* [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object.
@ 2020-05-25 11:19 Alexey Krasikov
2020-05-25 11:19 ` [PATCH v4 3/3] test-crypto-secret: add 'secret_keyring' object tests Alexey Krasikov
2020-05-27 9:46 ` [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object Daniel P. Berrangé
0 siblings, 2 replies; 4+ messages in thread
From: Alexey Krasikov @ 2020-05-25 11:19 UTC (permalink / raw)
To: berrange, qemu-devel; +Cc: yc-core
Add the ability for the secret object to obtain secret data from the
Linux in-kernel key managment and retention facility, as an extra option
to the existing ones: reading from a file or passing directly as a
string.
The secret is identified by the key serial number. The upper layers
need to instantiate the key and make sure the QEMU process has access
permissions to read it.
Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
configure | 38 ++++++++
crypto/Makefile.objs | 1 +
crypto/secret_keyring.c | 148 ++++++++++++++++++++++++++++++++
include/crypto/secret_keyring.h | 52 +++++++++++
4 files changed, 239 insertions(+)
create mode 100644 crypto/secret_keyring.c
create mode 100644 include/crypto/secret_keyring.h
diff --git a/configure b/configure
index 2fc05c4465..3c83504c95 100755
--- a/configure
+++ b/configure
@@ -509,6 +509,7 @@ libpmem=""
default_devices="yes"
plugins="no"
fuzzing="no"
+secret_keyring="yes"
supported_cpu="no"
supported_os="no"
@@ -1601,6 +1602,10 @@ for opt do
;;
--gdb=*) gdb_bin="$optarg"
;;
+ --enable-keyring) secret_keyring="yes"
+ ;;
+ --disable-keyring) secret_keyring="no"
+ ;;
*)
echo "ERROR: unknown option $opt"
echo "Try '$0 --help' for more information"
@@ -6250,6 +6255,34 @@ case "$slirp" in
;;
esac
+##########################################
+# check for usable __NR_keyctl syscall
+
+if test "$linux" = "yes" ; then
+
+ have_keyring=no
+ cat > $TMPC << EOF
+#include <errno.h>
+#include <asm/unistd.h>
+#include <linux/keyctl.h>
+#include <unistd.h>
+int main(void) {
+ return syscall(__NR_keyctl, KEYCTL_READ, 0, NULL, NULL, 0);
+}
+EOF
+ if compile_prog "" "" ; then
+ have_keyring=yes
+ fi
+fi
+if test "$secret_keyring" = "yes"
+then
+ if test "$have_keyring" != "yes"
+ then
+ error_exit "syscall __NR_keyctl requested, \
+but not implemented on your system"
+ fi
+fi
+
##########################################
# End of CC checks
@@ -6733,6 +6766,7 @@ echo "default devices $default_devices"
echo "plugin support $plugins"
echo "fuzzing support $fuzzing"
echo "gdb $gdb_bin"
+echo "Linux keyring $secret_keyring"
if test "$supported_cpu" = "no"; then
echo
@@ -7614,6 +7648,10 @@ if test -n "$gdb_bin" ; then
echo "HAVE_GDB_BIN=$gdb_bin" >> $config_host_mak
fi
+if test "$secret_keyring" = "yes" ; then
+ echo "CONFIG_SECRET_KEYRING=y" >> $config_host_mak
+fi
+
if test "$tcg_interpreter" = "yes"; then
QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES"
elif test "$ARCH" = "sparc64" ; then
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 695da72dd1..872c928ac0 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -20,6 +20,7 @@ crypto-obj-y += tlscredsx509.o
crypto-obj-y += tlssession.o
crypto-obj-y += secret_common.o
crypto-obj-y += secret.o
+crypto-obj-$(CONFIG_SECRET_KEYRING) += secret_keyring.o
crypto-obj-y += pbkdf.o
crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT)) += pbkdf-gcrypt.o
diff --git a/crypto/secret_keyring.c b/crypto/secret_keyring.c
new file mode 100644
index 0000000000..aa29004639
--- /dev/null
+++ b/crypto/secret_keyring.c
@@ -0,0 +1,148 @@
+/*
+ * QEMU crypto secret support
+ *
+ * Copyright 2020 Yandex N.V.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include <asm/unistd.h>
+#include <linux/keyctl.h>
+#include "qapi/error.h"
+#include "qom/object_interfaces.h"
+#include "trace.h"
+#include "crypto/secret_keyring.h"
+
+
+static inline
+long keyctl_read(int32_t key, uint8_t *buffer, size_t buflen)
+{
+ return syscall(__NR_keyctl, KEYCTL_READ, key, buffer, buflen, 0);
+}
+
+
+static void
