crypto: insert key into keyring from go

This commit adds in the ability to insert Keys into the kernel keyring
from go code. This is done via a patched version of x/sys/unix. We
also expose the specific requirements for keys that will be placed in
the keyring, namely PolicyKeyLen. The legacy services are also exposed.

Change-Id: I177928c9aa676cae13b749042b9a3996e7490f68

1 files changed, 28 insertions, 0 deletions

diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go
index d76381e..025b5b9 100644
--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@@ -40,6 +40,12 @@ func makeKey(b byte, n int) (*Key, error) {
 	return NewFixedLengthKeyFromReader(ConstReader(b), n)
 }
 
+var fakeValidDescriptor = "0123456789abcdef"
+var fakeInvalidDescriptor = "123456789abcdef"
+
+var fakeValidPolicyKey, _ = makeKey(42, PolicyKeyLen)
+var fakeInvalidPolicyKey, _ = makeKey(42, PolicyKeyLen-1)
+
 // Tests the two ways of making keys
 func TestMakeKeys(t *testing.T) {
 	data := []byte("1234\n6789")
@@ -111,3 +117,25 @@ func TestLongLength(t *testing.T) {
 		t.Error("Key contained incorrect data")
 	}
 }
+
+// Adds a key with and without legacy (check keyctl to see the key identifiers).
+func TestAddKeys(t *testing.T) {
+	for _, service := range []string{ServiceDefault, ServiceExt4, ServiceF2FS} {
+		if err := InsertPolicyKey(fakeValidPolicyKey, fakeValidDescriptor, service); err != nil {
+			t.Error(err)
+		}
+	}
+}
+
+// Makes sure a key fails with bad descriptor, policy, or service
+func TestBadAddKeys(t *testing.T) {
+	if InsertPolicyKey(fakeInvalidPolicyKey, fakeValidDescriptor, ServiceDefault) == nil {
+		t.Error("InsertPolicyKey should fail with bad policy key")
+	}
+	if InsertPolicyKey(fakeValidPolicyKey, fakeInvalidDescriptor, ServiceDefault) == nil {
+		t.Error("InsertPolicyKey should fail with bad descriptor")
+	}
+	if InsertPolicyKey(fakeValidPolicyKey, fakeValidDescriptor, "ext4") == nil {
+		t.Error("InsertPolicyKey should fail with bad service")
+	}
+}