can be instantiated using
>>> both user-provided decrypted data
>>> (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
>>> or kernel-generated numbers.
>
>>> Signed-off-by: Yael Tiomkin <yaelt@google.com>
>
>> Tested on ppc64le platform
>
> I suppose it also fails on ppc64le when run more iterations.
Tried with -i500, -i5000 and -i50000 also ... no failures were seen on
ppc64le architecture.
Summary:
passed 500
failed 0
Summary:
passed 5000
failed 0
Summary:
passed 50000
failed 0
> ./keyctl09 -i500
> keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
> keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
> ...
> keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
>
> (It's always good to put higher number iterations.)
>
> Kind regards,
> Petr
--
Thanks and Regards
R.Nageswara Sastry
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
2021-12-22 5:11 ` [LTP] " Nageswara Sastry
@ 2021-12-22 9:10 ` Petr Vorel
-1 siblings, 0 replies; 16+ messages in thread
From: Petr Vorel @ 2021-12-22 9:10 UTC (permalink / raw)
To: Nageswara Sastry; +Cc: Yael Tiomkin, ltp, zohar, linux-integrity
Hi all,
> On 21/12/21 4:18 pm, Petr Vorel wrote:
> > Hi Nageswara,
> > > On 21/12/21 8:07 am, Yael Tiomkin wrote:
> > > > Test that encrypted keys can be instantiated using
> > > > both user-provided decrypted data
> > > > (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> > > > or kernel-generated numbers.
> > > > Signed-off-by: Yael Tiomkin <yaelt@google.com>
> > > Tested on ppc64le platform
> > I suppose it also fails on ppc64le when run more iterations.
> Tried with -i500, -i5000 and -i50000 also ... no failures were seen on
> ppc64le architecture.
> Summary:
> passed 500
> failed 0
> Summary:
> passed 5000
> failed 0
> Summary:
> passed 50000
> failed 0
Interesting, thx for info. It's either arch specific or specific to openSUSE
kernel on my laptop (~ 5.16.0-rc5) where I tested it. Testing on
various VM it works well (including openSUSE with latest kernel stable). It also
works on RPI 4 with openSUSE kernel.
Also it fails on 2 VMs with fips enabled: Debian testing (immediately) and SLES
15-SP4 (after 63 iterations - the same number as 5.16.0-rc5 on my laptop):
keyctl09.c:33: TBROK: Failed to instantiate encrypted key using payload decrypted data
but on my laptop I don't use fips.
Kind regards,
Petr
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-22 9:10 ` Petr Vorel
0 siblings, 0 replies; 16+ messages in thread
From: Petr Vorel @ 2021-12-22 9:10 UTC (permalink / raw)
To: Nageswara Sastry; +Cc: linux-integrity, Yael Tiomkin, ltp
Hi all,
> On 21/12/21 4:18 pm, Petr Vorel wrote:
> > Hi Nageswara,
> > > On 21/12/21 8:07 am, Yael Tiomkin wrote:
> > > > Test that encrypted keys can be instantiated using
> > > > both user-provided decrypted data
> > > > (https://lore.kernel.org/linux-integrity/20211213192030.125091-1-yaelt@google.com/),
> > > > or kernel-generated numbers.
> > > > Signed-off-by: Yael Tiomkin <yaelt@google.com>
> > > Tested on ppc64le platform
> > I suppose it also fails on ppc64le when run more iterations.
> Tried with -i500, -i5000 and -i50000 also ... no failures were seen on
> ppc64le architecture.
> Summary:
> passed 500
> failed 0
> Summary:
> passed 5000
> failed 0
> Summary:
> passed 50000
> failed 0
Interesting, thx for info. It's either arch specific or specific to openSUSE
kernel on my laptop (~ 5.16.0-rc5) where I tested it. Testing on
various VM it works well (including openSUSE with latest kernel stable). It also
works on RPI 4 with openSUSE kernel.