+qcrypto_secret_keyring_load_data(QCryptoSecretCommon *sec_common,
+ uint8_t **output,
+ size_t *outputlen,
+ Error **errp)
+{
+ QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(sec_common);
+ uint8_t *buffer = NULL;
+ long retcode;
+
+ *output = NULL;
+ *outputlen = 0;
+
+ if (!secret->serial) {
+ error_setg(errp, "'serial' parameter must be provided");
+ return;
+ }
+
+ retcode = keyctl_read(secret->serial, NULL, 0);
+ if (retcode <= 0) {
+ goto keyctl_error;
+ }
+
+ buffer = g_new0(uint8_t, retcode);
+
+ retcode = keyctl_read(secret->serial, buffer, retcode);
+ if (retcode < 0) {
+ g_free(buffer);
+ goto keyctl_error;
+ }
+
+ *outputlen = retcode;
+ *output = buffer;
+ return;
+
+keyctl_error:
+ error_setg_errno(errp, errno,
+ "Unable to read serial key %08x",
+ secret->serial);
+}
+
+
+static void
+qcrypto_secret_prop_set_key(Object *obj, Visitor *v,
+ const char *name, void *opaque,
+ Error **errp)
+{
+ QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(obj);
+ int32_t value;
+ visit_type_int32(v, name, &value, errp);
+ if (!value) {
+ error_setg(errp, "'serial' should not be equal to 0");
+ }
+ secret->serial = value;
+}
+
+
+static void
+qcrypto_secret_prop_get_key(Object *obj, Visitor *v,
+ const char *name, void *opaque,
+ Error **errp)
+{
+ QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(obj);
+ int32_t value = secret->serial;
+ visit_type_int32(v, name, &value, errp);
+}
+
+
+static void
+qcrypto_secret_keyring_complete(UserCreatable *uc, Error **errp)
+{
+ object_property_set_bool(OBJECT(uc), true, "loaded", errp);
+}
+
+
+static void
+qcrypto_secret_keyring_class_init(ObjectClass *oc, void *data)
+{
+ QCryptoSecretCommonClass *sic = QCRYPTO_SECRET_COMMON_CLASS(oc);
+ sic->load_data = qcrypto_secret_keyring_load_data;
+
+ UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
+ ucc->complete = qcrypto_secret_keyring_complete;
+
+ object_class_property_add(oc, "serial", "int32_t",
+ qcrypto_secret_prop_get_key,
+ qcrypto_secret_prop_set_key,
+ NULL, NULL, NULL);
+}
+
+
+static const TypeInfo qcrypto_secret_info = {
+ .parent = TYPE_QCRYPTO_SECRET_COMMON,
+ .name = TYPE_QCRYPTO_SECRET_KEYRING,
+ .instance_size = sizeof(QCryptoSecretKeyring),
+ .class_size = sizeof(QCryptoSecretKeyringClass),
+ .class_init = qcrypto_secret_keyring_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_USER_CREATABLE },
+ { }
+ }
+};
+
+
+static void
+qcrypto_secret_register_types(void)
+{
+ type_register_static(&qcrypto_secret_info);
+}
+
+
+type_init(qcrypto_secret_register_types);
diff --git a/include/crypto/secret_keyring.h b/include/crypto/secret_keyring.h
new file mode 100644
index 0000000000..9f371ad251
--- /dev/null
+++ b/include/crypto/secret_keyring.h
@@ -0,0 +1,52 @@
+/*
+ * QEMU crypto secret support
+ *
+ * Copyright 2020 Yandex N.V.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef QCRYPTO_SECRET_KEYRING_H
+#define QCRYPTO_SECRET_KEYRING_H
+
+#include "qapi/qapi-types-crypto.h"
+#include "qom/object.h"
+#include "crypto/secret_common.h"
+
+#define TYPE_QCRYPTO_SECRET_KEYRING "secret_keyring"
+#define QCRYPTO_SECRET_KEYRING(obj) \
+ OBJECT_CHECK(QCryptoSecretKeyring, (obj), \
+ TYPE_QCRYPTO_SECRET_KEYRING)
+#define QCRYPTO_SECRET_KEYRING_CLASS(class) \
+ OBJECT_CLASS_CHECK(QCryptoSecretKeyringClass, \
+ (class), TYPE_QCRYPTO_SECRET_KEYRING)
+#define QCRYPTO_SECRET_KEYRING_GET_CLASS(class) \
+ OBJECT_GET_CLASS(QCryptoSecretKeyringClass, \
+ (class), TYPE_QCRYPTO_SECRET_KEYRING)
+
+typedef struct QCryptoSecretKeyring QCryptoSecretKeyring;
+typedef struct QCryptoSecretKeyringClass QCryptoSecretKeyringClass;
+
+typedef struct QCryptoSecretKeyring {
+ QCryptoSecretCommon parent;
+ int32_t serial;
+} QCryptoSecretKeyring;
+
+
+typedef struct QCryptoSecretKeyringClass {
+ QCryptoSecretCommonClass parent;
+} QCryptoSecretKeyringClass;
+
+#endif /* QCRYPTO_SECRET_KEYRING_H */
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v4 3/3] test-crypto-secret: add 'secret_keyring' object tests.
