From 53d15f466a665e4e564af3afdcbcfe9ff1c91331 Mon Sep 17 00:00:00 2001 From: Joe Richey Date: Thu, 2 Mar 2017 11:47:07 -0800 Subject: crypto: insert key into keyring from go This commit adds in the ability to insert Keys into the kernel keyring from go code. This is done via a patched version of x/sys/unix. We also expose the specific requirements for keys that will be placed in the keyring, namely PolicyKeyLen. The legacy services are also exposed. Change-Id: I177928c9aa676cae13b749042b9a3996e7490f68 --- crypto/crypto_test.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'crypto/crypto_test.go') diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index d76381e..025b5b9 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -40,6 +40,12 @@ func makeKey(b byte, n int) (*Key, error) { return NewFixedLengthKeyFromReader(ConstReader(b), n) } +var fakeValidDescriptor = "0123456789abcdef" +var fakeInvalidDescriptor = "123456789abcdef" + +var fakeValidPolicyKey, _ = makeKey(42, PolicyKeyLen) +var fakeInvalidPolicyKey, _ = makeKey(42, PolicyKeyLen-1) + // Tests the two ways of making keys func TestMakeKeys(t *testing.T) { data := []byte("1234\n6789") @@ -111,3 +117,25 @@ func TestLongLength(t *testing.T) { t.Error("Key contained incorrect data") } } + +// Adds a key with and without legacy (check keyctl to see the key identifiers). +func TestAddKeys(t *testing.T) { + for _, service := range []string{ServiceDefault, ServiceExt4, ServiceF2FS} { + if err := InsertPolicyKey(fakeValidPolicyKey, fakeValidDescriptor, service); err != nil { + t.Error(err) + } + } +} + +// Makes sure a key fails with bad descriptor, policy, or service +func TestBadAddKeys(t *testing.T) { + if InsertPolicyKey(fakeInvalidPolicyKey, fakeValidDescriptor, ServiceDefault) == nil { + t.Error("InsertPolicyKey should fail with bad policy key") + } + if InsertPolicyKey(fakeValidPolicyKey, fakeInvalidDescriptor, ServiceDefault) == nil { + t.Error("InsertPolicyKey should fail with bad descriptor") + } + if InsertPolicyKey(fakeValidPolicyKey, fakeValidDescriptor, "ext4") == nil { + t.Error("InsertPolicyKey should fail with bad service") + } +} -- cgit v1.2.3