Also it fails on 2 VMs with fips enabled: Debian testing (immediately) and SLES
15-SP4 (after 63 iterations - the same number as 5.16.0-rc5 on my laptop):
keyctl09.c:33: TBROK: Failed to instantiate encrypted key using payload decrypted data
but on my laptop I don't use fips.
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
2021-12-21 2:37 ` [LTP] " Yael Tiomkin via ltp
@ 2021-12-22 15:14 ` Eric Biggers
-1 siblings, 0 replies; 16+ messages in thread
From: Eric Biggers @ 2021-12-22 15:14 UTC (permalink / raw)
To: Yael Tiomkin; +Cc: ltp, zohar, pvorel, linux-integrity
On Mon, Dec 20, 2021 at 09:37:21PM -0500, Yael Tiomkin wrote:
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> new file mode 100644
> index 000000000..507cd5628
> --- /dev/null
> +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2021 Google, Inc.
> + */
> +
> +/*\
> + * [Description]
> + * Test that encrypted keys can be instantiated using user-provided decrypted
> + * data (plaintext), and separately, using kernel-generated key material.
> + */
> +
This test doesn't seem to work as intended.
First, it fails if CONFIG_ENCRYPTED_KEYS is unset (it should be skipped):
keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
Second, I don't have your patch "Instantiate key with user-provided decrypted
data" (https://lore.kernel.org/r/20211213192030.125091-1-yaelt@google.com) in my
kernel, so instantiating a key using "user-provided decrypted data" is not
implemented by the kernel. However, the test still passes regardless:
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
The test should detect when "user-provided decrypted data" is not supported by
the kernel, and report that the test of that is being skipped in that case.
- Eric
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-22 15:14 ` Eric Biggers
0 siblings, 0 replies; 16+ messages in thread
From: Eric Biggers @ 2021-12-22 15:14 UTC (permalink / raw)
To: Yael Tiomkin; +Cc: linux-integrity, ltp
On Mon, Dec 20, 2021 at 09:37:21PM -0500, Yael Tiomkin wrote:
> diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> new file mode 100644
> index 000000000..507cd5628
> --- /dev/null
> +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> @@ -0,0 +1,58 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) 2021 Google, Inc.
> + */
> +
> +/*\
> + * [Description]
> + * Test that encrypted keys can be instantiated using user-provided decrypted
> + * data (plaintext), and separately, using kernel-generated key material.
> + */
> +
This test doesn't seem to work as intended.
First, it fails if CONFIG_ENCRYPTED_KEYS is unset (it should be skipped):
keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
Second, I don't have your patch "Instantiate key with user-provided decrypted
data" (https://lore.kernel.org/r/20211213192030.125091-1-yaelt@google.com) in my
kernel, so instantiating a key using "user-provided decrypted data" is not
implemented by the kernel. However, the test still passes regardless:
keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
The test should detect when "user-provided decrypted data" is not supported by
the kernel, and report that the test of that is being skipped in that case.
- Eric
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH v2] syscalls/keyctl09: test encrypted keys.
2021-12-22 15:14 ` [LTP] " Eric Biggers
@ 2021-12-22 15:33 ` Eric Biggers
-1 siblings, 0 replies; 16+ messages in thread
From: Eric Biggers @ 2021-12-22 15:33 UTC (permalink / raw)
To: Yael Tiomkin; +Cc: ltp, zohar, pvorel, linux-integrity
On Wed, Dec 22, 2021 at 09:14:43AM -0600, Eric Biggers wrote:
> On Mon, Dec 20, 2021 at 09:37:21PM -0500, Yael Tiomkin wrote:
> > diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> > new file mode 100644
> > index 000000000..507cd5628
> > --- /dev/null
> > +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> > @@ -0,0 +1,58 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> > +/*
> > + * Copyright (c) 2021 Google, Inc.
> > + */
> > +
> > +/*\
> > + * [Description]
> > + * Test that encrypted keys can be instantiated using user-provided decrypted
> > + * data (plaintext), and separately, using kernel-generated key material.