2020-05-25 11:19 [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object Alexey Krasikov
@ 2020-05-25 11:19 ` Alexey Krasikov
2020-05-27 9:46 ` Daniel P. Berrangé
2020-05-27 9:46 ` [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object Daniel P. Berrangé
1 sibling, 1 reply; 4+ messages in thread
From: Alexey Krasikov @ 2020-05-25 11:19 UTC (permalink / raw)
To: berrange, qemu-devel; +Cc: yc-core
Add tests:
test_secret_keyring_good;
test_secret_keyring_revoked_key;
test_secret_keyring_expired_key;
test_secret_keyring_bad_serial_key;
test_secret_keyring_bad_key_access_right;
Added tests require libkeyutils. The absence of this library is not
critical, because these tests will be skipped in this case.
Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
---
configure | 24 ++++++
tests/Makefile.include | 4 +
tests/test-crypto-secret.c | 158 +++++++++++++++++++++++++++++++++++++
3 files changed, 186 insertions(+)
diff --git a/configure b/configure
index 3c83504c95..5a916ab33f 100755
--- a/configure
+++ b/configure
@@ -6283,6 +6283,27 @@ but not implemented on your system"
fi
fi
+##########################################
+# check for usable keyutils.h
+
+if test "$linux" = "yes" ; then
+
+ have_keyutils=no
+ cat > $TMPC << EOF
+#include <errno.h>
+#include <asm/unistd.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <keyutils.h>
+int main(void) {
+ return request_key("user", NULL, NULL, 0);
+}
+EOF
+ if compile_prog "" "-lkeyutils"; then
+ have_keyutils=yes
+ fi
+fi
+
##########################################
# End of CC checks
@@ -7650,6 +7671,9 @@ fi
if test "$secret_keyring" = "yes" ; then
echo "CONFIG_SECRET_KEYRING=y" >> $config_host_mak
+ if test "$have_keyutils" = "yes" ; then
+ echo "CONFIG_TEST_SECRET_KEYRING=y" >> $config_host_mak
+ fi
fi
if test "$tcg_interpreter" = "yes"; then
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 03a74b60f6..de13908701 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -538,6 +538,10 @@ tests/benchmark-crypto-cipher$(EXESUF): tests/benchmark-crypto-cipher.o $(test-c
tests/test-crypto-secret$(EXESUF): tests/test-crypto-secret.o $(test-crypto-obj-y)
tests/test-crypto-xts$(EXESUF): tests/test-crypto-xts.o $(test-crypto-obj-y)
+ifeq ($(CONFIG_TEST_SECRET_KEYRING),y)
+tests/test-crypto-secret.o-libs := -lkeyutils
+endif
+
tests/crypto-tls-x509-helpers.o-cflags := $(TASN1_CFLAGS)
tests/crypto-tls-x509-helpers.o-libs := $(TASN1_LIBS)
tests/pkix_asn1_tab.o-cflags := $(TASN1_CFLAGS)
diff --git a/tests/test-crypto-secret.c b/tests/test-crypto-secret.c
index 13fc6c4c75..603a093f10 100644
--- a/tests/test-crypto-secret.c
+++ b/tests/test-crypto-secret.c
@@ -24,6 +24,10 @@
#include "crypto/secret.h"
#include "qapi/error.h"
#include "qemu/module.h"
+#ifdef CONFIG_TEST_SECRET_KEYRING
+#include "crypto/secret_keyring.h"
+#include <keyutils.h>
+#endif
static void test_secret_direct(void)
{
@@ -124,6 +128,147 @@ static void test_secret_indirect_emptyfile(void)
g_free(fname);
}
+#ifdef CONFIG_TEST_SECRET_KEYRING
+
+#define DESCRIPTION "qemu_test_secret"
+#define PAYLOAD "Test Payload"
+
+
+static void test_secret_keyring_good(void)
+{
+ char key_str[16];
+ Object *sec;
+ int32_t key = add_key("user", DESCRIPTION, PAYLOAD,
+ strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING);
+
+ g_assert(key >= 0);
+
+ snprintf(key_str, sizeof(key_str), "0x%08x", key);
+ sec = object_new_with_props(
+ TYPE_QCRYPTO_SECRET_KEYRING,
+ object_get_objects_root(),
+ "sec0",
+ &error_abort,
+ "serial", key_str,
+ NULL);
+
+ assert(0 <= keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING));
+ char *pw = qcrypto_secret_lookup_as_utf8("sec0",
