nvme: add test for authentication with dhchap keys

[hreinecke]

With the latest patchset the authentication code will store the authentication secrets in the kernel keyring, so add a testcase using pre-populated keys for authentication.

[kawasaki]

@hreinecke When I run the test case on the kernel on nvme-6.16 branch git hash bf4d87cba2d7 with the
series titled "[PATCHv2 0/9] nvme-auth: switch to use the kernel keyring"", I observe the failure below.

The keyctl revoke command fails with the Permission denied error. If you can think of cause of this error, please share.

nvme/064 (tr=tcp) (Test re-authentication with dhchap keys)  [failed]
    runtime  2.851s  ...  3.667s
    --- tests/nvme/064.out      2025-06-02 21:50:31.999324200 +0900
    +++ /home/shin/Blktests/blktests/results/nodev_tr_tcp/nvme/064.out.bad      2025-06-03 20:20:59.766542767 +0900
    @@ -2,12 +2,16 @@
     Re-authenticate with original host key
     Renew host key on the controller
     Re-authenticate with new host key
    +keyctl_revoke: Permission denied
     Renew ctrl key on the controller
     Re-authenticate with new ctrl key
    +keyctl_revoke: Permission denied
    ...
    (Run 'diff -u tests/nvme/064.out /home/shin/Blktests/blktests/results/nodev_tr_tcp/nvme/064.out.bad' to see the entire diff)

I tried to create a key and revoke it as below. It looks like that the write permission is not added to the key, then the revoke fails.

$ sudo keyctl add dhchap 4285b31e-bf45-441c-98b6-abfe0295d364 DHHC-1:01:G+ERaogIFmZHEvwlRSFzmHY2DU1Z05aa3R6F3jIhrXF+95Bz: %:.nvme
259544714
$ sudo keyctl revoke "%dhchap:4285b31e-bf45-441c-98b6-abfe0295d364"
keyctl_revoke: Permission denied
$ sudo keyctl show %:.nvme
Keyring
1050098691 ---lswrv      0     0  keyring: .nvme
 259544714 --als-rv      0     0   \_ dhchap: 4285b31e-bf45-441c-98b6-abfe0295d364

[hreinecke]

@hreinecke When I run the test case on the kernel on nvme-6.16 branch git hash bf4d87cba2d7 with the series titled "[PATCHv2 0/9] nvme-auth: switch to use the kernel keyring"", I observe the failure below.

The keyctl revoke command fails with the Permission denied error. If you can think of cause of this error, please share.

nvme/064 (tr=tcp) (Test re-authentication with dhchap keys)  [failed]
    runtime  2.851s  ...  3.667s
    --- tests/nvme/064.out      2025-06-02 21:50:31.999324200 +0900
    +++ /home/shin/Blktests/blktests/results/nodev_tr_tcp/nvme/064.out.bad      2025-06-03 20:20:59.766542767 +0900
    @@ -2,12 +2,16 @@
     Re-authenticate with original host key
     Renew host key on the controller
     Re-authenticate with new host key
    +keyctl_revoke: Permission denied
     Renew ctrl key on the controller
     Re-authenticate with new ctrl key
    +keyctl_revoke: Permission denied
    ...
    (Run 'diff -u tests/nvme/064.out /home/shin/Blktests/blktests/results/nodev_tr_tcp/nvme/064.out.bad' to see the entire diff)

I tried to create a key and revoke it as below. It looks like that the write permission is not added to the key, then the revoke fails.

$ sudo keyctl add dhchap 4285b31e-bf45-441c-98b6-abfe0295d364 DHHC-1:01:G+ERaogIFmZHEvwlRSFzmHY2DU1Z05aa3R6F3jIhrXF+95Bz: %:.nvme
259544714
$ sudo keyctl revoke "%dhchap:4285b31e-bf45-441c-98b6-abfe0295d364"
keyctl_revoke: Permission denied
$ sudo keyctl show %:.nvme
Keyring
1050098691 ---lswrv      0     0  keyring: .nvme
 259544714 --als-rv      0     0   \_ dhchap: 4285b31e-bf45-441c-98b6-abfe0295d364

The magic here is 'keyctl link'. Per default the dhchap keys are created in the .nvme keyring, which can only be accessed from the kernel. If you want to modify things in there you have to link the .nvme keyring into your 'user' keyring:

keyctl link %:.nvme @u

and then you can modify the keys in there.