> > + */
> > +
>
> This test doesn't seem to work as intended.
>
> First, it fails if CONFIG_ENCRYPTED_KEYS is unset (it should be skipped):
>
> keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
>
> Second, I don't have your patch "Instantiate key with user-provided decrypted
> data" (https://lore.kernel.org/r/20211213192030.125091-1-yaelt@google.com) in my
> kernel, so instantiating a key using "user-provided decrypted data" is not
> implemented by the kernel. However, the test still passes regardless:
>
> keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
>
> The test should detect when "user-provided decrypted data" is not supported by
> the kernel, and report that the test of that is being skipped in that case.
>
And of course, if "user-provided decrypted data" *is* supported by the kernel,
the test should actually test it.
- Eric
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [LTP] [PATCH v2] syscalls/keyctl09: test encrypted keys.
@ 2021-12-22 15:33 ` Eric Biggers
0 siblings, 0 replies; 16+ messages in thread
From: Eric Biggers @ 2021-12-22 15:33 UTC (permalink / raw)
To: Yael Tiomkin; +Cc: linux-integrity, ltp
On Wed, Dec 22, 2021 at 09:14:43AM -0600, Eric Biggers wrote:
> On Mon, Dec 20, 2021 at 09:37:21PM -0500, Yael Tiomkin wrote:
> > diff --git a/testcases/kernel/syscalls/keyctl/keyctl09.c b/testcases/kernel/syscalls/keyctl/keyctl09.c
> > new file mode 100644
> > index 000000000..507cd5628
> > --- /dev/null
> > +++ b/testcases/kernel/syscalls/keyctl/keyctl09.c
> > @@ -0,0 +1,58 @@
> > +// SPDX-License-Identifier: GPL-2.0-or-later
> > +/*
> > + * Copyright (c) 2021 Google, Inc.
> > + */
> > +
> > +/*\
> > + * [Description]
> > + * Test that encrypted keys can be instantiated using user-provided decrypted
> > + * data (plaintext), and separately, using kernel-generated key material.
> > + */
> > +
>
> This test doesn't seem to work as intended.
>
> First, it fails if CONFIG_ENCRYPTED_KEYS is unset (it should be skipped):
>
> keyctl09.c:33: TFAIL: Failed to instantiate encrypted key using payload decrypted data
>
> Second, I don't have your patch "Instantiate key with user-provided decrypted
> data" (https://lore.kernel.org/r/20211213192030.125091-1-yaelt@google.com) in my
> kernel, so instantiating a key using "user-provided decrypted data" is not
> implemented by the kernel. However, the test still passes regardless:
>
> keyctl09.c:49: TPASS: Encrypted keys were successfully instantiated and read
>
> The test should detect when "user-provided decrypted data" is not supported by
> the kernel, and report that the test of that is being skipped in that case.
>
And of course, if "user-provided decrypted data" *is* supported by the kernel,
the test should actually test it.
- Eric
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2021-12-22 15:34 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-21 2:37 [PATCH v2] syscalls/keyctl09: test encrypted keys Yael Tiomkin
2021-12-21 2:37 ` [LTP] " Yael Tiomkin via ltp
2021-12-21 9:01 ` Petr Vorel
2021-12-21 9:01 ` [LTP] " Petr Vorel
2021-12-21 9:21 ` Nageswara Sastry
2021-12-21 9:21 ` [LTP] " Nageswara Sastry
2021-12-21 10:48 ` Petr Vorel
2021-12-21 10:48 ` [LTP] " Petr Vorel
2021-12-22 5:11 ` Nageswara Sastry
2021-12-22 5:11 ` [LTP] " Nageswara Sastry
2021-12-22 9:10 ` Petr Vorel
2021-12-22 9:10 ` [LTP] " Petr Vorel
2021-12-22 15:14 ` Eric Biggers
2021-12-22 15:14 ` [LTP] " Eric Biggers
2021-12-22 15:33 ` Eric Biggers
2021-12-22 15:33 ` [LTP] " Eric Biggers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.