+ &error_abort);
+ g_assert_cmpstr(pw, ==, PAYLOAD);
+
+ object_unparent(sec);
+ g_free(pw);
+}
+
+
+static void test_secret_keyring_revoked_key(void)
+{
+ char key_str[16];
+ Object *sec;
+ int32_t key = add_key("user", DESCRIPTION, PAYLOAD,
+ strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING);
+ g_assert(key >= 0);
+ g_assert_false(keyctl_revoke(key));
+
+ snprintf(key_str, sizeof(key_str), "0x%08x", key);
+ sec = object_new_with_props(
+ TYPE_QCRYPTO_SECRET_KEYRING,
+ object_get_objects_root(),
+ "sec0",
+ NULL,
+ "serial", key_str,
+ NULL);
+
+ g_assert(errno == EKEYREVOKED);
+ g_assert(sec == NULL);
+
+ keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING);
+}
+
+
+static void test_secret_keyring_expired_key(void)
+{
+ char key_str[16];
+ Object *sec;
+ int32_t key = add_key("user", DESCRIPTION, PAYLOAD,
+ strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING);
+ g_assert(key >= 0);
+ g_assert_false(keyctl_set_timeout(key, 1));
+ sleep(1);
+
+ snprintf(key_str, sizeof(key_str), "0x%08x", key);
+ sec = object_new_with_props(
+ TYPE_QCRYPTO_SECRET_KEYRING,
+ object_get_objects_root(),
+ "sec0",
+ NULL,
+ "serial", key_str,
+ NULL);
+
+ g_assert(errno == EKEYEXPIRED);
+ g_assert(sec == NULL);
+
+ keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING);
+}
+
+
+static void test_secret_keyring_bad_serial_key(void)
+{
+ Object *sec;
+
+ sec = object_new_with_props(
+ TYPE_QCRYPTO_SECRET_KEYRING,
+ object_get_objects_root(),
+ "sec0",
+ NULL,
+ "serial", "1",
+ NULL);
+
+ g_assert(errno == ENOKEY);
+ g_assert(sec == NULL);
+}
+
+/*
+ * TODO
+ * test_secret_keyring_bad_key_access_right() is not working yet.
+ * We don't know yet if this due a bug in the Linux kernel or
+ * whether it's normal syscall behavior.
+ * We've requested information from kernel maintainers.
+ * See: <https://www.spinics.net/lists/keyrings/index.html>
+ * Thread: 'security/keys: remove possessor verify after key permission check'
+ */
+
+static void test_secret_keyring_bad_key_access_right(void)
+{
+ char key_str[16];
+ Object *sec;
+
+ g_test_skip("TODO: Need responce from Linux kernel maintainers");
+ return;
+
+ int32_t key = add_key("user", DESCRIPTION, PAYLOAD,
+ strlen(PAYLOAD), KEY_SPEC_PROCESS_KEYRING);
+ g_assert(key >= 0);
+ g_assert_false(keyctl_setperm(key, KEY_POS_ALL & (~KEY_POS_READ)));
+
+ snprintf(key_str, sizeof(key_str), "0x%08x", key);
+
+ sec = object_new_with_props(
+ TYPE_QCRYPTO_SECRET_KEYRING,
+ object_get_objects_root(),
+ "sec0",
+ NULL,
+ "serial", key_str,
+ NULL);
+
+ g_assert(errno == EACCES);
+ g_assert(sec == NULL);
+
+ keyctl_unlink(key, KEY_SPEC_PROCESS_KEYRING);
+}
+
+#endif /* CONFIG_TEST_SECRET_KEYRING */
static void test_secret_noconv_base64_good(void)
{
@@ -426,6 +571,19 @@ int main(int argc, char **argv)
g_test_add_func("/crypto/secret/indirect/emptyfile",
test_secret_indirect_emptyfile);
+#ifdef CONFIG_TEST_SECRET_KEYRING
+ g_test_add_func("/crypto/secret/keyring/good",
+ test_secret_keyring_good);
+ g_test_add_func("/crypto/secret/keyring/revoked_key",
+ test_secret_keyring_revoked_key);
+ g_test_add_func("/crypto/secret/keyring/expired_key",
+ test_secret_keyring_expired_key);
+ g_test_add_func("/crypto/secret/keyring/bad_serial_key",
+ test_secret_keyring_bad_serial_key);
+ g_test_add_func("/crypto/secret/keyring/bad_key_access_right",
+ test_secret_keyring_bad_key_access_right);
+#endif /* CONFIG_TEST_SECRET_KEYRING */
+
g_test_add_func("/crypto/secret/noconv/base64/good",
test_secret_noconv_base64_good);
g_test_add_func("/crypto/secret/noconv/base64/bad",
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object.
2020-05-25 11:19 [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object Alexey Krasikov
2020-05-25 11:19 ` [PATCH v4 3/3] test-crypto-secret: add 'secret_keyring' object tests Alexey Krasikov
@ 2020-05-27 9:46 ` Daniel P. Berrangé
1 sibling, 0 replies; 4+ messages in thread
From: Daniel P. Berrangé @ 2020-05-27 9:46 UTC (permalink / raw)
To: Alexey Krasikov; +Cc: qemu-devel, yc-core
On Mon, May 25, 2020 at 02:19:12PM +0300, Alexey Krasikov wrote:
> Add the ability for the secret object to obtain secret data from the
> Linux in-kernel key managment and retention facility, as an extra option
> to the existing ones: reading from a file or passing directly as a
> string.
>
> The secret is identified by the key serial number. The upper layers
> need to instantiate the key and make sure the QEMU process has access
> permissions to read it.
>
> Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> configure | 38 ++++++++
> crypto/Makefile.objs | 1 +
> crypto/secret_keyring.c | 148 ++++++++++++++++++++++++++++++++
> include/crypto/secret_keyring.h | 52 +++++++++++
> 4 files changed, 239 insertions(+)
> create mode 100644 crypto/secret_keyring.c
> create mode 100644 include/crypto/secret_keyring.h
> diff --git a/crypto/secret_keyring.c b/crypto/secret_keyring.c
> new file mode 100644
> index 0000000000..aa29004639
> --- /dev/null
> +++ b/crypto/secret_keyring.c
> +static void
> +qcrypto_secret_keyring_class_init(ObjectClass *oc, void *data)
> +{
> + QCryptoSecretCommonClass *sic = QCRYPTO_SECRET_COMMON_CLASS(oc);
> + sic->load_data = qcrypto_secret_keyring_load_data;
> +
> + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
> + ucc->complete = qcrypto_secret_keyring_complete;
> +
> + object_class_property_add(oc, "serial", "int32_t",
> + qcrypto_secret_prop_get_key,
> + qcrypto_secret_prop_set_key,
> + NULL, NULL, NULL);
This doesn't compile because of the extra arg, so not sure how
you tested this.
Since this is the only mistake, I'll fix it myself when quueing
these patches.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v4 3/3] test-crypto-secret: add 'secret_keyring' object tests.
2020-05-25 11:19 ` [PATCH v4 3/3] test-crypto-secret: add 'secret_keyring' object tests Alexey Krasikov
@ 2020-05-27 9:46 ` Daniel P. Berrangé
0 siblings, 0 replies; 4+ messages in thread
From: Daniel P. Berrangé @ 2020-05-27 9:46 UTC (permalink / raw)
To: Alexey Krasikov; +Cc: qemu-devel, yc-core
On Mon, May 25, 2020 at 02:19:13PM +0300, Alexey Krasikov wrote:
> Add tests:
> test_secret_keyring_good;
> test_secret_keyring_revoked_key;
> test_secret_keyring_expired_key;
> test_secret_keyring_bad_serial_key;
> test_secret_keyring_bad_key_access_right;
>
> Added tests require libkeyutils. The absence of this library is not
> critical, because these tests will be skipped in this case.
>
> Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
> ---
> configure | 24 ++++++
> tests/Makefile.include | 4 +
> tests/test-crypto-secret.c | 158 +++++++++++++++++++++++++++++++++++++
> 3 files changed, 186 insertions(+)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-05-27 9:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-25 11:19 [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object Alexey Krasikov
2020-05-25 11:19 ` [PATCH v4 3/3] test-crypto-secret: add 'secret_keyring' object tests Alexey Krasikov
2020-05-27 9:46 ` Daniel P. Berrangé
2020-05-27 9:46 ` [PATCH v4 2/3] crypto/linux_keyring: add 'secret_keyring' secret object Daniel P. Berrangé
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).